PRISM

le sigh · 23-06-2013 02:52AM

lol

moneymad · 23-06-2013 12:25PM

Snowden on a plane to Moscow

silentrust · 23-06-2013 01:45PM

Capt'n Midnight wrote: »

Just PR.

It's not even a Caesar cipher.

If you think the NSA are reading hardcopies or are looking at your screen then changing font isn't going to much.

Agreed, you'd probably be better off writing out by hand if this is a worry, though I agree it wouldn't make much of a difference, it's a substitution cipher* at best, which can be cracked in seconds by a cheap desktop PC.

*Monoalphabetic substitution cipher for the anally retentive.

silentrust · 23-06-2013 01:51PM

moneymad wrote: »

Snowden on a plane to Moscow

Well spotted moneymad, according to the BBC a source at the airline says he doesn't want to remain in Moscow (I know from experience that if you stay too long, they make you!), and is likely to go to Venezuela or Cuba, both countries extremely unlikely to hand him over.

Let's hope we see the US Department of Justice begin a criminal investigation into why their own government has breached the Constitution.

Capt'n Midnight · 23-06-2013 02:02PM

silentrust wrote: »

Agreed, you'd probably be better off writing out by hand if this is a worry, though I agree it wouldn't make much of a difference, it's a substitution cipher* at best, which can be cracked in seconds by a cheap desktop PC.

*Monoalphabetic substitution cipher for the anally retentive.

It's a font so the electronic version is plain text.
Only the display has anything resembling obfuscation.

To crack it without a PC would take a few times longer than counting the characters.

At a guess even from a blurred picture you could deduce info from the shading - I wonder what the minimum resolution you'd need to decipher text is if you used word frequency analysis too.

silentrust · 23-06-2013 02:03PM

le sigh wrote: »

v
v
v
Adleaks

Re: Adleaks I've been trying to understand this bit:

"The current best practice for online submissions is to use an SSL/TLS connection over an anonymizing network such as Tor. This hides the end points of the connection and it protects against malicious exit nodes and Internet Service Providers (ISPs) who may otherwise eavesdrop on or tamper with the connection. However, this provides limited protection against an adversary who can see most of the traffic in a network, such as national intelligence agencies with a global reach and view. The research challenge is to design systems that are safe for whistleblowers even if the adversary can see, record and analyze most or all network traffic."

As far as I can see the problem they're envisaging could be solved by operating as a Tor hidden service? i.e having their own .onion address and accepting submissions via Tormail e-mail? Ditto I2P?

It's not that I don't applaud what they're doing it's just they seem to be reinventing the wheel as far as I can see? Forgive me if I have missed something.

silentrust · 23-06-2013 02:04PM

Capt'n Midnight wrote: »

It's a font so the electronic version is plain text.
Only the display has anything resembling obfuscation.

To crack it without a PC would take a few times longer than counting the characters.

At a guess even from a blurred picture you could deduce info from the shading - I wonder what the minimum resolution you'd need to decipher text is if you used word frequency analysis too.

Probably be quicker and easier just to learn how to use GPG...! :-)

Capt'n Midnight · 23-06-2013 02:06PM

If you want to create gibberish for them to try to decode this algorithm will generate some.

http://www.wired.com/wired/archive/12.09/rugg.html?pg=4

How to Create an "Indecipherable" Manuscript
...
1. Stock a grid with randomly generated prefixes, midfixes, and suffixes.

2. Using heavy card stock, cut a three-slot grille that exposes word fragments.

3. Work through the table, placing the grille over three cells to form a new word.

4. Copy the words onto the manuscript page.

5. To vary the pattern, periodically cut a new grille and repeat steps 3 and 4.

silentrust · 23-06-2013 02:09PM

Capt'n Midnight wrote: »

If you want to create gibberish for them to try to decode this algorithm will generate some.

http://www.wired.com/wired/archive/12.09/rugg.html?pg=4

Shades of Voynich? :-)

silentrust · 23-06-2013 02:18PM

silentrust wrote: »

Re: Adleaks I've been trying to understand this bit:

"The current best practice for online submissions is to use an SSL/TLS connection over an anonymizing network such as Tor. This hides the end points of the connection and it protects against malicious exit nodes and Internet Service Providers (ISPs) who may otherwise eavesdrop on or tamper with the connection. However, this provides limited protection against an adversary who can see most of the traffic in a network, such as national intelligence agencies with a global reach and view. The research challenge is to design systems that are safe for whistleblowers even if the adversary can see, record and analyze most or all network traffic."

As far as I can see the problem they're envisaging could be solved by operating as a Tor hidden service? i.e having their own .onion address and accepting submissions via Tormail e-mail? Ditto I2P?

It's not that I don't applaud what they're doing it's just they seem to be reinventing the wheel as far as I can see? Forgive me if I have missed something.

Ok, in a bid to answer my own question I've visited this Pinterest page which explains how Adleaks works in terms my addled brain can understand:

"In response to the networks — which make anonymized programs like Tor traceable — Professor Volker Roth and his team at Freie Universität Berlin are developing AdLeaks, which aims to bury leaked and secret information among the noise of ads and rush of Internet traffic.

The system uses Internet ads to dispatch small programs that are supported by most websites to encrypt and transfer empty messages to the AdLeaks server whenever a website is visited. The whistleblower simply adds a small piece of code (obtained by scanning a QR code) to modify their browser to encrypt and transfer confidential messages rather than the regular empty ones, which is how the leaks are delivered.

Due to the fact that all visitors to that site are submitting the same type of data, surveillance and filtering programs do not see anything abnormal and clearly different within their data, the AdLeaks website explains."

So in a nutshell, people will be able to submit documents/info via websites and in theory there'll be no way to distinguish between traffic of regular users to sites containing websites with adverts which can be used via Adleaks.

Would this really be more anonymous than using Tor with a private bridge? Does anyone think it'd be easier to detect that someone had accessed a specific Tor hidden service in this way through traffic analysis than it would to see if someone has visited a website using Adleaks?

Khannie · 23-06-2013 02:31PM

silentrust wrote: »

Would this really be more anonymous than using Tor with a private bridge? Does anyone think it'd be easier to detect that someone had accessed a specific Tor hidden service in this way through traffic analysis than it would to see if someone has visited a website using Adleaks?

Yeah, your ISP could easily tell if you'd been using TOR, as could anyone with a sufficient number of exit nodes. This idea, assuming ubiquitous use of those ads, would mean even visiting boards (for example) might bring up one. Pretty clever idea.

silentrust · 23-06-2013 04:31PM

Khannie wrote: »

Yeah, your ISP could easily tell if you'd been using TOR, as could anyone with a sufficient number of exit nodes. This idea, assuming ubiquitous use of those ads, would mean even visiting boards (for example) might bring up one. Pretty clever idea.

I like the idea I just wonder if it wouldn't be better for any whistleblowing website just to run a Tor hidden service whereby people can submit material or just have a Tormail, that would eliminate the problem of poisoned nodes entirely surely?

Wouldn't using a private bridge stop anyone from telling you're running Tor? I thought that made your traffic just look like regular secure http?

Still, more than one way to skin a cat and all that and at least would only need the one browser plugin.

numbnutz · 23-06-2013 11:23PM

Looks Like that film Sneakers has become reality

le sigh · 23-06-2013 11:55PM

Edward Snowden asks for asylum in Ecuador - as it happened

He’s back: Creepy Cameraman pushes the limits in new public surveillance video

Prism is worse, though not as "in your face" yet people can't even be arsed to do the simplest thing of changing browsers. Duck has only barely increased to 60mil searches worldwide a month, Google is rocking 13.3Billion a month in the states alone.

Kinda strange.

WikiLeaks Statement On Edward Snowden’s Exit From Hong Kong

riclad · 24-06-2013 07:32AM

Some people just use the NET , for facebook, music,youtube ,
SO they don,t really care about privacy.

