From rforno at infowarrior.org Tue Mar 28 13:16:41 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Mar 2017 18:16:41 -0000 Subject: [Infowarrior] - =?utf-8?q?Five_Creepy_Things_Your_ISP_Could_Do_if?= =?utf-8?q?_Congress_Repeals_the_FCC=E2=80=99s_Privacy_Protections?= Message-ID: <1A2F513B-3A5F-4C58-A313-8F4126C6CC39@infowarrior.org> Five Creepy Things Your ISP Could Do if Congress Repeals the FCC?s Privacy Protections https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections From rforno at infowarrior.org Tue Mar 28 16:46:38 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Mar 2017 21:46:38 -0000 Subject: [Infowarrior] - House votes 231-189 do away with Broadband Privacy Message-ID: House of Representatives votes 231-189 do away with Broadband Privacy, allow ISPs to sell your private internet history https://www.privateinternetaccess.com/blog/2017/03/house-representatives-votes-231-189-away-broadband-privacy-allow-isps-sell-private-internet-history/ ?The ayes have it.? Broadband Privacy has been dealt a blow in Congress with the recent repeal of online privacy protections by the FCC. Since the online privacy protections were voted in by the FCC in 2016, ISPs and their lobbying organizations have been donating and posturing hard to dismantle Internet privacy and bring us to this vote. The CTIA, a telecom lobbying organization, even went so far as to submit a filing claiming that web browsing history and app data usage shouldn?t be considered as ?sensitive information.? This appears to be the true sentiment about your online privacy ? that it isn?t private and isn?t sensitive and therefore deserves no protections. According to GovTrack, after only one hour of debate and no allowance for amendments, S.J. Res 34 passed through the House of Representatives with a majority vote (231-189) along party lines. President Trump has signaled that he supports S.J.Res 34. Opposition to the vote has been fierce. Representative Mike Pocan, vice chair of the Congressional Progressive Caucus, said: ?Considering how much access providers already have to highly sensitive data, it is absolutely unacceptable for them to monetize personal information.? Now, Americans will have no online privacy from their ISPs unless they take matters into their own hand. Rick Falkvinge, Head of Privacy at Private Internet Access, commented: ?Privacy isn?t a luxury privilege. It?s not even primarily an individual right. It?s first and foremost a collective necessity, for without it, we punish the freethinkers, the divergents, and the breakers of consensus: those we call entrepreneurs and trailblazers. Without it, our society stops dead, gray, and dull.? From rforno at infowarrior.org Tue Mar 28 16:46:39 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Mar 2017 21:46:39 -0000 Subject: [Infowarrior] - Nunes won't reveal sources to Intel Committee members Message-ID: Nunes won't reveal sources to Intel Committee members Max Greenwood http://thehill.com/policy/national-security/326193-nunes-wont-reveal-sources-to-intel-committee-members-report House Intelligence Committee Chairman Devin Nunes (R-Calif.) says he won't reveal his intelligence sources to members of his own panel. Asked whether he'd tell committee members who gave him intelligence reports indicating President Trump's team was incidentally surveilled, Nunes replied, "We will never reveal those sources and methods," according to Reuters. Nunes stirred controversy last week when he revealed that he had seen evidence that the U.S. intelligence community had incidentally collected information on members of Trump's transition team in the months before he took office. Nunes met with an unidentified source on the White House grounds the night before he made his announcement to view evidence of the surveillance. Democrats have since been furious with Nunes for not discussing the matter with the committee before briefing Trump on the information. Several lawmakers, including House Minority Leader Nancy Pelosi (D-Calif.) and Intelligence Committee Ranking Member Adam SchiffAdam SchiffNunes won't reveal sources to Intel Committee members First GOP lawmaker calls for Nunes to recuse himself Spicer: If Trump uses Russian salad dressing 'somehow that?s a Russian connection' MORE (D-Calif.) have called on Nunes to recuse himself from the panel's investigation into Russian election meddling. Rep. Walter Jones (R-N.C.) on Tuesday told The Hill that Nunes should ?absolutely? recuse himself, becoming the first Republican in Congress to do so. From rforno at infowarrior.org Thu Mar 30 10:00:35 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Mar 2017 15:00:35 -0000 Subject: [Infowarrior] - Examining the Alternative Media Ecosystem through the Production of Alternative Narratives of Mass Shooting Events on Twitter Message-ID: <7E91D373-AF09-4C4B-8E65-BA96884AADB4@infowarrior.org> Examining the Alternative Media Ecosystem through the Production of Alternative Narratives of Mass Shooting Events on Twitter Kate Starbird University of Washington, HCDE kstarbi at uw.edu This research explores the alternative media ecosystem through a Twitter lens. Over a ten-month period, we col- lected tweets related to alternative narratives?e.g. conspir- acy theories?of mass shooting events. We utilized tweeted URLs to generate a domain network, connecting domains shared by the same user, then conducted qualitative analysis to understand the nature of different domains and how they connect to each other. Our findings demonstrate how alternative news sites propagate and shape alternative narratives, while mainstream media deny them. We explain how political leanings of alternative news sites do not align well with a U.S. left-right spectrum, but instead feature an anti- globalist (vs. globalist) orientation where U.S. Alt-Right sites look similar to U.S. Alt-Left sites. Our findings describe a subsection of the emerging alternative media ecosystem and provide insight in how websites that promote conspiracy theories and pseudo-science may function to conduct underlying political agendas. < - > https://faculty.washington.edu/kstarbi/Alt_Narratives_ICWSM17-CameraReady.pdf From rforno at infowarrior.org Thu Mar 30 13:32:15 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Mar 2017 18:32:15 -0000 Subject: [Infowarrior] - POTUS to sign broadband privacy repeal Message-ID: Trump to sign broadband privacy repeal By Ali Breland - 03/30/17 01:50 PM EDT 25 http://thehill.com/policy/technology/326554-trump-to-sign-resolution-nixing-broadband-privacy-rules President Trump will sign a bill repealing the Federal Communications Commission's (FCC) broadband privacy rules, the White House said Thursday. The White House had previously issued its support for the bill, noting that "if S.J.Res. 34 were presented to the President, his advisors would recommend that he sign the bill into law." A White House official confirmed to The Hill that Trump planned to sign the bill. It was first reported by Reuters. White House press secretary Sean Spicer during Wednesday's briefing did not say whether Trump would sign the bill. The House on Tuesday passed the legislation, which would get rid of the consumer data protections approved by the FCC under Obama. The Senate passed the resolution last week, largely along party lines. No Democrats voted in favor of the bill in either chamber. The FCC rules would have prevented internet service providers from selling their subscribers' "sensitive" information like app usage data and web browsing history to third parties. The repeal is seen as a win for telecommunications companies, who argued that the regulations were onerous, especially in light of the fact that internet companies like Google, Twitter and others have free rein to collect similar types of data. Supporters of the rules like Sen. Edward Markey (D-Mass.) and advocacy groups like the ACLU and FreePress have contended that the comparison isn't accurate. They argue that consumers have more choices in what internet applications they use compared to the limited amount of broadband providers they can choose service from. From rforno at infowarrior.org Thu Mar 30 14:02:52 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Mar 2017 19:02:52 -0000 Subject: [Infowarrior] - James Comey's New Idea: An International Encryption Backdoor Partnership Message-ID: <6A9FC9FB-3575-4C68-9C2A-A995D5AD8303@infowarrior.org> James Comey's New Idea: An International Encryption Backdoor Partnership https://www.techdirt.com/articles/20170327/10121437009/james-comeys-new-idea-international-encryption-backdoor-partnership.shtml From rforno at infowarrior.org Thu Mar 30 18:04:05 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Mar 2017 23:04:05 -0000 Subject: [Infowarrior] - nice idea: Internet Noise Message-ID: Not sure how effective it would be in the end, but I like the thinking behind it. -- rick Internet Noise On March 29th congress passed a law that makes it legal for your Internet Service Providers (ISP) to track and sell your personal activity online. This means that things you search for, buy, read, and say can be collected by corporations and used against you. Click this button, and your browser will start passively loading random sites in browser tabs. Leave it running to fill their databases with noise. Just quit your browser when you're done. https://slifty.github.io/internet_noise/index.html From rforno at infowarrior.org Fri Mar 31 08:30:03 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Mar 2017 13:30:03 -0000 Subject: [Infowarrior] - Verizon soon to preinstall Android spyware Message-ID: <34D6B049-CBA1-4B81-8CB9-BF3C20509A48@infowarrior.org> Posted on Mar 31, 2017 by Caleb Chen Thanks to repeal of FCC online privacy rules, Android phones on Verizon will soon come with pre-installed spyware called Appflash https://www.privateinternetaccess.com/blog/2017/03/thanks-repeal-fcc-online-privacy-rules-android-phones-verizon-will-soon-come-pre-installed-spyware-called-appflash/ Soon, every Verizon user on Android will have a new online privacy concern that they need to be aware of ? pre-installed spyware called Appflash. This week, Verizon announced their intentions to release a default, pre-installed new search experience for their Android users. In the next few weeks, the telecom will roll out a Google search bar replacement that sends information on your searches and app usage to Verizon instead of Google. The Verizon-supported CTIA lobbied the FCC and has previously claimed that web browsing history and mobile app usage information are not considered sensitive information. The speed with which telecoms have pounced on the lack of FCC online privacy regulations after this week?s 215-205 vote is shocking. Verizon?s new Appflash is pre-installed spyware Verizon is working with the creators of app launcher Evie Launcher, Evie, to create Appflash. The Electronic Frontier Foundation (EFF) had stark words for Verizon, calling their move the First Horseman of the Privacy Apocalypse: ?Verizon should immediately abandon its plans to monitor its customers? behaviors, and do what it?s paid to do: deliver quality Internet service without spying on users.? In America, it seems that the Privacy Apocalypse is upon us. Unfortunately, that isn?t the only terror that Verizon is potentially unleashing on its customers by forcing this app down their throats. Security is a risk as well because of the vast reach of the app in terms of installs and access. Cory Doctorow at BoingBoing pointed out: Appflash?s privacy policy confirms that the app collects ?your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them?[and] information about the list of apps you have on your device? ? and that data is used by ?non-Verizon sites, services and devices.? The policy goes on to describe Appflash?s intentions to also track your location and contact information. Just as predicted, the telecoms have started to drag us down the slippery slope of online privacy degradation. President Trump still hasn?t signed S.J.Res. 34, Private Internet Access asks that he must veto S.J.Res. 34. Such a strong move would stop anti-privacy and profit-grabbing actions from telecoms and inevitably ISPs as well. This is a Privacy Apocalypse ? and it?s time to adapt. If the government won?t protect your online privacy, you?ll just have to do so yourself. All is not lost though, some state governments, like Minnesota, have taken moves to enact their own online privacy rules. From rforno at infowarrior.org Fri Mar 31 14:59:26 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Mar 2017 19:59:26 -0000 Subject: [Infowarrior] - Major internet providers say will not sell customer browsing histories Message-ID: <0B4A2F01-4511-45E1-BE6D-89268CB752F0@infowarrior.org> Major internet providers say will not sell customer browsing histories http://www.reuters.com/article/us-usa-fcc-data-idUSKBN1722D6?il=0 Comcast Corp, Verizon Communications Inc and AT&T Inc said Friday they would not sell customers? individual internet browsing information, days after the U.S. Congress approved legislation reversing Obama administration era internet privacy rules. The bill would repeal regulations adopted in October by the Federal Communications Commission under former President Barack Obama requiring internet service providers to do more to protect customers' privacy than websites like Alphabet Inc's Google or Facebook Inc. The easing of restrictions has sparked growing anger on social media sites. "We do not sell our broadband customers? individual web browsing history. We did not do it before the FCC?s rules were adopted, and we have no plans to do so," said Gerard Lewis, Comcast's chief privacy officer. He added Comcast is revising its privacy policy to make more clear that "we do not sell our customers? individual web browsing information to third parties." Verizon does not sell personal web browsing histories and has no plans to do so in the future, said spokesman Richard Young. Verizon privacy officer Karen Zacharia said in a blog post Friday the company has two programs that use customer browsing data. One allows marketers to access "de-identified information to determine which customers fit into groups that advertisers are trying to reach" while the other "provides aggregate insights that might be useful for advertisers and other businesses." Republicans in Congress Tuesday narrowly passed the repeal of the rules with no Democratic support and over the objections of privacy advocates. The vote was a win for internet providers such as AT&T Inc, Comcast and Verizon. Websites are governed by a less restrictive set of privacy rules. The White House said Wednesday that President Donald Trump plans to sign the repeal of the rules, which had not taken effect. Under the rules, internet providers would have needed to obtain consumer consent before using precise geolocation, financial information, health information, children's information and web browsing history for advertising and marketing. Websites do not need the same affirmative consent. Some in Congress suggested providers would begin selling personal data to the highest bidder, while others vowed to raise money to buy browsing histories of Republicans. AT&T says in its privacy statement it "will not sell your personal information to anyone, for any purpose. Period." In a blog post Friday, AT&T said it would not change those policies after Trump signs the repeal. Websites and internet service providers do use and sell aggregated customer data to advertisers. Republicans say the rules unfairly would give websites the ability to harvest more data than internet providers. Trade group USTelecom CEO Jonathan Spalter said in an op-ed Friday for website Axios that individual "browser history is already being aggregated and sold to advertising networks - by virtually every site you visit on the internet." This week, 46 Senate Democrats urged Trump not to sign the bill, arguing most Americans "believe that their private information should be just that." (Reporting by David Shepardson; Editing by Cynthia Osterman and Lisa Shumaker) From rforno at infowarrior.org Fri Mar 31 17:03:48 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Mar 2017 22:03:48 -0000 Subject: [Infowarrior] - Prenda... The gift that keeps on giving Message-ID: <5E794E6D-DC4E-4023-9435-F0F5E9794065@infowarrior.org> If You're Going To Forge A Fake Court Order To Delete Search Results, Maybe Don't Choose A Prenda Case https://www.techdirt.com/articles/20170330/18122637046/if-youre-going-to-forge-fake-court-order-to-delete-search-results-maybe-dont-choose-prenda-case.shtml From rforno at infowarrior.org Mon Mar 13 08:59:04 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Mar 2017 13:59:04 -0000 Subject: [Infowarrior] - Windows 10 isn't an operating system, it's an advertising platform Message-ID: Microsoft is disgustingly sneaky: Windows 10 isn't an operating system, it's an advertising platform ? By Mark Wilson ? Published 19 hours ago https://betanews.com/2017/03/12/disgustingly-sneaky-windows-10-ads/#comments Don't believe what Microsoft tells you -- Windows 10 is not an operating system. Oh, sure, it has many features that make it look like an operating system, but in reality it is nothing more than a vehicle for advertisements. Since the launch of Windows 10, there have been numerous complaints about ads in various forms. They appear in the Start menu, in the taskbar, in the Action Center, in Explorer, in the Ink Workspace, on the Lock Screen, in the Share tool, in the Windows Store and even in File Explorer. Microsoft has lost its grip on what is acceptable, and even goes as far as pretending that these ads serve users more than the company -- "these are suggestions", "this is a promoted app", "we thought you'd like to know that Edge uses less battery than Chrome", "playable ads let you try out apps without installing". But if we're honest, the company is doing nothing more than abusing its position, using Windows 10 to promote its own tools and services, or those with which it has marketing arrangements. Does Microsoft think we're stupid? When Windows 10 first hit computers without a price tag, questions were asked about what the hidden cost might be. We've talked about the various telemetry, privacy-invading and tracking features that are to be found, and this is certainly part of the price one pays for a free operating system ... sorry, ad platform. But as more and more ads have gradually crept into Windows 10, the implications of using Windows 10 become ever clearer. Microsoft has boasted about the millions and millions of computers that now have Windows 10 installed. These are not just additions to the user-base, they are consumers ready to be advertised at. It is a captive audience staring at screens all around the world -- perfect for pummelling with ads as there's nowhere to hide! Microsoft is not only incredibly aggressive with its advertising, it is also disgustingly sneaky. Many of the various forms of advertising that can be found in Windows 10 can be disabled, but don't expect this to be easy, particularly if you're not completely au fait with the world of technology. The settings and toggles that need to be changed are far from obviously placed, and the misleading wording used (yes, we're looking at you OneDrive ads in File Explorer...) means many people would simply have no idea what the settings refer to even if they stumbled across them by accident. Seriously... who would think that in order to hide the OneDrive ads, you'd need to flick a toggle labeled Show sync provider notifications? Over the months since the Windows 10's launch, poor users have been gradually pushed harder and harder. It's as though Microsoft is trying to see just how much it can get away with before people reach breaking point. The company is utterly shameless, and it's high time more people spoke out about it. Microsoft has found itself in court on more than one occasion for anticompetitive behavior with Internet Explorer, and if its actions with ads are anything to go by it would appear that the company has learned nothing about stopping abusing its position. As each new layer of advertising has been revealed in Windows 10, Microsoft has managed to annoy and alienate more users. Each time there have been plenty of people to jump to the company's defense and stick up for what it is doing. But the sheer prevalence of ads in myriad forms is making Microsoft's actions indefensible. It might feel as though we're going over old ground here, and we are. Microsoft just keeps letting us (and you) down, time and time and time again. It's time for things to change, but will Microsoft listen? From rforno at infowarrior.org Mon Mar 13 15:05:51 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Mar 2017 20:05:51 -0000 Subject: [Infowarrior] - These 24 Senators want to let your internet history be sold Message-ID: <6A15D37B-D3FE-4B16-8B1B-B22B0304467D@infowarrior.org> https://www.privateinternetaccess.com/blog/2017/03/24-senators-introduced-bill-let-telecoms-sell-private-internet-history/ Posted on Mar 8, 2017 by Caleb Chen < - > These 24 Senators want to let your internet history be sold Protection of your Internet history is up in the air thanks to new, pending legislation. A new bill coming before Senate aims to completely dismantle the FCC?s ability to enact data security or online privacy protections for consumers under the powers of the Congressional Review Act. Senate Joint Resolution (S.J.Res 34) was introduced by Arizona Senator Jeff Flake and cosponsored by 23 other Senators. Its goal is to remove all the hard-earned net neutrality regulations gained to protect your internet history from advertisers and and worse. Specifically, the FCC had been able to prevent internet service providers (ISPs) from spying on your internet history, and selling what they gathered, without express permission. This legal protection on your internet history is currently under attack thanks to these 24 Senators and lots of ISP lobbying spend. While S.J.Res 34 has support from two dozen Republican Senators, Senators willing to champion the privacy of Americans? internet history have also come out of the woodwork. The list of 24 Senators cosponsoring this bill, including Senator Jeff Flake, is: ? John Barrasso (R-Wyo.) ? Jeff Flake (R-Ariz.) ? Roy Blunt (R-Mo.) ? John Boozman (R-Ark.) ? Shelly Moore Capito (R-W.Va.) ? Thad Cochran (R-Miss.) ? John Cornyn (R-Texas) ? Tom Cotton (R-Ark.) ? Ted Cruz (R-Texas) ? Deb Fischer (R-Neb.) ? Orrin Hatch (R-Utah) ? Dean Heller (R-Nev.) ? James Inhofe (R-Okla.) ? Ron Johnson (R-Wisc.) ? Mike Lee (R-Utah) ? Rand Paul (R-Ky.) ? Pat Roberts (R-Kan.) ? Marco Rubio (R-Fla.) ? Richard Shelby (R-Ala.) ? Dan Sullivan (R-Ala.) ? John Thune (R-S.D.) ? Roger Wicker (R-Miss.) ? Jerry Moran (R-Kan.) From rforno at infowarrior.org Tue Mar 14 20:48:07 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Mar 2017 01:48:07 -0000 Subject: [Infowarrior] - Building a Digital Security Exchange Message-ID: <7DB31505-CB90-450C-B069-21B856E0A34E@infowarrior.org> https://medium.com/@levjoy/building-a-digital-security-exchange-d392ad2f4982#.jnab1dca1 Building a Digital Security Exchange Josh Levy Campaign strategist, digital rights advocate, coalition builder. Fellow at Stanford?s Digital Civil