Category Archives: Whistleblower

What is YOUR Profile? Ask Google and Facebook

Posted on by

You have been profiled, but is it accurate? You have been sold and sold out.

Scary New Ways the Internet Profiles You

Morrison/DailyBeast: Facebook, Google, and the other Internet titans have ever more sophisticated and intrusive methods of mining your data, and that’s just the tip of the iceberg.

The success of the consumer Internet can be attributed to a simple grand bargain. We’ve been encouraged to search the web, share our lives with friends, and take advantage of all sorts of other free services. In exchange, the Internet titans that provide these services, as well as hundreds of other lesser-known firms, have meticulously tracked our every move in order to bombard us with targeted advertising. Now, this grand bargain is being tested by new attitudes and technologies.

Consumers who were not long ago blithely dismissive of privacy issues are increasingly feeling that they’ve lost control over their personal information. Meanwhile, Internet companies, adtech firms, and data brokers continue to roll out new technologies to build ever more granular profiles of hundreds of millions, if not billions, of consumers. And with next generation of artificial intelligence poised to exploit our data in ways we can’t even imagine, the simple terms of the old agreement seem woefully inadequate.

In the early days of the Internet, we were led to believe that all this data would deliver us to a state of information nirvana. We were going to get new tools and better communications, access to all the information we could possibly need, and ads we actually wanted to receive. Who could possibly argue with that?

For a while, the predictions seemed to be coming true. But then privacy goalposts were (repeatedly) moved, companies were caught (accidentally) snooping on us, and hackers showed us just how easy it is to steal our personal information. Advertisers weren’t thrilled either, particularly when we adopted mobile phones and tablets. That’s because the cookies that track us on our computers don’t work very well on mobile devices. And with our online activity split among our various devices, each of us suddenly appeared to be two or three different people.

This wasn’t a bad thing for consumers, because mobile phones emit data that enable companies to learn new things about us, such as where we go, who we meet, places we shop, and other habits that help them recognize and then predict our long-term patterns.

But now, new cross-device technologies are enabling the advertising industry to combine all our information streams into a single comprehensive profile by linking each of us to our desktop, mobile phone, and iPad. Throw in wearable devices like a Fitbit, connected TVs, and the Internet of Things, and the concept of cross-device tracking expands to potentially include anything that gives off a signal.

The ad industry is drooling over this technology because it can follow and target us as we move through our daily routines, whether we are searching on our desktop, surfing on our iPad, or out on the town with our phone in hand.

There are two methods to track people across devices. The more precise technique is deterministic tracking, which links devices to a single user when that person logs into the same site from a desktop computer, phone, and tablet. This is the approach used by Internet giants like Facebook, Twitter, Google, and Apple, all of which have enormous user bases that log into their mobile and desktop properties.

A quick glance at Facebook’s data privacy policy shows it records just about everything we do, including the content we provide, who we communicate with, what we look at on its pages, as well as information about us that our friends provide. Facebook saves payment information, details about the devices we use, location info, and connection details. The social network also knows when we visit third-party sites that use its services (such as the Like button, Facebook Log In, or the company’s measurement and advertising services). It also collects information about us from its partners.

Most of the tech giants have similar policies and they all emphasize that they do not share personally identifiable information with third parties. Facebook, for example, uses our data to deliver ads within its walled garden but says it does not let outsiders export our information. Google says it only shares aggregated sets of anonymized data.

Little-known companies—primarily advertising networks and adtech firms like Tapad and Drawbridge—are also watching us. We will never log into their websites, so they use probabilistic tracking techniques to link us to our devices. They start by embedding digital tags or pixels into the millions of websites we visit so they can identify our devices, monitor our browsing habits, look for time-based patterns, as well as other metrics. By churning massive amounts of this data through statistical models, tracking companies can discern patterns and make predictions about who is using which device. Proponents claim they are accurate more than 90 percent of the time, but none of this is visible to us and is thus very difficult to control.

