Category Archives: Google

FBI Releases Hillary Server Investigation Documents

Posted on by

Signed on January 22, of 2009, Hillary declared by signature her compliance to classified material.

Hillary Non Disclosure This is the actual document with her signature.

FBI Releases Documents in Hillary Clinton E-Mail Investigation

Today the FBI is releasing a summary of former Secretary of State Hillary Clinton’s July 2, 2016 interview with the FBI concerning allegations that classified information was improperly stored or transmitted on a personal e-mail server she used during her tenure. We also are releasing a factual summary of the FBI’s investigation into this matter. We are making these materials available to the public in the interest of transparency and in response to numerous Freedom of Information Act (FOIA) requests. Appropriate redactions have been made for classified information or other material exempt from disclosure under FOIA.

FBI Background Investigation Hillary servers

FBI 302 Report on Hillary Interview

As a note, the FBI 302 report is shorter and frankly it tells us that Hillary told the FBI she cant remember sh*t. Hillary left all judgment to handling government material and security classifications to ‘her’ State Department professionals. The real background investigation report defines the best part of the whole scandal, it is 47 pages and quite chilling. Oh…there were several servers and 13 mobile devices. Her covert intelligence aide Sidney Blumenthal did receive at least 24 email exchanges with classified material. Redactions abound and avoiding FOIA was the underlying objective.

The Russians Hacked the NSA? Ah…What?

Posted on by

This is bad bad bad….and panic has struck Washington DC ….payment is to be in Bitcoins…

Graphics of files below courtesy of Arstechnica.

    

More here in further detail.

*****

Most outside experts who examined the posts, by a group calling itself the “Shadow Brokers,” said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the NSA’s custom-built malware. Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the NSA to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.  More here.

NSA and the No Good, Very Bad Monday

LawFare: Monday was a tough day for those in the business of computer espionage. Russia, still using the alias Guccifer2.0, dumped even more DNC documents. And on Twitter, Mikko Hypponen noted an announcement on Github that had gone overlooked for two days, a group is hosting an auction for code from the “Equation Group,” which is more commonly known as the NSA. The auctioneer’s pitch is simple, brutal, and to the point:

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

This release included two encrypted files, and the password to one was provided as proof while the other remains encrypted. The attackers claim that they will provide the password to the second file to the winner of a Bitcoin auction.

The public auction part is nonsense. Despite prevailing misconceptions on cryptocurrency, Bitcoin’s innate traceability means that no one could really expect to launder even $1M out of a high profile Bitcoin wallet like this one without risking detection, let alone the $500M being requested for a full public release. The auction is the equivalent of a criminal asking to be paid in new, marked, sequential bills. Because the actors here are certainly not amateurs, the auction is presumably a bit of “Doctor Evil” theater—the only bids will be $20 investments from Twitter jokesters.

But the proof itself appears to be very real. The proof file is 134 MB of data compressed, expanding out to a 301 MB archive. This archive appears to contain a large fraction of the NSA’s implant framework for firewalls, including what appears to be several versions of different implants, server side utility scripts, and eight apparent exploits for a variety of targets.

The exploits themselves appear to target Fortinet, Cisco, Shaanxi Networkcloud Information Technology (sxnc.com.cn) Firewalls, and similar network security systems. I will leave it to others to analyze the reliability, versions supported, and other details. But nothing I’ve found in either the exploits or elsewhere is newer than 2013.

Because of the sheer volume and quality, it is overwhelmingly likely that this data is authentic. And it does not appear to be information taken from compromised targets. Instead, the exploits, binaries with help strings, server configuration scripts, 5 separate versions of one implant framework, and all sort of other features indicate that this is analyst-side code—the kind that probably never leaves the NSA.

It is also unlikely that this data is from the Snowden cache. Those documents focused on PowerPoint slides and shared data, not detailed exploits. Besides NSA, the only plausible candidate for ownership is GCHQ—and the implications of stealing Top Secret data from GCHQ and modifying it to frame the NSA would themselves be startling.