Society Lab. Addressing the digital security gap for U.S. communities at risk Last week, I wrote that I?m moving on from Access Now to focus on a project helping the U.S. digital security community be more responsive to the needs of civil society groups and high-risk communities. While many of these groups know they need digital security assistance, they often don?t know who to turn to or who to trust. We?re calling this project the Digital Security Exchange. In the aftermath of the 2016 election, U.S. organizations big and small have realized they?re at risk of being hacked, surveilled, trolled, and otherwise attacked online???risks that this week?s WikiLeaks dump detailing the CIA?s hacking abilities have driven home. So much infrastructure is vulnerable: Vast databases of constituent information sit in the cloud, state surveillance is eradicating privacy and chilling free speech, and the devices we depend on to communicate have been weaponized against us. At the same time, existing recommendations can be dizzying. For many users, blog posts on how to install Signal, massive guides to protecting your digital privacy, and broad statements like ?use Tor????all offered in good faith and with the best of intentions???can be hard to understand or act upon. If we want to truly secure civil society from digital attacks and empower communities in their to fight to protect their rights, we?ve got to recognize that digital security is largely a human problem, not a technical one. Taking cues from the experiences of the deeply knowledgeable global digital security training community, the Digital Security Exchange will seek to make it easier for trainers and experts to connect directly to communities in the U.S.???building trust and sharing expertise, documentation, and best practices???in order to increase capacity and security across the board. This project is just getting off the ground, but we already have a stellar working group overseeing its development. It includes: ? Malkia Cyril, Center for Media Justice ? Ethan Zuckerman, Center for Civic Media at MIT ? Cayden Mak, 18 Million Rising ? Bruce Schneier, Resilient Systems/IBM ? Harlo Holmes, Freedom of the Press Foundation ? Sara Haghdoosti, Mozilla Foundation ? Matt Mitchell, cryptoHarlem ? Deanna Zandt, Lux Digital ? Matt Holland, Technology Strategist ? Mallory Knodel, Association for Progressive Communications ? Jamie Tomasello, former Access Now Technology Director ? Danny O?Brien, Electronic Frontier Foundation ? Nathan Freitas, Guardian Project & Tibet Action Institute Here are the core components of the project: ? Mapping and analyzing need. Before making assumptions about what high-risk communities and civil society organizations need, it?s best to actually reach out and listen, often by coordinating with critical intermediaries working with frontline groups. In addition, members of Muslim American, South Asian, Latino, African American, and other communities have had to respond in real time to digital attacks, and their security expertise has increased accordingly. Therefore, it?s crucial to connect with people who?ve, by necessity, learned the skills they?ll need to fight against online attacks, and to understand what, if any, assistance is needed. ? Coordinating existing digital security trainers. The community of self-identified digital security experts is large and disparate. While many individuals and organizations are busy assisting users who?ve come in via official or unofficial channels, nearly every trainer I?ve spoken to says they still don?t know how to reach communities that need help. Our bet is that a loosely-coordinated network of trainers will work more efficiently and will be able to pool its time and resources in a way that serves more people in need. ? Building a digital platform. We?ll need a digital space to build out the networks of trainers and communities in need. To do so, we?re building a digital platform that will include secure databases of digital security trainers and orgs in need, a switchboard to triage incoming requests and connect trainers to orgs and communities, and a means of ensuring that the right trainers???with appropriate cultural competence and fluency???are being paired with the right orgs, and that this pairing is leading to desired outcomes (hardening messaging tools, implementing organization-wide practices, securing sensitive data). ? Adapting existing documentation. There are a ton of amazing digital security guides out there???EFF?s Surveillance Self-Defense Guide, Access Now?s ?A First Look at Digital Security,? Security in a Box, and Martin Shelton?s continually revised ?Secure Your Digital Life Like a Normal Person? post on Medium???and each guide serves a different, essential purpose. But even the best guides can be intimidating for people who are new to digital security. That?s why we?ll be working closely with the authors of these guides to convey feedback from the field that could lead to revisions and improvements. That might mean working to create specially-tailored materials, or experimenting with new ways to convey established advice. And feedback will work the other way too: we?ll take the most current advice from the technical experts, and help them distribute it swiftly across the multiple communities. How you can help: As we get started assembling these building blocks, we also want to be able to address users? needs as soon as possible. Here are a few ways you can help: ? Help us identify communities in need. Are you an organization, or do you know of an organization, that?s facing an immediate digital security need? Send an email to info at digitalsecurityexchange.org and we?ll circulate your request among our trusted network. ? Join the Digital Security Exchange Pipeline. Are you a digital security trainer who wants to lend a hand? Contact us at info at digitalsecurityexchange.org and we?ll follow up about how to join the Pipeline, our network of trainers. ? Provide financial support for this effort. It?s going to take significant financial support to get this project off the ground. Donations, big and small???including in-kind donations for technology, infrastructure, and other services???make a huge difference. Email me at josh at digitalsecurityexchange.org if you have suggestions for financial assistance. The most urgent need is support to help build and design a simple web site and a ?minimum viable product? digital platform. From rforno at infowarrior.org Wed Mar 15 06:27:00 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Mar 2017 11:27:00 -0000 Subject: [Infowarrior] - OT: Hot air and intrigue: did POTUS leak his own tax return? Message-ID: <242975E5-648A-4A15-8923-58F4B71EE495@infowarrior.org> Hot air and intrigue: did Donald Trump leak his own tax return? David Smith in Washington https://www.theguardian.com/us-news/2017/mar/14/donald-trump-tax-return-leaked-msnbc-analysis < - > Trump claims he cannot release his taxes while he is under audit. Yet he did so on Tuesday night in the White House?s preemptive statement. Zac Petkanas, a senior adviser to the Democratic National Committee, said: ?The White House?s willingness to release some tax information when it suits them proves Donald Trump?s audit excuse is a sham. If they can release some of the information, they can release all of the information. < - > From rforno at infowarrior.org Wed Mar 15 06:28:12 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Mar 2017 11:28:12 -0000 Subject: [Infowarrior] - Video calls for Signal out of beta Message-ID: <6D805573-C398-47CC-9F91-1FB3EA10280C@infowarrior.org> Video calls for Signal out of beta https://whispersystems.org/blog/signal-video-calls/ We recently released encrypted video calling as an opt-in beta. We've spent the past month collecting feedback and addressing the issues that the Signal community found in order to get it production ready. Today's Signal release for Android and iOS enables support for end-to-end encrypted video calls by default, which also greatly enhances the quality of Signal voice calls as well. We think it's a big improvement, and hope you will to. < - > From rforno at infowarrior.org Wed Mar 15 06:30:25 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Mar 2017 11:30:25 -0000 Subject: [Infowarrior] - Warner Bros. Is Considering a Return to The Matrix Message-ID: <01784303-5995-47C2-8F2E-9BF70AAD3D40@infowarrior.org> Put another way: Rumors are that a (needless) sequel to 1999's 'The Matrix' is in the works. https://io9.gizmodo.com/warner-bros-is-considering-a-return-to-the-matrix-1793280066 From rforno at infowarrior.org Wed Mar 15 06:31:02 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Mar 2017 11:31:02 -0000 Subject: [Infowarrior] - Hacked Twitter Accounts Post Swastikas, Pro-Erdogan Content Message-ID: Hacked Twitter Accounts Post Swastikas, Pro-Erdogan Content March 15, 2017, 4:05 AM EDT https://www.bloomberg.com/news/articles/2017-03-15/twitter-accounts-appear-to-be-hacked-with-swastikas-and-pro-erdogan-content From rforno at infowarrior.org Wed Mar 15 10:10:14 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Mar 2017 15:10:14 -0000 Subject: [Infowarrior] - Justice Department charging Russian spies and criminal hackers in Yahoo intrusion Message-ID: Justice Department charging Russian spies and criminal hackers in Yahoo intrusion By Ellen Nakashima March 15 at 9:46 AM https://www.washingtonpost.com/world/national-security/justice-department-charging-russian-spies-and-criminal-hackers-for-yahoo-intrusion/2017/03/15/64b98e32-0911-11e7-93dc-00f9bdd74ed1_story.html The Justice Department is set to announce Wednesday the indictments of two Russian spies and two criminal hackers in connection with the heist of 500 million Yahoo user accounts in 2014, marking the first U.S. criminal cyber charges ever against Russian government officials. The indictments target two members of the Russian intelligence agency FSB, and two hackers hired by the Russians. The charges include hacking, wire fraud, trade secret theft and economic espionage, according to officials, who spoke on the condition of anonymity because the charges have not yet been announced. The indictments are part of the largest hacking case brought by the United States. The charges are unrelated to the hacking of the Democratic National Committee and the FBI?s investigation of Russian interference in the 2016 presidential campaign. But the move reflects the U.S. government?s increasing desire to hold foreign governments accountable for malicious acts in cyberspace. The FBI and the Justice Department declined to comment. The United States does not have an extradition treaty with Russia, but officials have said that taking steps such as charges and imposing sanctions can be a deterrent. People also sometimes slip up and travel to a country that is able and willing to transfer them to the United States for prosecution. Yahoo reported the 2014 hack last fall ? in what was then considered the largest data breach in history. The company later disclosed another intrusion affecting more than 1 billion user accounts in 2013, far surpassing the 2014 event. Officials have not determined whether there is a link between the two. The twin hacks clouded the prospects for the sale of Yahoo?s core business to telecommunications giant Verizon. The deal is proceeding after Verizon negotiated the price down in the wake of the breaches. The compromised accounts may have affected more than just email. Breaking into a Yahoo account would give the hackers access to users? activity on Flickr, Tumblr, fantasy sports and other Yahoo applications. In the 2014 hack, the FSB ? Russia?s Federal Security Service, and a successor to the KGB ? sought the information for intelligence purposes, targeting journalists, dissidents and U.S. government officials, but allowed the criminal hackers to use the email cache for the officials? and the hackers? financial gain, through spamming and other operations. The charges ?illustrate the murky world of Russian intel services using criminal hackers in a wide variety of ways,? said Milan Patel, a former FBI Cyber Division supervisory special agent who is now a managing director at K2 Intelligence, a cyber firm. Although FBI agents have long suspected that the Russians have used cyber mercenaries to do their work, this case is among the first in which evidence is offered to show that. The indicted FSB officers are Dmitry Dokuchaev and Igor Sushchin, his superior. Particularly galling to U.S. officials is that the men worked for the cyber investigative arm of the FSB ? a rough equivalent of the FBI?s Cyber Division. That the agency that is supposed to investigate computer intrusions Russia is itself engaged in hacking is ?pretty sad,? one official said. Dokuchaev, whose hacker alias was ?Forb,? was arrested in December in Moscow, according to the news agency Interfax, on charges of state treason for passing information to the CIA. He had reportedly agreed to work for the FSB to avoid prosecution for bank card fraud. Another man indicted in the case is Alexsey Belan, who is on the list of most-wanted cyber criminals and has been charged twice before, in connection with intrusions into three major tech firms in Nevada and California in 2012 and 2013. He was in custody in Greece for a time, but made his way back to Russia, where he is being protected by authorities, officials said. The other hacker-for-hire is Karim Baratov, who was born in Kazakhstan but has Canadian citizenship. He was arrested in Canada on Tuesday. The indictments grew out of a nearly two-year investigation by the San Francisco FBI with the aid of international law enforcement, officials said. Sanctions and criminal charges are two tools that the Obama administration began using to punish and deter nation state hackers. ?They have the effect of galvanizing other countries that are watching what?s happening,? said Luke Dembosky, a former deputy assistant attorney general for national security. ?They show that we have the resources and capabilities to identify the people at the keyboard, even in the most sophisticated cases.? Three years ago, the United States charged five Chinese military hackers for economic espionage, marking the first time cyber-related charges were levied against foreign government officials. After the Chinese military hackers were indicted, officials said their activity seemed to dwindle. And the indictments, Dembosky said, helped wrest a pledge in 2015 from the Chinese to stop economic cyber espionage against U.S. firms. In early 2015, the Obama administration imposed economic sanctions on North Korea for its cyberattack on Sony Pictures? systems. And in late December, the Obama administration levied economic sanctions on Moscow for its election-year meddling. At the same time, the government sanctioned two Russian criminal hackers with no apparent connection to the Kremlin?s interference campaign. They included Belan, who is one of the four indicted in the Yahoo case. ellen.nakashima at washpost.com Brian Fung contributed to this report. From rforno at infowarrior.org Wed Mar 15 10:57:58 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Mar 2017 15:57:58 -0000 Subject: [Infowarrior] - FBI chief to testify publicly on Russian interference Message-ID: <10147245-7F2D-47C1-8A07-98F5F4C52C11@infowarrior.org> (maybe we'll get another potus tax return leak the night before? -- rick) FBI chief to testify publicly on Russian interference By Katie Bo Wiilliams - 03/15/17 11:33 AM EDT 54 http://thehill.com/policy/national-security/324070-fbi-chief-to-testify-publicly-on-russian-interference FBI Director James Comey and National Security Agency head Adm. Michael Rogers will testify publicly in the House Intelligence Committee's investigation into Russian interference in the U.S. presidential election, Chairman Devin Nunes (R-Calif.) said Wednesday. The panel is holding its first public hearing into the matter March 20, the same day the Senate is set to begin considering the nomination of Judge Neil Gorsuch to fill the empty seat on the Supreme Court. Comey has been under fierce pressure from Democrats to reveal whether the bureau is investigating alleged links between President Trump?s campaign and Russian officials. His silence on the matter has angered Democrats given the director?s public accounting last year of the FBI's investigation into Democratic presidential nominee Hillary Clinton. The FBI director is also facing pressure to reveal whether or not there is any truth to the president's claims that Trump Tower was "wiretapped" by President Obama in 2016. From rforno at infowarrior.org Thu Mar 16 08:38:19 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Mar 2017 13:38:19 -0000 Subject: [Infowarrior] - Statement from PBS President and CEO on funding issue Message-ID: <06C140A7-8586-4500-B9C4-5618542EE99A@infowarrior.org> Statement from PBS President and CEO Paula Kerger On Proposed Cuts to Federal Funding for Public Broadcasting "PBS and our nearly 350 member stations, along with our viewers, continue to remind Congress of our strong support among Republican and Democratic voters, in rural and urban areas across every region of the country. We have always had support from both parties in Congress, and will again make clear what the public receives in return for federal funding for public broadcasting. The cost of public broadcasting is small, only $1.35 per citizen per year, and the benefits are tangible: increasing school readiness for kids 2-8, support for teachers and homeschoolers, lifelong learning, public safety communications and civil discourse." Two new national surveys ? one by Rasmussen Reports (subscribers) and another conducted jointly by leading Republican and Democratic researchers for PBS ? reveal that voters across the political spectrum overwhelmingly oppose eliminating federal funding for public television. Rasmussen shows that just 21% of Americans ? and only 32% of Republicans ?favor ending public broadcasting support. In the PBS Hart Research-American Viewpoint poll, 83% of voters ? including 70% of those who voted for President Trump ? say they want Congress to find savings elsewhere. < - > http://www.pbs.org/about/blogs/news/federal-funding-statement/ From rforno at infowarrior.org Thu Mar 16 15:39:33 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Mar 2017 20:39:33 -0000 Subject: [Infowarrior] - Rep. Devin Nunes' Hypocrisy On Display In 'Concerns' Over NSA Surveillance Message-ID: <3A159B8C-28DB-4C5C-A194-AB8497B88E2D@infowarrior.org> (though to be fair, I suspect the same would happen in a similar, albeit democrat, scenario. -- rick) Rep. Devin Nunes' Hypocrisy On Display In 'Concerns' Over NSA Surveillance https://www.techdirt.com/articles/20170316/01500636929/rep-devin-nunes-hypocrisy-display-concerns-over-nsa-surveillance.shtml From rforno at infowarrior.org Fri Mar 17 08:31:17 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Mar 2017 13:31:17 -0000 Subject: [Infowarrior] - US formally apologies to UK over GCHQ wiretap allegations Message-ID: <555C9A88-7869-4273-B58C-E171CBA0AE3F@infowarrior.org> US makes formal apology to Britain after White House accuses GCHQ of wiretapping Trump Tower 00:57 ? Steven Swinford, Deputy Political Editor 17 March 2017 ? 12:48pm The US has made a formal apology to Britain after the White House accused GCHQ of helping Barack Obama spy on Donald Trump in the White House. Sean Spicer, Mr Trump's press secretary, repeated a claim on Thursday evening ? initially made by an analyst on Fox News - that GCHQ was used by Mr Obama to spy on Trump Tower in the lead-up to last November's election. The comments prompted a furious response from GCHQ, which in a break from normal practice issued a public statement: "Recent allegations made by media commentator Judge Andrew Napolitano about GCHQ being asked to conduct 'wiretapping' against the then president-elect are nonsense. They are utterly ridiculous and should be ignored." Intelligence sources told The Telegraph that both Mr Spicer and General McMaster, the US National Security Adviser, have apologised over the claims. "The apology came direct from them," a source said. General McMaster contacted Sir Mark Lyall Grant, the Prime Minister's National Security adviser, to apologise for the comments. Mr Spicer conveyed his apology through Sir Kim Darroch, Britain's US ambassador. Mr Spicer had earlier repeated claims that Barack Obama used GCHQ to spy on Mr Trump before he became president. < - > http://www.telegraph.co.uk/news/2017/03/17/us-makes-formal-apology-britain-white-house-accuses-gchq-wiretapping/ From rforno at infowarrior.org Fri Mar 17 12:46:26 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Mar 2017 17:46:26 -0000 Subject: [Infowarrior] - Laptop holding Trump Tower floor plans, Hillary Clinton email investigation info stolen from Secret Service agent Message-ID: Laptop holding Trump Tower floor plans, Hillary Clinton email investigation info stolen from Secret Service agent BY Rocco Parascandola NEW YORK DAILY NEWS Friday, March 17, 2017, 11:50 AM http://www.nydailynews.com/new-york/laptop-trump-tower-floor-plans-stolen-secret-service-article-1.3001078 A laptop computer containing floor plans for Trump Tower, information about the Hillary Clinton email investigation and other national security information was stolen from a Secret Service agent's vehicle in Brooklyn, police sources told the Daily News. Authorities have been frantically searching for the laptop since it was stolen Thursday morning. Some items stolen along with the laptop ? including coins and a black bag with the Secret Service insignia on it ? were later recovered. But the laptop, along with other documents described as "sensitive," were still being sought. The thief stepped out of a car, possibly an Uber, on a street in Bath Beach and stole the laptop from the agent's vehicle, which was parked in the driveway of her home. He was then seen on video walking away from the scene with a backpack. The agent reported the laptop contained floor plans for Trump Tower, evacuation protocols and information regarding the investigation of Hillary Clinton's private email server. The agent also told investigators that while nothing about the White House or foreign leaders is stored on the laptop, the information on there could compromise national security. The thief also took "sensitive" documents and the agent's access keycard, though the level of the agent's access wasn't immediately clear. NYPD cops were assisting in the investigation but had scant information on what?s on the laptop, sources said. "The Secret Service is very heavily involved and, citing national security, there's very little we have on our side," a police source said. "It's a very big deal.? "There's data on there that's highly sensitive,? the police source added. ?They're scrambling like mad.? From rforno at infowarrior.org Mon Mar 20 12:29:15 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Mar 2017 17:29:15 -0000 Subject: [Infowarrior] - Judge ok's mass warrant for Google search Message-ID: <0C5391C1-F8D7-4384-B69D-ACCEEEFE20BE@infowarrior.org> Judge OKs warrant to reveal who searched a crime victim?s name on Google Order seeks data for "any/all user or subscriber information" related to the searches. David