Anonops #12: Spy on the Spyers

quote:

http://youranonnews.tumbl(...)er-from-rose-collins

In response to an open letter from Rose Collins, the mother of arrested Anonymous hacktivist Jeremy Hammond, @YourAnonNews issues the following remarks:

First, we do not presume to speak on behalf of the entire Anonymous movement. No one can speak for everyone in Anonymous. However, when we saw the open letter from Jeremy Hammond’s mother linked above, we knew we had to issue a response of some sort. This response encapsulates the personal views of the YourAnonNews team and in no way is meant to be reflective of Anonymous as a whole. Second, Hammond was a true friend and ally in Anonymous—a fellow compatriot at electronic arms, so to say. His fierce convictions and inner strength could be strongly sensed even over nothing but text on a screen. If we can in any way help his mother understand the strongly held convictions of her son and the movement he is involved in, we will do our best. Here goes…

(1) Please Rose, for the sake of all that is good in this world, don’t EVER attempt to speak “Internet” again. Please. Don’t. (We kid, of course. We appreciated the attempt.)

(2) If you do some basic research, you would find that Anonymous has a strong legal network, with close ties to various legal organisations, including the NLG and EFF, as well as various criminal defence law firms. Your son is represented currently by attorney Liz Fink, with the NLG. We suggest that you reach out to the attorney and establish contact, if you have not done so already.

(3) Your son also has a legal defense fund and a dedicated site with constant updates on his legal proceedings. You can learn more about it here: http://freehammond.org/

(4) Some of us here knew Hammond closely online. His arrest is a great loss to us, not only as Anons, but also on a personal level. Your son is an amazing person and has a big heart. We sorely miss his online presence.

(5) We will not presume to know what your family’s personal situation is like, but whatever your political differences may be with your son, it’s probably best to reach out to him at this time. Be there for him. Support him. He believed in what he was doing. Honour that.

(6) What will we do if we meet up with Sabu? We’ll listen to his side of the story. Because we strongly believe that every story has multiple sides and each deserves a fair hearing. Perhaps many in the community were too quick to rush to judgment. Perhaps not. Only time will tell once all of the facts get laid out and properly sorted.

(7) Please get a manicure. And why are your nails poisonous? Just curious. That’s probably not a good thing…

(8) You actually make some interesting points about the feds and Sabu and raise some good questions that all of us should have asked ourselves before we hastily jumped to conclusions. It is interesting that you, out of all of us, are the one to most vocally question the how and why the feds burned Sabu as their informant asset. Thank you for reminding us of the need to remain critical and curious. We strongly encourage all Anons and other individuals to do their own research and analyse mainstream-media disseminated stories before jumping into them head first and making assumptions. We cannot say it enough: Facts, facts, facts. Research, research, research.

(9) How does one “spit a rat”? Wait…don’t answer, we don’t want to know! D:

(10) You ask, who are we to decide that all government secrets must be exposed? You should actually be asking, who are we NOT to demand this? The People have a right to know what is going on within the depths of THEIR government. The government is there to serve us, not politicians’ self interest, corporate profits, or special interest groups. If it fails in its singular goal of preserving liberty and freedom, and instead starts to impinge onto our essential rights, who are we to NOT stand up to it? Who watches the watchmen? WE DO, because frankly, no one else will.

(11) No one’s trying to force you to wear a burqa. How does ending capitalism lead to you wearing a burqa? Lady, we’d love to get inside your head and understand your reasoning.

(12) We’re not a group. Stop thinking of us as such. It seems that your arguments directed at us are actually directed at your son’s political views. Why don’t you take some time to hash them out with him? Or at least try to understand how he conceptualises Anonymous and sees himself in it?

(13) Anonymous actively works toward contradictory aims. What can we say? We’re just a bag of convoluted contradictions. But don’t you see? That is the beauty of the idea and movement. Anonymous has been pro choice and pro life. Anonymous has fought for uncensored Internet and yet conducts vigilante attacks on pedophile websites. Anonymous is comprised of tens of thousands of people from all schools of political thought. And yet, despite all of that, there exists a common fibre that is woven through the social fabric within Anonymous—We care about change and we exist to challenge the status quo. We have a remarkable degree of ability to work together on common causes where they exist because we know that we are working to create a better future not just for ourselves, but for generations to come. We hope you can understand this.

(14) We’re glad that you’re just as mad at the economic situation as us. You actually raise a good point—that perhaps the economic crisis is not any one specific segment’s fault more than another, but rather, a multi-faceted endemic systemic failure of the current capitalistic economy and its supporting structures. Thank you.

(15) We are doing what we can to help your son. And we hope you are as well. Reach out to him. Be there for him. Support him. Stay strong for him. Try to understand him. Try to put his actions in context. Help him. Love him. You can do this better than any of us.

We sincerely hope we provided some sort of insight in answer of your queries. Please feel free to reach out to us or any other Anons should you have additional questions or concerns.

Best,

The YourAnonNews Team

quote:

The CIA wants to spy on you through your TV: Agency director says it will 'transform' surveillance

> Devices connected to internet leak information
> CIA director says these gadgets will 'transform clandestine tradecraft'
> Spies could watch thousands via supercomputers
> People 'bug' their own homes with web-connected devices


When people download a film from Netflix to a flatscreen, or turn on web radio, they could be alerting unwanted watchers to exactly what they are doing and where they are.

Spies will no longer have to plant bugs in your home - the rise of 'connected' gadgets controlled by apps will mean that people 'bug' their own homes, says CIA director David Petraeus.

The CIA claims it will be able to 'read' these devices via the internet - and perhaps even via radio waves from outside the home.

Everything from remote controls to clock radios can now be controlled via apps - and chip company ARM recently unveiled low-powered, cheaper chips which will be used in everything from fridges and ovens to doorbells.

The resultant chorus of 'connected' gadgets will be able to be read like a book - and even remote-controlled, according to CIA CIA Director David Petraeus, according to a recent report by Wired's 'Danger Room' blog.

Petraeus says that web-connected gadgets will 'transform' the art of spying - allowing spies to monitor people automatically without planting bugs, breaking and entering or even donning a tuxedo to infiltrate a dinner party.

'Transformational’ is an overused word, but I do believe it properly applies to these technologies,' said Petraeus.

'Particularly to their effect on clandestine tradecraft. Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters - all connected to the next-generation internet using abundant, low-cost, and high-power computing.'

Petraeus was speaking to a venture capital firm about new technologies which aim to add processors and web connections to previously 'dumb' home appliances such as fridges, ovens and lighting systems.

This week, one of the world's biggest chip companies, ARM, has unveiled a new processor built to work inside 'connected' white goods.

The ARM chips are smaller, lower-powered and far cheaper than previous processors - and designed to add the internet to almost every kind of electrical appliance.

It's a concept described as the 'internet of things'.

Futurists think that one day 'connected' devices will tell the internet where they are and what they are doing at all times - and will be mapped by computers as precisely as Google Maps charts the physical landscape now.

Privacy groups such as the Electronic Frontier Foundation have warned of how information such as geolocation data can be misused - but as more and more devices connect, it's clear that opportunities for surveillance will multiply.

Read more: http://www.dailymail.co.u(...)e.html#ixzz1pNO5K1Jg

quote:

Which VPN Providers Really Take Anonymity Seriously?

Last month it became apparent that not all VPN providers live up to their marketing after an alleged member of Lulzsec was tracked down after using a supposedly anonymous service from HideMyAss. We wanted to know which VPN providers take privacy extremely seriously so we asked many of the leading providers two very straightforward questions. Their responses will be of interest to anyone concerned with anonymity issues.

As detailed in yesterday’s article, if a VPN provider carries logs of their users’ activities the chances of them being able to live up to their claim of offering an anonymous service begins to decrease rapidly.

There are dozens of VPN providers, many of which carry marketing on their web pages which suggests that the anonymity of their subscribers is a top priority. But is it really? Do their privacy policies stand up to scrutiny? We decided to find out.

Over the past two weeks TorrentFreak contacted some of the leading, most-advertised, and most talked about VPN providers in the file-sharing and anonymity space. Rather than trying to decipher what their often-confusing marketing lingo really means, we asked them two direct questions instead:

1. Do you keep ANY logs which would allow you or a 3rd party to match an IP address and a time stamp to a user of your service? If so, exactly what information do you hold?

2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?

This article does not attempt to consider the actual quality of service offered by any listed provider, nor does it consider whether any service is good value for money. All we are interested in is this: Do they live up to claims that they provide a 100% anonymous service? So here we go, VPN providers in the file-sharing space first.

quote:

#InfoSec: How The NSA Intends to Eliminate Privacy on Earth

quote:

1 Geostationary satellites

Four satellites positioned around the globe monitor frequencies carrying everything from walkie-talkies and cell phones in Libya to radar systems in North Korea. Onboard software acts as the first filter in the collection process, targeting only key regions, countries, cities, and phone numbers or email.

2 Aerospace Data Facility, Buckley Air Force Base, Colorado

Intelligence collected from the geostationary satellites, as well as signals from other spacecraft and overseas listening posts, is relayed to this facility outside Denver. About 850 NSA employees track the satellites, transmit target information, and download the intelligence haul.

3 NSA Georgia, Fort Gordon, Augusta, Georgia

Focuses on intercepts from Europe, the Middle East, and North Africa. Codenamed Sweet Tea, the facility has been massively expanded and now consists of a 604,000-square-foot operations building for up to 4,000 intercept operators, analysts, and other specialists.

4 NSA Texas, Lackland Air Force Base, San Antonio

Focuses on intercepts from Latin America and, since 9/11, the Middle East and Europe. Some 2,000 workers staff the operation. The NSA recently completed a $100 million renovation on a mega-data center here—a backup storage facility for the Utah Data Center.

5 NSA Hawaii, Oahu

Focuses on intercepts from Asia. Built to house an aircraft assembly plant during World War II, the 250,000-square-foot bunker is nicknamed the Hole. Like the other NSA operations centers, it has since been expanded: Its 2,700 employees now do their work aboveground from a new 234,000-square-foot facility.

6 Domestic listening posts

The NSA has long been free to eavesdrop on international satellite communications. But after 9/11, it installed taps in US telecom “switches,” gaining access to domestic traffic. An ex-NSA official says there are 10 to 20 such installations.

7 Overseas listening posts

According to a knowledgeable intelligence source, the NSA has installed taps on at least a dozen of the major overseas communications links, each capable of eavesdropping on information passing by at a high data rate.

8 Utah Data Center, Bluffdale, Utah

At a million square feet, this $2 billion digital storage facility outside Salt Lake City will be the centerpiece of the NSA’s cloud-based data strategy and essential in its plans for decrypting previously uncrackable documents.

9 Multiprogram Research Facility, Oak Ridge, Tennessee

Some 300 scientists and computer engineers with top security clearance toil away here, building the world’s fastest supercomputers and working on cryptanalytic applications and other secret projects.

10 NSA headquarters, Fort Meade, Maryland

Analysts here will access material stored at Bluffdale to prepare reports and recommendations that are sent to policymakers. To handle the increased data load, the NSA is also building an $896 million supercomputer center here.

quote:

We were down a few hours earlier today. There's no need to worry, we haven't been raided this time. We're only upgrading stuff since we're still growing.

One of the technical things we always optimize is where to put our front machines. They are the ones that re-direct your traffic to a secret location. We have now decided to try to build something extraordinary.

With the development of GPS controlled drones, far-reaching cheap radio equipment and tiny new computers like the Raspberry Pi, we're going to experiment with sending out some small drones that will float some kilometers up in the air. This way our machines will have to be shut down with aeroplanes in order to shut down the system. A real act of war.

We're just starting so we haven't figured everything out yet. But we can't limit ourselves to hosting things just on land anymore. These Low Orbit Server Stations (LOSS) are just the first attempt. With modern radio transmitters we can get over 100Mbps per node up to 50km away. For the proxy system we're building, that's more than enough.