All this is to say that there is relatively high confidence that these files contain genuine NSA material.

From an operational standpoint, this is not a catastrophic leak. Nothing here reveals some special “NSA magic.” Instead, this is evidence of good craftsmanship in a widely modular framework designed for ease of use. The immediate consequence is probably a lot of hours of work down the drain.

But the big picture is a far scarier one. Somebody managed to steal 301 MB of data from a TS//SCI system at some point between 2013 and today. Possibly, even probably, it occurred in 2013. But the theft also could have occurred yesterday with a simple utility run to scrub all newer documents. Relying on the file timestamps—which are easy to modify—the most likely date of acquisition was June 11, 2013 (see Update, however). That is two weeks after Snowden fled to Hong Kong and six days after the first Guardian publication. That would make sense, since in the immediate response to the leaks, as the NSA furiously ran down possible sources, it may have accidentally or deliberately eliminated this adversary’s access.

As with other recent cyber conflicts, the  espionage aspect is troubling but not entirely new. It’s very, very bad that someone was able to go rummaging through a TS//SCI system—or even an unclassified Internet staging system where the NSA operator unwisely uploaded all this data—and to steal 300 MB of data. But whoever stole this data now wants the world to know—and that has much graver implications. The list of suspects is short: Russia or China. And in the context of the recent conflict between the US and Russia over election interference, safe money is on the former.

Right now, I’d imagine that the folks at NSA are having rather unpleasant conversations about what the other encrypted file might contain, and what other secrets this attacker may have gained access to. Even if they were aware of the attack that resulted in this leak, there’s no way of knowing what is in the other archive. Is there evidence of another non-Snowden insider who went silent three years ago? Was a TS//SCI system remotely compromised? Was there some kind of massive screw-up at an agency which prides itself on world class OPSEC? Some combination of the three?

And—most chillingly—what else might be released before this war of leaks is over?

 

Update:  Thanks to @botherder for pointing out that a couple files have a newer date:  One file has a date of June 17th, 2013; another has a date of July 5th, 2013; three setup strips are dated September 4th, 2013; and two have dates of October 18th 2013.  One of those files (which I’m currently investigating) is the database of allocated Ethernet MAC addresses, which may be able to identify a later minimum date of compromise.  If the latter date of October 18th, 2013 is correct, this is even more worrysome, as this suggests that the compromise happened four months after the initial Snowden revelations—a period of time when the NSA’s systems should have been the most secure.

Update 2: Looking at the dates again, it now does seem somewhat likely that this was data copied on June 11th, 2013 with a few updates with a compromise after October 18th.  This does make it more likely that this was taken from a set of files deliberately moved onto a system on the Internet used for attacking others.  To my mind, this is actually an even scarier possibility than the NSA internal system compromise: This scenario would have the NSA, after the Snowden revelations, practicing some incredibly awful operational security.  Why should the NSA include five different versions of the same implant on a system used to attack other systems on the Internet?  Let alone implants which still have all the debugging strings, internal function names, and absolutely no obfuscation?

Update 3: Kaspersky confirms that the particular use of RC6 matches the unique design present in other Equation Group malcode.  XORcat apparently confirmed that the Cisco exploit works and, due to the versions it can attack, was a zero day at the time.  This exploit would generally work to take over a firewall from the inside of a target network since it did require limited access that is almost always blocked from the outside.

*****

In part from the WashingtonPost:

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

The file appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).

“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

Said a second former TAO hacker who saw the file: “From what I saw, there was no doubt in my mind that it was legitimate.”

“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. “Much of this code should never leave the NSA.”

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.

At the same time, other spy services, like Russia’s, are doing the same thing to the United States.