Kravets - 3/17/2017, 1:10 AM https://arstechnica.com/tech-policy/2017/03/judge-oks-warrant-to-reveal-who-searched-a-fraud-victims-name-on-google/ Police in a small suburban town of 50,000 people just outside Minneapolis, Minnesota, have won a court order requiring Google to determine who has used its search engine to look up the name of a local financial fraud victim. The court order demanding such a massive search is perhaps the most expansive one we've seen unconnected to the US national security apparatus and, if carried out, could set an Orwellian precedent in a bid by the Edina Police Department to solve a wire-fraud crime worth less than $30,000. Investigators are focusing their probe on an online photo of someone with the same name of a local financial fraud victim. The image turned up on a fake passport used to trick a credit union to fraudulently transfer $28,500 out of an Edina man's account, police said. The bogus passport was faxed to the credit union using a spoofed phone number to mimic the victim's phone, according to the warrant application. (To protect the victim's privacy, Ars is not publishing his name that was listed throughout the warrant signed February 1 by Hennepin County Senior Judge Gary Larson.) The warrant demands Google to help police determine who searched for variations of the victim's name between December 1 of last year through January 7, 2017. A Google search, the warrant application says, reveals the photo used on the bogus passport. The image was not rendered on Yahoo or Bing, according to the documents. The warrant commands Google to divulge "any/all user or subscriber information"?including e-mail addresses, payment information, MAC addresses, social security numbers, dates of birth, and IP addresses?of anybody who conducted a search for the victim's name. The warrant was unearthed by Minneapolis journalist and public records activist Tony Webster. He took photographic images of the documents from a computer terminal at the county courthouse and converted them to the portable document format with the victim's name redacted. (Webster said in a telephone interview that language in the warrant that says "located in city or township of Edina, County of Hennepin, State of Minnesota" is standard, pro forma language that is often contained in the county's warrants. That language, he said, does not mean that the warrant is demanding that Google solely disclose who within the city's 15 square miles searched for the victim's name, as some have reported.) The Edina Police Department declined to comment other than to tell Webster that the agency would be "reluctant to disclose active case information or specific strategies used during the investigation." Meanwhile, the warrant notes that the Edina authorities originally sent Google an administrative subpoena "requesting subscriber information for anyone who had performed a Google search" for the victim's name. According to the documents, Google balked at complying with that administrative subpoena, which is similar to a search warrant but does not have a judge's signature. "Though Google's rejection of the administrative subpoena is arguable, your affiant is applying for this warrant so that the investigation of this case does not stall," officer David Lindman wrote the judge in the warrant application. Google declined to directly address the warrant, but suggested it was fighting it. "We aren't able to comment on specific cases, but we will always push back when we receive excessively broad requests for data about our users," Google said in an e-mail to Ars. After learning of the warrant, Andrew Crocker, a staff attorney with the Electronic Frontier Foundation, tweeted: "Holy shit. Case name should be In re Minnesota Unconstitutional General Warrant." From rforno at infowarrior.org Tue Mar 21 21:03:24 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Mar 2017 02:03:24 -0000 Subject: [Infowarrior] - A Grand Jury Just Called Tweeting an Animated GIF 'Assault With a Deadly Weapon' Message-ID: <774FEE93-AFAF-430B-BB0D-2CA059B492ED@infowarrior.org> A Grand Jury Just Called Tweeting an Animated GIF 'Assault With a Deadly Weapon' William Turton Today 10:30am On Monday, a Texas grand jury charged a Maryland man with ?aggravated assault with a deadly weapon? after authorities say he tweeted an animated flashing GIF designed to trigger Newsweek journalist Kurt Eichenwald?s epilepsy last year, ?immediately? causing him to have a seizure. 29-year-old John Rivello was arrested in Salisbury, Maryland on federal cyberstalking charges last week. After sending Eichenwald the GIF in December, Rivello allegedly messaged another Twitter user saying ?I hope this sends him into a seizure? and ?let?s see if he dies.? Another message sent by Rivello allegedly said ?I know he has epilepsy? and authorities say a search of his iCloud account found a photoshopped version of Eichenwald?s Wikipedia page with his date of death edited to be December 16, about when the GIF was sent. < - > https://gizmodo.com/a-grand-jury-just-called-tweeting-an-animated-gif-assau-1793477149 From rforno at infowarrior.org Wed Mar 22 06:18:44 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Mar 2017 11:18:44 -0000 Subject: [Infowarrior] - =?utf-8?q?OT_WSJ_OpEd=3A_A_President=E2=80=99s_Cr?= =?utf-8?q?edibility?= Message-ID: <3CA2B09E-B47C-41BF-8FE0-C84735B6EFA7@infowarrior.org> A President?s Credibility Trump?s falsehoods are eroding public trust, at home and abroad. https://www.wsj.com/articles/a-presidents-credibility-1490138920#livefyre-toggle-SB12276399110766014379604583036501072192568 March 21, 2017 7:28 p.m. ET If President Trump announces that North Korea launched a missile that landed within 100 miles of Hawaii, would most Americans believe him? Would the rest of the world? We?re not sure, which speaks to the damage that Mr. Trump is doing to his Presidency with his seemingly endless stream of exaggerations, evidence-free accusations, implausible denials and other falsehoods. The latest example is Mr. Trump?s refusal to back off his Saturday morning tweet of three weeks ago that he had ?found out that [Barack] Obama had my ?wires tapped? in Trump Tower just before the victory? on Election Day. He has offered no evidence for his claim, and a parade of intelligence officials, senior Republicans and Democrats have since said they have seen no such evidence. Yet the President clings to his assertion like a drunk to an empty gin bottle, rolling out his press spokesman to make more dubious claims. Sean Spicer?who doesn?t deserve this treatment?was dispatched last week to repeat an assertion by a Fox News commentator that perhaps the Obama Administration had subcontracted the wiretap to British intelligence. That bungle led to a public denial from the British Government Communications Headquarters, and British news reports said the U.S. apologized. But then the White House claimed there was no apology. For the sake of grasping for any evidence to back up his original tweet, and the sin of pride in not admitting error, Mr. Trump had his spokesman repeat an unchecked TV claim that insulted an ally. The wiretap tweet is also costing Mr. Trump politically as he hands his opponents a sword. Mr. Trump has a legitimate question about why the U.S. was listening to his former National Security Adviser Michael Flynn, and who leaked news of his meeting with the Russian ambassador. But that question never gets a hearing because the near-daily repudiation of his false tweet is a bigger media story. FBI director James Comey also took revenge on Monday by joining the queue of those saying the bureau has no evidence to back up the wiretap tweet. Mr. Comey even took the unusual step of confirming that the FBI is investigating ties between the Trump election campaign and Russia. Mr. Comey said he could make such a public admission only in ?unusual circumstances,? but why now? Could the wiretap tweet have made Mr. Comey angry because it implied the FBI was involved in illegal surveillance? Mr. Trump blundered in keeping Mr. Comey in the job after the election, but now the President can?t fire the man leading an investigation into his campaign even if he wants to. All of this continues the pattern from the campaign that Mr. Trump is his own worst political enemy. He survived his many false claims as a candidate because his core supporters treated it as mere hyperbole and his opponent was untrustworthy Hillary Clinton. But now he?s President, and he needs support beyond the Breitbart cheering section that will excuse anything. As he is learning with the health-care bill, Mr. Trump needs partners in his own party to pass his agenda. He also needs friends abroad who are willing to trust him when he asks for support, not least in a crisis. This week should be dominated by the smooth political sailing for Mr. Trump?s Supreme Court nominee and the progress of health-care reform on Capitol Hill. These are historic events, and success will show he can deliver on his promises. But instead the week has been dominated by the news that he was repudiated by his own FBI director. Two months into his Presidency, Gallup has Mr. Trump?s approval rating at 39%. No doubt Mr. Trump considers that fake news, but if he doesn?t show more respect for the truth most Americans may conclude he?s a fake President. Appeared in the Mar. 22, 2017, print edition. From rforno at infowarrior.org Wed Mar 22 06:42:22 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Mar 2017 11:42:22 -0000 Subject: [Infowarrior] - Spinning IP maximalism as protection against 'fake news' Message-ID: <7A708980-906B-45C1-B72D-6196D4E180B6@infowarrior.org> Purporting to discuss improving the Copyright Office's internal IT infrastructure, this op-ed writer spends much time talking about how enhanced copyright controls are the journalistic industry's protection against "fake news" and the "decay of institutions a free country relies on." Free stuff online is apparently "fake news" and mainly just clickbait anyway, says the author. (And also, it's the internet's fault that everyone's suffering.) The author? An exec from the Copyright Clearance Center and copyright industry lobbyist. As if the MPAA/RIAA shills weren't bad enough at grasping at straws to make tenuous connections to try and preserve their antequated business models and self-perceived legitimacy and authority in the world. But history shows we should expect such Beltway antics (soon to be hysteria, probably) from this particular industry. Nice try, though. --rick See: http://thehill.com/blogs/pundits-blog/technology/325009-is-there-a-link-between-fake-news-and-modernizing-the-copyright From rforno at infowarrior.org Wed Mar 22 06:50:03 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Mar 2017 11:50:03 -0000 Subject: [Infowarrior] - Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware Message-ID: (see also: the 'right to repair' debate. -- rick) Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware To avoid the draconian locks that John Deere puts on the tractors they buy, farmers throughout America's heartland have started hacking their equipment with firmware that's cracked in Eastern Europe and traded on invite-only, paid online forums. Tractor hacking is growing increasingly popular because John Deere and other manufacturers have made it impossible to perform "unauthorized" repair on farm equipment, which farmers see as an attack on their sovereignty and quite possibly an existential threat to their livelihood if their tractor breaks at an inopportune time. "When crunch time comes and we break down, chances are we don't have time to wait for a dealership employee to show up and fix it," Danny Kluthe, a hog farmer in Nebraska, told his state legislature earlier this month. "Most all the new equipment [requires] a download [to fix]." The nightmare scenario, and a fear I heard expressed over and over again in talking with farmers, is that John Deere could remotely shut down a tractor and there wouldn't be anything a farmer could do about it. < - > https://motherboard.vice.com/en_us/article/why-american-farmers-are-hacking-their-tractors-with-ukrainian-firmware From rforno at infowarrior.org Wed Mar 22 17:28:59 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Mar 2017 22:28:59 -0000 Subject: [Infowarrior] - POTUS sends cease-and-desist to 17-year-old student over cat website Message-ID: <264CE60D-1504-4130-AFB6-472B67D0C749@infowarrior.org> Trump sends cease-and-desist to 17-year-old student over cat website By Anne Lu @chelean on March 22 2017 8:18 PM http://www.ibtimes.com.au/trump-sends-cease-desist-17-year-old-student-over-cat-website-1547832 US President Donald Trump is threatening to sue a 17-year-old girl for creating a cat website featuring his face. Lucy from San Francisco, California, created a site called TrumpScratch.com, wherein visitors get to scratch Trump?s face with cat claws to their satisfaction, but the American leader wasn?t having it. The 17-year-old high school student was served with a cease and desist letter from the president?s general counsel in New York three weeks after her website went live. The letter began by calling Trump a ?well-known businessman? and television star, probably referring to the former ?The Apprentice? star?s days as a reality TV actor. ?As I?m sure you?re aware, the Trump name is internationally known and famous,? the letter, confirmed by the Observer, reads. Lucy, who has been applying for web development jobs, then changed the name of her website to KittenFeed.com on the advice of her family lawyer. That still did not appease Trump?s legal camp, though. The teenager said they were still after her. It only took her three hours to code the website, a coding project that she could put on her resume. Although she called it a ?fun, little? project, she had Trump?s face as target ?out of principle.? ?I was going to just let this go, but I think it?s, pardon my French, f------ outrageous that the president of the United States has his team scouring the Internet for sites like mine to send out cease and desists and legal action claims if we shut down,? Lucy told the publication. ?Meanwhile, he tweets about ?The Apprentice? ratings and sends out power-drunk tweets about phone tapping. HOW ABOUT BEING THE PRESIDENT?? It was not clarified what demands Trump?s legal team wanted from her. Lucy still hasn?t responded to Trump after changing her website?s name. She and her lawyer are still waiting for Trump?s next move. Lawsuits are the American president?s specialty. He had sued and had been sued thousands of times over the past three decades. In the data collated by USA Today last year, Trump and his businesses sued for branding and trademark cases, contract disputes, and employment cases among many others. They also faced lawsuits that range from labour and personal injury claims to government and taxes cases. Trump himself has also threatened to sue media outlets and individuals over the years for defamation. Earlier this year, his wife, Melania, filed a US$150 million (AU$196 million) suit against UK paper the Daily Mail for publishing apparently damaging allegations. Her legal team argued that Melania had the ?unique, once-in-a-lifetime? opportunity as a first lady of the US, which she could have used to garner multimillion-dollar business deals and endorsements, but that the newspaper has damaged it by publishing the unfounded allegations. From rforno at infowarrior.org Wed Mar 22 17:32:50 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Mar 2017 22:32:50 -0000 Subject: [Infowarrior] - U.S. Senate takes up broadband privacy repeal Message-ID: U.S. Senate takes up broadband privacy repeal ReutersMarch 22, 2017 By David Shepardson https://www.yahoo.com/tech/u-senate-broadband-privacy-repeal-spokesman-203020282--finance.html WASHINGTON (Reuters) - The U.S. Senate on Wednesday took up a measure to repeal regulations adopted by the Obama administration requiring internet service providers to do more to protect customers' privacy than websites like Alphabet Inc's Google or Facebook Inc . The Senate began debate on Wednesday evening under a provision that allows Congress to repeal recently approved federal regulations. Under the rules approved by the Federal Communications Commission in October under then-President Barack Obama, internet providers would need to obtain consumer consent before using precise geolocation, financial information, health information, children's information and web browsing history for advertising and internal marketing. Earlier this month, the FCC temporarily blocked those rules from taking effect, a victory for internet providers such as AT&T Inc Comcast Corp and Verizon Communications Inc that had strongly opposed the measure. A final Senate vote on the measure is expected on Thursday, but it was not clear when the U.S. House of Representatives might take up the measure. "Congress needs to repeal these privacy restrictions in order to restore balance to the internet ecosystem and provide certainty to consumers," said Senator Jeff Flake, a Republican who sponsored the measure. But Democratic Senator Bill Nelson said that broadband providers build profiles ?about our children from birth. This is a gold mine of data ? the holy grail so to speak. It is no wonder that broadband providers want to be able to sell this information to the highest bidder without consumers? knowledge or consent. And they want to collect and use this information without providing transparency or being held accountable." The American Civil Liberties Union also criticized the proposal to undo the rules. "With this move, Congress is essentially allowing companies like Comcast, AT&T, and Verizon to sell consumers? private information to the highest bidder," ACLU general counsel Neema Singh Guliani said earlier this month. FCC Chairman Ajit Pai, nominated by Republican President Donald Trump to serve a second five-year term on the commission, said earlier this month that consumers would have privacy protections even without the Obama administration internet provider rules. Republican commissioners, including Pai, said in October that the rules would unfairly give websites like Facebook, Twitter Inc or Google the ability to harvest more data than internet service providers and thus dominate digital advertising. Websites are governed by a less restrictive set of privacy rules overseen by the Federal Trade Commission. Democratic Senator Edward Markey said "just as phone companies cannot sell information about Americans? phone calls, an internet service provider should not be allowed to sell sensitive consumer information without affirmative consent." (Reporting by David Shepardson; Editing by Chris Reese and Jonathan Oatis) From rforno at infowarrior.org Wed Mar 22 18:52:23 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Mar 2017 23:52:23 -0000 Subject: [Infowarrior] - =?utf-8?q?Trolling_Scholars_Debunk_the_Idea_That_?= =?utf-8?q?the_Alt-Right=E2=80=99s_S--itposters_Have_Magic_Powers?= Message-ID: <3C4BA252-FD25-4C5C-A881-9BAD6F566429@infowarrior.org> Trolling Scholars Debunk the Idea That the Alt-Right?s Shitposters Have Magic Powers Whitney Phillips, Jessica Beyer, and Gabriella Coleman Mar 22 2017, 11:56am Asserting that alt-right "trolls" were a deciding factor in Trump?s victory minimizes the broader trends that amplified their influence. Since Donald Trump won the election, journalists, academics, and various online commentators have speculated wildly about the role that trolling, 4chan, and the alt-right's "meme magic" played in Trump's rise. Across countless news articles, hot takes, and Twitter debates, several recurring assumptions have emerged. First, that members of the alt-right (and even members of the Trump administration) are trolls, and more broadly, that the word "trolling" is the best descriptor for the current political climate. Second (and these are points that tend to be baked into broader stand-alone articles), that this "trolling" is interchangeable with 4chan, with the further assumption that 4chan is interchangeable with Anonymous, itself framed to be the Ur alt-right. Third, that 4chan itself, as a website, radicalized users towards white nationalism. And finally, the coup de gr?ce: that 4chan?and its alt-right trolls?were a deciding factor in Trump's election. This all makes for a compelling narrative. But what actually happened?what has been happening for the last several years?isn't so straightforward. Pro-Trump antagonism during the election may have been omnipresent, and may have helped amplify Trump's message. But it cannot and should not be tethered to online communities of the past. It was, instead, symptomatic of much deeper, much more immediate cultural malaise. < - > https://motherboard.vice.com/en_us/article/trolling-scholars-debunk-the-idea-that-the-alt-rights-trolls-have-magic-powers From rforno at infowarrior.org Wed Mar 22 18:54:03 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Mar 2017 23:54:03 -0000 Subject: [Infowarrior] - Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom Message-ID: <2B641563-0E72-4BA6-A6AC-B467A508C001@infowarrior.org> Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom Joseph Cox Mar 21 2017, 7:03am https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom ?I just want my money,? one of the hackers said. A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts. The hackers, who identified themselves as 'Turkish Crime Family', demanded $75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data. "I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," one of the hackers told Motherboard. The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. "We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it's seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law," a message allegedly from a member of Apple's security team reads. (Motherboard only saw a screenshot of this message, and not the original). The alleged Apple team member then says archived communications with the hacker will be sent to the authorities. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video. By reading other emails included in the account, it appears the hackers have approached multiple media outlets. This may be in an attempt to put pressure on Apple; hackers sometimes feed information to reporters in order to help extortion efforts. Apple did not respond to multiple requests for comment. From rforno at infowarrior.org Wed Mar 22 18:55:59 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Mar 2017 23:55:59 -0000 Subject: [Infowarrior] - Software Engineering Institute Makes CERT C++ Coding Standard Freely Available Message-ID: <7DFB129D-3CF6-4F0F-ABEF-9ADB67EED6AA@infowarrior.org> https://www.sei.cmu.edu/news/article.cfm?assetid=495412&article=081&year=2017 Software Engineering Institute Makes CERT C++ Coding Standard Freely Available Pittsburgh, Pa., March 22, 2017?The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C++ Coding Standard. The standard provides rules for secure coding in the C++ programming language to help developers create safe, reliable, and secure systems free from undefined program behaviors and exploitable vulnerabilities. This C++ Coding Standard joins the SEI CERT C Coding Standard that was released in 2016. Both of these standards have been made available as free downloads in response to user demand, providing a wealth of expert knowledge and best practices for developing secure software systems in C and C++. The 2016 edition of the SEI CERT C++ Coding Standard reflects a decade of research and includes 83 new rules that take into account features of the C++ language that are not part of the C language. The majority of the SEI CERT C Coding Standard also provides guidance that is important for developing secure C++ programs, and they should both be used by C++ development programs. ?This newly released C++ standard adds to our previously released C standard secure coding guidance for features that are unique to the C++ language. For example, this standard has guidance for object oriented programming and containers,? said Robert Schiela, technical manager, Secure Coding, for the SEI?s CERT Division. ?It also contains guidance for features that were added to C++14, like lambda objects.? Mark Sherman, technical director, Cybersecurity Foundations, for the SEI?s CERT Division, added, ?The SEI CERT C++ Coding Standard joins our other free guidelines for secure software development, making secure development best practices easily accessible to everyone. This new format can be widely shared for use in classes, tools, professional guides, internal development standards, acquisition and procurement specifications, and other environments.? To download the SEI CERT C++ Coding Standard, visit http://www.cert.org/secure-coding/products-services/secure-coding-cpp-download-2016.cfm. To download the SEI CERT C Coding Standard, visit http://www.cert.org/secure-coding/products-services/secure-coding-download.cfm. About the Software Engineering Institute The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI works with organizations to make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. For more information, visit the SEI website at http://www.sei.cmu.edu. The CERT Division of the SEI is the world?s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and a national asset in the field of cybersecurity. For more information, visit http://www.cert.org. From rforno at infowarrior.org Wed Mar 22 20:31:11 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Mar 2017 01:31:11 -0000 Subject: [Infowarrior] - W3C erects DRM as web standard Message-ID: It's happening! It's happening! W3C erects DRM as web standard World has until April 19 to make its views known on latest draft 22 Mar 2017 at 20:39, Kieren McCarthy https://www.theregister.co.uk/2017/03/22/w3c_drm_web_standard/ The World Wide Web Consortium has formally put forward highly controversial digital rights management as a new web standard. Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time. The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams. The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improved online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C has also received three formal objections: ? It does not provide adequate protection for users ? It will be hard to include in free software ? It doesn't legally protect security researchers The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them. It has been a long and winding road getting to the point where the W3C has formally proposed a standard that allows controls to be placed on content ? something that many internet engineers remain philosophically opposed to. But despite the lengthy efforts to address a plethora of concerns, the formal notice still goes out of its way to note that "publication as a Proposed Recommendation does not imply endorsement by the W3C membership." There is little opportunity for those bitterly opposed to the measure to stir up a grassroots campaign against the spec, due to the entry barriers for W3C membership and the fact that only members can vote on approval. It is that barrier ? created to make the W3C financially sustainable ? that some feel is pushing the organization down a path too closely aligned with corporate interests rather than the will of internet engineers. ? From rforno at infowarrior.org Thu Mar 23 09:48:49 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Mar 2017 14:48:49 -0000 Subject: [Infowarrior] - WL releases Mac-oriented CIA 'Dark Matter' docs Message-ID: (x-posted) Dark Matter - 23 March, 2017 23 March, 2017 https://wikileaks.org/vault7/darkmatter/?cia#Dark%20Matter Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware. Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter. "DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants. Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0. Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008. While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise. From rforno at infowarrior.org Thu Mar 23 09:51:37 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Mar 2017 14:51:37 -0000 Subject: [Infowarrior] - Fwd: referral: S.536 / 10-K must disclose Board cybersecurity competence References: <20170323142922.E448DA06E60@palinka.tinho.net> Message-ID: interesting idea, at least for naming-and-shaming post-incident..... > Begin forwarded message: > > From: dan at geer.org > Subject: referral: S.536 / 10-K must disclose Board cybersecurity competence > Date: March 23, 2017 at 10:29:22 EDT > > http://www.bankinfosecurity.com/bill-would-compel-firms-to-reveal-if-cyber-expert-sits-on-board-a-9776 > https://www.congress.gov/115/bills/s536/BILLS-115s536is.pdf > > the important part, as ever, is the matter of definition of > terms and the definition of compliance > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Thu Mar 23 12:14:20 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Mar 2017 17:14:20 -0000 Subject: [Infowarrior] - Senate votes to roll back ISP privay controls Message-ID: https://www.eff.org/deeplinks/2017/03/senate-puts-isp-profits-over-your-privacy March 23, 2017 | By Kate Tummarello Senate Puts ISP Profits Over Your Privacy The Senate just voted to roll back your online privacy protections. Speak up now to keep the House from doing the same thing. ISPs have been lobbying for weeks to get lawmakers to repeal the FCC?s rules that stand between them and using even creepier ways to track and profit off of your every move online. Republicans in the Senate just voted 50-48 (with two absent votes) to approve a Congressional Review Action resolution from Sen. Jeff Flake which?if it makes it through the House?would not only roll back the FCC?s rules but also prevent the FCC from writing similar rules in the future. That would be a crushing loss for online privacy. ISPs act as gatekeepers to the Internet, giving them incredible access to records of what you do online. They shouldn?t be able to profit off of the information about what you search for, read about, purchase, and more without your consent. We can still kill this in the House: call your lawmakers today and tell them to protect your privacy from your ISP. From rforno at infowarrior.org Thu Mar 23 17:03:28 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Mar 2017 22:03:28 -0000 Subject: [Infowarrior] - Congress Leaks Draft Bill To Move Copyright Office Out Of The Library Of Congress Message-ID: <9371E77F-8588-4AF0-B863-75F2389AC5AD@infowarrior.org> Congress Leaks Draft Bill To Move Copyright Office Out Of The Library Of Congress from the this-is-a-BAD-idea dept https://www.techdirt.com/articles/20170323/01015336984/congress-leaks-draft-bill-to-move-copyright-office-out-library-congress.shtml Well, we all knew this was coming, but Rep. Bob Goodlatte has been passing around a draft of a bill to move the Copyright Office out of the Library of Congress. Specifically, it would make the head of the Copyright Office, the Copyright Register, a Presidentially appointed position, with 10-year terms, and who could only be removed by the President. This is a bad and dangerous idea. It's one that's designed to give Hollywood and the recording industry even more power and control over an already deeply captured agency. As it stands now, having the Copyright Office in the Library of Congress provides at least some basic recognition of the actual intent of copyright law, as established by the Constitution to Promote the progress of science. That is, as we've pointed out for a long, long time, the intent of copyright is to benefit the public. The mechanism is to provide temporary monopolies to creators as an incentive, before handing the works over to the public. Yet, the Copyright Office eschews that view, insisting that the role of the Copyright Office is to expand those monopoly rights, and to speak out for the interests of major copyright holders (rarely the creators themselves). Either way, by making this a Presidential appointment, the MPAA and RIAA know that it will give them significantly greater say over who leads the office. Right now they can (and do!) lobby the Librarian of Congress on who should be chosen, but the Librarian gets to choose. One hopes that the Librarian would take into account the larger view of copyright law, and who it's actually supposed to benefit -- and we're hoping that the current Librarian will do so (if given the chance). But making it a Presidential appointment will mean heavy lobbying by industry, and much less likelihood that the public interest is considered. The usual think tankers and industry folks will tell you -- incorrectly -- that the Copyright Office is only in the Library due to "an accident of history." But that's not the case. The role of both overlap dramatically -- collecting, organizing and cataloging new creative works. Almost everyone agrees that the Copyright Office needs to be modernized, and that the previous Librarian failed (miserably) to do so. But because we had a bad librarian in the past is no reason to remove the Copyright Office entirely from the Library and disconnect it completely to its constitutional moorings designed around getting more creative works to the public. Make sure to let your Congressional Representative know not to support this bill -- especially if they're members of the House Judiciary Committee. Rep. Goodlatte has said that he'd only propose copyright reform bills that have widespread consensus. This is not such a bill. < - > https://www.techdirt.com/articles/20170323/01015336984/congress-leaks-draft-bill-to-move-copyright-office-out-library-congress.shtml From rforno at infowarrior.org Fri Mar 24 12:21:54 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Mar 2017 17:21:54 -0000 Subject: [Infowarrior] - OT Friday Fun: Watch Star Wars: Rogue One ending flow into A New Hope beginning Message-ID: <9F205D2D-82A2-46A7-9D36-1CD0C9AE0F21@infowarrior.org> Just because.... Watch Star Wars: Rogue One ending flow into A New Hope beginning https://boingboing.net/2017/03/23/watch-star-wars-rogue-one-end.html From rforno at infowarrior.org Sun Mar 26 18:55:29 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 26 Mar 2017 23:55:29 -0000 Subject: [Infowarrior] - Here we go again: UK ratchets up crypto debate Message-ID: <0817811B-BA89-403E-BC6B-EA35A6767474@infowarrior.org> U.K. Tells WhatsApp to Open Up to Intelligence Services @RobDotHutton More stories by Robert Hutton by and March 26, 2017, 6:20 AM EDT March 26, 2017, 7:40 AM EDT https://www.bloomberg.com/news/articles/2017-03-26/u-k-tells-whatsapp-to-open-encryption-to-intelligence-services U.K. Home Secretary Amber Rudd said Facebook Inc.?s WhatsApp messaging system should open its encryption to security services and urged online companies to be more aggressive in shutting down sites exploited by terrorists. After newspapers disclosed that Khalid Masood, who killed four people in London last week, had used WhatsApp shortly before he began his attack, Rudd identified the company as needing to do more to help fight terrorism. ?It?s completely unacceptable? that messages can?t be opened, Rudd told the BBC?s ?Andrew Marr Show? on Sunday. ?We need to make sure that our intelligence services have the ability to get into encrypted services like WhatsApp.? Since the attack, government ministers have berated online companies for taking inadequate steps to stop the spread of hate messages. Writing in the Sunday Telegraph, Rudd said the internet is ?serving as a conduit, inciting and inspiring violence, and spreading extremist ideology.? Foreign Secretary Boris Johnson told the Sunday Times that ?They need to stop just making money out of prurient violent material.? Rudd said she has asked executives from the internet companies to a meeting this week. ?They?re going to get a lot more than a ticking off," Rudd said on Sky?s ?Sophy Ridge on Sunday? program. Facebook bought WhatsApp for $22 billion in 2014. A spokesperson for Whatsapp said, ?we are horrified by the attack carried out in London earlier this week and are cooperating with law enforcement as they continue their investigations.? Encryption Battle Governments and security agencies are facing an uphill struggle to keep up with new technology, and while the FBI has managed to unlock iPhones in order to obtain data, messaging tools are harder to crack. Encryption scrambles data using a proprietary code that can only be unlocked with a special key. In April 2016 WhatsApp gave its users encryption by default as well as complete control over the keys for all its messaging services, including photos, phone calls and group chats. Apple Inc.?s began offering full end-to-end encryption for its iMessage platform and FaceTime video service about five years ago. ?When you send a message, the only person who can read it is the person or group chat that you send that message to,? WhatsApp co-founders Jan Koum and Brian Acton wrote in a blog post following the launch of its encryption service last year. ?No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.? Some governments have taken overt measures in their attempts to obtain data. WhatsApp was temporarily blocked in Brazil in December 2015, after the company refused to allow the government to see communications between alleged drug dealers involved in a criminal case. However, tech companies have presented a united front against attempts from governments to obtain data. WhatsApp publicly backed Apple in its argument with the FBI regarding the unlocking of an iPhone that belonged to one of the shooters in a December massacre in San Bernardino, California. In her Telegraph commentary, Rudd wrote: ?We need the help of social media companies, the Googles, the Twitters, the Facebooks of this world. And the smaller ones, too: platforms such as Telegram, Wordpress and Justpaste.it. We need them to take a more proactive and leading role in tackling the terrorist abuse of their platforms.? Before it's here, it's on the Bloomberg Terminal.LEARN MORE From rforno at infowarrior.org Tue Mar 28 09:33:57 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Mar 2017 14:33:57 -0000 Subject: [Infowarrior] - Google and Symantec go to war over our internet security Message-ID: <1D6B114E-AD9E-4430-81E4-53BFCB2C7F4E@infowarrior.org> Google and Symantec go to war over our internet security https://www.engadget.com/2017/03/28/google-and-symantec-go-to-war-over-our-internet-security/ As a result, Chrome will distrust Symantec's security certificates. Put simply, a security certificate is like a hall pass, letting you roam the corridors of your high school for bathroom breaks and nurse visits. Google says that it's a diligent teacher who makes sure it only hands out paperwork to the honest and the deserving. But it thinks that Symantec has just left a stack of notes by the door, letting any student use them while it grabs a nap behind its desk. In a post over on Google Groups, Ryan Sleevi says that the search engine has been investigating "a series of failures," by Symantec. By downgrading Chrome's level of trust in Symantec's certificates, the browser will effectively force the security company to re-issue newer certificates, faster. Otherwise, you'll not be able to visit websites with old, untrustworthy documentation without Chrome giving you plenty of warnings. Google hopes that the move will force Symantec's researchers to do a better job of keeping its house in order. But this fight isn't a new one, and the two companies have a history of dust-ups, including Google calling out holes in Symantec's antivirus products that made them more open to attack. That was in retaliation to Symantec using fake security certificates to access Google-owned domains. Symantec's response can be paraphrased down to gee man, don't be a narc, dude, saying that 127 improperly issued certificates caused "no consumer harm." In addition, it says that Google has turned a blind eye to other companies's failed practices to target Symantec. This fight is likely to persist with passive-aggressive sniping and other arguments, at least until everyone sits down over a table and makes up. From rforno at infowarrior.org Fri Mar 3 05:56:33 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Mar 2017 11:56:33 -0000 Subject: [Infowarrior] - Reuters: WH aides' bid to plug leaks fuels government paranoia - sources Message-ID: <6AEB6F83-3AEF-4B06-9A51-DB5D7083BA3A@infowarrior.org> Exclusive: Trump aides' bid to plug leaks fuels government paranoia - sources http://www.reuters.com/article/us-usa-trump-secrecy-exclusive-idUSKBN16A0GD By Arshad Mohammed, Jonathan Landay and Warren Strobel | WASHINGTON President Donald Trump's Treasury Secretary Steven Mnuchin used his first senior staff meeting last month to tell his new aides he would not tolerate leaks to the news media, sources familiar with the matter said. Current and former officials said that in a departure from past practice, access to a classified computer system at the White House has been tightened by political appointees to prevent professional staffers from seeing memos being prepared for the new president. And at the Department of Homeland Security, some officials told Reuters they fear a witch hunt is under way for the leaker of a draft intelligence report which found little evidence that citizens of seven Muslim-majority countries covered by Trump's now-suspended travel ban pose a threat to the United States. The clampdown has fueled paranoia among Washington career civil servants who say it appears designed to try to limit the flow of information inside and outside government and deter officials from talking to the media about topics that could result in negative stories. Some reports of government dysfunction have infuriated Trump just weeks into his presidency. Trump has described media outlets as "lying", "corrupt", "failing" and "the enemy of the American people." At a Feb. 16 news conference, Trump said: "The leaks are absolutely real. The news is fake" and that he had asked the Department of Justice to look into leaks of "classified information that was given illegally" to journalists regarding the relationship between his aides and Russia. Several officials in different agencies who spoke to Reuters on condition of anonymity said some employees fear their phone calls and emails may be monitored and that they are reluctant to speak their minds during internal discussions. In addition, the sources say that limits imposed on the flow of information have blindsided cabinet-level officials on some major issues and led to uncertainty among foreign governments about U.S. policy. In perhaps the most trenchant effort to deter leaks, White House spokesman Sean Spicer demanded that some aides there surrender their phones so they could be checked for calls or texts to reporters, Politico reported on Sunday. Word of the inspection quickly leaked. EFFORTS TO PLUG LEAKS NOT NEW Two sources familiar with Mnuchin's first meeting with senior Treasury staff said he told them that their telephone calls and emails could be monitored to prevent leaks. One of the sources said that staff were told that monitoring could become policy. Asked about Mnuchin's comments to his senior staff, a Treasury spokesman said: "Secretary Mnuchin had a discussion with staff about confidential information not being shared with the media nor any other sources. In the course of that conversation, the idea of checking phones was not discussed." Asked in a follow-up email whether Mnuchin had raised the possibility of monitoring phones or emails as a matter of policy, the Treasury spokesman replied: "It was not discussed." Attempts by Republican and Democratic presidents to limit leaks are not new. During Republican Richard Nixon's administration, the FBI wiretapped White House aides and journalists. Trump's predecessor, Democrat Barack Obama, aggressively pursued leaks to try to "control the narrative," as White House aides put it. New York Times reporter James Risen, whose articles led to investigations of leaks, said the Obama administration prosecuted nine cases involving whistleblowers and leakers, compared with three by all previous administrations combined. Leonard Downie, a former executive editor of the Washington Post, said it was too early to make historical comparisons, and that it is rare to learn about an administration's internal efforts to impose message discipline. 'CLIMATE OF INTIMIDATION' At the State Department, the fear of getting caught in a leak investigation or running afoul of White House positions is so acute that some officials will discuss issues only face-to-face rather than use phones, email, texts or other messaging applications, two State Department officials said. "There is a climate of intimidation, not just about talking to reporters, but also about communicating with colleagues," said one official, speaking on condition of anonymity. Acting State Department spokesman Mark Toner did not respond directly to the officials' statements but said Secretary of State Rex Tillerson aimed to foster an open climate where new ideas are raised and considered on their merits. "There does have to be some degree of trust among colleagues in order to have those kinds of conversations," Toner said. There also is high anxiety in parts of DHS, officials there said. "The atmosphere has become toxic, and that is not conducive to the work," said a DHS official on condition of anonymity. They said officials fear phone calls and emails are being monitored to try to find who leaked the draft intelligence report to the Associated Press. The report found that being a citizen of countries covered by Trump's Jan. 27 temporary immigration ban - Iran, Iraq, Libya, Somalia, Sudan, Syria and Yemen - was "an unreliable indicator of terrorist threat." The Homeland Security Department did not respond to three requests for comment. Some examples of how the administration is trying to limit the flow of information are relatively subtle, but significant. Before Trump's Jan. 20 inauguration, National Security Council officials drafting memos, or "packages," for the president on a classified computer system could choose other officials who should have input. Under a change made after Trump took office, staffers cannot choose who may see and edit a memo. Instead, access is approved by the office of the NSC executive secretary, retired Army lieutenant general Keith Kellogg. Asked about the new restrictions, National Security Council spokesman Michael Anton said: "President Trump takes very seriously the criminal release of classified information critical to U.S. national security. Access procedures are designed to ensure that appropriate personnel see material relevant to their duties, while protecting sensitive information." One U.S. official called the new system "inefficient," saying Kellogg's office may not know who has "equities" in a given issue and may not share the drafts widely enough. Another administration official said the White House changed the access procedures about a month ago in reaction to leaks of the contents of Trump's conversations with the president of Mexico and the prime minister of Australia. "It was changed in response to two very significant leaks," said the administration official, who spoke on condition of anonymity. "This was a reactive move on the NSC?s part." Asked if the change had made the NSC less efficient, this official replied: "No, because we are being conscientious about ensuring that all relevant staff members and experts are included on materials that they need to see." Steven Aftergood of the nonprofit Federation of American Scientists' Project on Government Secrecy, which works to limit official secrecy, said the policy change suggested the White House wants to tighten control over internal deliberations. "Why would it do that? Perhaps in order to discourage leaks. Or perhaps it lacks confidence and trust in the existing NSC staff," said Aftergood. "From a management perspective, this move seems like a mistake. "Restricting information workflow this way adds friction to the deliberative process, making it more cumbersome and less responsive," he added. "Inferior policy decisions are a likely result." (Reporting by Arshad Mohammed, Jonathan Landay and Warren Strobel Additional reporting by John Walcott, Julia Edwards Ainsley, Steve Holland, David Lawder and Yeganeh Torbati; Writing by Arshad Mohammed; Editing by Yara Bayoumy and Grant McCool) From rforno at infowarrior.org Fri Mar 3 06:29:38 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Mar 2017 12:29:38 -0000 Subject: [Infowarrior] - =?utf-8?q?ProPublica=3A_5_current_Cabinet_Members?