But when time comes we will host in all parts of the galaxy, being true to our slogan of being the galaxy's most resilient system. And all of the parts we'll use to build that system on will be downloadable.

quote:

Rogers’ “Cybersecurity” Bill Is Broad Enough to Use Against WikiLeaks and The Pirate Bay

Congress is doing it again: they’re proposing overbroad regulations that could have dire consequences for our Internet ecology. The Cyber Intelligence Sharing and Protection Act of 2011 (H.R. 3523), introduced by Rep. Mike Rogers and Rep. Dutch Ruppersberger, allows companies or the government1 free rein to bypass existing laws in order to monitor communications, filter content, or potentially even shut down access to online services for “cybersecurity purposes.” Companies are encouraged to share data with the government and with one another, and the government can share data in return. The idea is to facilitate detection of and defense against a serious cyber threat, but the definitions in the bill go well beyond that. The language is so broad it could be used as a blunt instrument to attack websites like The Pirate Bay or WikiLeaks. Join EFF in calling on Congress to stop the Rogers’ cybersecurity bill.

Under the proposed legislation, a company that protects itself or other companies against “cybersecurity threats” can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company under threat. But because “us[ing] cybersecurity systems” is incredibly vague, it could be interpreted to mean monitoring email, filtering content, or even blocking access to sites. A company acting on a “cybersecurity threat” would be able to bypass all existing laws, including laws prohibiting telcos from routinely monitoring communications, so long as it acted in “good faith.”

The broad language around what constitutes a cybersecurity threat leaves the door wide open for abuse. For example, the bill defines “cyber threat intelligence” and “cybersecurity purpose” to include “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”

Yes, intellectual property. It’s a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns.

The language of “theft or misappropriation of private or government information” is equally concerning. Regardless of the intent of this language, the end result is that the government and Internet companies could use this language to block sites like WikiLeaks and NewYorkTimes.com, both of which have published classified information. Online publishers like WikiLeaks are currently afforded protection under the First Amendment; receiving and publishing classified documents from a whistleblower is a common journalistic practice. While there’s uncertainty about whether the Espionage Act could be brought to bear against WikiLeaks, it is difficult to imagine a situation where the Espionage Act would apply to WikiLeaks without equally applying to the New York Times, the Washington Post, and in fact everyone who reads about the cablegate releases. But under Rogers' cybersecurity proposal, the government would have new, powerful tools to go after WikiLeaks. By claiming that WikiLeaks constituted “cyber threat intelligence” (aka “theft or misappropriation of private or government information”), the government may be empowering itself and other companies to monitor and block the site. This means that the previous tactics used to silence WikiLeaks—including a financial blockade and shutting down their accounts with online service providers—could be supplemented by very direct means. The government could proclaim that WikiLeaks constitutes a cybersecurity threat and have new, broad powers to filter and block communication with the journalistic website.

Congress is intent on passing cybersecurity legislation this year, and there are multiple proposals in the House and the Senate under debate. But none is as poorly drafted and dangerously vague as the Rogers bill. We need to stop this bill in its tracks, before it can advance in the House and before the authors can negotiate to place this overbroad language into other cybersecurity proposals.

Internet security is a serious problem that needs to be addressed. But we don’t need to sacrifice our civil liberties to do so. Help us safeguard the web by contacting Congress today.

quote:

Syrian activists targeted by fake YouTube

Spoof site can plant malware on PCs of people who leave comments on videos, pressure group warns

Syrian activists are being targeted by a fake version of Google's YouTube video site which plants malware on the PCs of people who leave comments on videos shown there, the Electronic Frontier Foundation has warned.

The EFF, a pressure group for free speech online, said that the site has been used to target people watching videos showing the conflict inside Syria, and that it may have captured the login details for Google accounts belonging to activists inside or outside the country. It also warns that the site offers a fake "update" to the Flash software used on most PCs to view video content.

The discovery ratchets up the online attacks against Syrian anti-government activists, who have been increasingly targeted by malware which is capable of capturing webcam details, turning off antivirus programs and capturing passwords.

The organisation warned last week that it had found two cases of pro-Syrian government malware – which can take over a machine or silently watch everything that the user types – being sent as web links in emails and chat.

It found that that malware sent back details to an internet address, 216.6.0.28, which has been assigned to the Syrian Telecommunications Establishment – indicating that unlike the vast majority of malware, which is used by criminals to download bank or other details and controlled via machines on the wider web, this one connects back to an official address inside Syria. That makes it likely that it is controlled by agencies acting for the Syrian government. The online security company Symantec detailed the effects of the malware in February.

The EFF warns people who have recently viewed such videos that they should check the security of their Google account, including the enabling of "two-factor authentication" – which requires special login details and will send a warning to the user's phone if the account is accessed from a different machine than the one which they normally use.

The fake YouTube uses the same layout as the official one, with Arabic script as Syrian users would expect.

YouTube has become an important channel for Syrian activists trying to get news about attacks by the government on citizens and locations out to the rest of the world. Videos uploaded to the site have revealed detail about the effects of shelling on cities and the killing of citizens. By targeting those who watch such videos, pro-government activists might be able to build up information about the networks and members of activist groups.

In a statement, the EFF noted that "EFF is deeply concerned about this pattern of pro-government malware targeting online activists in authoritarian regimes. We will continue to keep a close eye on future developments in this area."

quote:

Doc outrage: Anonymous 'behind' web-siege on Russian TV channel

The Russian faction of Anonymous has claimed responsibility for a cyber-attack on a Russian TV station's website. The outage follows a controversial documentary about Russian protestors produced by NTV.

One of Russia's major TV channels, NTV says its website was down for eleven hours Monday after DDoS attacks 'claimed by Anonymous.'

The site was under continuous threat of serious hacker attacks since last Friday, after the network showed a controversial documentary on the Russian opposition's protests that sparked a wave of outrage.

Anonymous admitted it was behind the cyber attack on March 16. “ntv.ru Tango down!” one member of Russian Anonymous posted to their twitter account.

“Protests Anatomy,” the documentary which sparked the attacks, was first aired last Thursday. Focusing on protests that have been taking place in Moscow ever since the 2011 parliamentary election, NTV speculated about whether protestors were paid from outsideof the country.

The documentary features a number of 'exposing videos' which are said to prove that many protestors were taking part in opposition mass-rallies for money. The reaction was explosive – shortly after the broadcast, a hashtag in Russian – #НТВлжет (#NTVlies) – made it to the top of worldwide trends on Twitter. Many were quick to label the program as outright propaganda, accusing NTV of fabrications and disinformation.

On Sunday, people angry at the channel gathered outside Moscow’s main TV center, which headquarters NTV, for an unsanctioned protest. Dozens were detained, but were released shortly after.

Gazprom-Media Holding, the owner of the channel, has slammed the hackers' attacks: "NTV is an informational and publicist channel that covers all aspects of societal life, and presents a palette of opinions and moods. Programs broadcasted are a matter of discussions of issues of the day. I believe the attacks violate democratic mechanisms and freedom of speech," said Nikolay Senkevich, general director of Gazprom Media.

quote:

Obama zet zich in voor vrij internet in Iran

Obama wil zich sterker inzetten voor het vrije internet in Iran. De Amerikaanse president beschuldigt Iran ervan een ‘elektronisch gordijn’ te hebben opgetrokken. Burgers hebben er geen toegang tot vrije informatie, zegt de president.

De Verenigde Staten zullen het makkelijker gaan maken voor Amerikaanse bedrijven om software Iran in te krijgen. Met die software moeten Iraniërs makkelijker van internet gebruik kunnen maken, zei Obama vandaag volgens persbureau Reuters in een videobericht aan het Iraanse volk.

Obama meent dat Iran een ‘elektronisch gordijn’ heeft opgetrokken om een vrije uitwisseling van ideeën en informatie tegen te houden. Hij roept de Iraanse regering op te stoppen met het blokkeren van informatie voor burgers, en voor het respecteren van hun universele rechten.

Tegelijkertijd gaf Obama aan dat er geen reden is voor een verdeling tussen de Verenigde Staten en Iran. Obama zei dat hij wil dat Iraniërs weten dat Amerika de dialoog zoekt om hun visie en wensen te horen. De president gaf de videotoespraak ter gelegenheid van het Iraanse nieuwjaar.

De opmerkingen van Obama komen tijdens verhoogde spanningen tussen Iran en de VS rond het nucleaire programma van Iran. Obama zei dat als Iraanse regering een “verantwoordelijk pad” volgt, het welkom is in de internationale gemeenschap terug te keren. Iran houdt vol dat het nucleaire programma vreedzaam van aard is en dat het niet bezig is kernwapens te ontwikkelen.

quote:

Judge Lifts Twitter Ban On "Anonymous" 14

MARCH 19--Over objections from the Department of Justice, a judge has lifted a Twitter ban on 14 accused members of “Anonymous” now under indictment for their alleged roles in a coordinated online assault against PayPal, an attack prosecutors contend was carried out via the social networking site.

Ruling on motions filed by several defendants, Magistrate Judge Paul Grewal stated that since government lawyers did not sufficiently link “allegedly criminal activities to use of a Twitter account,” the defendants were free to use the microblogging service. Grewal’s order was filed Friday in U.S. District Court in San Jose, California.

In a January court filing, defendant Vincent Kershaw argued that bail conditions barring his use of Twitter unduly burdened his First Amendment right to engage in political discourse. Kershaw, 28, contended that the Twitter ban prohibited him from “even perusing such critical communications from our own President or engaging in the Twitter Town Halls in any manner.”

In opposing Kershaw’s motion, a prosecutor described Twitter as one of the “principle tools through which the members of the Anonymous hacking group planned and coordinated their criminal activities.”

Kershaw, pictured in the above mug shot, also sought permission to use Internet Relay Chat so that he could participate in “political debate” and “political speech” in IRC chat rooms. That motion was denied by Grewal, who ruled that Kershaw and his codefendants are allowed “substantial internet use for purposes that include political discourse.”

Kershaw, a Colorado landscaper, and his codefendants were charged last July with conspiracy and intentional damage to a protected computer for allegedly participating in an “Anonymous”-organized denial of service attack on PayPal. The felony counts carry a combined maximum of 15 years in prison and a $500,000 fine.

The December 2010 online assault--dubbed “Operation Avenge Assange”--was prompted by the suspension of WikiLeaks’s PayPal account in the wake of the publication of classified Department of State cables by the group headed by Julian Assange. (3 pages)

twitter:

AnonOpsRomania twitterde op dinsdag 20-03-2012 om 22:05:57 Dutch biggest ISP's website Ziggo.nl Database leaked http://t.co/g2UjuI4O VIA @anonyINTRA #Anonymous #AntiSec reageer retweet

quote:

http://pastebin.com/Qpa4MMMU
#author:
AnonyINTRA
AnonbiH

#Target:
Ziggo.nl

-----------------------------------------------------------------------------------------------
Ya, as some proof some few costumers information.

quote:

Op woensdag 21 maart 2012 14:41 schreef picodealion het volgende:

[..]

Virusmelding op die pastebin link.

quote:

NSA Chief Denies, Denies, Denies Wired’s Domestic Spying Story

NSA chief General Keith Alexander faced tough — and funny — questions from Congress Tuesday stemming from Wired’s story on the NSA’s capabalities and warrantless wiretapping program.

Congressman Hank Johnson, a Georgia Democrat, asked Alexander whether the NSA could, at the direction of Dick Cheney, identify people who sent e-mails making fun of his inability to hunt in order to waterboard them.

Alexander said “No,” adding that the “NSA does not have the ability to do that in the United States.” Elaborating, Alexander added: “We don’t have the technical insights in the United States. In other words, you have to have [...] some way of doing that either by going to a service provider with a warrant or you have to be collecting in that area. We’re not authorized to do that, nor do we have the equipment in the United States to collect that kind of information.”