In recent comments to the Federal Trade Commission, the Center for Democracy and Technology illustrated just how invasive cross-device tracking technology could be. Suppose a user searched for sexually transmitted disease (STD) symptoms on her personal computer, used a phone to look up directions to a Planned Parenthood clinic, visited a pharmacy, and then returned home. With this kind of cross-device tracking, it would be easy to infer that the user was treated for an STD.

That’s creepy enough, but consider this: by using the GPS or WiFi information generated by the patient’s mobile phone, it would not be difficult to discover her address. And by merging her online profile with offline information from a third-party data broker, it would be fairly simple to identify the patient.

So, should we be concerned that companies use cross-device tracking to compile more comprehensive profiles of us? Let us count the reasons:

Your data could be hacked: Privacy Rights Clearinghouse reports that in 2015 alone, hackers gained access to the records of 4.5 million patients at UCLA Health System, 37 million clients of online cheating website Ashley Madison, 15 million Experian accounts, 80 million Anthem customers, as well as more than 21 million individuals in the federal Office of Personnel Management’s security clearance database. And these were just the headliners that garnered media attention. No site or network is entirely safe and numerous researchers have already demonstrated how incredibly easy it is to “reidentify” or “deanonymize” individuals hidden in anonymized data.

Your profile could be sold: In fact, it typically is, in anonymized fashion. That’s the whole point. But in many cases, Internet companies’ privacy policies also make it clear our profiles are assets to be bought and sold should the company change ownership. This was the case when Verizon bought AOL and merged their advertising efforts, creating much more detailed profiles of their combined user base. Yahoo might be next should it decide to spin off its Internet properties.

Your data could be used in ways you did not anticipate: Google, Facebook, and other companies create customized web experiences based on our interests, behavior, and even our social circles. On one level, this makes perfect sense because none of us want to scroll through reams of irrelevant search results, news stories, or social media updates. But researchers have demonstrated that our online profiles also have real world consequences, including the prices we pay for products, the amount of credit extended to us, and even the job offers we may receive.

Our data is already used to build and test advanced analytics models for new services and features. There is much more to come. The Googles and the Facebooks of the Internet boast that newly emerging artificial intelligence will enable them to analyze greater amounts of our data to discern new behavioral patterns and to predict what we will think and want before we actually think and want it. These companies have only begun to scratch the surface of what is possible with our data.

We are being profiled in incredible and increasingly detailed ways, and our data may be exploited for purposes we cannot yet possibly understand. The old bargain—free Internet services in exchange for targeted advertising—is rapidly become a quaint relic of the past. And with no sense of how, when, or why our data might be used in the future, it is not clear what might take its place.

UN Report: Extermination Camps, Syria

Posted on by

Syrian victim of torture

UN panel documents ‘extermination’ of detainees in Syria

GENEVA —International investigators say several thousands of detainees have been executed, beaten to death or otherwise left to die during Syria’s civil war, in policies that appear to amount to extermination under international law.

The U.N.-backed Commission of Inquiry on Syria presented a 25-page report Monday on killings of detainees by President Bashar Assad’s government. It also cites execution policies by radical groups like the Islamic State and al-Qaida-affiliated Nusra Front.

The report is drawn from 621 interviews conducted between March 2011 and November 2015. Investigators say they are short of enough evidence to provide more specific estimates of killings of those detained.

The report seeks “targeted sanctions” against unspecified individuals or groups responsible for such crimes. The investigators lamented inaction by the U.N. Security Council about possibly launching criminal probes.

***

VoA: The U.N. report accused Damascus of starving the detainees or leaving them to die with untreated wounds and disease. It said Assad’s government has “engaged in the multiple commissions of crimes, amounting to a systematic and widespread attack against a civilian population.”

The report covered the period from March 2011 to November 2015 — the first 4½ years of the ongoing Syrian civil war.

Investigators

The U.N. investigators said they believed that “high-ranking officers” and other government officials knew of the deaths and of bodies being buried in mass graves.

The special inquiry into the Syrian treatment of its civilian population called for the U.N. Security Council to impose “targeted sanctions” against Syrian civilian and military officials complicit in the deaths and torture, but did not name them.