It is not unprecedented for a TAO operator to accidentally upload a large file of tools to a redirector, one of the former employees said. “What’s unprecedented is to not realize you made a mistake,” he said. “You would recognize, ‘Oops, I uploaded that set’ and delete it.”

Critics of the NSA have suspected that the agency, when it discovers a software vulnerability, frequently does not disclose it, thereby putting at risk the cybersecurity of anyone using that product. The file disclosure shows why it’s important to tell software-makers when flaws are detected, rather than keeping them secret, one of the former agency employees said, because now the information is public, available for anyone to employ to hack widely used Internet infrastructure. Read the full article here.

The Authority of the Internet is Turned Over in 2 Months

Posted on by

This is surrender of the one place in the world where there is some freedom, the internet. The transfer date is September 30, 2016. Is this a big deal? Yes…..China and Russia don’t have a 1st amendment and it appears only one senator is waging the war to stop the transfer, Ted Cruz.

“From the very first days of the internet, the American government has maintained domain names and ensured equal access to everyone with no censorship whatsoever,” Cruz says in the video. “Obama wants to give that power away.”

That move poses a “great threat” to national security, Cruz said. Starting on the transfer date of Sept. 30, ICANN control could allow foreign governments to prohibit speech that they don’t agree with, he added.

Cruz has added an amendment to the Senate’s Highway Bill that would require an up-or-down vote on the administration’s plan to give ICANN control over names and numbers. And Cruz’s Protecting Internet Freedom Act, proposed with Republican Rep. Sean Duffy (Wis.), would prevent the transfer of authority to the global group. More from The Blaze.

*****

Twenty-five advocacy groups and some individuals have told leaders in the Senate and the House of Representatives that key issues about the transition are “not expected to be fully resolved until summer 2017.”

“Without robust safeguards, Internet governance could fall under the sway of governments hostile to freedoms protected by the First Amendment,” wrote the groups, which include TechFreedom, Heritage Action for America and Taxpayers Protection Alliance. “Ominously, governments will gain a formal voting role in ICANN for the first time when the new bylaws are implemented.” Read more here from PCWorld.

America to hand off Internet in under two months

WashingtonExaminer: The Department of Commerce is set to hand off the final vestiges of American control over the Internet to international authorities in less than two months, officials have confirmed.

The department will finalize the transition effective October 1, Assistant Secretary Lawrence Strickling wrote on Tuesday, barring what he called “any significant impediment.”

The move means the Internet Assigned Numbers Authority, which is responsible for interpreting numerical addresses on the Web to a readable language, will move from U.S. control to the Internet Corporation for Assigned Names and Numbers, a multistakeholder body that includes countries like China and Russia.

Critics of the move, most prominently Texas Republican Sen. Ted Cruz, have pointed out the agency could be used by totalitarian governments to shut down the Web around the globe, either in whole or in part.

Opponents similarly made the case that Congress has passed legislation to prohibit the federal government from using tax dollars to allow the transition, and pointed out that the feds are constitutionally prohibited from transferring federal property without approval from Congress. A coalition of 25 advocacy groups like Americans for Tax Reform, the Competitive Enterprise Institute, and Heritage Action sent a letter to Congress making those points last week.

While those issues could, in theory, lead to a legal challenge being filed in the days following the transfer, the administration has expressed a desire to finish it before the president leaves office, a position that Strickling reiterated.

“This multistakeholder model is the key reason why the Internet has grown and thrived as a dynamic platform for innovation, economic growth and free expression,” Strickling wrote. “We appreciate the hard work and dedication of all the stakeholders involved in this effort and look forward to their continuing engagement.”

What you Need to Know About IDI and Why

Posted on by

This Company Has Built a Profile on Every American Adult

Every move you make. Every click you take. Every game you play. Every place you stay. They’ll be watching you.