DOES the average user even bother to set up the privacy settings on facebook accounts properly.
I wonder will the eu bring in new laws re collecting data on ordinary users ,by isps,
and security services .
OR will they just forget about it,or bring in laws ,with loopholes and exceptions for security surveillance .
20 years ago there was a limited amount phone tapping,
but the technology did not exist to monitor millions of people .
Our laws need to be updated to reflect the fact that nsa etc can record
so much browsing ,phone call info and metadata from mobile calls.
One country can monitor another country by tapping into an internet cable.
There should be an eu law,
any company can say publicy , we go x 1000 requests ,re info on our users,from the intelligence services.
this is the type of requests we get in each country .

Capt'n Midnight · 24-06-2013 09:00AM

riclad wrote: »

20 years ago there was a limited amount phone tapping,
but the technology did not exist to monitor millions of people

LOL

The reality of the situation is that 25 years ago the GCHQ were listening in on the microwave trunk for all the phones between here and the UK.

http://www.publicintegrity.org/1999/07/16/3342/how-britain-eavesdropped-dublin

The tower was craftily erected between two BT microwave radio towers carrying telephone traffic. The ETF was the ideal place to discreetly intercept international telephone calls of the Irish government, businessmen and those of suspected of involvement with IRA terrorism.
...
During 1988, a temporary interception system was built on the roof of the BNFL factory. When tests of the Irish interception system proved successful, intelligence chiefs decided to go ahead with a full-scale system.

riclad · 24-06-2013 09:33AM

MY first pc ,had a 5gigabyte drive, 256meg ram,windows 95.
20 Years ago ,it would not have been practical to do such massive surveillance,of millions of users,
Now its possible to to record all text,s , phone conversations ,webrowsing
of anyone who uses the internet,eg millions of people .
And hold onto to this data indefinitely,
hard drive storage is at least 10 times cheaper.
The only people using the internet were scientists, the miltary,academics , students.
NOW most people use the web, they acess credit cards ,use online banking,email, facebook etc

Capt'n Midnight · 24-06-2013 11:54AM

riclad wrote: »

MY first pc ,had a 5gigabyte drive, 256meg ram,windows 95.
20 Years ago ,it would not have been practical to do such massive surveillance,of millions of users,
Now its possible to to record all text,s , phone conversations ,webrowsing
of anyone who uses the internet,eg millions of people .
And hold onto to this data indefinitely,
hard drive storage is at least 10 times cheaper.
The only people using the internet were scientists, the miltary,academics , students.
NOW most people use the web, they acess credit cards ,use online banking,email, facebook etc

Tape is cheap.

Telephone audio is about 3KHz
Ordinary VHS tape can store about 3MHz of analogue bandwidth. People even "stored" several GB on them so you can imagine what the professional grade kit could do. ( Later Russian clone )

NASA has warehouses full of tapes to reprocess, so same is probably true of the spooks.

And they were tapping into the microwave link, not individual lines. The rumours were that voice recognition was used at start of call to decide whether to record it or not. Other stories about that floor in the BT exchange in Belfast that the lift doesn't go to.

Today you can use codecs that take as little as 2.4Kb/s = 18KB/ minute.

ALL of the phone calls made in Ireland last year would just about fit on seventy seven $190 drives. Voice minutes for Q4 2012 totalled almost 4.14 billion minutes and there were
16.9 billion minutes in the twelve months to the end of December 2012. Of course if you dropped silences it would be less.

So six 2U high 16 drive external drive arrays. Something that could be done by an individual.

riclad · 24-06-2013 01:26PM

THE point is i remember when, there was no web, no facebook,no internet acess ,no mobile phones ,no text messages.
IF the nsa wanted personal info on millions of irish people they could not get it from a internet cable.
NOT everyone had a personal phone .
IF i wanted to phone someone i went to a phone box and put 10p in the slot.

NOW Thru facebook,google, gmail etc in theory they have detailed info on millions of irish people.
When data is on servers it can be searched ,indexed
easily ,by time,date,location etc

even if you are not on facebook,
Your friends ,family will probably be on it.