The investigators called for referral of the cases against the suspected war criminals to prosecutors at the International Criminal Court at The Hague in the Netherlands. Their names are being kept in a U.N. safe in Geneva.

***

BBC: Their report describes the situation of detainees as an “urgent and large-scale crisis of human rights protection”.

Survivors’ accounts “paint a terrifying picture of the magnitude of the violations taking place,” it said.

The civil war in Syria has claimed an estimated 250,000 lives so far.

About 4.6 million people have fled Syria, while another 13.5 million are said to be in need of humanitarian assistance inside the country.

Extract from February 2016 report for UN Human Rights Council

Main detention facilities controlled by the General Intelligence Directorate include Interior Security branch 251 and Investigations branch 285 located in Kafr Soussa, west of central Damascus.

Former detainees described inhuman conditions of detention resulting in frequent custodial deaths.

Officers were observed giving orders to subordinates on methods of torture to be used on detainees.

Corpses were transported by other prisoners through the corridors, sometimes to be kept in the toilets, before being removed from the branch.

Evidence obtained indicates that the superiors of the facilities were regularly informed of the deaths of detainees under their control. Prisoners were transferred to military hospitals before they were buried in mass graves.

Both government and rebel sides are accused of violence against people they detain, the investigators say, but the vast majority are being held by government agencies.

A pattern of arrests since March 2011 targeted Syrian civilians thought to be loyal to the opposition, or simply insufficiently loyal to the government.

Senior government figures clearly knew about and approved of the abuse, says the report entitled Out of Sight: Out of Mind: Deaths in Detention in the Syrian Arab Republic.

Most deaths in detention were documented as occurring in locations controlled by the Syrian intelligence services.

“Government officials intentionally maintained such poor conditions of detention for prisoners as to have been life-threatening, and were aware that mass deaths of detainees would result,” UN human rights investigator Sergio Pinheiro said in a statement.

“These actions, in pursuance of a state policy, amount to extermination as a crime against humanity.”

Torture ‘routine’

The report also accused opposition forces of killing captured Syrian soldiers.

Both so-called Islamic State militants and another group, al-Nusra Front, had committed crimes against humanity and war crimes.

IS, the report said, was known to illegally hold a large, unknown number of detainees for extended periods in multiple locations.

It had set up detention centres in which torture and execution are “routine”.

Detainees were frequently executed after unauthorised courts issued a death sentence.

Extract from February 2016 report for UN Human Rights Council

In 2014 Syrian authorities informed a woman from Rif Damascus that her husband and two of her sons were dead, all known to have been held in a detention facility controlled by the Military Security.

The family obtained death certificates from Tishreen military hospital, stating that the cause of death of all the three victims was heart attack.

A third son remains unaccounted for.

Will Kerry Give Mahmoud Abbas a P5+1 Deal?

Posted on by

ToI: Former Palestinian peace negotiator Nabil Shaath said in an interview earlier this month that he often asks Westerners whether Arabs have to “hijack your planes and destroy your airports again” to make the world take notice of the Palestinian cause

In a February 1 interview with the Palestinian Authority’s Awdha TV, translated by MEMRI, Shaath slammed American efforts at Israeli-Palestinian peacemaking.

Asked about a French proposal for an international peace conference, Shaath replied, “Well, anything is better than American control of the negotiations. Anything. The US has never been a reliable honest broker. Never. It is the strategic ally of Israel. Period. Therefore any discussion of a different formula is a positive thing.”

But, he added, “an international conference is not what is needed. What is needed is a smaller framework. Today, at the African Union summit, President [Mahmoud] Abbas reiterated that we want something similar to the 5+1 framework” of six world powers who negotiated the nuclear deal with Iran.

“Like it or not, the US will be part of it. But we want France, Germany, Britain, the EU, Russia, China, Brazil, India. From the Arab countries we want Egypt at least. We want a small international framework.”

***

Shaath then turned to what he described as Western apathy toward suffering in the Middle East.

“If the Syrian problem had not been exported to Europe through the refugees on the one hand and terrorism on the other, the Europeans would not have cared even if the entire Syrian people had died,” he charged.