Bloomberg: Forget telephoto lenses and fake mustaches: The most important tools for America’s 35,000 private investigators are database subscription services. For more than a decade, professional snoops have been able to search troves of public and nonpublic records—known addresses, DMV records, photographs of a person’s car—and condense them into comprehensive reports costing as little as $10. Now they can combine that information with the kinds of things marketers know about you, such as which politicians you donate to, what you spend on groceries, and whether it’s weird that you ate in last night, to create a portrait of your life and predict your behavior.

IDI, a year-old company in the so-called data-fusion business, is the first to centralize and weaponize all that information for its customers. The Boca Raton, Fla., company’s database service, idiCORE, combines public records with purchasing, demographic, and behavioral data. Chief Executive Officer Derek Dubner says the system isn’t waiting for requests from clients—it’s already built a profile on every American adult, including young people who wouldn’t be swept up in conventional databases, which only index transactions. “We have data on that 21-year-old who’s living at home with mom and dad,” he says.

Dubner declined to provide a demo of idiCORE or furnish the company’s report on me. But he says these personal profiles include all known addresses, phone numbers, and e-mail addresses; every piece of property ever bought or sold, plus related mortgages; past and present vehicles owned; criminal citations, from speeding tickets on up; voter registration; hunting permits; and names and phone numbers of neighbors. The reports also include photos of cars taken by private companies using automated license plate readers—billions of snapshots tagged with GPS coordinates and time stamps to help PIs surveil people or bust alibis.

IDI also runs two coupon websites, allamericansavings.com and samplesandsavings.com, that collect purchasing and behavioral data. When I signed up for the latter, I was asked for my e-mail address, birthday, and home address, information that could easily link me with my idiCORE profile. The site also asked if I suffered from arthritis, asthma, diabetes, or depression, ostensibly to help tailor its discounts.

Users and industry analysts say the addition of purchasing and behavioral data to conventional data fusion outmatches rival systems in terms of capabilities—and creepiness. “The cloud never forgets, and imperfect pictures of you composed from your data profile are carefully filled in over time,” says Roger Kay, president of Endpoint Technologies Associates, a consulting firm. “We’re like bugs in amber, completely trapped in the web of our own data.”

When logging in to IDI and similar databases, a PI must select a permissible use for a search under U.S. privacy laws. The Federal Trade Commission oversees the industry, but PI companies are largely expected to police themselves, because a midsize outfit may run thousands of searches a month.

Dubner says most Americans have little to fear. As examples, he cites idiCORE uses such as locating a missing person and nabbing a fraud or terrorism suspect.

IDI, like much of the data-fusion industry, traces its lineage to Hank Asher, a former cocaine smuggler and self-taught programmer who began fusing sets of public data from state and federal governments in the early 1990s. After Sept. 11, law enforcement’s interest in commercial databases grew, and more money and data began raining down, says Julia Angwin, a reporter who wrote about the industry in her 2014 book, Dragnet Nation.

Asher died suddenly in 2013, leaving behind his company, the Last One (TLO), which credit bureau TransUnion bought in bankruptcy for $154 million. Asher’s disciples, including Dubner, left TLO and eventually teamed up with Michael Brauser, a former business partner of Asher’s, and billionaire health-care investor Phillip Frost. In May 2015, after a flurry of purchases and mergers, the group rebranded its database venture as IDI.

Besides pitching its databases to big-name PIs (Kroll, Control Risks), law firms, debt collectors, and government agencies, IDI says it’s also targeting consumer marketers. The 200-employee company had revenue of about $40 million in its most recent quarter and says 2,800 users signed up for idiCORE in the first month after its May release. It declined to provide more recent figures. The company’s data sets are growing, too. In December, Frost helped underwrite IDI’s $100 million acquisition of marketing profiler Fluent, which says it has 120 million profiles of U.S. consumers. In June, IDI bought ad platform Q Interactive for a reported $21 million in stock.

IDI may need Frost’s deep pockets for a while. The PI industry’s three favorite databases are owned by TransUnion and media giants Reed Elsevier and Thomson Reuters. “There’s no shortage,” says Chuck McLaughlin, chairman of the board of the World Association of Detectives, which has about 1,000 members. “The longer you’re in business, the more data you have, the better results.” He uses TLO and Tracers Information Specialists.

Steve Rambam, a PI who hosts Nowhere to Hide on the Investigation Discovery channel, says marketing data remains a niche monitoring tool compared with social media, but its power can be unparalleled. “You may not know what you do on a regular basis, but I know,” Rambam says. “I know it’s Thursday, you haven’t eaten Chinese food in two weeks, and I know you’re due.”

Wait…there is another problem you don’t know about.

Comcast Lobbies To Charge Customers More To Protect Their Online Privacy
Internet providers are still hashing out issues with the FCC. In particular, Comcast is currently defend its “pay-for-privacy” model to the FCC [PDF]. Comcast has even contended that  “the FCC has no authority to prohibit or limit these types of programs.”

So what exactly is the “pay-for-privacy” system? Essentially, companies like Comcast offers discounts to customers in exchange for allowing ISP’s to use their data. Comcast then floods these customers with various behaviorally-targeted ads. Customers who prefer privacy over pricing are charged a premium.

image: http://hothardware.com/ContentImages/NewsItem/38236/content/small_comcast_office.jpg

comcast office

Several weeks ago a number of lawmakers urged the FCC to ban the “pay-for-privacy” system. They argued that this pricing pyramid is particularly harmful to elderly customers who do not necessarily understand how ISP’s work and low-income customers who cannot afford to pay the privacy premium. Members of Congress noted that Comcast’s policies are “counter to our nation’s core principle that all Americans have a fundamental right to privacy.”

Comcast argued that the “pay-for-privacy” model actually benefits elderly and low-income customers. They insisted that its “prohibition would harm consumers by, among other things, depriving them of lower-priced offerings.” They noted that this system is commonly used throughout the United States economy.

image: http://hothardware.com/ContentImages/NewsItem/38236/content/small_fcc.jpg

fcc

Comcast also argued that its ensures “through contractual provisions that vendors who handle customer-related data have strong measures in place to protect that customer-related data, and that the vendors are prohibited from using that data for any purposes other than as directed by Comcast.”

The company concurs that opt-in agreements should be required when dealing with sensitive information. This kind of information would include financial, health, and children’s information, Social Security numbers, and precise geo-location information. All other information, however, would be subject to opt-out or, in most instances, “implied” consent.  The FCC is currently considering privacy rules that would require broadband providers to obtain consumers’ opt-in consent regardless of whether the information was sensitive or not. Hat tip to HotHardware

Edward Snowden has Gone Hollywood

Posted on by

The U.S. v. Edward Snowden criminal complaint is under seal but the cover is here.

New Snowden Movie Depicts Traitor as Hero; Profiting from His Treason May Violate Law

JudicialWatch: The upcoming Hollywood movie about traitor Edward Snowden—criminally charged by the U.S. government under the Espionage Act—portrays the National Security Agency (NSA) subcontractor who leaked top secret information as a courageous patriot. Nothing surprising there considering the film’s Academy award-winning director, Oliver Stone, referred to Snowden as a “hero”back in 2013 when he fled to Moscow to avoid prosecution after betraying his country. Snowden’s illegal disclosures have helped terrorist groups like Al Qaeda and led to the death of innocent people. Last year Snowden began openly engaging with ISIS and Al Qaeda members and supporters via social media.

Image result for edward snowden Buzzfeed

“Snowden has done incalculable damage to the NSA and, in the process, to American national security,” according to University of Virginia Law School Professor Robert F. Turner, who specializes in national security issues and served as Counsel to the President’s Intelligence Oversight Board at the White House. “Officials in position to know said good people have already lost their lives thanks to Snowden. Countless more are likely to lose theirs now that our enemies know our most closely guarded sources and methods of communications intelligence collection.” Turner adds that Snowden is hailed as a hero and “whistleblower” by those who are clueless to the devastation he’s done. “When all of the smoke clears, it may very well be proven that Snowden is the most injurious traitor in American history.”