= =?utf-8?q?_Who=E2=80=99ve_Made_False_Statements_to_Congress?= Message-ID: <6ACFEB3D-B6A2-41F9-8CE2-503FE90D425A@infowarrior.org> 5 Trump Cabinet Members Who?ve Made False Statements to Congress Attorney General Jeff Sessions isn?t alone. by Eric Umansky and Marcelo Rochabrun ProPublica, March 2, 2017, 5:36 p.m. As most of the world knows by now, Attorney General Jeff Sessions did not tell the truth when he was asked during his confirmation hearings about contacts with Russian officials. But Sessions isn?t the only one. At least four other cabinet members made statements during their nomination hearings that are contradicted by actual facts: EPA Chief Scott Pruitt, Education Secretary Betsy DeVos, Treasury Secretary Steve Mnuchin, and Health and Human Services Secretary Tom Price. The statements were all made under oath, except those of DeVos. It is a crime to ?knowingly? lie in testimony to Congress, but it?s rarely prosecuted. If you know of instances that we?ve missed, email us. < - > https://www.propublica.org/article/five-trump-cabinet-members-made-false-statements-to-congress From rforno at infowarrior.org Fri Mar 3 06:30:34 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Mar 2017 12:30:34 -0000 Subject: [Infowarrior] - Google Chrome For macOS Gains Enhanced Safe Browsing Malware Protection Message-ID: <8AFD58EE-5CF5-48EC-A63A-A1F553C2E356@infowarrior.org> Google Chrome For macOS Gains Enhanced Safe Browsing Malware Protection http://hothardware.com/news/google-chrome-for-macos-gains-enhanced-safe-browsing-malware-protections Mac users that prefer to browse the Internet with Google Chrome (instead of Safari) can now sleep more peacefully at night. Google?s ?Safe Browsing? is working to increase its protection of computers running macOS. Google is now focusing more on macOS-specific malware and unwanted software. The most common abuses are unwanted ad injection and manipulation of Chrome user settings. macOS users will start to see more warnings when they navigate to dangerous websites or download questionable files. Developers are able to make sure their users maintain control of Chrome settings through the recently released Chrome Settings API for Mac. Developers can modify home pages, search providers, and startup pages in the extension manifest. Certain values can be customized and various properties can be overridden in this program. The Settings Overrides API will be the only way of making changes to Chrome settings on macOS. Only extensions hosted in the Chrome Web Store are allowed to make changes to Chrome settings. Users will be warned about software that tries to modify their Chrome settings without using the API starting on March 31st, 2017. Safe Browsing was launched in 2007 to protect users from phishing attacks. The software has grown to include protection of web-based threats like malware, unwanted software, and social engineering attacks. Google claims that its currently protects 2 billion devices. The software is free and publicly available to developers. Safe Browsing also posts a public transparency report. Users can examine graphs concerning the number of unsafe websites and malware Google has detected over the years. Users can find graphs concerning notifications to webmasters and maps that demonstrate malware distribution. The website also shows what companies Google uses to aid in their scanning process and the results of these individual firms. If you are uncertain about an URL, you can check its safety status on the Safe Browsing site. From rforno at infowarrior.org Fri Mar 3 06:31:02 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Mar 2017 12:31:02 -0000 Subject: [Infowarrior] - Russia Heats Up Its Infowar With the West Message-ID: (c/o MM) Russia Heats Up Its Infowar With the West If you think last year was bad, there?s worse to come as Moscow?s new ?information operations? military unit gets rolling. Ilan Berman http://www.thedailybeast.com/articles/2017/03/03/russia-heats-up-its-infowar-with-the-west.html 03.03.17 1:13 AM ET When it comes to Russian propaganda, we haven?t seen anything yet. Over the past several months, Americans have become acutely aware of a phenomenon that Europeans were already all too familiar with: the pervasive, corrosive nature of Russian propaganda. Russia?s purported attempts to meddle in the U.S. presidential election remain a major topic of national debate?one that could, even now, lead to fresh Congressional investigations and a political showdown between Capitol Hill and the new White House. Yet the scope of Russia?s propaganda machine is still poorly understood by most Americans. Many may by now be familiar with Moscow?s highest profile media outlets, like television channel RT (which the Russian government funds to the tune of some $250 million annually) and the flashy Sputnik ?news? multimedia website (which is likewise lavishly bankrolled by the Kremlin). But the full range of Russia?s information operations are still truly appreciated only by the small cadre of foreign policy and national security professionals who have been forced to grapple with their far-reaching and negative effects. That effort is enormous, encompassing billions of dollars and dozens of domestic and international media outlets in an architecture that dwarfs the disinformation offensive marshaled against the West by the Soviet Union during the Cold War. Its objective is clear and unequivocal: to obscure objective facts through a veritable ?firehose of falsehood,? thereby creating doubt in Western governments, undermining trust in democratic institutions, and garnering greater sympathy for the Russian government (or, at least, greater freedom of action) for its actions abroad. Last month, in a presentation before the Duma, Russia?s lower house of parliament, Defense Minister Sergei Shoigu formally unveiled the establishment of a new military unit designed to conduct ?information operations? against the country?s adversaries. The goal of the new initiative, according to Vladimir Shamanov, head of the Duma?s defense committee, is to ?protect the national defense interests and engage in information warfare.? Not much is known about the newly formed corps, at least so far. In his presentation, Shoigu did not elaborate on the mandate of the new unit, or its size. (The overall number of active duty Russian information operation troops has been estimated at around 1,000, with a budget of approximately $300 million annually). Nevertheless, the announcement is significant for at least two reasons. First, it marks the culmination of a steady militarization of Russian propaganda. Once seen largely as a political strategy designed to shape foreign perceptions about Soviet (and later Russian) conduct abroad, disinformation (dezinformatsiya in Russian) has progressively taken on a distinctly martial character. In 2013, Russia?s Defense Ministry reportedly established a dedicated ?scientific company? with the mandate to train soldiers in information operations. Since that time, the Russian military has waded into the informational space with a vengeance, taking on an extensive?and aggressive?role in molding foreign opinion and perceptions. Today, in keeping with the country?s 2014 Defense Doctrine, the manipulation of ?information? has become a critical element of Russian military strategy. This dezinformatsiya has been used to great effect in Ukraine, with which Russia precipitated a conflict in 2014 and where Moscow continues to support pro-Russian separatists in their attempt to destabilize the state. Throughout that time, Moscow has used media manipulation to obscure the full extent of its involvement in the crisis, and to complicate the West?s response to it. In Syria, too, the Russian military has taken on an extensive role in molding perceptions regarding the conflict via social media and other news methods. By doing so, the Kremlin has largely succeeded in capturing the popular narrative regarding what, exactly, it is doing on the Syrian battlefield. Both of these efforts, and others, can now be expected to intensify. But Moscow?s new military propaganda unit is significant for another reason as well. It foreshadows an intensification of Russia?s ?infowar? against the West. In recent years, Russian propaganda has become a pervasive problem throughout Europe, where Kremlin-owned and?sponsored media outlets have attempted to empower fringe political parties, discredit pro-Western politicians, and promote Moscow?s vision of world events (PDF). They have also, through ?fake news? stories and political mischaracterization, repeatedly sought to drive a wedge among members of the NATO alliance, which Moscow sees as a real threat to its geopolitical ambitions. Now, this informational offensive is poised to enter a new phase. ?Propaganda should be smart, competent, and effective,? Shoigu emphasized while inaugurating the country?s new informational shock troops. Clearly, Russian officials believe that their new military propaganda force is a step in that direction. Just as clearly, the United States and its NATO allies should consider themselves to have officially been put on notice. From rforno at infowarrior.org Fri Mar 3 06:31:51 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Mar 2017 12:31:51 -0000 Subject: [Infowarrior] - New FCC Chair Tells MWC Net Neutrality Rules Were a 'Mistake' Message-ID: New FCC Chair Tells MWC Net Neutrality Rules Were a 'Mistake' Posted February 28, 2017 By Shirley Siluk. Updated February 28, 2017 9:22AM Calling the Open Internet Order adopted by the Federal Communications Commission (FCC) two years ago a "mistake," new FCC chairman Ajit Pai today told attendees at the Mobile World Congress in Barcelona that the agency intends to return to a "light-touch approach" to regulations. MWC 2017, running this week from Feb. 27-March 2, is the mobile industry's largest annual conference and expo. Supporters of the FCC's 2015 order say such comments are a sign that Net neutrality is under attack. They are vowing to fight efforts to roll back the order, which established "clear, bright-line rules" against blocking, throttling and paid prioritization of content delivery by Internet service providers. Pai, who was appointed by President Donald Trump to succeed outgoing FCC chairman Tom Wheeler, has been vocal in his opposition to the Net neutrality order. After it was adopted, Pai called the order a "heavy-handed solution that won't work for a problem that doesn't exist." Since taking the reins at the FCC, Pai has already led a number of reversals on measures adopted under Wheeler, including a stop to the investigations into "zero-rating" offerings and a stay on new broadband privacy rules that were approved in October. < - > http://www.cio-today.com/article/index.php?story_id=0030003H7R3X From rforno at infowarrior.org Fri Mar 3 16:54:54 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Mar 2017 22:54:54 -0000 Subject: [Infowarrior] - How to Keep Messages Secure Message-ID: (yes, note source.) How to Keep Messages Secure Security experts give their best advice for keeping messages secure, whether you?re at a protest or just want to keep out snooping siblings. Nicole KobieMar 2, 2017 6:06PM EST http://www.teenvogue.com/story/how-to-keep-messages-secure From rforno at infowarrior.org Fri Mar 3 16:54:54 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Mar 2017 22:54:54 -0000 Subject: [Infowarrior] - Whistleblower Retaliation: A Governmental Accountability and National Security Crisis Message-ID: <7CCD184A-5E37-4A71-8E22-23FF31A58C11@infowarrior.org> Whistleblower Retaliation: A Governmental Accountability and National Security Crisis By Patrick Eddington Thursday, March 2, 2017 at 11:17 AM https://www.justsecurity.org/38241/whistleblower-retaliation-governmental-accountability-national-security-crisis/ The role of an Inspector General (IG) office in a federal agency or department is to root out waste, fraud, and abuse, and where necessary refer criminal conduct to the Justice Department for prosecution. But what happens when the IG itself is corrupt, especially in a national security context where secrecy can be used to conceal malfeasance? Austrian filmmaker Fritz Moser?s documentary, ?A Good American,? released in February 2017, explores a real-world case of IG corruption and misconduct before and after the September 11, 2001 attacks. The film tells the tale of a small group of National Security Agency employees who, prior to 9/11 developed a revolutionary intelligence collection and analysis capability, code-named THINTHREAD. Had THINTHREAD been fully operationally deployed even a few months before the attacks, it likely would have detected most or all of the would-be hijackers before they had a chance to act, as the THINTHREAD team lays out in the movie. The documentary poses and answers another major, relevant question. What happens when conscientious government employees in the national security establishment report wrongdoing that costs American lives and billions in taxpayer dollars? More often than not, their careers are destroyed by senior bureaucrats who will seemingly stop at nothing to bury the truth. The THINTHREAD core team consisted of NSA?s leading crypto-mathematician, William Binney; analyst Kirk Wiebe; and computer whiz Ed Loomis. They were supported in their efforts by a single GOP House Intelligence Committee staffer, Diane Roark, who helped get the fledgling program money in its earliest days and was a tireless, but ultimately unsuccessful, champion of the program. The single biggest obstacle to THINTHREAD?s success came from then-NSA director Air Force Gen. (R) Michael Hayden, who became so incensed with the THINTHREAD team?s Capitol Hill lobbying that he threatened each team member with disciplinary action. Hayden had his own pet program he wanted to promote at THINTHREAD?s expense: a Science Applications International Corporation (SAIC)-sponsored program called TRAILBLAZER, which cost more than $1 billion compared to THINTHREAD?s $3 million. The latter became a classic Washington, DC defense contractor fiasco; wasting huge sums but never producing a single piece of intelligence for NSA. (Jim Risen?s Pay Any Price also has a fair amount on this episode that?s worth reading.) There is a reason that this story has not been widely told before now: neither the Congressional Joint Inquiry into 9/11, the 9/11 Commission, nor either Congressional intelligence committee followed up on the scandal, despite each being approached by THINTHREAD?s developers in the aftermath of the attacks. I know, because when I worked as senior policy advisor to then-Rep. Rush Holt (D-NJ), I spoke at length to THINTHREAD?s developers about the controversy and the subsequent waste, fraud, and abuse complaint they filed with the Defense Department Inspector General?s (IG) office in 2002, and how that one act altered their lives forever. After Gen. Hayden killed THINTHREAD in the weeks before 9/11, Binney, Wiebe, Loomis, and Roark agreed that the waste, fraud, and abuse from the TRAILBLAZER program, along with the lost opportunity to stop the attacks via THINTHREAD, required a real investigation. Subsequent inquiries resulted in one major DoD IG report being issued in December 2004, a partially declassified version of which was subsequently obtained via the Freedom of Information Act (FOIA) by the Project on Government Oversight in 2011. Some 100 paragraphs of the report remained redacted, including 80 that were marked ?Unclassified/For Official Use Only? (U/FOUO). The portions that were readable gave a sense of the debacle that was TRAILBLAZER, but the most damaging portions of the report were withheld from the public. In the seven years between the IG report?s publication and its partial release, Binney, Wiebe, Loomis, Roark, and a fifth colleague, NSA Senior Executive Service member Tom Drake, had all been investigated by the FBI for leaking information about the controversy to the Baltimore Sun. None had revealed classified information, and Drake was in fact the source of the stories about TRAILBLAZER?s massive cost overruns and ineffectuality. The government went so far as to charge Drake under the Espionage Act, but the felony case against him fell apart in 2011. Drake subsequently pleaded to a misdemeanor charge of misusing a government computer, his government career destroyed and his personal finances wrecked from the legal battle with the government. I followed all of this from Rep. Holt?s office, even after Holt rotated off of the House Intelligence Committee in 2011. When I finally had the chance to spend more time with the THINTHREAD team and learn the full details of their experience in 2013, it became clear that someone in the DoD IG?s office had falsely accused one or more of them of leaking classified information. I became determined to learn who had been responsible for railroading the THINTHREAD team. By the summer of 2013, I had the original, classified 2004 DODIG report in my hands. Reading it made my blood boil. It was the most damning report of its kind I?d seen in my over 25 years in Washington. And it confirmed the core allegations the THINTHREAD team made in their original complaint. Unfortunately, the relevant Congressional commission had no appetite to reopen the issue, as its tenure was drawing to a close and its report for Congress was largely complete. Within months, Holt would announce his retirement from Congress, and I too left the House of Representatives. But having seen the 2004 report, and other investigative documents as well, I was more determined than ever to continue pressing for the declassification of all relevant THINTHREAD and TRAILBLAZER documents. In early 2015, I filed an extensive FOIA request seeking every available document on both programs, but was essentially led around in circles. In late January 2017, with the help of the Chicago-based firm of Loevy and Loevy and the Government Accountability Project, I filed suit in federal district court to try to get answers. But the THINTHREAD team?s experience is, unfortunately, just one example of the kinds of integrity problems plaguing the DoD and NSA IG offices. As outlined below, there are similar investigations now underway, looking into other whistleblower retaliation complaints against the DoD IG and NSA?s IG office?complaints that raise the specter of other unexamined government surveillance and national security programs that threaten citizens? rights while wasting still more taxpayer money. In March 2016, the Office of Special Counsel announced that it had uncovered evidence of Drake prosecution-related document destruction by the DoD IG, involving a ?substantial likelihood? that IG personnel had potentially violated the law.? The case was referred to the Justice Department for possible prosecution, where it remains under review. Those allegations received additional support when former DoD IG Assistant Inspector General John Crane went public in May 2016 with allegations that he had witnessed retaliation against Drake while working in the DoD IG office. And in July 2016, former DoD IG ombudsman Dan Meyer officially claimed that he had experienced retaliation for exposing attempts by DoD IG officials to manipulate a final version of an investigative report into allegations that then-Defense Secretary Leon Panetta ?had leaked classified information to the makers of the film ?Zero Dark Thirty.?? (For the last several years, Meyer has headed the Intelligence Community Inspector General?s whistleblower protection unit.) If the head of the entire Intelligence Community?s whistleblower protection operation is under attack, how can an average CIA, NSA or other intelligence officer possibly hope to report waste, fraud, abuse, or criminal conduct without fear of retaliation? On December 13, 2016, The Intercept reported that the Government Accountability Office (GAO) had ?quietly launched an investigation into the ?integrity? of the Pentagon?s whistleblower protection program.? Whether Drake?s case is one of the subjects of the GAO probe is unknown, but the fact that the entire Pentagon Inspector General operation is now the subject of an external investigation is virtually unprecedented. And just three days after The Intercept?s story on the GAO inquiry broke, Government Executive reported that NSA IG George Ellard had been recommended for termination for whistleblower retaliation by NSA Director Adm. Mike Rogers, based on the recommendations of a three-person external IG review panel established under an Obama-era presidential directive, PPD-19. Indeed, recently two lawyers who represent whistleblowers argued that PPD-19 works and ?It is only through cases like Ellard?s that senior officials will be forced to realize that reprisal comes with consequences and that seniority will have no bearing on an investigation?s outcome.? This is magical thinking. The fact that the Obama administration felt compelled to issue PDD-19 in the first place was a tacit admission that the DoD and NSA IG?s were broken and corrupt. Additionally, PPD-19 covers only IC employees, not IC contractors. Thus, IC contractors like Edward Snowden had no protection under PPD-19. They still have none. Finally, PPD-19 can be rescinded by President Trump, just like any other executive action taken by his predecessors. Given Trump?s obsession with leaks he views as damaging to him politically, it?s simply a matter of time before PPD-19 is history. Whether Ellard was involved in retaliation against Drake or other THINTHREAD team members is unknown, but learning the truth about the level of corruption in these two critically important internal Pentagon watchdog units is the core reason why I filed my FOIA suit in the first place. Whether Michael Hayden or any of his subordinates at NSA (including former SAIC executive-turned-NSA-senior manager Bill Black) engaged in contract steering for TRAILBLAZER at the expense of an internally-developed NSA program that could?ve possibly prevented the 9/11 attacks is just one question for which the families of the 9/11 victims deserve an answer. And the rest of us need to know that corruption in government agencies will be rooted out, and that anyone working in the IC?government employee or contractors?will know that he or she can safely report waste, fraud, abuse or unconstitutional conduct without fear of retaliation or improper prosecution. Through its long-running indifference to these episodes, Congress has effectively encouraged the deep flaws that appear to be rampant in the Pentagon?s internal oversight offices. The failure to properly investigate the THINTHREAD-TRAILBLAZER controversy, as well as other surveillance overreaches, has clearly contributed to what appears to be extraordinary corruption in parts of the oversight of the Intelligence Community itself. In our system of government, this is the kind of problem Congress should fix. Absent a groundswell of public outrage over any such abuses, it?s not likely to happen quickly, if at all. From rforno at infowarrior.org Fri Mar 3 16:57:00 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Mar 2017 22:57:00 -0000 Subject: [Infowarrior] - =?utf-8?q?The_U=2ES=2E_Government=E2=80=99s_Priva?