That statement seemingly contradicts James Bamford’s story, The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say), as well as stories from The New York Times, the Los Angeles Times, USA Today and Wired, which collectively drew a picture of the NSA’s post-9/11 foray into wiretapping the nation’s telecommunication’s infrastructure to spy on Americans without getting warrants.

Bamford writes:

. In the process — and for the first time since Watergate and the other scandals of the Nixon administration — the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes. Finally, the agency has begun building a place to store all the trillions of words and thoughts and whispers captured in its electronic net. And, of course, it’s all being done in secret. To those on the inside, the old adage that NSA stands for Never Say Anything applies more than ever.

But in testimony Tuesday in front of the House Armed Services subcommittee on Emerging Threats and Capabilities, Alexander responded to questions about the program, saying the NSA did not have the capability to monitor, inside the United States, Americans’ text messages, phone calls and e-mails. He added that if the NSA were to target an American, the FBI would take the lead and fill out the paperwork. (That’s an odd statement, since the process for targeting an American by the intelligence services is for the NSA to fill out the paperwork, submit it to the Justice Department and then send it to a secret court, according to statements by former Director of National Intelligence Michael McConnell.)

Alexander and Johnson both mispronounced Bamford’s name as Bashford (a Freudian slip). But it’s an odder mistake by Alexander, given that Bamford is the premier chronicler of the NSA.

It’s hard to tell here whether Alexander is parsing the questions closely, misspeaking or telling the truth. The heads of the intelligence service have a long tradition of misspeaking or telling untruths that advance their agenda. President George Bush himself on the re-election campaign trail said that no American had been wiretapped without a warrant, which was plainly false, according to numerous news stories and the government’s own admissions of the program.

In the aftermath of those half-truths, the Congress passed, and Bush signed into law, the FISA Amendments Act, which re-wrote the nation’s surveillance laws to give the NSA a much freer hand to wiretap American infrastructure wholesale.

Court challenges to the program, brought by the EFF and the ACLU, attempted to argue that even allowing the NSA to harvest Americans’ communications alongside foreigners into giant databases violated American law and the US Constitution. However, those challenges have never survived the Bush and Obama administration’s invocation of the “state secrets” privilege to have them thrown out of court.

Which is another way of saying that Americans have no idea what’s going on. Given the choice between an administration official saying nothing is going on and a respected reporter with inside sources saying something wicked this way comes, I know where my trust would lie.

Hank asks NSA director tough questions about wiretaps, e-mail intercepts

quote:

DHS Turns Over Occupy Wall Street Documents to Truthout

quote:

The Department of Homeland Security (DHS) closely monitored the Occupy Wall Street movement, providing agency officials with regular updates about protests taking place throughout the country, responding to requests from fusion centers for intelligence on the group and mining Twitter for information about Occupy's activities, according to hundreds of pages of documents DHS released to Truthout Wednesday morning in response to our Freedom of Information Act (FOIA) request.

quote:

http://truth-out.org/file(...)elease_OWS_Part1.pdf

I left both of you voice mail messages in which I described this issue in greater detail.
There is attached to this email a threat bulletin being disseminated by the Office of Emergency Management in Pittsburgh in which it discusses the threat posed by the Occupy Pittsburgh campaign and the hackers’ group: Anonymous. Both myself and (IO deployed to the PACIC Center in Harrisburg) are somewhat concerned that several items contained in this Intel Bulletin might be advocating surveillance and other countermeasures to be employed against activities protected under the 1st Amendment. Would either one or both of you be able to see what could be developed from this document that could take back to the Intel staff that produced this so that in the future they have a greater awareness of how to develop intelligence assessments that don’t undermine Constitutionally protected speech and assembly rights? Thanks in advanced, really appreciate all your help.

quote:

Documents Show Homeland Security Was Tracking Occupy Wall Street Even Before The First Protest

The Department of Homeland Security has been tracking the Occupy Wall Street movement since well before protesters first took Zuccotti Park last September, according to internal DHS memos obtained by Business Insider through a Freedom of Information Act Request.

The documents show that DHS alerted its agents to the Wall Street protests — and specifically the involvement of the hacker group Anonymous in organizing the protests — sometime before the Sept. 17 kickoff of the protests in downtown Manhattan.

In an undated memo, titled "Details On 'Anonymous' Upcoming Operations: 17 September 2011: Occupy Wall Street; U.S. Day of Rage," the DHS Office of Intelligence notes that the hacker group had came out in support of the planned Sept. 17 Wall Street protests. The memo provides details of a YouTube video released by Anonymous that called on protesters "to adopt a non-violent 'Tahrir-acampadas model,'" and to "flood into lower Manhattan, set up tents, kitchens, peaceful barricades and occupy Wall Street for a few months."

The memo warns that AdBusters, the original organizers of the OWS protests, had also planned a demonstration on the National Mall to coincide with the 10th anniversary of the invasion of Iraq in October 2011.

Another DHS Intelligence memo provides further warnings about the impact and likelihood of upcoming Anonymous Operations.

According to that memo, DHS cybersecurity analysts considered it "likely" that that peaceful OWS protests would occur on Sept. 17, and that "those protests may be accompanied by malicious cyber activity conducted by Anonymous."

The memo says analysts considered it unlikely that Anonymous would follow through with threats to launch a coordinated attack against Facebook on Nov. 5 2011.

On Anonymous's "Project Mayhem," — a year-long effort that will end with an "unveiling of secrets" on Dec. 21 2012 — the DHS warns that "inconsequential physical mischief and potentially disruptive malicious cyber activities" are expected, but "specific tactics, techniques, and procedures are unknown."

The memo also mentions an "Operation Halliburton" but says that "little is known" about the potential operation, which presumably targets the U.S. oilfield services giant.

Two other memos obtained by BI warn about Anonymous' threats to take down the New York Stock Exchange and to hack Fox News' website over the network's coverage of the OWS movement.

The documents were released to Business Insider today in response to a FOIA request we filed when reports first started circulating that DHS helped coordinate the nationwide OWS crackdown last November.

Although we have only made it through some of the 408 documents, what we've seen so far indicates that while the agency reluctant to get involved in the Occupy protests (at least initially), Homeland Security was definitely keeping tabs on the movement from the outset.

Read the memos below.

Read more: http://www.businessinside(...)2012-3#ixzz1pmgAeMeE

quote:

Brein wil omzeilen van verbod Pirate Bay aanpakken

Stichting Brein sommeert mensen die het klanten van Ziggo en Xs4all via een omweg het mogelijk maken om toch op The Pirate Bay te komen om hier onmiddellijk mee te stoppen.

Enkele Nederlandse beheerders van zogeheten proxyservers hebben een brief gekregen van de auteursrechtenorganisatie. Dat meldt de website Tweakers.net.

Ziggo en XS4ALL blokkeerden onlangs al de toegang tot torrentsite The Pirate bay, nadat de rechtbank in Den Haag ze daar toe had verplicht in een door Brein aangespannen zaak. Abonnees zouden muziek, films of games uitwisselen via The Pirate Bay en daarmee inbreuk maken op auteursrechten.

Volgens Brein-directeur Tim Kuik bieden de beheerders van proxyservers opzettelijk omzeiling van een rechterlijk verbod aan. “Als zij niet voldoen houden wij ze aansprakelijk voor schade”, zegt hij aan Tweakers.net. Onduidelijk is hoeveel mensen een beschikking en een sommatie hebben gekregen.

Brein daagde vorige maand internetproviders UPC, KPN, Tele2 en T-Mobile voor de rechter in een poging ook deze bedrijven ertoe te bewegen de website The Pirate Bay te blokkeren. De zaak dient 19 april.

quote:

T E L E C O M I X opsyria has established a secure dropbox

quote:

#opsyria has established a secure dropbox, administrated by LulzPanda, where you can put informations and files to publish without fear of being identified.

quote:

Exposed: Inside the NSA’s Largest and Most Expansive Secret Domestic Spy Center in Bluffdale, Utah

A new exposé in Wired Magazine reveals details about how the National Security Agency is quietly building the largest spy center in the country in Bluffdale, Utah, as part of a secret NSA surveillance program codenamed "Stellar Wind." We speak with investigative reporter James Bamford, who says the NSA has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. The Utah spy center will contain near-bottomless databases to store all forms of communication collected by the agency. This includes the complete contents of private emails, cell phone calls and Google searches, as well as all sorts of personal data trails — parking receipts, travel itineraries, bookstore purchases and other digital "pocket litter." "The NSA has constantly denied that they’re doing things, and then it turns out they are doing these things," Bamford says in response to NSA Director General Keith Alexander’s denial yesterday that U.S. citizens’ phone calls and emails are being intercepted. "A few years ago, President Bush said before camera that the United States is not eavesdropping on anybody without a warrant, and then it turns out that we had this exposure to all the warrantless eavesdropping in the New York Times article. And so, you have this constant denial and parsing of words." [includes rush transcript]

quote:

Sarkozy wil bezoek terroristische sites bestraffen – ‘campagne weer begonnen’

Sarkozy wil het bezoeken van terroristische websites en het reizen naar terroristische kampen in Afghanistan en Pakistan strafbaar stellen. Daarnaast wil hij strafrechtelijke maatregelen tegen “indoctrinatie” van islamisten, zei hij vanmiddag in een verklaring na de dood van de Franse schutter.

Sarkozy reageerde vanmiddag in een verklaring op het nieuws dat de schutter die zeven mensen in Frankrijk heeft vermoord, vanochtend gedood is bij een hevig vuurgevecht.

De Franse president zei dat Frankrijk het bezoeken van websites die oproepen tot terrorisme, haat of geweld strafbaar gaat maken. “Frankrijk zal geen rekrutering en ideologische indoctrinatie op zijn grondgebied tolereren”, zei Sarkozy. Daarnaast wil hij onderzoeken of gevangenissen gebruikt worden om extremisme in Frankrijk te propaganderen.

quote:

Anonymous Hacks Christian Websites In Mexico: “POPE is not welcome, out out!!!!!”

Anonymous Hispano, the Mexican branch of the online hacktivist collective based in Latin America lay siege to two Mexican websites on Tue, March 20 in protest of Pope Benedict XVI's upcoming visit in an cyber-operation referred to as #opFariseo (hypocrite) on Twitter. The hackers succeeded in temporarily knocking the websites offline and defacing them with their own message: "Hacked system. The POPE is not welcome, out out!!!!!"

Both hacked websites were linked to the Pope's planned visit to the country this Friday through Monday, before the religious leader continues his tour in Cuba. The website of the Achdiocese of Mexico was down for several hours on Tue. March 20 as was the website of the Institute of Communications and Philosophy (Comfil), which is usually devoted to teaching philosophy.

On their Facebook page, Anonymous Hispano confirmed that the websites were "hacked for supporting Benedict XVI). In a corresponding YouTube video the hacktivists claimed that the Pope's visit was connected to political campaigning for the upcoming Mexican presidential elections on July 1, and is an effort to throw the Catholic Church's support behind the current ruling party and to "keep the population shrouded in lies."

They also argue that the Pope's visit will not include any chances to witness the country's intense poverty and violence. Instead he will only see "a country of lies and facades where everything will apparently be wonderful."

In an explanatory message on Pastebin in Spanish, Anonymous Hispano posted a manifesto of sorts, titling the cyber-attack "Operation Freeloader," in a reference to the Pope. The message goes on to state that the collective believes Mexico should be a secular nation, and described the alliance of church and state in Mexico as an "irrefutable fact." (Read the full translated message below).