“But when all of a sudden there were four million Syrian refugees in Europe, 1.2 million of them in Germany alone, and when this was accompanied by Islamic State operations in France and elsewhere, all these countries began to fear that IS might have infiltrated through the refugees. And this started a debate about racial transformation in Europe with the entrance of non-white, non-European, non-Anglo-Saxon races, like the Syrian refugees, the Africans and others. This is what made the Syrian problem the most pressing from their perspective.”

He added: “I always say to these people, after I tell them about Syria and IS: ‘Do we have to hijack your planes and destroy your airports again to make you care about our cause? Are you waiting for us to cut off your oil supply? You always wait for things to reach boiling point and explode, causing you harm, before you intervene to end the crimes and violations.’”  

Shaath served as the PA’s first foreign minister, and has served as a top peace negotiator and

The Kremlin’s War Propaganda

Posted on by

Many in the West, from leaders to citizens are often freaked out at what is published on tens of thousands of websites including media sites. One can never know the extent of propaganda much less which are the nuggets of truth. When it comes to Russia, they are professional trollers, ambassadors of information warfare. Verification of information, checks on people, dates and locations are required. Admittedly, this is almost impossible due to a aggressive news cycle that never ends, events occur too fast. Yet, advancing propaganda is done at a peril to false information. Below will describe this dynamic.

Another reference to an article is also posted below that does explain Ukraine and Crimea demonstrating the depths of concocted and false information.

MoscowTimes: Several years ago, I traveled to the taiga in the republic of Altai with a former KGB officer who had worked in military propaganda during the war in Afghanistan. While we drank tea beside the campfire one night, he described in detail the principles of military propaganda. Today, I see that the Kremlin is implementing all of those principles in its information campaign surrounding the Ukrainian crisis.

In authoritarian countries like Russia, independent information is losing out to mass propaganda, and whole populations have become victims of brainwashing.

The main objective of war propaganda is to mobilize the support of the population — or in the case of Ukraine, an expansionist campaign. It should also demoralize the enemy and attract the sympathy and support of third countries. Widespread support among Russians for the military operations in Crimea and its ultimate annexation indicate that the Kremlin has succeeded in its first two objectives but has gained little ground on the third.

Moscow accomplished this by using seven basic methods:

First, it is necessary to convince the general population that the government is acting correctly and that the enemy is guilty of fomenting the crisis. That is why the Kremlin places the full blame for the entire Ukrainian crisis on the Maidan protesters and what it calls the Western-backed Ukrainian opposition. Moscow conspicuously leaves out the fact that former Ukrainian President Viktor Yanukovych himself provoked the crisis by ruining the country’s economy, double-dealing with the European Union and engaging in corrupt deals while also permitting extreme corruption among members of his family and inner circle.

To incite hatred for the enemy and deflect attention away from Yanukovych’s flaws, the Kremlin says the new government in Kiev, dominated by the main opposition groups, is linked to everything that is despised and vilified in Russia: fascists, extremists, the U.S. and the West in general. It is necessary to paint the Western enemy as the aggressor.

Second, the Kremlin created myths about the terrible persecutions of the Russian-speaking population in Ukraine, particularly in Crimea. Federation Council speaker Valentina Matviyenko even came up with a story about victims of such aggression that nobody has been able to corroborate, saying there were casualties among locals in Simferopol from a Kiev-backed attempt to take over a police building. The claim was never verified.

The main idea behind such claims is to find just the right balance between truth and fiction. Nazi Propaganda Minister Joseph Goebbels once said that if you add one-fourth of the truth to three-fourths of a lie, the people will believe you. Hitler and Stalin applied the principles and techniques of war propaganda on a national scale.

Third, the enemy must be demonized. Just about anything will work, from alleging that one of the leaders of the opposition, acting Prime Minister Arseniy Yatsenyuk, is a Scientologist, or showing medical records that another leader was treated for a psychological disorder. NTV and other state-controlled television stations have been at the forefront in spreading these smear campaigns.