= =?utf-8?q?cy_Watchdog_Is_Basically_Dead=2C_Emails_Reveal?= Message-ID: <39450FE5-3BD7-4735-AA56-7F80190488C9@infowarrior.org> The U.S. Government?s Privacy Watchdog Is Basically Dead, Emails Reveal Jenna McLaughlin 2017-03-03T19:24:22+00:00 There?s a little-known federal agency whose job is to ensure U.S. spy agencies protect privacy and other civil liberties even as they work to defeat terrorists and criminals, and to blow the whistle when that doesn?t happen. But the agency, known as the Privacy and Civil Liberties Oversight Board, is down to just a single voting member ? which means it has been stripped of nearly all its powers, according to emails obtained by The Intercept. The board was created by Congress in 2004, at the recommendation of the 9/11 Commission, to help the executive branch balance national security priorities with individual rights. After Bush administration officials heavily edited PCLOB?s first report, one member resigned, and Congress in 2007 turned it into an independent agency and expanded its writ to include oversight of congressional action. Still, the board remained obscure; some members of Congress seemed unaware of its existence even as documents from NSA whistleblower Edward Snowden produced more privacy scandals. < - > https://theintercept.com/2017/03/03/the-governments-privacy-watchdog-is-basically-dead-emails-reveal/ From rforno at infowarrior.org Fri Mar 3 17:02:44 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Mar 2017 23:02:44 -0000 Subject: [Infowarrior] - U.S. Airport Pat-Downs Are About to Get More Invasive Message-ID: <5B71AEAE-4070-4CDD-8EB5-48C9DCFB2C96@infowarrior.org> U.S. Airport Pat-Downs Are About to Get More Invasive The TSA reacts to a study that found weapons making it past security. by Justin Bachman March 3, 2017, 2:25 PM EST https://www.bloomberg.com/news/articles/2017-03-03/u-s-airport-pat-downs-are-about-to-get-more-invasive While few have noticed, U.S. airport security workers long had the option of using five different types of physical pat-downs at the screening line. Now those options have been eliminated and replaced with a single universal approach. This time, you will notice. The new physical touching?for those selected to have a pat-down?will be be what the federal agency officially describes as a more ?comprehensive? physical screening, according to a Transportation Security Administration spokesman. Denver International Airport, for example, notified employees and flight crews on Thursday that the ?more rigorous? searches ?will be more thorough and may involve an officer making more intimate contact than before.? ?I would say people who in the past would have gotten a pat-down that wasn?t involved will notice that the [new] pat-down is more involved,? TSA spokesman Bruce Anderson said Friday. The shift from the previous, risk-based assessment on which pat-down procedure an officer should apply was phased in over the past two weeks after tests at smaller airports, he said. The TSA screens about 2 million people daily at U.S. airports. The agency doesn?t track how many passengers are subject to pat-down searches after they pass through an imaging scanner. People who decline to use this screening technology are automatically subject to physical searches. While passengers may find the process more intrusive, the new screening procedure isn?t expected to increase overall airport security delays. However, ?for the person who gets the pat down, it will slow them down,? Anderson said. The change is partly a result of the agency?s study of a 2015 report that criticized aspects of TSA screening procedures. That audit, by the Department of Homeland Security?s Inspector General, drew headlines because airport officers had failed to detect handguns and other weapons. An additional change prompted by the report was the TSA's decision to end its ?managed inclusion? program, by which some everyday travelers were allowed to use PreCheck lanes to speed things up at peak times. Physical screening has long been one of the traveling public?s strongest dislikes regarding airport security protocols. The TSA has all pat-downs conducted by an officer of the same sex as the traveler, and allows a passenger to request a private area for the screening, as well as to have a witness present. Likewise, the traveler can request that the pat-down occur in public view. The most important business stories of the day. Get Bloomberg's daily newsletter. The new policy also applies to airline pilots and flight attendants, classified as ?known crewmembers? who generally receive less scrutiny at checkpoints. The TSA conducts occasional random searches of these employees, and airlines this week inquired as to whether their employees would be subject to more frequent pat-downs. The number of random searches for airline crews isn?t changing and will remain a ?very small percentage? of the total, Anderson said. But airport employees may face more random checks. The random searches also vary by airport, depending on the screening program, Anderson said. ?Sometimes it?s random, sometimes they?re consistent, based on the door you enter,? he said of the searches given workers with airport ID badges. ?Sometimes, those measures call for a pat-down.? In their notice, Denver airport officials said employees are subject to search at random locations: ?If a pat down is required as part of the operation, badged employees will be required to comply with a TSA officer?s request to conduct a full body pat down.? In December, a CNN political commentator, Angela Rye, posted an article online describing her ?humiliation? during a TSA agent?s search. Rye wrote in graphic detail about the pat down of her genitals during a search at the Detroit Airport before a flight to New York. TSA officials didn?t immediately address whether the new universal pat-down protocol will mandate touching of passenger genitals. From rforno at infowarrior.org Sun Mar 5 15:46:07 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 05 Mar 2017 21:46:07 -0000 Subject: [Infowarrior] - =?utf-8?q?Facebook_=E2=80=98Disputed_News?= =?utf-8?q?=E2=80=99_Tag_Goes_Live?= Message-ID: Facebook ?Disputed News? Tag Goes Live http://fortune.com/2017/03/05/facebook-disputed-news-tag/ David Z. Morris 8:10 PM UTC Gizmodo seems to have been first to spot the quiet debut on Friday of Facebook?s new ?Disputed? tag, which will appear beneath news stories on the site that have been deemed inaccurate. Facebook is flagging links to fake sites now, looks like: pic.twitter.com/N7xaWDkdYA - Anna Merlan (@annamerlan) March 3, 2017 Facebook has also added a new Help page outlining how the system works. Following proposals laid out in recent months, Facebook says that stories flagged as fake by users will be reviewed by independent fact-checking organizations including Politifact and Snopes.com. Those organizations will be signatories to a ?Fact-checkers? Code of Principles? maintained by the journalism nonprofit Poynter Institute. The principles include nonpartisanship and transparency in sourcing and funding. There?s no indication yet whether the ?Disputed? designation will have a direct impact on how a story is handled by Facebook?s ranking algorithms. At least in theory, users should be less likely to share stories with the tag, reducing their spread?though as Recode points out, the flagging process itself can take several days, giving plenty of time for a story to make the rounds. That?s just one obvious imperfection of a system that seems destined to fully satisfy precisely nobody, Facebook included. Despite huge public pressure to tackle fake news, particularly from the political left, Facebook has no real motivation to tell its readers what to believe. From a business perspective, filtering or flagging disputed news stories could reduce user engagement among those who had previously enjoyed a steady diet of alternative facts. Gizmodo points out that move has already invited scathing criticism from right, potentially actively alienating a huge swathe of Facebook users. It also remains to be seen exactly how effective the tool will be. One of the stories spotted by Gizmodo came from Theseattletribune.com, a classic click-farming website with a newspaper-ish name, which does tuck away a description of itself as ?satire.? Facebook?s ?disputed? tag will really have its work cut out for it when it?s time to adjudicate something from less openly deceptive outlets. From rforno at infowarrior.org Sun Mar 5 16:47:20 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 05 Mar 2017 22:47:20 -0000 Subject: [Infowarrior] - To keep Tor hack source code secret, DOJ dismisses child porn case Message-ID: To keep Tor hack source code secret, DOJ dismisses child porn case DOJ: "Disclosure is not currently an option." Cyrus Farivar - 3/5/2017, 2:30 PM https://arstechnica.com/tech-policy/2017/03/doj-drops-case-against-child-porn-suspect-rather-than-disclose-fbi-hack/ Feds may let Playpen child porn suspect go to keep concealing their source code Rather than share the now-classified technological means that investigators used to locate a child porn suspect, federal prosecutors in Washington state have dropped all charges against a man accused of accessing Playpen, a notorious and now-shuttered website. The case, United States v. Jay Michaud, is one of nearly 200 cases nationwide that have raised new questions about the appropriate limitations on the government?s ability to hack criminal suspects. Michaud marks just the second time that prosecutors have asked that case be dismissed. "The government must now choose between disclosure of classified information and dismissal of its indictment," Annette Hayes, a federal prosecutor, wrote in a court filing on Friday. "Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery." The Department of Justice is currently prosecuting over 135 people nationwide whom they believe accessed the illegal website. However, in order to find those people, federal authorities seized and operated the site for 13 days before closing it down. During that period, the FBI deployed a Tor exploit that allowed them to find out those users? real IP addresses. The use of Tor, which obscures and anonymizes IP addresses and browser user agents, makes it significantly more difficult for individuals to be tracked online. With the exploit, it became extremely easy for suspects to be identified and located. The DOJ has called this exploit a "network investigative technique," (NIT) while many security experts have dubbed it as "malware." Defense attorneys have attempted to gain access to some, if not all, of the NIT?s source code as part of the criminal discovery process. In a related case prosecuted in New York, an FBI search warrant affidavit described both the types of child pornography available to Playpen?s 150,000 members and the NIT?s capabilities. Last year, US District Judge Robert Bryan ordered the government to hand over the NIT's source code in Michaud. Since that May 2016 order, the government has classified the source code itself, thwarting efforts for criminal discovery in more than 100 Playpen-related cases that remain pending. Since the prosecution against Playpen defendants has unfolded, many have pleaded guilty, and only a few have had charges dropped altogether. < - > From rforno at infowarrior.org Sun Mar 5 17:44:50 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 05 Mar 2017 23:44:50 -0000 Subject: [Infowarrior] - Comey Asks DOJ to Reject POTUS Wiretapping Claim Message-ID: <0EC545E2-A668-46C5-B1E1-4470E1149193@infowarrior.org> Comey Asks Justice Dept. to Reject Trump?s Wiretapping Claim By MICHAEL S. SCHMIDT and MICHAEL D. SHEAR March 5, 2017 WASHINGTON ? The F.B.I. director, James B. Comey, asked the Justice Department this weekend to publicly reject President Trump?s assertion that President Barack Obama ordered the tapping of Mr. Trump?s phones, senior American officials said on Sunday. Mr. Comey has argued that the highly charged claim is false and must be corrected, they said, but the department has not released any such statement. Mr. Comey, who made the request on Saturday after Mr. Trump leveled his allegation on Twitter, has been working to get the Justice Department to knock down the claim because it falsely insinuates that the F.B.I. broke the law, the officials said. A spokesman for the F.B.I. declined to comment. Sarah Isgur Flores, the spokeswoman for the Justice Department, also declined to comment. Mr. Comey?s request is a remarkable rebuke of a sitting president, putting the nation?s top law enforcement official in the position of questioning Mr. Trump?s truthfulness. The confrontation between the two is the most serious consequence of Mr. Trump?s weekend Twitter outburst, and it underscores the dangers of what the president and his aides have unleashed by accusing the former president of a conspiracy to undermine Mr. Trump?s young administration. < - > https://mobile.nytimes.com/2017/03/05/us/politics/trump-seeks-inquiry-into-allegations-that-obama-tapped-his-phones.html From rforno at infowarrior.org Mon Mar 6 08:31:11 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 06 Mar 2017 14:31:11 -0000 Subject: [Infowarrior] - =?utf-8?q?Here=E2=80=99s_what_non-fake_news_looks?= =?utf-8?q?_like?= Message-ID: <8A903CFB-AE9C-42EB-9B00-5AB6668CE9E6@infowarrior.org> Here?s what non-fake news looks like By Michael Schudson February 23, 2017 1510 words http://www.cjr.org/analysis/fake-news-real-news-list.php From rforno at infowarrior.org Mon Mar 6 14:57:53 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 06 Mar 2017 20:57:53 -0000 Subject: [Infowarrior] - Consumer Reports to consider cyber security in product reviews Message-ID: <4DF295B1-A933-4EA9-BF52-1F8AAA6A12FF@infowarrior.org> Mon Mar 6, 2017 | 12:11am EST Consumer Reports to consider cyber security in product reviews http://www.reuters.com/article/us-cyber-consumerreports-idUSKBN16D0DN Consumer Reports, an influential U.S. non-profit group that conducts extensive reviews of cars, kitchen appliances and other goods, is gearing up to start considering cyber security and privacy safeguards when scoring products. The group, which issues scores that rank products it reviews, said on Monday it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured. Consumer Reports will gradually implement the new methodologies, starting with test projects that evaluate small numbers of products, Maria Rerecich, the organization's director of electronics testing, said in a phone interview. "This is a complicated area. There is going to be a lot of refinement to get this right," Rerecich said. The effort follows a surge in cyber attacks leveraging easy-to-exploit vulnerabilities in webcams, routers, digital video recorders and other connected devices, which are sometimes collectively referred to as the internet of things. "Personal cyber security and privacy is a big deal for everyone. This is urgently needed,? said Craig Newmark, the founder of Craigslist who is a director at Consumer Reports. In one high-profile October attack, hackers used a piece of software known as Mirai to cripple an internet infrastructure provider, blocking access to PayPal, Spotify, Twitter and dozens of other websites for hours. Another attack in November shut off internet access to some 900,000 Deutsche Telekom customers. Security researchers have said the attacks are likely to continue because there is little incentive for manufacturers to spend on securing connected devices. "We need to shed light that this industry really hasn?t been caring about the build quality and software safety,? said Peiter Zatko, a well-known hacker who is director of Cyber Independent Testing Lab, one of the groups that helped Consumer Reports establish the standards. The first draft of the standards are available online at thedigitalstandard.org. Issues covered in the draft include reviewing whether software is built using best security practices, studying how much information is collected about a consumer and checking whether companies delete all user data when an account is terminated. (Reporting by Jim Finkle in Boston; Editing by Peter Cooney) From rforno at infowarrior.org Tue Mar 7 06:23:03 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 07 Mar 2017 12:23:03 -0000 Subject: [Infowarrior] - Prenda's John Steele Pleads Guilty, Admits To Basically Everything Message-ID: Finally, is the end of this case in sight? --rick Prenda's John Steele Pleads Guilty, Admits To Basically Everything https://www.techdirt.com/articles/20170306/16355436855/prendas-john-steele-pleads-guilty-admits-to-basically-everything.shtml From rforno at infowarrior.org Tue Mar 7 06:25:04 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 07 Mar 2017 12:25:04 -0000 Subject: [Infowarrior] - Hacker George Hotz cancels Model S order after Tesla reminds him about IP theft Message-ID: (We know Tesla can stalks/track/muck with their customers post-purchase, but pre-stalking your customers? C'mon, Musky. -- rick) Hacker George Hotz cancels Model S order after Tesla reminds him about IP theft Was set to receive a car last week, then came a last-minute call from Tesla legal. Jonathan M. Gitlin - 3/6/2017, 3:17 PM https://arstechnica.com/cars/2017/03/hacker-george-hotz-cancels-model-s-order-after-tesla-reminds-him-about-ip-theft/ George Hotz first came to fame a decade ago after cracking open the original iPhone. A few years later, Sony responded negatively to his hacking of the PS3. These days, Hotz is focused on the problem of autonomous driving, creating headlines after teaching his Acura ILX to drive itself. His startup, comma.ai, made news last year when the National Highway Traffic Safety Administration questioned the company's plans. Hotz soon pivoted to a free release of the product?now called Open Pilot?instead. Open Pilot currently only works with a handful of Acura and Honda vehicles, but it looks like Hotz was planning on adding Tesla support as well. Then the electric vehicle maker's legal team got involved. According to Electrek, Hotz was planning on buying a Tesla Model S with the latest HW2 sensors until Tesla's legal office reached out to him just before delivery. Hotz told Electrek that Tesla's lawyers specifically called to remind him that intellectual property theft is a crime. Hotz told the car site he's now concerned about buying a car from "a company that has ssh (Secure Shell) access to all the cars.? As Tesla owners who have been in high-profile crashes may know all too well, the company has no compunction about accessing data logs from specific cars when it feels it's being misrepresented. Hotz and Tesla also have a bit of history; the company tried unsuccessfully to woo him with a job back when it still used Mobileye's optical sensor platform. At the time, Hotz was rather uncomplimentary about that Israeli company, which has since parted ways with Tesla rather acrimoniously. From rforno at infowarrior.org Tue Mar 7 08:30:23 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 07 Mar 2017 14:30:23 -0000 Subject: [Infowarrior] - Vault 7: CIA Hacking Tools Revealed Message-ID: <2EB367F9-5D07-4F6B-9EF7-69FB0B128833@infowarrior.org> Vault 7: CIA Hacking Tools Revealed https://wikileaks.org/ciav7p1/ Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency. The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election. Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. "Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones. Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force ? its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities. < - > From rforno at infowarrior.org Wed Mar 8 15:51:18 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 08 Mar 2017 21:51:18 -0000 Subject: [Infowarrior] - U.S. aware of CIA security breach in 2016 Message-ID: Technology News | Wed Mar 8, 2017 | 3:34pm EST U.S. aware of CIA security breach in 2016; contractors suspected in leak By John Walcott and Andrea Shalal | WASHINGTON/BERLIN http://www.reuters.com/article/us-cia-wikileaks-idUSKBN16F2AP U.S. intelligence and law enforcement officials said on Wednesday they have been aware since the end of last year of a security breach at the CIA and were focusing on contractors as the likeliest source of documents being passed on to anti-secrecy group WikiLeaks detailing the agency's hacking tools. The officials, who spoke on condition of anonymity, told Reuters that they believed documents published by WikiLeaks on Tuesday about CIA techniques used between 2013 and 2016 were authentic. The documents showed that CIA hackers could get into Apple Inc (AAPL.O) iPhones, Google Inc (GOOGL.O) Android devices and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software. The White House said on Wednesday that President Donald Trump was "extremely concerned" about a CIA security breach that led to the Wikileaks release, and the administration would be tough on leakers. "Anybody who leaks classified information will be held to the highest degree of law," spokesman Sean Spicer told reporters. One official with knowledge of the investigation said companies that are contractors for the CIA have been checking to see which of their employees had access to the material that Wikileaks published, and then going over their computer logs, emails and other communications for any evidence of who might be responsible. One reason the investigation is focused on a potential leak by contractors rather than for example a hack by Russian intelligence, another official said, is that so far there is no evidence that Russian intelligence agencies tried to exploit any of the leaked material before it was published. One European official, speaking on condition of anonymity, said the Wikileaks material could in fact lead to closer cooperation between European intelligence agencies and U.S. counterparts, which share concerns about Russian intelligence operations. U.S. intelligence agencies have accused Russia of seeking to tilt last year's U.S. presidential election in Trump's favor, including by hacking into Democratic Party emails. Moscow has denied the allegation. One major security problem was that the number of contractors with access to information with the highest secrecy classification has "exploded" because of federal budget constraints, the first U.S. official said. U.S. intelligence agencies have been unable to hire additional permanent staff needed to keep pace with technological advances such as the "Internet of Things" that connects cars, home security and heating systems and other devices to computer networks, or to pay salaries competitive with the private sector, the official said. Reuters could not immediately verify the contents of the published documents. On Tuesday, several contractors and private cyber security experts said the materials appeared to be legitimate. A person familiar with Wikileaks? activities said Wikileaks has had the CIA hacking material for months, and that the release of the material was in the works "for a long time." A Congressional official said that the U.S. House of Representatives Intelligence Committee has begun asking questions about the WikiLeaks disclosures. GERMAN CONCERN In Germany on Wednesday, the chief federal prosecutor's office said that it would review the Wikileaks documents because some suggested that the CIA ran a hacking hub from the U.S. consulate in Frankfurt. "We're looking at it very carefully," a spokesman for the federal prosecutor's office told Reuters. "We will initiate an investigation if we see evidence of concrete criminal acts or specific perpetrators." Chancellor Angela Merkel is scheduled to visit Washington on March 14 for her first meeting with Trump, who has sharply criticized Berlin for everything from its trade policy to what he considers inadequate levels of military spending. The Wikileaks documents may also complicate bilateral intelligence ties that have just begun to recover after a series of scandals, including news in 2013 that the U.S. National Security Agency had bugged Merkel's cellphone. The Frankfurt consulate was investigated by German lawmakers after that incident. Merkel told lawmakers last month she did not know how closely Germany's spies cooperated with their U.S. counterparts until 2015 when former NSA contractor Edward Snowden revealed the BND spy agency had for years passed on information to the NSA about European companies and politicians. Germany scaled back the level of cooperation with the NSA after those revelations. U.S. officials have acknowledged that the consulate in Frankfurt is home to a CIA base. A facility adjacent to the city?s airport and the Rhein-Main Air Base has for many years been home to the CIA?s ?Tefran? station, a U.S. center for collecting intelligence on Iranian activities in Europe, maintaining surveillance on Iranian officials and targeting potential defectors working in Iran?s nuclear weapons program. Foreign ministry spokesman Sebastian Fischer told a regular government news conference that Germany took the issue seriously, but more work needed to be done to verify the authenticity of the documents. Berlin was in close touch with Washington about the case and such matters generally, he said. Government spokesman Steffen Seibert said Germany's domestic intelligence agency had the job of uncovering espionage activities in Germany, and carried out its work comprehensively. Wikileaks reported that CIA employees had been given diplomatic passports and State Department identities to carry out their work in Frankfurt, focused on targets in Europe, the Middle East and Africa. The documents included advice for CIA experts about life in Germany, noting that shops are closed on Sundays, and to have "your cover-for-action story down pat" when they were asked by German authorities when entering the country. (Reporting by John Walcott, Mark Hosenball, Yara Bayoumy in Washington and Matthias Sobolewski and Andrea Shalal in Berlin; Writing by Grant McCool; Editing by Peter Graff, Grant McCool and Frances Kerry) From rforno at infowarrior.org Thu Mar 9 06:22:10 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 09 Mar 2017 12:22:10 -0000 Subject: [Infowarrior] - The WikiLeaks CIA release: When will we learn? Message-ID: <3857530E-B24C-41D4-AD0E-21B078F59443@infowarrior.org> (x-posted) The WikiLeaks CIA release: When will we learn? By Richard Forno and Anupam Joshi on March 9, 2017 at 4:18 am This article was originally published on The Conversation. Read the original article. This week?s WikiLeaks release of what is apparently a trove of Central Intelligence Agency information related to its computer hacking should surprise no one: Despite its complaints of being targeted by cyberattackers from other countries, the U.S. does a fair amount of its own hacking. Multiple federal agencies are involved, including the CIA and the National Security Agency, and even friendly nations. These latest disclosures also remind us of the cybersecurity truism that any electronic device connected to a network can be hacked. As cybersecurity researchers conducting a preliminary review of the data released in what WikiLeaks calls ?Vault 7,? we find the documents mostly confirm existing knowledge about how common hacking is and how many potential targets there are in the world. This round of leaks, of documents dating from 2013 to 2016, also reinforces perhaps the most troubling piece of information we already knew: Individuals and the government itself must step up cyberdefense efforts to protect sensitive information. < - > https://cyberlaw.stanford.edu/blog/2017/03/wikileaks-cia-release-when-will-we-learn From rforno at infowarrior.org Thu Mar 9 16:08:41 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 09 Mar 2017 22:08:41 -0000 Subject: [Infowarrior] - Comey still complaining about "going dark" Message-ID: <80E2569A-A0A7-4858-8E3D-E690A771638A@infowarrior.org> Same Comey, different year. *sigh* Guess he didn't get the memo that other parts of the USG were working to fix this very concern of his ... cough, CIA .... Despite Stream Of Leaks Exposing Tremendous Gov't Surveillance Capabilities, James Comey Still Complaining About 'Going Dark' https://www.techdirt.com/articles/20170308/11370536871/despite-stream-leaks-exposing-tremendous-govt-surveillance-capabilities-james-comey-still-complaining-about-going-dark.shtml From rforno at infowarrior.org Fri Mar 10 06:34:04 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Mar 2017 12:34:04 -0000 Subject: [Infowarrior] - Advertising in Windows has reached an exasperating new low Message-ID: <7951B6BA-3F2F-49A5-BEE8-A77C650FEB15@infowarrior.org> Advertising in Windows has reached an exasperating new low C'mon now. Peter Bright - 3/9/2017, 5:40 PM I don't know what triggers OneDrive advertisements in Explorer. I don't know if they appear in Windows 10 stable builds or just Insider Previews as a taste of things to come. I don't know that I even care any more. But come on. Nobody in Redmond thought, "Gosh, that's a little distasteful"? I mean, "Let's just turn our operating system into a billboard!" offends nobody? Yes, you can turn the ads off?but it seems that you can only do so as collateral damage from killing off all notifications from file sync providers, so no, that's not a great option. We asked the company for comment and were told: < - > https://arstechnica.com/information-technology/2017/03/microsoft-put-gross-ads-in-windows-explorer-and-i-dont-have-the-energy-to-be-angry/?comments=1 From rforno at infowarrior.org Fri Mar 10 08:48:56 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Mar 2017 14:48:56 -0000 Subject: [Infowarrior] - =?utf-8?q?GOP_senators=E2=80=99_new_bill_would_le?= =?utf-8?q?t_ISPs_sell_your_Web_browsing_data?= Message-ID: GOP senators? new bill would let ISPs sell your Web browsing data Senate resolution would throw out FCC's entire privacy rulemaking. Jon Brodkin - 3/8/2017, 10:34 AM https://arstechnica.com/tech-policy/2017/03/gop-senators-new-bill-would-let-isps-sell-your-web-browsing-data/ Republican senators yesterday introduced legislation that would overturn new privacy rules for Internet service providers. If the Federal Communications Commission rules are eliminated, ISPs would not have to get consumers' explicit consent before selling or sharing Web browsing data and other private information with advertisers and other third parties. As expected, Sen. Jeff Flake (R-Ariz.) and 23 Republican co-sponsors introduced the resolution yesterday. The measure would use lawmakers' power under the Congressional Review Act to ensure that the FCC rulemaking "shall have no force or effect." The resolution would also prevent the FCC from issuing similar regulations in the future. FCC imposes ISP privacy rules and takes aim at mandatory arbitration Flake's announcement said he's trying to "protect consumers from overreaching Internet regulation." Flake also said that the resolution "empowers consumers to make informed choices on if and how their data can be shared," but he did not explain how it will achieve that. Flake called the FCC's privacy rulemaking "midnight regulation," even though it was approved by the commission in October 2016, before the presidential election, after a months-long rulemaking process. ?The FCC's midnight regulation does nothing to protect consumer privacy," Flake said. "It is unnecessary, confusing, and adds yet another innovation-stifling regulation to the Internet." Flake's announcement also said that the FCC-imposed "restrictions have the potential to negatively impact consumers and the future of Internet innovation." Opt-in rule and other requirements The privacy order had several major components. The requirement to get the opt-in consent of consumers before sharing information covered geo-location data, financial and health information, children?s information, Social Security numbers, Web browsing history, app usage history, and the content of communications. This requirement is supposed to take effect on December 4, 2017. The rulemaking had a data security component that required ISPs to take "reasonable" steps to protect customers' information from theft and data breaches. This was supposed to take effect on March 2, but the FCC under newly appointed Chairman Ajit Pai halted the rule's implementation. Another set of requirements related to data breach notifications is scheduled to take effect on June 2. Flake's resolution would prevent all of those requirements from being implemented. He said that this "is the first step toward restoring the [Federal Trade Commission's] light-touch, consumer-friendly approach." Giving the FTC authority over Internet service providers would require further FCC or Congressional action because the FTC is not allowed to regulate common carriers, a designation currently applied to ISPs. Flake's co-sponsors are US Sens. John Barrasso (R-Wyo.), Roy Blunt (R-Mo.), John Boozman (R-Ark.), Shelly Moore Capito (R-W.Va.), Thad Cochran (R-Miss.), John Cornyn (R-Texas), Tom Cotton (R-Ark.), Ted Cruz (R-Texas), Deb Fischer (R-Neb.), Orrin Hatch (R-Utah), Dean Heller (R-Nev.), James Inhofe (R-Okla.), Ron Johnson (R-Wisc.), Mike Lee (R-Utah), Rand Paul (R-Ky.), Pat Roberts (R-Kan.), Marco Rubio (R-Fla.), Richard Shelby (R-Ala.), Dan Sullivan (R-Ark.), John Thune (R-S.D.), Roger Wicker (R-Miss.), Ron Johnson (R-Wisc.), and Jerry Moran (R-Kan.). Democratic senators support privacy rules US Sen. Brian Schatz (D-Hawaii) blasted Flake's proposal. ?If this [resolution] is passed, neither the FCC nor the FTC will have clear authority when it comes to how Internet service providers protect consumers? data privacy and security," Schatz said in a statement issued yesterday. "Regardless of politics, allowing ISPs to operate in a rule-free zone without any government oversight is reckless." Sen. Edward Markey (D-Mass.) offered similar criticism. "Big broadband barons and their Republican allies want to turn the telecommunications marketplace into a Wild West where consumers are held captive with no defense against abusive invasions of their privacy by internet service providers,? Markey said. "Consumers will have no ability to stop Internet service providers from invading their privacy and selling sensitive information about their health, finances, and children to advertisers, insurers, data brokers or others who can profit off of this personal information, all without their affirmative consent." From rforno at infowarrior.org Fri Mar 10 12:12:39 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Mar 2017 18:12:39 -0000 Subject: [Infowarrior] - Rand: The Life and Times of Zero-Day Vulnerabilities and Their Exploits Message-ID: <9B17AD33-18EB-4FDD-B359-EBF9867C52A8@infowarrior.org> Zero Days, Thousands of Nights The Life and Times of Zero-Day Vulnerabilities and Their Exploits by Lillian Ablon, Timothy Bogart http://www.rand.org/pubs/research_reports/RR1751.html Zero-day vulnerabilities ? software vulnerabilities for which no patch or fix has been publicly released ? and their exploits are useful in cyber operations ? whether by criminals, militaries, or governments ? as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that could augment conventional proxy examples and expert opinion, complement current efforts to create a framework for deciding whether to disclose or retain a cache of zero-day vulnerabilities and exploits, inform ongoing policy debates regarding stockpiling and vulnerability disclosure, and add extra context for those examining the implications and resulting liability of attacks and data breaches for U.S. consumers, companies, insurers, and for the civil justice system broadly. The authors provide insights about the zero-day vulnerability research and exploit development industry; give information on what proportion of zero-day vulnerabilities are alive (undisclosed), dead (known), or somewhere in between; and establish some baseline metrics regarding the average lifespan of zero-day vulnerabilities, the likelihood of another party discovering a vulnerability within a given time period, and the time and costs involved in developing an exploit for a zero-day vulnerability. Key Findings "Alive" Versus "Dead" Is Too Simplistic ? Vulnerabilities that are alive (publicly unknown) are those that are actively sought out by defenders ? called "living" vulnerabilities ? or those that will remain in a product in perpetuity because the vendor no longer maintains the code or issues updates ? called "immortal" vulnerabilities. ? Among vulnerabilities that are dead (publicly known), many are disclosed with a security advisory or patch, but in other cases developers or vulnerability researchers post online about a vulnerability but no security advisory is issued. ? There are still other vulnerabilities that are quasi-alive ("zombies"), because, due to code revisions, they can be exploited in older versions but not the latest version of a product. Longevity and Discovery by Others ? Zero-day exploits and their underlying vulnerabilities have a rather long average life expectancy (6.9 years). Only 25 percent of vulnerabilities do not survive to 1.51 years, and only 25 percent live more than 9.5 years. ? No vulnerability characteristics indicated a long or short life; however, future analyses may want to examine Linux versus other platform types, the similarity of open and closed source code, and exploit class type. ? For a given stockpile of zero-day vulnerabilities, after a year, approximately 5.7 percent have been publicly discovered and disclosed by another entity. Time and Costs Involved in Developing Zero-Day Exploits ? Once an exploitable vulnerability has been found, time to develop a fully functioning exploit is relatively fast, with a median time of 22 days. ? The cost to develop an exploit can rely on many factors, including the time to find a viable vulnerability, time to develop an exploit, the time and costs involved in testing and analysis, the time to integrate an exploit into other ongoing operations, the salaries of the researchers involved, and the likelihood of having to revisit the exploit and update it in response to code revisions. http://www.rand.org/pubs/research_reports/RR1751.html From rforno at infowarrior.org Fri Mar 10 15:31:06 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Mar 2017 21:31:06 -0000 Subject: [Infowarrior] - House GOP pushing workplace genetic testing bill Message-ID: <0BBD52AA-269C-4CA7-8C5F-EA8A5F224AD3@infowarrior.org> The House GOP is pushing a bill that would let employers demand workers' genetic test results ? Sharon Begley, STAT ? Mar. 10, 2017, 9:53 AM A little-noticed bill moving through Congress would allow companies to require employees to undergo genetic testing or risk paying a penalty of thousands of dollars, and would let employers see that genetic and other health information. Giving employers such power is now prohibited by legislation including the 2008 genetic privacy and nondiscrimination law known as GINA. The new bill gets around that landmark law by stating explicitly that GINA and other protections do not apply when genetic tests are part of a 'workplace wellness' program. The bill, HR 1313, was approved by a House committee on Wednesday, with all 22 Republicans supporting it and all 17 Democrats opposed. It has been overshadowed by the debate over the House GOP proposal to repeal and replace the Affordable Care Act, but the genetic testing bill is expected to be folded into a second ACA-related measure containing a grab-bag of provisions that do not affect federal spending, as the main bill does. What this bill would do is completely take away the protections of existing laws. "What this bill would do is completely take away the protections of existing laws," said Jennifer Mathis, director of policy and legal advocacy at the Bazelon Center for Mental Health Law, a civil rights group. In particular, privacy and other protections for genetic and health information in GINA and the 1990 Americans with Disabilities Act "would be pretty much eviscerated," she said. Employers say they need the changes because those two landmark laws are "not aligned in a consistent manner" with laws about workplace wellness programs, as an employer group said in congressional testimony last week. Employers got virtually everything they wanted for their workplace wellness programs during the Obama administration. The ACA allowed them to charge employees 30 percent, and possibly 50 percent, more for health insurance if they declined to participate in the "voluntary" programs, which typically include cholesterol and other screenings; health questionnaires that ask about personal habits, including plans to get pregnant; and sometimes weight loss and smoking cessation classes. And in rules that Obama's Equal Employment Opportunity Commission issued last year, a workplace wellness program counts as "voluntary" even if workers have to pay thousands of dollars more in premiums and deductibles if they don't participate. Despite those wins, the business community chafed at what it saw as the last obstacles to unfettered implementation of wellness programs: the genetic information and the disabilities laws. Both measures, according to congressional testimony last week by the American Benefits Council, "put at risk the availability and effectiveness of workplace wellness programs," depriving employees of benefits like "improved health and productivity." The council represents Fortune 500 companies and other large employers that provide employee benefits. It did not immediately respond to questions about how lack of access to genetic information hampers wellness programs. Rigorous studies by researchers not tied to the $8 billion wellness industry have shown that the programs improve employee health little if at all. < - > http://www.businessinsider.com/house-gop-employers-demand-workers-genetic-test-results-2017-3 From rforno at infowarrior.org Sun Mar 12 17:37:54 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Mar 2017 22:37:54 -0000 Subject: [Infowarrior] - Tim Berners-Lee calls for tighter regulation of online political advertising Message-ID: <02DED0AF-C3AD-4575-A53A-F411FAB93F73@infowarrior.org> Tim Berners-Lee calls for tighter regulation of online political advertising Olivia Solon https://www.theguardian.com/technology/2017/mar/11/tim-berners-lee-online-political-advertising-regulation Sir Tim Berners-Lee, the inventor of the worldwide web, has called for tighter regulation of online political advertising, which he says is being used in ?unethical ways?. ?We urgently need to close the ?internet blind spot? in the regulation of political campaigning,? he said, writing in an open letter marking the 28th anniversary of his invention. The 61-year-old British computer scientist described how political advertising has become a sophisticated and targeted industry, drawing on enormous pools of personal data on Facebook and Google. This means that campaigns create personalised ads for individuals ? as many as 50,000 variations each day on Facebook during the 2016 US election, he said. This can become unethical when voters are pointed to fake news sites and using messaging to discourage people from turning out to vote, as the Trump campaign did with certain groups whose support Hillary Clinton needed to win. ?Targeted advertising allows a campaign to say completely different, possibly conflicting things to different groups. Is that democratic?? Berners-Lee said. The lack of regulation in political advertising online was one of three trends that threaten the openness of the web that Berners-Lee has become ?increasingly worried? about over the past year. The others are the loss of control over our personal data and the spread of misinformation online. Personal data is the price many of us agree to pay for free services online, but Berners-Lee points out that ?we?re missing a trick? by letting large data-harvesting companies ? such as Google, Facebook and Amazon ? control that information. ?As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data, and chose when and with whom to share it,? he said. A more pernicious side-effect of this data aggregation is the way governments are ?increasingly watching our every move online? and passing laws such as the UK?s Investigatory Powers Act, which legalises a range of snooping and hacking tools used by security services that ?trample our right to privacy?. Such surveillance creates a ?chilling effect on free speech?, even in countries that don?t have repressive regimes, he said. Berners-Lee?s final concern was that it is too easy for misinformation to spread on the web, particularly as there has been a huge consolidation in the way people find news and information online through gatekeepers like Facebook and Google, who select content to show us based on algorithms that learn from the harvesting of personal data. ?The net result is that these sites show us content they think we?ll click on ? meaning that misinformation, or fake news, which is surprising, shocking, or designed to appeal to our biases can spread like wildfire,? he said. This allows for people with bad intentions and ?armies of bots? to game the system to spread misinformation for financial or political gain. Berners-Lee said that the Web Foundation, the organisation he founded in 2009 dedicated to improvement and availability of the web, is working on these issues as part of a five-year strategy. ?It has taken all of us to build the web we have, and now it is up to all of us to build the web we want ? for everyone.? From rforno at infowarrior.org Sun Mar 12 17:37:56 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Mar 2017 22:37:56 -0000 Subject: [Infowarrior] - =?utf-8?q?FBI_undercover_stings_foil_terrorist_pl?