Anonymous has conducted operations in Mexico before, targeting the notorious drug cartels in the past when members of the hacktivist collective were held captive by the Mexican warlords.

quote:

TERRORIST Facebook pages leaked from CIA.

quote:

Source: Roger Landry WTPNetwork™(312-94876)
Updated List (3/17/12) These groups, pages and websites will be added to the terrorists watch list pending investigation.

quote:

List of Partner Forums

A Free and Voluntary Society
"Action Group to Uphold the Constitution"
Anarcho-Capitalism
Columbia Missouri for Ron Paul 2012
End the War on Drugs
Growing Organic, Eating Organic

quote:

Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits

A clever hacker today has to make tough choices. Find a previously unknown method for dismantling the defenses of a device like an iPhone or iPad, for instance, and you can report it to Apple and present it at a security conference to win fame and lucrative consulting gigs. Share it with HP’s Zero Day Initiative instead and earn as much as $10,000 for helping the firm shore up its security gear. Both options also allow Apple to fix its bugs and make the hundreds of millions of iPhone and iPad users more secure.

But any hacker who happens to know one Bangkok-based security researcher who goes by the handle “the Grugq”–or someone like him–has a third option: arrange a deal through the pseudonymous exploit broker to hand the exploit information over to a government agency, don’t ask too many questions, and get paid a quarter of a million dollars–minus the Grugq’s 15% commission.

That iOS exploit price represents just one of the dozens of deals the Grugq (pictured above) has arranged in his year-old side career as a middle man for so-called “zero-day” exploits, hacking techniques that take advantage of secret vulnerabilities in software. Since he began hooking up his hacker friends with contacts in government a year ago, the Grugq says he’s on track to earn a million in revenue this year. He arranged the iOS deal last month, for instance, between a developer and a U.S. government contractor. In that case, as with all of his exploit sales, he won’t offer any other details about the buyer or the seller.

Even with the $250,000 payout he elicited for that deal, he wonders if he could have gotten more. “I think I lowballed it,” he wrote to me at one point in the dealmaking process. “The client was too happy.”

A six-figure price for a single hacking technique may sound extravagant, but it’s hardly unique. Based on speaking with sources in this secretive but legal trade, I’ve assembled a rough price list for zero-day exploits below.



Each price assumes an exclusive sale, the most modern version of the software, and, of course, not alerting the software’s vendor. Some fees might even be paid in installments, with each subsequent payment depending on the vendor not patching the security vulnerabilities used by the exploit. In some cases the techniques would need to be used in combination to be effective.

An exploit’s price factors in both how widely the target software is used as well as the difficulty of cracking it. A technique that allows a hacker to gain control of a Mac OSX machine after hacking an application might earn only a fraction of one that targets Windows, for instance, because of Windows’ greater market share. But an iOS exploit pays more than one that targets Android devices partly because it requires defeating Apple’s significantly tougher security features. That means most agencies can simply develop their own Android attacks, the Grugq says, while ones that can penetrate the iPhone are rare and pricey. For the Jailbreakme 3 iOS exploit created by the hacker Comex last year, the Grugq says he heard agencies would have been eager to pay $250,000 for exclusive use of the attack.

Who’s paying these prices? Western governments, and specifically the U.S., says the Grugq, who himself is a native of South Africa. He limits his sales to the American and European agencies and contractors not merely out of ethical concerns, but also because they pay more. “Selling a bug to the Russian mafia guarantees it will be dead in no time, and they pay very little money,” he says, explaining that he has no contacts in the Russian government. ”Russia is flooded with criminals. They monetize exploits in the most brutal and mediocre way possible, and they cheat each other heavily.”

As for China, he says that the country has too many hackers who sell only to the Chinese government, pushing down prices. “The market is very depressed,” he says. Other regions like the Middle East and the rest of Asia can’t match Western prices either.

As a result, the Grugq earns 80% of his revenue from the U.S., though occasionally the developers who work with him have asked that he sell only to Europeans. Over more than a decade in the hacker scene, he’s met enough federal agents to have contacts at multiple U.S. agencies, and he knows how to package his developer’s exploits for sale to those buyers, with professional marketing and support. “You’re basically selling commercial software, like anything else. It needs to be polished and come with documentation,” he says. “The only difference is that you only sell one license, ever, and everyone calls you evil.”

One of the most vocal of those critics is Chris Soghoian, a privacy activist with the Open Society Foundations, who has described the firms and individuals who sell software exploits as “the modern-day merchants of death” selling “the bullets of cyberwar.”

“As soon as one of these weaponized zero-days sold to governments is obtained by a ‘bad guy’ and used to attack critical U.S. infrastructure, the shit will hit the fan,” Soghoian warned in a talk at the Kaspersky analyst summit in February. “Security researchers should not be selling zero-days to middle man firms…These firms are cowboys and if we do nothing to stop them, they will drag the entire security industry into a world of pain.”

The Grugq sees no ethical compromise in his work. “The Chinese are conducting espionage on a massive scale. [Soghoian] wants to ban sales of software–sorry, exploits–to the U.S. and European allies?” he asks. “The only possible outcome is that the Chinese will increase their internal production and skills and the…West will fall behind.”

Anyway, he adds, he doesn’t believe banning the sale of exploit code wouldn’t make users more secure. “That’ll work just as well at eliminating exploits as the war on drugs has worked at eliminating drugs,” he says.

The Grugq is hardly alone in his industry. Small firms like Vupen, Endgame and Netragard buy and sell exploits, as do major defense contractors like Northrop Grumman and Raytheon.

Netragard’s founder Adriel Desautels says he’s been in the exploit-selling game for a decade, and describes how the market has “exploded” in just the last year. He says there are now “more buyers, deeper pockets,” that the time for a purchase has accelerated from months to weeks, and he’s being approached by sellers with around 12 to 14 zero-day exploits every month compared to just four to six a few years ago.

Desautels won’t offer much about exactly who his customers are. But he says not every buyer aims to use his zero-days for spying. He claims to have recently sold a browser exploit for $125,000 to a private sector client for who aimed to use it merely as a proof-of-concept for marketing purposes. Other buyers use Netragard’s exploits for penetration testing, he says. “If you test a bullet proof vest, you use a bullet, not a squirt gun,” says Desautels.

Nonetheless, he says that the firm is “extremely careful” about choosing its customers. “We reject a lot more people than we accept,” he says. “Realistically, we’re selling cyberweaponry.”

And what about the option of selling the exploits to the software vendor itself, so that it can patch the targeted program? Firms like Mozilla and Facebook offer developers a few thousand dollars for reporting bugs. Google typically offers a maximum of $3,133.70 for information about the most complex flaws in its software, a number that’s meant to spell out “elite” in hacker slang.

But a four-figure price is hardly elite enough for the Grugq. ”If they want their bugs fixed, they can buy them at market rates like everyone else,” he says. “From each according to their ability, to each according to their needs? That’s communism. If they want the output, they can pay for it like anyone else. They have my email.”

quote:

Planned BitTorrent Pirate Punishments Spark Protest

In a few months, millions of alleged BitTorrent pirates in the US will risk being punished by their Internet providers. While the plan was announced a year ago, protests against it have only started to heat up this week. In just a few days more than 90,000 people have signed a petition asking their Internet providers not to participate, and many more are expected to follow.

Last year the MPAA and RIAA signed a ‘ground-breaking’ deal with all the major Internet providers in the United States.

In an attempt to deter online piracy, a third-party company will collect the IP-addresses of alleged infringers on BitTorrent and other public file-sharing networks.

The ISPs will then notify these offenders and tell them that their behavior is unacceptable. After six warnings the ISP may then take a variety of repressive measures, which include cutting off the offender’s connection temporarily.

After the initial announcement things went quiet, but that changed last week when the RIAA and the Center for Copyright Information confirmed that all major ISPs will start warning BitTorrent users this summer.

This renewed attention resulted in wide press coverage, and also sparked massive protests. Activist group Demand Progress quickly switched back to SOPA-style campaign mode and launched a petition asking ISPs to cut out of the deal.

“They’re selling us out,” the group writes.

“Just weeks after Internet users from across the globe came together to beat SOPA, the major ISPs are cutting a deal with Big Content to restrict web access for users who are accused of piracy.”

The call didn’t go unheard, and within 24 hours more than 60,000 people signed the petition. Today this number has swelled to more than 90,000 and the end still isn’t in sight.

Earlier this week the Electronic Frontier Foundation (EFF) also expressed its concerns over the so-called ‘graduated response’ system. They highlight that the agreement puts the burden of proof on the alleged file-sharers, which doesn’t seem fair considering the many wrongful accusations that can occur.

“One key problem is the arrangement shifts the burden of proof: rather than accusers proving infringement before the graduated response process starts against a subscriber, the subscriber must disprove the accusation in order to call a halt to it,” EFF writes.

“Worse, accused subscribers have to defend themselves on an uneven playing field. For example, they have only ten days to prepare a defense, and with only six pre-set options available. Of course, there’s no assurance that those who review the cases are neutral, and the plan sorely lacks consequences for an accuser who makes mistaken or fraudulent claims.”

The EFF informed TorrentFreak that they plan to launch an activism campaign in the near future to raise awareness of these issues.

How ‘bad’ the graduated warning system turns out to be largely depends on what punishments Internet providers intend to hand out. Needless to say, a temporary reduction in bandwidth is less severe than cutting people’s Internet access.

At TorrentFreak we are interested in finding out which third-party company will be hired to monitor people’s BitTorrent downloads, and how solid their evidence gathering methods are.

This is important, because the RIAA’s previous partner MediaSentry used rather shoddy techniques which resulted in many false accusations. The RIAA’s current partner DtecNet also has shortcomings as they fail to understand how BitTorrent works.

As we move closer to the July deadline more details should emerge. At the same time the online protests are also expected to increase, both through public initiatives and various advocacy groups. While it’s doubtful that they will ever get the same exposure as the SOPA revolt, there is no doubt that these protests will be noticed.

quote:

DOJ Signs New Rules To Let Intelligence Officials Access, Store And Search More Info About US Citizens

quote:

The Obama administration is moving to relax restrictions on how counterterrorism analysts may access, store and search information about Americans gathered by government agencies for purposes other than national security threats.

Attorney General Eric H. Holder Jr. on Thursday signed new guidelines for the National Counterterrorism Center, which was created in 2004 to foster intelligence sharing and to serve as a clearinghouse for terrorism threats.

The guidelines will lengthen to five years — from 180 days — the center’s ability to retain private information about Americans when there is no suspicion that they are tied to terrorism, intelligence officials said. The guidelines are also expected to result in the center making more copies of entire databases and “data-mining them” — using complex algorithms to search for patterns that could indicate a threat — than it currently does.

quote:

An Answer to Rose Collins, Mother of Jeremy Hammond

This letter is in response to http://finance.townhall.c(...)for_anonymous/page/2

Hello Rose,

I have read your open letter and would like to provide a response. Before I do that please understand the following: I am merely one Anon of many and I can only speak for myself. I do not know how many fellow Anons do agree with this, some may, others may in part while even more may totally disagree. But this does not matter, this is just the way Anonymous works.

I will not go into my involvement in Anonymous Operations but I can say that I have communicated with both Sabu and the online identity who is alleged to be your son Jeremy on more than one occasion. So the whole situation is not completely alien to me.

As for your first question: Yes, we do have lawyers. Within Anonymous and also outside, which are willing to support and defend Anons who have been arrested. You may have seen the websites http://anonlg.com/, http://freeanons.org/, and http://freehammond.org.

These are just the ones I can think of right now, there are more. Additionally the EFF (Electronic Frontier Foundation, http://www.eff.org) is willing to help. So yes, there is much help on the legal front and if you want to provide your son with additional legal help, I suggest you contact one of these volunteers.

To your second question: "If you do not forget or forgive, are you in agreement with Jeremy regarding imprisonment of those convicted of crimes?"