If an actual radical or nationalist can be found among the enemy’s ranks, such as Right Sector leader Dmitry Yarosh, this is like manna from heaven for propagandists. Although they represent fringe factions, they are turned into the face of the enemy. The entire opposition, which in reality includes a wide range of moderate forces,  is presented as “fascist” and “neo-Nazi.”

Fourth, the authorities always disguise their aggressive actions as a humanitarian mission. “We have to protect defenseless Russians at the hands of fascists. They are in danger of being beaten and killed,” propagandists say.

Fifth, the Kremlin has attributed its own cynical methods to the enemy. For example, if Moscow intends to annex part of a brotherly, neighboring country, it must first accuse the U.S. and the authorities in Kiev of striving for world domination and hegemony, while depriving Russia of its ancestral territories and its righftful sphere of influence in its own backyard.

Sixth, the authorities must present all of their actions as purely legal and legitimate, and the actions of the enemy as gross violations of international law. That is why President Vladimir Putin refers to the “legitimate and inherent right of Crimeans to self-determination” — the same right he strongly denied to the people of Chechnya and Kosovo.

According to this logic, the parliament’s unanimous vote to strip Yanukovych of his authority on Feb. 22 was illegal, while the referendum for secession in Crimea — which violated the Ukrainian Constitution — is completely legal and legitimate.

Seventh, the success of war propaganda depends entirely on its totalitarian approach. The authorities must shut down every independent media outlet capable of identifying and exposing the propagandists’ lies. That is why Ukraine blocked Russian television. It also explains why Moscow is cracking down on Dozhd television and why it recently replaced the head of Lenta.ru with a ­Kremlin-friendly editor-in-chief.

Information warfare is well known throughout the world and is used by all leading countries. The U.S. government successfully used the same principles when it bombed Yugoslavia and invaded Grenada, Panama and Iraq. The difference, of course, is that the U.S. government does not own mainstream media outlets, so their ability to manipulate the truth is less effective.

Take, for example, the Iraqi invasion in 2003. Within a relatively short time period after the invasion was initiated, leading Western media went the complete other direction by criticizing the U.S. government for misleading the public on the Iraqi weapons of mass destruction that were never found. This self-correction process does not occur in Russia, where the main media outlets are state-controlled.

In authoritarian countries like Russia, independent information is losing out to mass propaganda, and whole populations have become victims of brainwashing. Politicians speak about the need for peace even while stirring up war hysteria. And that means the likelihood of war is far closer and more real than many might imagine.

Vladimir Ryzhkov, a State Duma deputy from 1993 to 2007, is a political analyst.

*** Ukraine war points all the way to Putin, even while he played a role of a victim.

dve-bs

In February 2015, pro-Russian separatists aided by Russian troops took the strategic railway hub of Debaltseve in Eastern Ukraine, forcing Ukrainian forces to withdraw.

This investigation intends to prove the decision to take Debaltseve and close the “Debaltseve pocket” was taken at the highest level of the Russian state. Explaining Russian leadership’s actions requires a look back to the international situation in late 2014 — early 2015

(full summary with proof and photos)

After Angela Merkel canceled the Normandy format meeting in Astana and Vladimir Putin wasn’t invited to the 70th anniversary of Auschwitz liberation, a major escalation started in Donbass (mid-January 2015). The main fighting took place around Debaltseve, which is a major transportation hub, giving Donetsk a railway link with Luhansk and Russia. Russia’s 5th and 6th Separate Tank Brigades were proven to have taken part in the battle. During the battle, a serviceman of the 6th brigade Evgeniy Usov got a shrapnel wound and arrived to Moscow’s military hospital named after Burdenko no later than February 14, 2015. No later than February 21, 2015, he was visited by Russia’s Defense Minister Sergey Shoigu, who awarded Usov with a watch bearing a Russia’s Ministry of Defense logo.

