Reporters on the CIA take

The story of Ken Dilanian playing footsie with the CIA brought to mind a comment I heard a few years back from someone in a position to know who insisted that news anchor Ted Koppel was a paid CIA asset. That was quite an extraordinary claim but I did not follow up and I could not find much evidence on the web to back it up.

It is not, however, a new phenomenon. Legendary journalist Carl Bernstein wrote a lengthy story about improper CIA involvement with the media. Wikipedia describes “Operation Mockinbgird” as a CIA plan to influence media and speaks of it in the past tense, though there is no indication that the operation has ended. Perhaps it hasn’t.

AP reporter soft-pedals phone key theft

Ken Dilanian

Associated Press Intelligence reporter Ken Dilanian reports on the NSA/GCHQ’s theft of mobile phone keys, as reported by The Intercept.

WASHINGTON AP — Britain’s electronic spying agency, in cooperation with the U.S. National Security Agency, hacked into the networks of a Dutch company to steal codes that allow both governments to seamlessly eavesdrop on mobile phones worldwide, according to the documents given to journalists by Edward Snowden.

via AP News | The Times-Tribune | thetimes-tribune.com.

Dilanian’s soft-pedaling arrives in the second paragraph:
Continue reading →

The VA’s crystal ball

VA diagnosis by crystal ball

The Veterans Administration is the most amazing medical system anywhere, bar none. I had always been under the impression that rendering a diagnosis required a doctor but somehow the VA can do it without one.

After years of mysterious health issues, I finally got mad enough two weeks ago to file paperwork to enroll in VA coverage. A day or two after mailing my paperwork I was delighted to receive a phone call from a VA representative who helpfully set me up with an appointment. Having long worked in customer service, I was impressed with my representative’s knowledge of his job and his rapport with his customer. In fact, I was already working on a blog post and even considered sharing my praise with Rep. David Price. All was looking up until I got this fancy-looking, full-color customized booklet in the mail yesterday. On page five was the bad news:
Continue reading →

The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle

NSA hacked SIM card manufacturer Gemalto and stole millions of encryption keys without the company’s knowledge. While I don’t particularly mind NSA targeting bad guys (that’s why we have NSA), I consider hacking the good guys to get the bad guys to be very poor form.

I am not surprised that this took place on Obama’s watch, either. His record is just as bad as George W. Bush’s. Perhaps worse.

The monitoring of the lawful communications of employees of major international corporations shows that such statements by Obama, other U.S. officials and British leaders — that they only intercept and monitor the communications of known or suspected criminals or terrorists — were untrue. “The NSA and GCHQ view the private communications of people who work for these companies as fair game,” says the ACLU’s Soghoian. “These people were specifically hunted and targeted by intelligence agencies, not because they did anything wrong, but because they could be used as a means to an end.”

via The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle.

Lenovo shipping laptops with pre-installed adware that kills HTTPS | CSO Online

Whoops. Lenovo shipped computers with adware that breaks ALL SSL on its laptops. Not only that, but the private key is also widely available, meaning anyone can spoof any website on an unsuspecting Lenovo owner’s computer. Major security fail!

Lenovo is in hot water after it was revealed on Wednesday that the company is shipping consumer laptops with Superfish Adware pre-installed. Security experts are alarmed, as the software performs Man-in-the-Middle attacks that compromises all SSL connections.

It’s a fact of life; PC manufacturers are paid to install software at the factory, and in many cases this is where their profit margin comes from. However, pre-installed software is mostly an annoyance for consumers. Yet, when this pre-installed software places their security at risk, it becomes a serious problem.

via Lenovo shipping laptops with pre-installed adware that kills HTTPS | CSO Online.

Update: More technical info here and here.

New Snowden Docs Indicate Scope of NSA Preparations for Cyber Battle – SPIEGEL ONLINE

Germany’s Der Spiegel published Snowden documents last month that describe an NSA project to modify hard drive firmware for spying purposes. This pretty much fingers the NSA as the “Equation Group” Kaspersky mentioned in its report.

Normally, internship applicants need to have polished resumes, with volunteer work on social projects considered a plus. But at Politerain, the job posting calls for candidates with significantly different skill sets. We are, the ad says, "looking for interns who want to break things."