This is a tough one, but I will give you my own answer: I guess you won't find many lawyers that would argue that AntiSec related actions are not illegal at all, but I do *not* consider them criminal. This is an important difference. I think his actions were morally justifiable because he did not hack for his profit - never. He did it out of conviction, because he believed in a good cause. He is sick of the system we live in, which certainly is a view that many Anons share. While there are a large group of Anons that do not share the methods he used, this is not relevant to me (and my opinion on this does not matter). What is important is that Jeremy - in my belief - acted out of a conviction that is ethically honorable and I respect that.

Coming to Sabu. A very delicate subject, as you can imagine. From what I can see, the majority of Anons despise Sabu with all their guts and some may even want to do him physical harm. I do not consider myself one of them, mostly because there is so much information missing (and some information reported in the media may be outright false) so I dare not judge on this incident without having access to the full facts. Secondly, I believe that Sabu was also fighting for a good cause and I would think (and hope) that he hates himself for what he has done. If what the FBI claims is all true, I am certainly disappointed in him, as I would have never expected that Sabu - of all! - would commit such a treason. It was a very sad day for Anonymous when this came out.

Next question: "Who are you to decide that all government secrets must be exposed?"

Well, I am Anonymous and again, I can only speak for myself. As I said above, many Anons do not condone the actions done by groups such as LulzSec and AntiSec; these operations were certainly controversial. But many Anons believe that governments must become more transparent and less secretive, especially because we learn every day that the Government is filled with corruption, lies and greed. There are very good reasons that almost every Anon is also a strong supporter of Wikileaks.

As for your last question: I agree. While the banks and bankers certainly play a major role in all the problems the system has, and certainly are to blame for much suffering of the majority of the people, they are only part of the machinery. There are also politicians, mighty international companies, manipulating mass media and lobbies - they all have their role in the fuckup we are living in. But in the end it all comes down to money. And this is why bankers are one of the most obvious targets.

I hope this answer helps you in any way. As a final word I wish to say that I hope that Jeremy will have the best possible result in court and I wish you both the very best for the future.

Kindly,

An Anon

quote:

Barendrechter aangehouden voor hacken KPN

De Nationale Recherche heeft vorige week dinsdag in Barendrecht een zeventienjarige jongen aangehouden op verdenking een digitale inbraak bij KPN in januari. Hij zou het computersysteem van het telecombedrijf met kwaadaardige software hebben beschadigd.

De Barendrechter verkreeg zo van enkele honderden servers de hoogste toegangsrechten. Dat meldt het Openbaar Ministerie. Ook werd in Australië een zestienjarige hacker aangehouden die in contact stond met de Nederlandse verdachte.

Verdachte hackte ook universiteitsnetwerken

De Nationale Recherche legde beslag op een versleutelde computer, twee laptops en gegevensdragers van de Nederlandse verdachte. Ze kwamen hem op het spoor nadat hij in een chatkanaal tegen studenten van de Korea Advanced Institute of Science and Technology (Kaist) had opgeschept over zijn inbraak. De verdachte is vermoedelijk ook binnengedrongen in computers van de Tokohu University in Japan, de universiteit van Trondheim in Noorwegen en de Kaist in Zuid-Korea. Bovendien lijkt de jongen een website te beheren waarop gegevens van gestolen creditcards worden verhandeld.

Volgens het OM blokkeerde KPN na de ontdekking van de hack uit voorzorg twee miljoen e-mailaccounts. Volgens het telecombedrijf staan de twee zaken los van elkaar. De inloggegevens van klanten die toen op internet verschenen bleken afkomstig van thuiswinkel baby-dump.nl, meldt persbureau Novum. KPN keerde een ton aan schadevergoedingen uit aan klanten die gedupeerd werden door het afsluiten van de mailaccounts.

Het voorarrest van de Barendrechter werd vrijdag met twee weken verlengd. Het OM kwam er vanwege het belang van het onderzoek niet eerder mee naar buiten. Volgens KPN laat de leeftijd van de verdachte Barendrechter en of er al dan niet sprake is van kwade opzet onverlet dat de beveiliging optimaal moet worden georganiseerd.

quote:

The disappearing virtual library

The shutdown of library.nu is creating a virtual showdown between would-be learners and the publishing industry

Los Angeles, CA - Last week a website called "library.nu" disappeared. A coalition of international scholarly publishers accused the site of piracy and convinced a judge in Munich to shut it down. Library.nu (formerly Gigapedia) had offered, if the reports are to be believed, between 400,000 and a million digital books for free.

And not just any books - not romance novels or the latest best-sellers - but scholarly books: textbooks, secondary treatises, obscure monographs, biographical analyses, technical manuals, collections of cutting-edge research in engineering, mathematics, biology, social science and humanities.

The texts ranged from so-called "orphan works" (out-of-print, but still copyrighted) to recent issues; from poorly scanned to expertly ripped; from English to German to French to Spanish to Russian, with the occasional Japanese or Chinese text. It was a remarkable effort of collective connoisseurship. Even the pornography was scholarly: guidebooks and scholarly books about the pornography industry. For a criminal underground site to be mercifully free of pornography must alone count as a triumph of civilisation.

To the publishing industry, this event was a victory in the campaign to bring the unruly internet under some much-needed discipline. To many other people - namely the users of the site - it was met with anger, sadness and fatalism. But who were these sad criminals, these barbarians at the gates ready to bring our information economy to its knees?

They are students and scholars, from every corner of the planet.

Pirating to learn

The world, it should not come as a surprise, is filled with people who want desperately to learn. This is what our world should be filled with. This is what scholars work hard to create: a world of reading, learning, thinking and scholarship. The users of library.nu were would-be scholars: those in the outer atmosphere of learning who wanted to know, argue, dispute, experiment and write just as those in the universities do.

Maybe they were students once, but went on to find jobs and found families. We made them in some cases - we gave them a four-year taste of the life of the mind before sending them on their way with unsupportable loans. In other cases, they made themselves, by hook or by crook.

So what does the shutdown of library.nu mean? The publishers think it is a great success in the war on piracy; that it will lead to more revenue and more control over who buys what, if not who reads what. The pirates - the people who create and run such sites - think that shutting down library.nu will only lead to a thousand more sites, stronger and better than before.

But both are missing the point: the global demand for learning and scholarship is not being met by the contemporary publishing industry. It cannot be, not with the current business models and the prices. The users of library.nu - these barbarians at the gate of the publishing industry and the university - are legion.

They live all over the world, but especially in Latin and South America, in China, in Eastern Europe, in Africa and in India. It's hard to get accurate numbers, but any perusal of the tweets mentioning library.nu or the comments on blog posts about it reveal that the main users of the site are the global middle class. They are not the truly poor, they are not slum-denizens or rural poor - but nonetheless they do not have much money. They are the real 99 per cent (as compared to the Euro-American 1 per cent).

They may be scientists or scholars themselves: some work in schools, universities or corporations, others are doubly outside of the elite learned class - jobholders whose desire to learn is and will only ever be an avocation. They are a global market engaged in what we in the elite institutions of the world are otherwise telling them to do all the time: educate yourself; become scholars and thinkers; read and think for yourselves; bring civilisation, development and modernity to your people.

Sharing is caring

Library.nu was making that learning possible where publishers have not. It made a good show of being a "book review" site - it was called library.nu after all, and not "bookstore.nu". It was not cluttered with advertisements, nor did it "suggest" other books constantly. It gave straight answers to straightforward searches, and provided user reviews of the 400,000 or more books in the database.

It was only the fact that library.nu included a link to another site ("sharehosting" sites like ifile.it, megaupload.com, or mediafire.com) containing the complete version of a digital text that brought library.nu into the realm of what passes for crime these days.

But the legality of library.nu is also not the issue: trading in scanned, leaked or even properly purchased versions of digital books is thoroughly illegal. This is so much the case that it can't be long before reading a book - making an unauthorised copy in your brain - is also made illegal.

But library.nu shared books; it did not sell them. If it made any money, it was not from the texts themselves, but from advertising revenue. As with Napster in 1999, library.nu was facilitating discovery: the ability to search deeper and deeper into the musical or scholarly tastes fellow humans and to discover their connections that no recommendation algorithm will ever be able to make. In their effort to control this market, publishers alongside the movie and music industry have been effectively criminalising sharing, learning and creating - not stealing.

Users of library.nu did not have to upload texts to the site in order to use it, but they were rewarded if they did. There were formal rules (and informal ones, to be sure), concerning how one might "level up" in the library.nu community. The site developed as websites do, adding features here and there, and obviously expanding its infrastructure as necessary. The administrators of the site maintained absolute control over who could participate and who could not - no doubt in order to protect the site from skulking FBI agents and enthusiastic newbies alike.

Even a casual observer could have seen that the frequent changes to the site were the effects of the cat-and-mouse game underway as law authorities and publishers sought to understand and eventually seek legal action against this community. In the end, it was only by donating to the site that law authorities discovered the real people behind the site - pirates too have PayPal accounts.

Shutting down learning

The winter of 2012 has seen a series of assaults on file-sharing sites in the wake of the failed SOPA and PIPA legislation. Mega-upload.com (the brainchild of eccentric master pirate Kim Dotcom - he legally changed his name in 2005) was seized by the US Department of Justice; torrent site btjunkie.com voluntarily closed down for fear of litigation.

In the last few days before they closed for good, library.nu winked in and out of existence, finally (and ironically), displayed a page saying "this domain has been revoked by .nu domain" (the island nation of Niue). It prominently displays a link to a book (on Amazon!) called Blue Latitudes, about the voyage of Captain Cook. A story about that other kind of pirate branches off here.

So what does the shutdown of library.nu mean? One thing it means is that these barbarians - these pirates who are also scholars - are angry. We scholars have long been singing the praises of education, learning, mutual aid and the virtues of getting a good degree. We scholars have been telling the world of desperate learners to do just what they are doing, if not in so many terms.

So there are a lot of angry young middle-class learners in the world this month. Some are existentially angry about the injustice of this system, some are pragmatically angry they must now spend $100 - if they even have that much - on a textbook instead of on themselves or their friends.

All of them are angry that what looked to everyone like the new horizon of learning - and the promise of the vaunted new digital economy - has just disappeared behind the dark eclipse of a Munich judge's cease and desist order.

Writers and scholars in Europe and the US are complicit in the shutdown. The publishing companies are protecting themselves and their profits, but they do so with the assent, if not the active support, of those who still depend on them. They are protecting us - we scholars - or so they say. These barbarians - these desperate learners - are stealing our property and should be made to pay for it.

Profiteering

In reality, however, the scholarly publishing industry has entered a phase like the one the pharmaceutical industry entered in the 1990s, when life-saving AIDS medicines were deliberately restricted to protect the interests of pharmaceutical companies' patents and profits.

The comparison is perhaps inflammatory; after all, scholarly monographs are life-saving in only the most distant and abstract sense, but the situation is - legally speaking - nearly identical. Library.nu is not unlike those clever - and also illegal - local corporations in India and Africa who created generic versions of AIDS medicines.

Why doesn't the publishing industry want these consumers? For one thing, the US and European book-buying libraries have been willing pay the prices necessary to keep the industry happy - and not just happy, in many cases obscenely profitable.

Rather than provide our work at cheap enough prices that anyone in the world might purchase, they have taken the opposite route - making the prices higher and higher until only very rich institutions can afford them. Scholarly publishers have made the trade-off between offering a very low price to a very large market or a very high price to a very small market.

But here is the rub: books and their scholars are the losers in this trade-off - especially cutting edge research from the best institutions in the world. The publishing industry we have today cannot - or will not - deliver our books to this enormous global market of people who desperately want to read them.

Instead, they print a handful of copies - less than 100, often - and sell them to libraries for hundreds of dollars each. When they do offer digital versions, they are so wrapped up in restrictions and encumbrances and licencing terms as to make using them supremely frustrating.

To make matters worse, our university libraries can no longer afford to buy these books and journals; and our few bookstores are no longer willing to carry them. So the result is that most of our best scholarship is being shot into some publisher's black hole where it will never escape. That is, until library.nu and its successors make it available.