Capt'n Midnight · 26-06-2013 10:51PM

Short version use Diffie-Hellman

http://www.theregister.co.uk/2013/06/26/ssl_forward_secrecy/

Several key exchange mechanisms exist but the most widely used mechanism is based on the well-known RSA algorithm, explains Ivan Ristic, director of engineering at Qualys. This approach relies on the server's private key to protect session keys.

"This is an efficient key exchange approach, but it has an important side-effect: anyone with access to a copy of the server's private key can also uncover the session keys and thus decrypt everything," Ristic warns.
...
SSL supports Forward Secrecy using two algorithms: Diffie-Hellman (DHE) and the adapted version for use with Elliptic Curve cryptography (ECDHE). The main obstacle to using Forward Secrecy has been that Diffie-Hellman is significantly slower, leading to a decision by many website operators to disable the feature in order to get better performance.

27-06-2013 02:58PM

Once again NSA whistleblower Edward Snowden revealed the truth, that the NSA hacks into China's mobile operators to steal millions of text messages.
Every month Washington come up with new reports and accuse other nations, particularly China, for cyber hacking, but the biggest culprit of such crime is in fact the United States.

http://thehackernews.com/2013/06/nsa-hacks-into-3-major-chinese.html

Walker34 · 29-06-2013 12:54AM

I would expect that these revelations will be a big boost for Linux and some of the Stealth/privacy software out there. Windows .exe`s will be avoided where possible perhaps.

silentrust · 29-06-2013 01:26AM

Walker34 wrote: »

I would expect that these revelations will be a big boost for Linux and some of the Stealth/privacy software out there. Windows .exe`s will be avoided where possible perhaps.

I hope you're right.

Walker34 · 30-06-2013 04:28PM

900913 wrote: »

Once again NSA whistleblower Edward Snowden revealed the truth, that the NSA hacks into China's mobile operators to steal millions of text messages.
Every month Washington come up with new reports and accuse other nations, particularly China, for cyber hacking, but the biggest culprit of such crime is in fact the United States.

http://thehackernews.com/2013/06/nsa-hacks-into-3-major-chinese.html

First Line of defense "ALWAYS Blame the Other guy"...........the whole terrorist "brand" has been so useful to mask all sorts of dissent ever since Ronnie and Maggie got together in the 80s.....no doubt a product of a Think-tank in the belt around the White house.

zxce · 30-06-2013 06:40PM

Encryption Has Foiled Wiretaps for First Time Ever, Feds Say

Password Safe>>> Security Expert Bruce Schneier Joins EFF Board of Directors
v
v
How to Use KeePass In Your Browser, Across Your Computers, and On Your Phone

U.S. Army Restricts Access To 'The Guardian' Website
"Insert Freedom Eagle here" lol......Tomorrow’s Surveillance: Everyone, Everywhere, All The Time

NSA slides explain the PRISM data-collection program

U.S. asked Ecuador not to give Snowden asylum: Correa

A Hacker's Replacement for GMail

U.S. taps half-billion German phone, internet links in month-report

The United States taps half a billion phone calls, emails and text messages in Germany in a typical month and has classed its biggest European ally as a target similar to China, according to secret U.S. documents quoted by a German newsmagazine.

News of the U.S. cyber-espionage programme Prism and the British equivalent Tempora have outraged Germans,

Deleted Article by The Guardian

Wayne Madsen, a former US navy lieutenant who first worked for the NSA in 1985 and over the next 12 years held several sensitive positions within the
agency, names Denmark, the Netherlands, France, Germany, Spain and Italy as having secret deals with the US.

Madsen said he was alarmed at the "sanctimonious outcry" of political leaders who were "feigning shock" about the spying operations
while staying silent about their own arrangements with the US,

"I can't understand how Angela Merkel can keep a straight face, demanding assurances from [Barack] Obama and the UK while Germany has entered into
those exact relationships," Madsen said.

Madsen said all seven European countries and the US have access to the Tat 14 fibre-optic cable network running between Denmark and Germany, the
Netherlands, France, the UK and the US, allowing them to intercept vast amounts of data, including phone calls, emails and records of users' access to
websites.