This would make it illegal to profit from his crimes and the Department of Justice (DOJ) should confiscate all money made by the violators. Snowden is no whistleblower. In fact he violated his secrecy agreement, which means he and his conspirators can’t materially profit from his fugitive status, violation of law, aiding and abetting of a crime and providing material support to terrorism. It’s bad enough that people are profiting from Snowden’s treason, but adding salt to the wound, the Obama administration is doing nothing about it. Judicial Watch has launched an investigation and is using the Freedom of Information Act (FOIA) to obtain records. True whistleblowers and law-abiding intelligence officers such as Lt. Colonel Anthony Shaffer, FBI Special Agent Robert G. Wright and Valerie Plame got release authority in accordance with their secrecy agreement and did not seek money or flee to Russia. A federal appellate court has ruled that government employees, such as Snowden, who signed privacy agreements can’t profit from disclosing information without first obtaining agency approval. The case involved a CIA agent (Frank Snepp) who violated his agreement with the agency by publishing a book. A federal court denied Snepp royalties from his book and an appellate court upheld the ruling, reiterating that the disgraced agent breached the “constructive trust” between him and the government.

Related reading:  Audit of the Federal Bureau of Investigation’s Implementation of Its Next Generation Cyber Initiative

Furthermore, Snowden, Stone and the producers of a 2014 Oscar-winning Snowden film titled “Citizenfour” may be in violation of the Anti-Terrorism Act (ATA), which forbids providing material support or resources for acts of international terrorism. Many deep-pocketed institutions have been sued under the law for providing terrorist organizations or affiliates resources that assisted in the commission of terrorist acts. Just last month the families of victims killed and injured by Hamas filed a $1 billion lawsuit against Facebook under ATA for providing the terrorist group with material support by letting it use its services to help carry out attacks. A number of banks have also been sued under the law for financing terrorist activities, albeit unknowingly.

Both Stone and “Citizenfour” director Laura Poitras had clandestine meetings abroad with Snowden. Stone told a Hollywood trade publication he met Snowden in Russia and that he moved production overseas because filming in the U.S. was too risky. “We didn’t know what the NSA might do, so we ended up in Munich, which was a beautiful experience,” Stone said. Poitras actually collaborated with Snowden’s defection to China then Russia and had email communication with him before he committed his crimes so she had foreknowledge. This is all included in her documentary. On May 20, 2013 Snowden flew to Hong Kong to meet with British journalists and Poitras. He gave them thousands of classified documents and Poitras became known as the woman who helped Snowden spill his secrets, or rather commit treason. When Citizenfour won the 2015 Academy Award, Poitras was joined by Snowden’s girlfriend during her acceptance speech at the Dolby Theater in Hollywood, California. “The disclosures that Edward Snowden revealed don’t only expose a threat to our privacy but to our democracy itself,” Poitras said in her acceptance speech. “Thank you to Edward Snowden for his courage and for the many other whistleblowers.”

Snowden remains a fugitive from U.S. law protected by Russia. On June 14, 2013, federal prosecutors charged him with “theft of government Property,” “unauthorized communication of national defense information” and “willful communication of classified communications intelligence information to an unauthorized person.” Al Qaeda keeps using information leaked by Snowden to help its fighters evade surveillance technology, according to a British newspaper report. “The terrorist group has issued new video guidance based on what they have learnt about Western spying methods from the Snowden disclosures which have been made public on the internet,” the article states. “The move confirms the worst fears of British and American intelligence chiefs who warned that Snowden’s betrayal would play into the hands of the terrorists. The video even uses footage of news reports of the Snowden leak, highlighting how ‘NSA is tracking millions of phones.’”