We believe the facts mentioned above prove that the decision to escalate the conflict in Ukraine and attack Debaltseve was taken in the highest ranks of the Russian authorities. Given that the Debaltseve offensive started while Russia’s and Ukraine’s presidents were conducting negotiations, it is hard to believe this decision could have been taken by anyone than Russia’s president Vladimir Putin. Such an initiative from Russia’s Minister of Defense could have severely hampered Putin’s negotiation efforts, which is why we believe that the decision to attack Debaltseve and close a pocket around Ukrainian forces was personally taken by Russia’s President Vladimir Putin. This decision was a reaction to the actions of the Normandy Four and was used as leverage against Ukraine’s President Petro Poroshenko and leaders of the West. Full article here.

The DoJ Hacked, DHS Files Compromised

Posted on by

Hackers leaked DHS staff records, 200GB of files are in their hands

A hacker accessed an employee’s email account at the Department of Justice and stole 200GB of files including records of 9,000 DHS staffers and 20,000 FBI employees.

SecurityAffairs: Yesterday, the data related a Department of Homeland Security (DHS) staff directory were leaked online, a Twitter account shared the link to an archive containing 9,355 names.

The responsible for the data leakage first contacted Motherboard to share the precious archive.

Each record of the DHS Staff Directory includes name, title, email address, and phone number.

Going deep in the archive it is possible to note that it includes information of DHS security specialists, program analysts, InfoSec and IT and also 100 employees with a title “Intelligence”.

The same Twitter account has announced later the imminent release of an additional data dump containing 20,000 FBI employees.

DHS firewall

Are the records authentic?

Motherboard that obtained the archive reached the operations center of the FBI, and in one case the individual who pick up the phone presented himself with the same name associated with that number in the archive. A similar circumstance occurred with a DHS employee, Motherboard so confirmed that the information is legit.

Which is the source of data?

According to Motherboard, a hacker accessed an employee’s email account at the Department of Justice. As proof, the hacker sent the email message to Motherboard’s contributor Joseph Cox directly from the compromised account.

“A hacker, who wishes to remain anonymous, plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 supposed Federal Bureau of Investigation (FBI) employees, as well as over 9,000 alleged Department of Homeland Security (DHS) employees, Motherboard has learned.” wrote Cox in a blog post.

“The hacker also claims to have downloaded hundreds of gigabytes of data from a Department of Justice (DOJ) computer, although that data has not been published.”

The hacker first tried to use the compromised credentials to access a DOJ staff portal, but without success, then he called the department directly and obtained the access through social engineering techniques.

The hacker accessed the DoJ intranet where the database is hosted, then he downloaded around the, out of 1TB that he had access to.

“I HAD access to it, I couldn’t take all of the 1TB,” the hacker told to MotherBoard.

The hackers confirmed his intention to release the rest of the data in the near future.Which is the motivation behind the attack?

It is not clear at the moment why the hacker released the archive, surely it’s not financially motivated. The hacker only left the following message when has leaked the data-

“This is for Palestine, Ramallah, West Bank, Gaza, This is for the child that is searching for an answer…” which are the verses of “Long Live Palestine”

The only certainty right now is that similar incidents are becoming too frequent, apparently the government staff is not properly trained on the main cyber threats or the hacking technique. Similar incidents show the lack of knowledge on the most basic security measures.
Whenever a hacker leaks so sensitive data, I think the number of his peers who had access to the same information with the intent to use them in other attacks or resell them, perhaps to a foreign government.

Pierluigi Paganini

*** As a reminder, in 2014 a much more dangerous hack intrusion happened at the DHS:

The Department of Homeland Security (DHS) alerted critical infrastructure operators to recent breaches within the sector – including the hack of a U.S. public utility that was vulnerable to brute-force attacks.

This week, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a subgroup of DHS, revealed information about the incidents in a newsletter (PDF).

According to ICS-CERT, industrial control systems were compromised in two, new incidents: one, involving the hack of an unnamed public utility, and another scenario where a control system server was remotely accessed by a “sophisticated threat actor.”

After investigating the public utility hack, ICS-CERT found that the system’s authentication mechanism was susceptible to brute-force attacks – where saboteurs routinely run through a list of passwords or characters to gain access to targeted systems. The control system used a simple password mechanism, the newsletter revealed.

In