Politerain is not a project associated with a conventional company. It is run by a US government intelligence organization, the National Security Agency (NSA). More precisely, it’s operated by the NSA’s digital snipers with Tailored Access Operations (TAO), the department responsible for breaking into computers.

via New Snowden Docs Indicate Scope of NSA Preparations for Cyber Battle – SPIEGEL ONLINE.

Equation Group: NSA-linked spying team have software to hack into any computer – News – Gadgets and Tech – The Independent

Astonishing. The apparent creators of Stuxnet have learned how to alter the firmware in hard drives to hide spying software in hidden sectors.

The US security services have developed software that has enabled it to spy on home computers almost anywhere in the world.Russian researchers at Kaspersky Lab have claimed that the software gave those behind it, thought to be the US National Security Agency, the power to listen in on the majority of the world’s computers.

It could be installed on practically any of the world’s most common hard drives and spy on the computer while going undetected.

It was used to break in to government and other important institutions in 30 countries across the world, they claim.

via Equation Group: NSA-linked spying team have software to hack into any computer – News – Gadgets and Tech – The Independent.

Update 10:20 PM: Read Kaspersky’s blog post on the Equation Group and it’s Equation Group Q&A [PDF].

Why Tesla’s battery for your home should terrify utilities | The Verge

Telsa and SolarCity are working on a residential battery that might let people drop off the electric grid completely. The utilities are sweating.

Earlier this week, during a disappointing Tesla earnings call, Elon Musk mentioned in passing that he’d be producing a stationary battery for powering the home in the next few months. It sounded like a throwaway side project from someone who’s never seen a side project he doesn’t like. But it’s a very smart move, and one that’s more central to Musk’s ambitions than it might seem.

via Why Tesla's battery for your home should terrify utilities | The Verge.

MicLoc – DIY acoustic triangulation

On the the East CAC Facebook page, some neighbors recently asked if the police department was using acoustic triangulation systems for tracking gunfire. I responded that systems like ShotSpotter were interesting but that the police department couldn’t afford the $300k cost.

Ah, the joys of open source! It turns out one enterprising hacker has built his own Arduino-based triangulation system using easy-to-obtain parts. This has me thinking that if a few neighbors here and there were willing to station these near their homes, the fixes that could be plotted would be extremely accurate. Even a small network of these would do wonders. In this way, neighbors could be helping to fight crime in their area without actually having to do anything. It sounds like a great solution!

MicLoc is an effort to develop a device capable of passively identifying a sound based event position on a given map, therefor pinpointing its location. The whole idea is to achieve this goal with everyday electronics and reduced development costs.With the event of small, affordable, powerful microprocessors and electronics in general, this technology now seems accessible to potential commercial applications and general public use.The main goals of this project are:

Develop a low cost, compact device capable of identifying a source source location on a map with sub-meter precision.

Develop, detail and open-source the hardware and plans used so anyone can build this device.

Develop, detail and open-source the software needed to interface the device with a computer.

via rural hacker: MicLoc.

Google Cloud and latency

Since I’ve been having so much fun with Amazon Web Services, I thought I would check out Google’s offering, called Google Cloud. I’ve only had a trial running with it for about 24 hours but so far it seems solid. The server I am using is fast and has good connectivity to Google’s servers, which is a good thing.

What is a bad thing, however, is that my hosted server has very poor connectivity to me. The round-trip ping time is about 55ms, whereas AWS with it’s Ashburn, VA datacenter gets me 25ms. Huge difference! Also, my AWS instance has 14 routers to navigate before it gets to me but my Google Cloud instance travels through a whopping 24 routers. Those packets bounce around like ping pong balls! I was hoping that with Google’s company-owned fiber network and datacenters located here in North Carolina I would get faster response times. No such luck … yet.

Why “yet?” Well, Google Fiber is coming to the Triangle, in case you’ve been under a rock. I’m hopeful once I’m on the Google Fiber network, my latency to Google Cloud will drop considerably, perhaps <1ms. This invites all sorts of innovations. Give clever developers fat resources located close (on the network, anyway) to their audience and some interesting things start to happen.

Google Fiber could be the fire that lights off Google Cloud. I figure it’s worth checking out the new landscape now so that I can get in on the game.

S	M	T	W	T	F	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28