What these sites represent most clearly is a viable route towards education and learning for vast numbers of people around the world. The question it raises is: on which side of this battle do European and American scholars want to be?

quote:

Tim Kuik: 'De echte boosdoeners zijn de Pirate Bays en Megauploads van deze wereld'

Vanuit Hoofddorp bindt de stichting Brein de strijd aan met illegale downloaders. Niet tot ieders genoegen.

'Sorry voor mijn kortademigheid', excuseert Tim Kuik zich met een wat gepijnigd gezicht. Op zijn kantoor in Hoofddorp, in het pand bij Buma/Stemra, zet hij thee neer voor zijn gast. 'Ik heb met skiën drie ribben gebroken, maar zet dat maar niet in de krant want dan wensen bepaalde groepen op internet me weer toe dat ik nog veel harder had mogen vallen.'

Welkom in de gezellige wereld waarin Tim Kuik (54), directeur van antipiraterijclub Brein zich al jaren beweegt. De stichting, bij het grote publiek vooral bekend van de waarschuwingsfilmpjes voorafgaand aan elke dvd of videofilm, bestrijdt sinds 1998 de inbreuk op auteursrechten. Dat doet ze namens en op kosten van de partijen die belang hebben bij handhaving van het auteursrecht. Naast de makers van bijvoorbeeld films en muziek zijn dat ook de uitvoerende kunstenaars, uitgevers, producenten en distributeurs.

Brein, waar elf mensen werken, zette zich de afgelopen jaren in om het overweldigende aanbod van illegaal materiaal via internet te verkleinen. Met succes. Er waren talloze rechtszaken voor nodig, maar uiteindelijk kreeg Brein vaak waarop het uit was.

De meest tot de verbeelding sprekende overwinning was de blokkering begin dit jaar van de immens populaire site The Pirate Bay. De uitspraak vormde het voorlopige sluitstuk van een jarenlange juridische strijd. De rechter beval internetproviders Ziggo en Xs4all de site te blokkeren. Het kat-en-muisspel dat Brein met zijn tegenstanders speelt, houdt nooit op, bleek afgelopen week alweer. Met de Pirate-Bay-uitspraak in de hand meldde Brein zich bij een aantal Nederlandse websites die internetters nu helpen het gerechtelijk verbod te omzeilen.

De activiteiten van Brein, en die van voorman Kuik in het bijzonder, maken hem tot vijand nummer één van velen die hun films en muziek graag gratis van internet betrekken. Ook in de wereld van voorvechters van een 'vrij en open internet' wordt hij door velen persoonlijk gehaat. De - vrijwel altijd anonieme - scheldpartijen aan het adres van Kuik op allerhande internetblogs liegen er niet om. 'We zijn maffia, we zijn nazi's, we zijn van alles. Ik kan me er niet druk om maken', aldus Kuik. Buiten schijnt de eerste echte lentezon.

quote:

Doet de heftigheid van de reacties u helemaal niets?
'Ach, zolang ze op al die blogs dit soort teksten zitten te tikken, zijn ze in ieder geval niet illegaal aanbod aan het downloaden.'

quote:

Maar het moet toch bijzonder onprettig zijn om doorlopend doodgewenst te worden.
'We hebben die reacties een tijd lang gevolgd en het is een vrij kleine club mensen die dat soort taal bezigt. Weet je wat het ook is? Ik vind dat soort reacties getuigen van zo'n grote domheid, dat ik het niet eens meer als storend ervaar.'

quote:

Er is ook meer inhoudelijke kritiek van serieuzere partijen. De strijd tegen The Pirate Bay won Brein bijvoorbeeld door internetproviders Xs4all en Ziggo voor de rechter te slepen. Zijn dat nou echt de boosdoeners?
'Nee, zij zijn het sluitstuk van onze strategie. De echte boosdoeners zijn de aanbieders van illegale content, dus de Pirate Bays en Mega-uploads van deze wereld. Wij spreken in eerste instantie altijd die partijen aan. Maar vaak reageren zij niet of ze laten weten dat ze niet van plan zijn om te stoppen met wat ze doen. In zulke gevallen stappen we naar de hostingprovider. Dat is de partij die, zeg maar, onderdak biedt aan die sites. Reageert die ook niet, of verplaatsen de aanbieders hun sites naar een andere hostingprovider - in het buitenland bijvoorbeeld - dan pas komen we bij internetproviders terecht, Ziggo en Xs4all in dit geval. Die werkwijze heeft de rechter nu al meerdere malen goedgekeurd.'

quote:

Financial services firms fear being shamed by Anonymous

Professionals in the financial services sector view reputational damage as one of the worst consequences of a successful cyber attack, a new report from PricewaterhouseCoopers (PwC) has revealed.

Based on the responses of 3,877 companies across 78 countries, PwC found that half of the respondents from the banking sector believed the risk cybercrime posed had increased over the past 12 months.

Exceeding the 36 per cent figure recorded in other industries, the report revealed that half of financial services professionals are primarily concerned over potential damage to their company's brand and reputation.

"Cybercrime puts the financial service sector's customers, brand and reputation at significant risk" said PwC partner Andrew Clark.

The increased number of 'shame' attacks by hacktivist groups such as the Anonymous collective was highlighted as a key dilemma facing FS companies.

"The impact of social media, hacktivism and activism are widening all the time," PwC director William Beer told V3.

"Reputational damage is far more difficult to shrug off than financial."

The professionals' fears follow a marked increase in the number of online attacks targeting the financial services industry.

PwC analysts revealed that cybercrime now accounts for 38 per cent of all reported crime incidents in the finance sector. This compared to the 16 per cent average recorded in other sectors.

The paper follows on from a research paper by Verizon reporting an increase in the number of politically motivated cyber attacks being mounted against companies and governments.

quote:

U.S. Agency Seeks Tougher Consumer Privacy Rules

The government’s chief consumer protection agency said on Monday that it intended to take direct aim at the vast industry that has grown up around the buying and selling of information about American consumers.

The agency, the Federal Trade Commission, called on Congress to enact legislation regulating so-called data brokers, which compile and trade a wide range of personal and financial data about millions of consumers from online and offline sources. The legislation would give consumers access to information collected about them and allow them to correct and update such data.

The agency also sent a cautionary signal to technology and advertising companies regarding a “Do Not Track” mechanism that allows consumers to opt out of having their online behavior monitored and shared. It warned that if companies did not voluntarily provide a satisfactory Do Not Track option, it would support additional laws that mandate it.

The recommendations, part of a sweeping set of guidelines in an F.T.C. report on Monday, represent the government’s latest move to address the issue of consumer privacy.

On one side of the debate are data brokers like Experian and Acxiom, which collect and sell information, and the huge ecosystem of technology and online advertising companies — including Google, Microsoft and Facebook — that target consumers based on their personal preferences.

On the other side are consumer groups and privacy advocates that are concerned about the volume of data being collected and how little control consumers have over that information.

The government’s Do Not Track efforts are likely to collide with the desire of companies to continue the lucrative business of collecting, using and sharing information about the people who use their services. Although these businesses say they support limits on using this information, they generally still want to be able to collect it.

One official from a prominent technology company, who declined to be named because the discussions with the government were continuing, said that “do not collect is basically death for online advertising.”

But the trade commission said unequivocally that it believed consumers who said they did not want to be tracked meant just that — no tracking at all. It said it would support legislation to require it.

“Do Not Track from our perspective certainly means ‘do not collect’ — not ‘do not advertise back,’ ” said Jon Leibowitz, the chairman of the F.TC. “If a real Do Not Track option doesn’t come to fruition by the end of the year, there will be, I don’t want to say a tsunami of support for Do Not Track legislation next Congress, but certainly a lot of support.”

The F.T.C. said it intended to work with the White House and the Commerce Department on proposals they unveiled last month to develop voluntary industrywide codes of conduct that the F.T.C. can enforce.

Mr. Leibowitz said the commission did not endorse any specific Congressional legislation, but he mentioned a bill introduced in the Senate in April 2011 by John Kerry, Democrat of Massachusetts, and John McCain, Republican of Arizona. That bill seeks to require companies to tell consumers what data is being collected and allow them to opt out of the practice.

At least two other bills have been introduced in Congress. But none of that legislation is likely to make it into law in this Congressional session, however, given the heavy schedule of pending matters and re-election campaigns.

Many data broker companies say much of the information they collect is available from public documents like property and voter registration records. Companies can sell their data to a variety of clients, including marketers, telecommunications companies, retailers and political campaigns.

Jennifer Barrett Glasgow, the chief privacy officer for Acxiom, said the focus on data brokers in the F.T.C. report was not a surprise. “It’s not an unreasonable request to have more transparency among data brokers,” Ms. Barrett Glasgow said. The company collects data from public records, surveys and consumer purchasing behavior both online and offline.

quote:

Europees Parlement zal ACTA niet voorleggen aan Hof van Justitie

Een commissie van het Europees Parlement heeft dinsdag in een stemming besloten om het omstreden antipiraterijverdrag ACTA niet voor te leggen aan het Europese Hof van Justitie. Het parlement zal nu zelf een oordeel moeten vellen.

De Commissie Internationale Handel van het Europese Parlement heeft met 21 stemmen tegen en vijf voor een Brits voorstel verworpen om het ACTA-verdrag voor te leggen aan het Europese Hof van Justitie. Door deze stap zal het Europese Parlement zelf een besluit moeten nemen over het omstreden antipiraterijverdrag. Als het verdrag toch aan het Hof van Justitie zou zijn voorgelegd, dan zou de behandeling van ACTA circa 1,5 jaar vertraging hebben opgelopen.

Naar verwachting zullen de parlementariërs in juni tijdens een stemming definitief een oordeel geven over ACTA. Alleen als het Europees Parlement groen licht geeft, kan het verdrag door de Europese Commissie geratificeerd worden.

Tegenstanders van het ACTA-verdrag zijn tevreden over het besluit. Doordat de stap naar de Europese rechter nu wordt overgeslagen, verwachten de tegenstanders dat het brede verzet tegen ACTA, dat in een groot aantal landen wordt gedragen, intact blijft.

Ondanks de kritische geluiden zou de Europese Commissie nog steeds voor implementatie van ACTA zijn, zo meldt het Duitse Heise Online op basis van een rapport dat zij in handen hebben gekregen. In het rapport is een citaat te lezen van Eurocommissaris van Handel, Karel de Gucht: "Er heerst een erg agressieve pan-Europese campagne tegen het ACTA-verdrag, wat ook cyberaanvallen op Europese instanties tot gevolg heeft."

De Europese Commissie zou bang zijn voor het imago van de Europese Unie mocht het antipiraterijverdrag worden afgewezen. Ook wordt de kritiek op ACTA bestempeld als 'niet onderbouwd'. Desondanks is het verzet in veel EU-lidstaten groot: zo wil Polen niets weten van ratificatie en zijn er bedenkingen in Nederland, Duitsland en Tsjechië.

quote:

Entertainment Industry Was Eager to Work With Megaupload

Considering the aggressive stance taken by the MPAA against Megaupload, one might be forgiven for thinking the Hollywood-backed group and file-hosting service were sworn enemies. But behind the scenes things were quite different, with companies including Disney, Warner Brothers and Fox courting Megaupload to set up content distribution and advertising deals.

“By all estimates, Megaupload.com is the largest and most active criminally operated website targeting creative content in the world,” said the MPAA in a statement issued immediately after Mega was shutdown in January.

As statements go, they don’t get much more harsh than that, so one might think that hostilities between Megaupload and the member companies of the MPAA are a long-standing thing.

But as we know, despite all the rhetoric the likes of the usually-aggressive Disney never sued the Hong Kong based file-hosting service, and instead opted to let the FBI do their work for them.

While this government-financed approach will have proven substantially cheaper than dragging Megaupload through civil court, some potentially embarrassing things would have inevitably come out in such a case – such as this selection of emails just obtained by TorrentFreak.

In an eyebrow-raising email penned by Disney attorney Gregg Pendola, the counsel contacts Megaupload not to threaten or sue the company, but to set up a deal to have Disney content posted on the Megavideo site.

quote:

Spanish Recording Industry Lobbyists Sue Professor For Highlighting Its Monopolistic Practices

Yet again, we're left scratching our heads at the basic failure of recording industry lobbyists to think about the consequences of their actions. The latest is that Promusicae, the Spanish recording industry lobbying group that is associated with the IFPI (which, itself is associated with the RIAA) has sued Spanish professor Enrique Dans for daring to state, in his opinion, that Promusicae violated Spanish antitrust laws. The blog post in question (Google translation) is actually mostly about the legal troubles of SGAE, the Spanish collection society which was accused of being involved in a massive criminal fraud operation. In the post, he also mentioned Promusicae and how it set up a system that he believes violated antitrust laws in effectively limiting access to radio airtime to members of Promusicae.

In response, Promusicae sued him for "violating their honor," demanding either 20,000 or 50,000 euros. Professor Dans explains the details on his own site (Google translation).

It seems pretty clear that this is nothing more than a SLAPP-style lawsuit -- with the recording industry lobbyists suing Dans to shut him up and to create chilling effects to silence other critics. It's a shameful way of dealing with critics, and, as Rick Falkvinge notes in his story (the first link up top), even if Dans is legally in the right, a court battle is very costly. Again as Falkvinge notes, perhaps it's time for the EU to start setting up anti-SLAPP laws to avoid these kinds of lawsuits as well.

But, more to the point, all this really does is call much more attention to Dans' original blog post from July, and the accusations he made about Promusicae. In what world does an industry lobbyist think that it's a smart move to call attention to a respected professor's blog post that describes some of their questionable behavior? A normal, thinking, individual would either respond directly to the charges with a detailed explanation for why it's wrong, or just let it go away. Suing only makes it worse in almost every way. Not only does it call worldwide attention to this blog post and the claims against Promusicae, but it also will likely make more people look more closely at Promusicae and what it's done... all the while showing off Promusicae lobbyists for the obnoxious bullies that they are. It's really quite incredible. As Falkvinge notes:

. Perhaps what amazes me most is that the public backlash to this kind of behavior is as predictable as a grandfather clock. How can the copyright monopoly lobby’s lawyers live in so completely disconnected an ivory tower, that they thought it was a good idea to file lawsuit against a reputable professor for claiming they’re a monopoly, using monopolistic practices – when this fact is not only well-established to the point of being in dictionaries, but even legislated? What kind of survivability would such a parasitic misantropic business have in the wild, if it were not protected by obsolete laws?

Of course, I guess they're thinking that the resulting chilling effects scaring away others from commenting might be worth any backlash. Or they're so focused on protecting "their honor" that they never bothered to think at all. I am curious, of course, how "honorable" it is to sue a respected professor for expressing his opinion? How can you sue someone for violating your honor when you have no honor at all?

quote:

Op dinsdag 27 maart 2012 01:02 schreef Papierversnipperaar het volgende:

Anonymous: Message to YouTube

quote:

UPDATE! Earlier this afternoon, YouTube decided to heed the warning and unlock TheAnonMessage's account. No Censorship. Knowledge is Free. We are Anonymous.

quote:

Death of a data haven: cypherpunks, WikiLeaks, and the world's smallest nation

A few weeks ago, Fox News breathlessly reported that the embattled WikiLeaks operation was looking to start a new life under on the sea. WikiLeaks, the article speculated, might try to escape its legal troubles by putting its servers on Sealand, a World War II anti-aircraft platform seven miles off the English coast in the North Sea, a place that calls itself an independent nation. It sounds perfect for WikiLeaks: a friendly, legally unassailable host with an anything-goes attitude.

But readers with a memory of the early 2000s might be wondering, "Didn't someone already try this? How did that work out?" Good questions. From 2000 to 2008, a company called HavenCo did indeed offer no-questions-asked colocation on Sealand—and it didn't end well.

HavenCo's failure—and make no mistake about it, HavenCo did fail—shows how hard it is to get out from under government's thumb. HavenCo built it, but no one came. For a host of reasons, ranging from its physical vulnerability to the fact that The Man doesn't care where you store your data if he can get his hands on you, Sealand was never able to offer the kind of immunity from law that digital rebels sought. And, paradoxically, by seeking to avoid government, HavenCo made itself exquisitely vulnerable to one government in particular: Sealand's. It found that out the hard way in 2003 when Sealand "nationalized" the company.

For the last two years, I've researched the history of Sealand and HavenCo. I used the Wayback Machine to reconstruct long-since-vanished webpages. I dug through microfilm of newspapers back to the 1960s. I pored over thousands of pages of documents, only recently unsealed, from the United Kingdom's National Archives.

My findings have just been published in a new 80-page article in the University of Illinois Law Review, one called "Sealand, HavenCo, and the Rule of Law" (PDF). It tells the full—and very weird—story of how this micronation happened to be in the right place (the North Sea) at the right time (the late 1990s) to provide some cypherpunk entrepreneurs with the most impractical data center ever built. Here, I'll give the condensed version of the tale, hitting the important points in HavenCo's history and explaining what went wrong.

quote:

U.S. Outgunned in Hacker War

WASHINGTON—The Federal Bureau of Investigation's top cyber cop offered a grim appraisal of the nation's efforts to keep computer hackers from plundering corporate data networks: "We're not winning," he said.

Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures too weak to stop them, he said.

His comments weren't directed at specific legislation but came as Congress considers two competing measures designed to buttress the networks for critical U.S. infrastructure, such as electrical-power plants and nuclear reactors. Though few cybersecurity experts disagree on the need for security improvements, business advocates have argued that the new regulations called for in one of the bills aren't likely to better protect computer networks.

Mr. Henry, who is leaving government to take a cybersecurity job with an undisclosed firm in Washington, said companies need to make major changes in the way they use computer networks to avoid further damage to national security and the economy. Too many companies, from major multinationals to small start-ups, fail to recognize the financial and legal risks they are taking—or the costs they may have already suffered unknowingly—by operating vulnerable networks, he said.

"I don't see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it's an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security,'' Mr. Henry said.

James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies, said that as gloomy as Mr. Henry's assessment may sound, "I am actually a little bit gloomier. I think we've lost the opening battle [with hackers].'' Mr. Lewis said he didn't believe there was a single secure, unclassified computer network in the U.S.

"There's a kind of willful desire not to admit how bad things are, both in government and certainly in the private sector, so I could see how [Mr. Henry] would be frustrated,'' he added.

High-profile hacking victims have included Sony Corp., SNE +1.73%which said last year that hackers had accessed personal information on 24.6 million customers on one of its online game services as part of a broader attack on the company that compromised data on more than 100 million accounts. Nasdaq OMX Group Inc., NDAQ -0.71%which operates the Nasdaq Stock Market, also acknowledged last year that hackers had breached a part of its network called Directors Desk, a service for company boards to communicate and share documents. HBGary Federal, a cybersecurity firm, was infiltrated by the hacking collective called Anonymous, which stole tens of thousands of internal emails from the company.

Mr. Henry has played a key role in expanding the FBI's cybersecurity capabilities. In 2002, when the FBI reorganized to put more of its resources toward protecting computer networks, it handled nearly 1,500 hacking cases. Eight years later, that caseload had grown to more than 2,500.

Mr. Henry said FBI agents are increasingly coming across data stolen from companies whose executives had no idea their systems had been accessed.

"We have found their data in the middle of other investigations,'' he said. "They are shocked and, in many cases, they've been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.''

Mr. Henry said that while many company executives recognize the severity of the problem, many others do not, and that has frustrated him. But even when companies build up their defenses, their systems are still penetrated, he said. "We've been playing defense for a long time. ...You can only build a fence so high, and what we've found is that the offense outpaces the defense, and the offense is better than the defense,'' he said.

Testimony Monday before a government commission assessing Chinese computer capabilities underscored the dangers. Richard Bejtlich, chief security officer at Mandiant, a computer-security company, said that in cases handled by his firm where intrusions were traced back to Chinese hackers, 94% of the targeted companies didn't realize they had been breached until someone else told them. The median number of days between the start of an intrusion and its detection was 416, or more than a year, he added.

In one such incident in 2010, a group of Chinese hackers breached the computer defenses of the U.S. Chamber of Commerce, a major business lobbying group, and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.

In the congressional debate over cybersecurity legislation, the Chamber of Commerce has argued for a voluntary, non-regulatory approach to cybersecurity that would encourage more cooperation and information-sharing between government and business.

Matthew Eggers, a senior director at the Chamber, said the group "is urging policy makers to change the 'status quo' by rallying our efforts around a targeted and effective information-sharing bill that would get the support of multiple stakeholders and come equipped with ample protections for the business community."

The FBI's Mr. Henry said there are some things companies need to change to create more secure computer networks. He said their most valuable data should be kept off the network altogether. He cited the recent case of a hack on an unidentified company in which he said 10 years worth of research and development, valued at more than $1 billion, was stolen by hackers.

He added that companies need to do more than just react to intrusions. "In many cases, the skills of the adversaries are so substantial that they just leap right over the fence, and you don't ever hear an alarm go off,'' he said. Companies "need to be hunting inside the perimeter of their network," he added.

Companies also need to get their entire leadership, from the chief executive to the general counsel to the chief financial officer, involved in developing a cybersecurity strategy, Mr. Henry said. "If leadership doesn't say, 'This is important, let's sit down and come up with a plan right now in our organization; let's have a strategy,' then it's never going to happen, and that is a frustrating thing for me,'' he said.

quote:

Megaupload proves users were legit

In light of Megaupload's upcoming court case in which the US Government has accused Megaupload of being a hotbed for illegal users, Mega has proved the majority of it's users were legitimate. Megaupload has released that a large sum of it's users were actually belonging to US Officials including over 15,000 accounts held by US Military. Of the accounts held by US Officials these included accounts held by members of the FBI, Homeland Security, NASA and the Senate.

Megaupload attorney's and users are fighting hard for the data to not be deleted at this time however there is no certainty at this time if the information will be saved.

In other Megaupload news Kim Dotcom and his wife Mona welcome their twin baby girls into the world. The twin girls are reported to be a healthy weight at 5.3 and 6.2lbs however their names have not yet been released.
This is the fourth and fifth children for the couple. While Kim Dotcom is still under house arrest leading up to his extradition case the founder can live comfortably with his $50,000 a month spending limit. When doctor's asked if the couple would like to keep the placenta Kim Dotcom responded "yes, and please send it to the FBI for forensic analysis so they can verify there is no pirate DNA ;-)". If nothing else Megaupload founder has kept his sense of humour.

quote:

Hackers in Europa straks strenger gestraft - maar alleen als ze crimineel zijn

Hackers die inbreken in ict-systemen moeten in de toekomst strenger worden gestraft. Tenminste, als het gaat om inbraken met een crimineel doeleinde. 'Ethische' hackers die alleen beveiligingslekken willen aantonen, moeten juist vrijuit gaan.

Dat staat in een herziening van een Europese richtlijn, die deze week met 50 stemmen vóór, één stem tegen en drie onthoudingen ruimschoots werd goedgekeurd in het Europees Parlement. In veel landen, waaronder Nederland, staat nu nog 1 jaar cel op computervredebreuk, maar dat moet minstens twee jaar gaan worden. Op het uitvoeren van grootschalige cyberaanvallen komt minimaal vijf jaar te staan, aldus het voorstel.

Klokkenluiders
Maar vooral het amendement waarin staat dat hackers met goede bedoelingen voortaan gevrijwaard moeten worden van vervolging, betekent een belangrijke verandering in het beleid dat tot nu toe werd gevoerd. Op dit moment lopen deze klokkenluiders het risico vervolgd te worden op basis van verschillende andere wetten. Met de vernieuwde cybercrime-wet zal dat niet langer het geval zijn, mits kan worden aangetoond dat de hack geen schadelijke gevolgen heeft gehad.

Ook in Nederland is het onderwerp 'ethisch hacken' al meermalen voorbijgekomen. Verschillende hackers wisten aan te tonen dat er instanties zijn die wel persoonsgegevens beheren, maar niet goed in staat zijn om hun websites, databases en websites te beveiligen. De website Webwereld riep de maand oktober 2011 uit tot 'lektober', waarin iedere werkdag een privacylek aan het licht werd gebracht.

In september vorig jaar kon een wetsvoorstel van de PvdA om bescherming te bieden aan goedbedoelende 'hacktivisten' al rekenen op steun van een meerderheid in de Tweede Kamer. Tot nu toe is dat er echter nog niet van gekomen - terwijl het goedbedoelende deel van de hackerswereld met smacht op een dergelijke maatregel wacht.

Whitehats
De Europese richtlijn is voor hen dus zeer welkom. Niet alleen worden goedbedoelende hackers ('whitehats' in het hackersjagon) gespaard, de kwaadwillenden ('blackhats') worden strenger aangepakt. Zo moet ondermeer ook het verspreiden van software die is bedoeld om hacken mogelijk te maken, strafbaar worden gesteld, evenals het online aannemen van de identiteit van een ander.

Helemaal definitief is het voorstel overigens nog niet. Het Europees Parlement moet de richtlijn nog intern behandelen, en vervolgens moeten ook de Europese Commissie en de Raad van Europa zich er nog over uitspreken. Tenslotte wordt de herziene richtlijn aan de individuele lidstaten voorgelegd, die er allemaal mee moeten instemmen.

quote:

Kan Anonymous morgen het hele internet platleggen?

Kan de hackersgroep Anonymous het hele internet platleggen? Dat is de vraag die nu de gemoederen op IT-sites en social media bezighoudt onder de hashtag #OpGlobalBlackout. Het beruchte hackerscollectief heeft vorige maand aangekondigd op 31 maart, morgen dus, de DNS-servers te hacken die het belangrijkst zijn voor het wereldwijde web. Of gaat het hier om een publiciteitsstunt? Zo is het op 31 maart in de Verenigde Staten in de meeste landen tenslotte allang 1 april...

Anonymous stelt dat 'Operation Global Blackout' een protest is tegen de Stop Online Piracy Act (SOPA), tegen politieke leiders die daarvoor verantwoordelijk zijn en tegen de financiële mensen van Wall Street. Maar waarom doen ze zo'n aanval, die als doel heeft financiële instituten en beursgenoteerde bedrijven plat te leggen, op een zaterdag als er niet wordt gehandeld? En kunnen ze het eigenlijk wel voor elkaar krijgen?

De kracht van Anonymous
De groep Anonymous verrees in 2003 en staat bekend om zijn cyberaanvallen op hooggeplaatste websites, zoals die van de overheid en CIA, miljoenenbedrijven, credit card-aanbieders en banken. Zelfs het Vaticaan moest er deze maand aan geloven, toen de website van de katholieke kerk in Rome gehackt werd. Alle aanvallen zijn waarschuwingen, om de kracht van hackers te laten zien.

Volgens de videoboodschap van Anonymous, waarvan de authenticiteit niet kan worden nagegaan, zullen alle websites morgen een foutmelding geven. Zelfs als ze het voor elkaar krijgen, is de actie tijdelijk. De stem van Anonymous belooft dat gewone individuen niet gedupeerd worden: 'Vergeet niet dat het om een protestactie gaat en dat we niet de dood van internet willen'. Waarom zouden ze ook? De organisatie zelf bestaat uitsluitend op het internet.

Hoe het werkt
De website techzine.nl, die het nieuws over de black-out in februari bracht, denkt dat zo'n aanval best mogelijk is. De site schrijft: 'De capaciteit van het aantal DNS-rootservers is inmiddels al meerdere malen uitgebreid om ervoor te zorgen dat ze niet allemaal offline gehaald kunnen worden. Op dit moment zijn er dus 13, hoewel we mogen aannemen dat al deze knooppunten over een flinke capaciteit beschikken moet ook Anonymous niet onderschat worden.' De dertien DNS-rootservers zorgen dat domeinnamen worden omgezet naar IP-adressen en geven er de juiste extenties aan, zoals .net, .com, .org, .eu .nl, etcetera.

Als die hoofdservers niet werken, kan niemand de gevraagde website dus meer vinden, zelfs als die onder een lagere server hangt. Maar om de hoofdservers te demobiliseren, moet je honderdduizenden IP-verzoeken tegelijk op ze afschieten, door duizenden verschillende DNS-servers. Heeft Anonymous wel zo'n groot bereik? Bovendien zijn de hoofdservers, volgens de experts die ze hebben ontwikkeld, ingesteld op constante cyberaanvallen en maken ze gebruik van een omweg, waardoor ze nooit direct zelf het doelwit zijn.

Operatie 'Ontmasker'
Het kan ook nog zijn dat de mensen achter Operation Global Blackout inmiddels al achter de tralies zitten. Internationale opsporingsdienst Interpol kondigde eind vorige maand in een persbericht aan dat het in vier landen 25 individuen had opgepakt die ervan worden verdacht bij hackerscollectief Anonymous te horen. Operatie 'Ontmasker' ging halverwege februari van start met als doel een serie cyberaanvallen op doelen in Latijns Amerika en Europa een halt toe te brengen. En Anomymous heeft zijn #OpGlobalBlackout-dreigingen sindsdien niet herhaald...

quote:

White Supremacist Hacks Trayvon Martin’s Email Account, Leaks Messages Online

The racist smear campaign against Trayvon Martin, the unarmed black teen shot to death last month in Florida, has reached a new level of ghoulishness. A white supremacist hacker says he's broken into Martin's email and social networking accounts, and leaked his private Facebook messages. We've been able to confirm that at least one email account that belonged to Martin was cracked.

The hacker, who goes by the name Klanklannon, posted what he said were Martin's private Facebook messages to the politics section (NSFW) of the anarchic message board 4chan—called "/pol/"—Tuesday afternoon at around noon. The messages were posted on four slides, strategically arranged to back up the insane racist argument that Trayvon was a Scary Black Teenager and so somehow deserved to be killed by neighborhood watch captain George Zimmerman that night.

A slide titled "Trayvon Martin Used Marijuana Habitually," features an exchange between Trayvon and a friend about getting high. Another slide, "Trayvon Martin was a Drug Dealer" features Facebook messages and photos that supposedly prove Martin dealt drugs, including a picture of Martin posing "aggressively with a large amount of cash in his hand." It's impossible to verify the hacked messages' authenticity—like other anti-Trayvon Martin propaganda, they're probably a mix of real and fake content— but they are now being passed around as gospel among the racist underbelly of the internet, including message boards like the neo-Nazi hive Stormfront, which Klanklannon apparently frequents.

In addition to the Facebook messages, Klanklannon posted a list of usernames and passwords for Martin's social media and email accounts as proof of his exploits. All of the passwords had been changed to racist slurs. (Gmail: "niggerniggernigger" Twitter: "coontrayvonnigger")

"I realize that some of this information might be to (sic) extreme to believe," Klanklannon writes in a copy of the original 4chan thread we've obtained. "That's why I offer you evidence. Here are my sources."

The list included login details for Martin's Gmail, Yahoo, MySpace, and Twitter accounts. A source who came across the 4chan post when it was live was able to use the information to log onto Martin's Gmail account Tuesday night. Our source panicked upon seeing that trolls had started using the account to send emails under Martin's name, and deleted the account. (An email sent to Martin's Gmail address bounced back today; Martin's Twitter account has also been deactivated. His MySpace page is still up, showing that the last login was Tuesday.)

On 4chan, Klanklannon made clear their intention to smear Trayvon. Klanklannon introduces the post with, "Today /pol/, tomorrow CNN." One 4chan user told us Klanklannon had been attempting to break into Martin's accounts for days, posting periodic updates to the board.

"Where did all the liberals go?," Klanklannon taunted after posting his slides. "Did they run off because they can't handle the facts?"

But Klanklannon included none of Martin's emails in his leak, because the picture they paint is of a normal high school junior preparing for college. A screenshot of Trayvon's Gmail inbox our source provided us is heartbreaking. Martin apparently used his Gmail account for his college search, and it's filled with emails about upcoming SAT tests and scholarship applications. ("Trayvon, now is the best time to take the SATs!") One email included the results of a career aptitude test, our source said. It "talked about his interest in aeronautics and stuff."

Klanklannon has proven nothing more than the depths to which the racist amateur detectives who have spent days obsessing over every aspect of Trayvon Martin's short life will sink in their horrible quest to vet a dead teenager.

quote:

Russia's Interior Minister Pushes For Extreme Internet Censorship Measures

Russia’s Ministry of the Interior plans to set up special centers to assess hate-mongering and extremism in mass media, including online publications, YouTube, and Facebook pages, Interior Minister Rashid Nurgaliyev said on Friday, according to Ria Novosti.

Nurgaliyev wants to open a center in each Russian district. Two already operate in Moscow and St. Petersburg. "We are working on creating special interregional centers with expertise in electronic media, printed, audio and video features to check them for any indications of extremism," he told Gazeta. The monitoring will be done by bureaucrats who are part of the presidential administration.

The initiative is the latest in the government’s crackdown on extremism on the Internet. And while politicians and activists alike believe it needs to be dealt with, this measure seems to have touched a nerve with everyone. So much so that even those expected to implement it have washed their hands of it.

“I'm afraid it may create the total surveillance of the Russian segment of the internet," Pavel Chikov, a lawyer and head of Agora human rights watchdog, told Gazeta. He said the initiative would lead to political censorship and an increase of criminal cases against bloggers on "invented accusations connected to extremism," something Russia has been accused of before.

Duma members were also skeptical, saying it was unclear how plenipotentiaries, who are political institutions, were supposed to help fight extremism. The plenipotentiaries themselves seem surprised, too. "This idea is definitely not ours. This is important, but the Ministry of the Interior and the Federal Supervision Agency for Information Technologies and Communications already do this expertise," a Far Eastern representative said.

Read more: http://www.businessinside(...)2012-3#ixzz1qgRVQPiT

quote:

China blokkeert sites en sociale netwerken na coupgeruchten

Geruchten over een ophanden zijnde coup hebben in China geleid tot de sluiting van zestien websites en de blokkade van twee sociale medianetwerken. Ook zijn zes mensen gearresteerd en is een onbekend aantal mensen ondervraagd.

Op de websites en twee Twitter-achtige diensten doken volgens staatspersbureau Xinhua berichten op over militaire voertuigen die de hoofdstad zouden binnenrijden.'Er gaat iets mis in Peking', zo werd daarin geconcludeerd.

De actie, die vrijdagavond laat werd aangekondigd door verschillende staatsmedia, onderstreept de vrees van de autoriteiten voor de groeiende toegang tot internet van de Chinese bevolking en de gretigheid waarmee Chinezen, ondanks de censuur en mogelijke straffen, de politiek bespreken.

Reinigen
De twee sociale medianetwerken die getroffen zijn door de maatregelen hebben elk meer dan driehonderd miljoen gebruikers. Voor het 'reinigen' van de sites hebben de sites drie dagen uitgetrokken.

In China woedt momenteel een van de ergste politieke crises in jaren. De machthebbers zijn druk bezig om de nalatenschap van Bo Xilai uit te wissen, het politieke kopstuk dat eerder deze maand werd ontslagen als partijchef in de stad Chongqing.