Google’s Quantum Computer Proven To Be Real Thing (Almost)

Walker34 · 30-06-2013 11:18PM

"News of the U.S. cyber-espionage programme Prism and the British equivalent Tempora have outraged Germans"

The Facts are irrelevant...its the APPEARANCE of things that matters in this brave new world. Its such a surreal experience to live for so many years believing all the crap about freedom and democracy, and then over a few weeks find that we never really were the free democratic entity we thought we were, we were lulled into a stupor since the late 60s with cleverly crafted propaganda using the same techniques perfected by Joe Gobels . Welcome to Corporatism the new Fascism. Its essential that we invent a new ".....ism" to call it seeing as Fascism is such a sullied brand name.

silentrust · 03-07-2013 10:25AM

Walker34 wrote: »

"News of the U.S. cyber-espionage programme Prism and the British equivalent Tempora have outraged Germans"

The Facts are irrelevant...its the APPEARANCE of things that matters in this brave new world. Its such a surreal experience to live for so many years believing all the crap about freedom and democracy, and then over a few weeks find that we never really were the free democratic entity we thought we were, we were lulled into a stupor since the late 60s with cleverly crafted propaganda using the same techniques perfected by Joe Gobels . Welcome to Corporatism the new Fascism. Its essential that we invent a new ".....ism" to call it seeing as Fascism is such a sullied brand name.

How about Orwellian? :-)

Anyway you're absolutely right Walker. I remember now all the times I was called paranoid for using GPG or encrypting my hard disk and now it seems all the privacy lobby who were previously dismissed as cranks have been vindicated.

Khannie · 03-07-2013 10:29AM

silentrust wrote: »

now it seems all the privacy lobby who were previously dismissed as cranks have been vindicated.

Agreed. I'm a bit disturbed by the number of "ah sure I've nothing to hide" types out there though. I've nothing to hide myself, but I still don't let people look at everything. We all like some level of privacy and we're all entitled to a lot of it.

silentrust · 03-07-2013 10:32AM

zxce wrote: »

Encryption Has Foiled Wiretaps for First Time Ever, Feds Say

Password Safe>>> Security Expert Bruce Schneier Joins EFF Board of Directors
v
v
How to Use KeePass In Your Browser, Across Your Computers, and On Your Phone

U.S. Army Restricts Access To 'The Guardian' Website
"Insert Freedom Eagle here" lol......Tomorrow’s Surveillance: Everyone, Everywhere, All The Time

NSA slides explain the PRISM data-collection program

U.S. asked Ecuador not to give Snowden asylum: Correa

A Hacker's Replacement for GMail

U.S. taps half-billion German phone, internet links in month-report

Deleted Article by The Guardian

Google’s Quantum Computer Proven To Be Real Thing (Almost)

Some very interesting links here, many thanks.

It was pleasing to see that the US Security Agencies are encountering encryption more often. Interestingly enough most of the authorised wiretaps seem to be for portable devices like Smartphones, perhaps we shouldn't overlook these?

I looked at the "Hacker's alternative to Gmail" but am not sure what privacy advantage this would really confer over a home mail server, which as we've discussed can encrypt e-mails on receipt.

Glad to see people moving away from Google now. I am happy to have switched to a provider based in Norway, which fights for user's privacy (or at least claims to do so). Also suggest people move from Google search to DuckDuckGo, even if it is a little less elegant, they do not keep a permanent record of your searches.

silentrust · 03-07-2013 10:34AM

Khannie wrote: »

Agreed. I'm a bit disturbed by the number of "ah sure I've nothing to hide" types out there though. I've nothing to hide myself, but I still don't let people look at everything. We all like some level of privacy and we're all entitled to a lot of it.

How true Khannie. I was looking at the comments for a Youtube video on how to deal with Police Encounters (Hint: Keep asking "Am I free to go?") and there was a comment which said:

"Don't do illegal s*** and you won't be bothered."

Usually when people say this I ask them for their credit card number, or if they have curtains. If they say yes/no to both I then ask them to remove their clothes or to tell me details of their love life. This usually convinces the women, although one friend of mine had to be persuaded to put his jeans on... in his case what he had to hide really wasn't worth bringing into the light! :-)

PRISM

Comments