= =?utf-8?q?ots_=E2=80=94_but_often_plots_of_the_agency=E2=80=99s_own_makin?= =?utf-8?q?g?= Message-ID: <0F7A4925-5B49-446A-89B1-36D82FB912C6@infowarrior.org> FBI undercover stings foil terrorist plots ? but often plots of the agency?s own making By Ian Cummingsicummings at kcstar.com Announcements of foiled terrorist plots make for lurid reading. http://www.kansascity.com/news/local/crime/article135871988.html Schemes to carry out a Presidents Day jihadist attack on a train station in Kansas City. Bomb a Sept. 11 memorial event. Blow up a 1,000-pound bomb at Fort Riley. Detonate a weapon of mass destruction at a Wichita airport ? the failed plans all show imagination. But how much of it was real? Often not much, according to a review of several recent terrorism cases investigated by the FBI in Kansas and Missouri. The most sensational plots invoking the name of the Islamic State or al-Qaida here were largely the invention of FBI agents carrying out elaborate sting operations on individuals identified through social media as being potentially dangerous. In fact, in terrorism investigations in Wichita, at Fort Riley and last week in Kansas City, the alleged terrorists reportedly were unknowingly following the directions of undercover FBI agents who supplied fake bombs and came up with key elements of the plans. ?What I get concerned about is where the plot is being hatched by the FBI,? said Michael German, a fellow at the Brennan Center for Justice and former FBI agent. ?There has been a clear effort to manufacture plots.? Law enforcement has increasingly used undercover agents and informants to develop such cases in recent years, especially against people suspected of being inspired by the Islamic State. Of 126 Islamic State-related cases prosecuted by federal authorities across the country since 2014, nearly two-thirds involved undercover agents or informants, according to the Center on National Security at the Fordham University School of Law in New York. The FBI has stepped up its use of sting operations, which were once seen as a tactic of last resort. < - > But the sheer volume of cases that depend on sting operations in which FBI agents supply the plot says something about the reality of the terrorist threat, said Karen Greenberg, director of the Center on National Security, which authored the Islamic State prosecutions report. Most of the potential terrorists being prosecuted have a lot in common, Greenberg said. Their average age is 26, 77 percent are U.S. citizens, a third are converts to Islam and a third live with their parents. Nearly 90 percent are active on social media. Only a handful had any link to Islamic State members overseas. ?If you take away the undercover cases to see what are the real organized terrorism cases, we?re not seeing it,? Greenberg said. ?What do we have? The threat is different from what we?re being told.? From rforno at infowarrior.org Wed Mar 1 16:12:08 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 01 Mar 2017 22:12:08 -0000 Subject: [Infowarrior] - AIM Starts Killing Off the Apps That Actually Made It Good Message-ID: <428E50B9-1D54-407C-A18C-605B8460CF3E@infowarrior.org> (In related news: people still use AIM? --rick) AIM Starts Killing Off the Apps That Actually Made It Good Adam Clark Estes http://gizmodo.com/aim-starts-killing-off-the-programs-that-actually-made-1792856385 In what feels like a death blow to everyone?s early-Aughts nostalgia, it looks like AOL will soon cut off third-party access to its famous Instant Messenger service. The service turns 20 years old this year, and at this point, it?s unclear if it will see its 21st birthday. AOL shared news of this tragedy quietly. Adium users, at least, got a brief warning when they signed on Wednesday morning, explaining that their AIM access had less than a month to live. It reads like sad notice for an imminent memorial service: It?s so far unclear if and when other third-party messaging services, like Pidgin and Trillian, will notify their users. However, Ars Technica spoke to a former AOL employee who said that the company was shutting down its OSCAR chat protocol since the number of users ?had fallen to ?single digit millions? and that maintaining OSCAR had become prohibitively expensive.? In other words, if you can?t afford the hospital bills, you might as well pull the plug. AIM won?t be completely dead, however. The service will remain on life support through AOL?s standalone apps for macOS and Windows, as well as mobile apps for iOS and Android. Assuming that these apps aren?t cheap to maintain either?and that AIM will continue to bleed users?we can assume the service?s days are numbered. We?ve reached out to AOL to learn more about AIM?s demise, and will update this post when we hear back. Of course, we knew this was coming. AOL fired its Instant Messaging team back in 2012, when the service cost the company a reported $25 million a year. It?s unclear how expensive it is to maintain AIM now, but in light of the news that AOL will stop supporting third-party apps, the messaging service must still cost too much. Moreover, a countless number of people only used AIM because third-party apps made it easy to log in to multiple services as once?soon, AIM will no longer be one of those services. And the fact that everyone from Google to Facebook to Signal to Slack have been wildly successful messaging apps doesn?t bode well for AIM?s future, either. This is all tragic news, if only for the nostalgic value AIM offered disaffected millennials. For many born in the 80s and 90s, AIM was a window looking out to the wild world of the early web. Through AIM, we learned the value of away messages and the dangers of A/S/L. Teenagers exchanged sexy GIFs with other teenagers creepy old men. College kids learned where the best parties were happening on any given night. Moms and dads probably used ICQ, but at least they knew AIM was a big deal to their kids, since getting grounded often meant taking away AIM access. As Gizmodo argued a few years ago, AIM was an entire generation?s Facebook, before there was Facebook. Will that generation miss AIM? Probably not?the newer services work better. Will that generation miss their innocence, the golden glow of being alive in the summer of the year 2000 when it felt like America was the dream we?d always been taught to expect for ourselves? Absolutely. [Ars Technica] Senior editor at Gizmodo. From rforno at infowarrior.org Wed Mar 1 16:12:08 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 01 Mar 2017 22:12:08 -0000 Subject: [Infowarrior] - Tim Berners-Lee Endorses DRM In HTML5 Message-ID: <34AED256-481B-4C07-88F6-7E1954F123C6@infowarrior.org> Tim Berners-Lee Endorses DRM In HTML5, Offers Depressingly Weak Defense Of His Decision https://www.techdirt.com/articles/20170301/03062936815/tim-berners-lee-endorses-drm-html5-offers-depressingly-weak-defense-his-decision.shtml From rforno at infowarrior.org Wed Mar 1 18:01:41 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 02 Mar 2017 00:01:41 -0000 Subject: [Infowarrior] - =?utf-8?q?This_site_is_=E2=80=9Ctaking_the_edge_o?= =?utf-8?q?ff_rant_mode=E2=80=9D_by_making_readers_pass_a_quiz_before_comm?= =?utf-8?q?enting?= Message-ID: This site is ?taking the edge off rant mode? by making readers pass a quiz before commenting By Joseph Lichterman @ylichterman March 1, 2017, 7 a.m. March 1, 2017, 7 a.m. http://www.niemanlab.org/2017/03/this-site-is-taking-the-edge-off-rant-mode-by-making-readers-pass-a-quiz-before-commenting/ Two weeks ago, NRKbeta, the tech vertical of the Norwegian public broadcaster NRK, published an explainer about a proposed new digital surveillance law in the country. Digital security is a controversial topic, and the conversation around security issues can become heated. But the conversation in the comments of the article was respectful and productive: Commenters shared links to books and other research, asked clarifying questions, and offered constructive feedback. The team at NRKbeta attributes the civil tenor of its comments to a feature it introduced last month. On some stories, potential commenters are now required to answer three basic multiple-choice questions about the article before they?re allowed to post a comment. (For instance, in the digital surveillance story: ?What does DGF stand for??) The goal is to ensure that the commenters have actually read the story before they discuss it. ?We thought we should do our part to try and make sure that people are on the same page before they comment. If everyone can agree that this is what the article says, then they have a much better basis for commenting on it.? said NRkbeta journalist St?le Grut. Forcing users to take a little extra time to think about the comment they?re about to post also helps them think about tone, NRKbeta editor Marius Arnesen said. ?If you spend 15 seconds on it, those are maybe 15 seconds that take the edge off the rant mode when people are commenting,? Arnesen said. < - > From rforno at infowarrior.org Thu Mar 2 06:21:51 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 02 Mar 2017 12:21:51 -0000 Subject: [Infowarrior] - =?utf-8?q?A_software_engineer_is_detained_for_sev?= =?utf-8?q?eral_hours_by_U=2ES=2E_Customs_=E2=80=94_and_given_a_test_to_pr?= =?utf-8?q?ove_he=E2=80=99s_an_engineer?= Message-ID: <6DC1BEC0-0BDB-4A79-8748-7A3F43598707@infowarrior.org> (c/o RK) A software engineer is detained for several hours by U.S. Customs ? and given a test to prove he?s an engineer Caroline Fairchild Tuesday, 28 Feb 2017 | 3:37 PM ET http://www.cnbc.com/2017/02/28/software-engineer-detained-given-test-to-prove-hes-engineer.html Celestine Omin was accustomed to tackling tough engineering problems. Just not the two that the Border Agent had put in front of his face ? or at least not now, after having spent 24 hours cramped in an economy seat on Qatar Airways. It was Sunday, Feb. 26 and the 28-year-old software engineer had left his home in Lagos, Nigeria, to come to the United States for the first time. It was a work trip. For the last six months, Omin had been working for Andela, a startup that connects the top tech talent in Africa with employers in the U.S. Andela accepts less than 1% of applicants into its program and is backed by Facebook's Mark Zuckerberg and Priscilla Chan. For this particular role, Omin was helping NYC-based fintech startup First Access create a JavaScript application for emerging markets and had secured a short-term joint B1/B2 visa. After landing, Omin waited for 20 minutes and then reached the front of the line, where a Customs and Border Protection officer asked him a series of questions. It was here that Omin realized that the job might be challenging, but getting into America could now be impossible. No one at Andela had prepared him for the new reality. After a few minutes of grilling him about the job, the border agent escorted Omin into a small room and told him to sit down. Another hour passed before a different customs officer came in. "Your visa says you are a software engineer. Is that correct?" the officer asked Omin in a tone the engineer described as accusatory. When Omin said it was right, the officer presented him with a piece of paper and a pen and told him to answer the following questions: To Omin ? who now hadn't slept in more than 24 hours ? the questions seemed opaque and could have multiple answers. While he is a skilled software engineer with more than seven years of experience, Omin later tells me that the questions looked to him like someone with no technical background Googled something like, "Questions to ask a software engineer." (The U.S. Customs and Border Protection agency did not respond to multiple requests for comment made by LinkedIn over phone and email by the time this story went to press.) With no context or guidelines on how to answer the questions, Omin, "too tired to even think," sat down and tried his best. But when he handed his answers back after about 10 minutes of work, the official told him his answers were wrong. "No one would tell me why I was being questioned," Omin told me by phone. "Every single time I asked [the official] why he was asking me these questions, he hushed me? I wasn't prepared for this. If I had known this was happening beforehand, I would have tried to prepare." "That is when I thought I would never get into the United States," he told me with noticeable fear in his voice. Omin tells me that the answers to the questions were technically correct, but he suspects the customs official interrogating him wasn't technically trained and couldn't understand his answers. More time passed, and Omin started to mentally prepare to get on a plane back to Nigeria. Then ? with little explanation ? the official told him he was free to go. "He said, 'Look, I am going to let you go, but you don't look convincing to me,'" Omin said. "I didn't say anything back. I just walked out." Omin later learned that U.S. Customs allowed him into the country after officials called Andela and First Access to corroborate his story. Jeremy Johnson, the co-founder and CEO of Andela, said that his co-founder Christina Sass was the one to receive the call to defend Omin. Just last year, Andela placed more than 100 developers from Africa as full-time software engineers with U.S. tech companies. This is the first time that any of them have ever been grilled with questions specific to software engineering or their particular trade. "Celestine was the first software engineer at one of the most visible e-commerce sites in Africa and is exactly the kind of person we want coming to America and sharing his skills," said Johnson, who was named to LinkedIn's Next Wave last year. "Tapping into brilliant minds like Celestine's is a huge help to many American companies who are struggling to find talent." For every web developer looking for work in the United States, there are roughly five open positions. That's why startups like Andela exist in the first place: To connect foreign tech workers with opportunities here in the United States. But now with his partners having a hard time getting into the country to work, Johnson is worried that he might have challenges in the future. He has already reached out to Customs and Border Protection for further clarification on why Omin's work visa was flagged, but he hasn't heard back yet. As for Omin, he says the experience hasn't changed how he feels about the United States. A proud Nigerian who recently became a father, he is eager to continue to use his tech background to create growth for his country. That said, he was initially concerned about going public with his experience because he's worried he'll be added to a watch list of travelers and have trouble entering the U.S. in the future. "I have been trying to focus here, and I haven't thought about what is going to happen when I go back to the airport," he said. "I am coming here legally with good intentions, and I hope to continue this work." Chip Cutter contributed reporting to this article. From rforno at infowarrior.org Thu Mar 2 06:21:51 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 02 Mar 2017 12:21:51 -0000 Subject: [Infowarrior] - Mem Fox on being detained by US immigration: 'In that moment I loathed America' Message-ID: <6C94079C-DA1E-4C58-BE44-1D19E2BDBA01@infowarrior.org> Mem Fox on being detained by US immigration: 'In that moment I loathed America' Mem Fox Monday 27 February 2017 17.31 EST Last modified on Tuesday 28 February 2017 22.54 EST I was pulled out of line in the immigration queue at Los Angeles airport as I came in to the USA. Not because I was Mem Fox the writer ? nobody knew that ? I was just a normal person like anybody else. They thought I was working in the States and that I had come in on the wrong visa. I was receiving an honorarium for delivering an opening keynote at a literacy conference, and because my expenses were being paid, they said: ?You need to answer further questions.? So I was taken into this holding room with about 20 other people and kept there for an hour and 40 minutes, and for 15 minutes I was interrogated. The belligerence and violence of it was really terrifying The room was like a waiting room in a hospital but a bit more grim than that. There was a notice on the wall that was far too small, saying no cellphones allowed, and anybody who did use a cellphone had someone stand in front of them and yell: ?Don?t use that phone!? Everything was yelled, and everything was public, and this was the most awful thing, I heard things happening in that room happening to other people that made me ashamed to be human. There was an Iranian woman in a wheelchair, she was about 80, wearing a little mauve cardigan, and they were yelling at her ? ?Arabic? Arabic??. They screamed at her ?ARABIC?? at the top of their voices, and finally she intuited what they wanted and I heard her say ?Farsi?. And I thought heaven help her, she?s Iranian, what?s going to happen? There was a woman from Taiwan, being yelled at about at about how she made her money, but she didn?t understand the question. The officer was yelling at her: ?Where does your money come from, does it grow on trees? Does it fall from the sky?? It was awful. There was no toilet, no water, and there was this woman with a baby. If I had been holed up in that room with a pouch on my chest, and a baby crying, or needing to be fed, oh God ? the agony I was surrounded by in that room was like a razor blade across my heart. When I was called to be interviewed I was rereading a novel from 40 years ago ? thank God I had a novel. It was The Red and the Black by Stendhal ? a 19th century novel keeps you quiet on a long flight, and is great in a crisis ? and I was buried in it and didn?t hear my name called. And a woman in front of me said: ?They are calling for Fox.? I didn?t know which booth to go to, then suddenly there was a man in front of me, heaving with weaponry, standing with his legs apart yelling: ?No, not there, here!? I apologised politely and said I?d been buried in my book and he said: ?What do you expect me to do, stand here while you finish it?? ? very loudly and with shocking insolence. The way I was interviewed was monstrous. If only they had been able to look into my suitcase and see my books. The irony! I had a copy of my new book I?m Australian, Too ? it?s about immigration and welcoming people to live in a happy country. I am all about inclusivity, humanity and the oneness of the humans of the world; it?s the theme of my life. I also had a copy of my book Ten Little Fingers and Ten Little Toes. I told him I had all these inclusive books of mine in my bag, and he yelled at me: ?I can read!? < - > https://www.theguardian.com/commentisfree/2017/feb/28/in-that-moment-i-loathed-america-i-loathed-the-entire-country From rforno at infowarrior.org Thu Mar 2 15:30:12 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 02 Mar 2017 21:30:12 -0000 Subject: [Infowarrior] - RIP Howard Schmidt Message-ID: <6A661E92-1650-4D82-A931-486D1F33BA27@infowarrior.org> I just heard via a friend in DC that security pro Howard Schmidt passed away today. For those that knew him, Howard was one of the infosec community's elders with a long history in government, military, and private sector infosec and computer crimes experience, to include serving as a security czar at both the White House and at Microsoft. I knew him dating back to the mid-90s when he served as a mentor to me when I began doing computer crimes work in DC a few years after college. --rick > On Thursday morning, March 2nd 2017, in the presence of his wife and four sons, Howard Anthony Schmidt (67), a loving husband, father and grandfather peacefully passed away following a long battle with cancer, in his Muskego, Wisconsin home. Howard is survived by his wife, Raemarie, his four sons and their wives, Kyle & Revea, David & Amy, Andrew & Hollie, Anthony & Lauren and his 8 grandchildren, Kylie, Nicholas (Kyle), Ashlyn, Grant (David) Abigail, Eleanor, William (Andrew) and Layla (Anthony). > Funeral service details will be shared shortly. From rforno at infowarrior.org Thu Mar 2 21:02:52 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Mar 2017 03:02:52 -0000 Subject: [Infowarrior] - Fwd: Pence used personal email for state business -- and was hacked References: <20170303005520.GA3892@gsp.org> Message-ID: but .... but ... but HER emails......?? > Begin forwarded message: > > From: Rich Kulawiec > Subject: Pence used personal email for state business -- and was hacked > Date: March 2, 2017 at 7:55:20 PM EST > To: Richard Forno , Dave Farber , Lauren Weinstein > > Story just published by the Indianapolis Star: > > Pence used personal email for state business -- and was hacked > http://www.indystar.com/story/news/politics/2017/03/02/pence-used-personal-email-state-business----and-hacked/98604904/ > > Excerpt: > > Emails released to IndyStar in response to a public records > request show Pence communicated via his personal AOL account > with top advisers on topics ranging from security gates at the > governor's residence to the state's response to terror attacks > across the globe. In one email, Pence's top state homeland > security adviser relayed an update from the FBI regarding the > arrests of several men on federal terror-related charges. > > [...] > > On NBC's "Meet the Press" in September, for example, Pence called > Clinton "the most dishonest candidate for president of the United > States since Richard Nixon." > > "What's evident from all of the revelations over the last several > weeks is that Hillary Clinton operated in such a way to keep > her emails, and particularly her interactions while Secretary > of State with the Clinton Foundation, out of the public reach, > out of public accountability," Pence said. "And with regard to > classified information she either knew or should have known that > she was placing classified information in a way that exposed it > to being hacked and being made available in the public domain > even to enemies of this country." > > ---rsk > -------------- next part -------------- An HTML attachment was scrubbed... URL: