Nude photos, phone records, NSA data offer essential lessons for admins

Posted on by

Simon Phipps | Sept. 8, 2014

Whether via Apple's iCloud, the DEA, or the NSA, data is leaking everywhere -- can anyone avoid exposure?

As you've heard many times by now, someone with no life or ethics appears to have hacked into numerous celebrity accounts on Apple's iCloud service and copied private photographs wholesale. At least a few of those photographs are intimate and revealing. As if that juvenile intrusion on adult privacy wasn't enough, they've then posted them in the Internet's frat houses for the world's sexually frustrated imbeciles to ogle.

This case raises questions about the very act of putting data online. There may be primary benefits for doing so, but as technology decision makers, we need to raise questions about secondary costs. Let's consider additional data points.

We also learned this week thatthe DEA has been using phone call data going back decades-- stored by AT&T for any call in which it participated, not just for its customers -- as a covert source in the agency's investigations. Unlike the NSA data, this is not merely material relating to foreigners -- this iseveryone'sdata, going back as far as 1987. It can be accessed by officials by filling out a form -- called an "administrative subpoena" but not involving any judicial review. As the New York Times says:

The Hemisphere Project, a partnership between federal and local drug officials and AT&T that has not previously been reported, involves an extremely close association between the government and the telecommunications giant.

Was this usage what the developers or executives had in mind a quarter of a century ago as they started logging the data? Or has it been stored "just in case" because it existed and seemed valuable and over time has found more and more users? There must be an enormous database -- the epitome of big data -- and it's probably used for multiple purposes.

As to that NSA data, a great deal of confusion about "surveillance" seems to be floating around. In the United Kingdom, questions are being asked about all the data-gathering by the British equivalent of the NSA, GCHQ. In response, Secretary of State Theresa Mayhas respondedthat "there is no programme of mass surveillance and there is no surveillance state" and labels claims that GCHQ engages in unlawful hacking as "nonsense." Yet clearly, a lot of data is being gathered.

GCHQ, the NSA, and probably every other intelligence agency worth the name is actively gathering data from the Internet. Everything on the Internet is transient, with different decay periods, so gathering information is a constant process. They believe everything that can be gathered without illegal action is fair game, so they gather anything and everything they can, storing it just in case.

They are without doubt capturing and recording all and any email, instant messages, Web pages, social media traffic, and so on. Recent disclosures reveal thatthe NSA collects"nearly everything a user does on the Internet," then offers analysts tools to search that data. The NSA has a variety of explanations why it's all legally gathered.

Link:

Nude photos, phone records, NSA data offer essential lessons for admins

Posted in NSA

NSA Ajit Doval arrives in China to finalise Xi Jinping's visit to India

Posted on by

BEIJING: National Security Advisor Ajit Doval arrived here today to firm up Chinese President Xi Jinping's visit to India expected to take place next week.

Doval will hold talks tomorrow with Chinese State Councillor Yang Jiechi and is expected to meet Xi after that.

Dates for the visit of Xi, also the General Secretary of the ruling Communist Party of China, have not yet been officially announced by both sides.

Doval's visit is taking place in the immediate backdrop of the cancellation of Xi's visit to Islamabad planned as part of his first visit to Pakistan, Sri Lanka and India.

Initially, Xi was to pay a three-day visit to New Delhi from September 17.

Speculation is rife that in view of the cancellation of the visit to Pakistan, Xi may arrive in India earlier and may visit Prime Minister Narendra Modi's home state Gujarat before he lands in New Delhi.

Commerce Minister Nirmala Sitharaman, who visited Beijing twice including early this month, has laid ground for Xi's visit by holding extensive talks with Chinese officials on the package of investments as well as measures to address India's concerns of trade deficit.

China-India are in discussions to modernise Indian railways.

China plans to invest in industrial parks, locations of which are expected to be announced by Xi.

Besides finalising the schedule, Doval's visit is expected to focus on the political aspects of Xi's tour, including issues related to the boundary dispute and new routes for Kailash and Manasarovar Yatra.

See the original post:

NSA Ajit Doval arrives in China to finalise Xi Jinping's visit to India

Posted in NSA

The Feds Explain How They Seized The Silk Road Servers

Posted on by

Last month, Ross Ulbrichtthe alleged Silk Road mastermind who is facing trial in November for multiple drug and ID fraud chargesfiled a motion arguing that his Fourth Amendment rights had been violated in the governments seizure of the Silk Road servers and subsequent searches. In response, the prosecution has revealed for the first time how the government was able to uncover and seize the servers of the online drug bazaar.

Ever since the servers were seized in October 2013, the take down of the Silk Road remained a shadowy government secret. Now, the feds have shed some light on their actions in a 59-page rebuttal and 10-page letter letter from former FBI agent Christopher Tarbell filed on Friday.

According to the rebuttal, the downfall of the Silk Road was as simple as some leaky code. The server was located by the FBI New York Field Office in June 2013, when FBI agents noticed the servers Internet protocol (IP) address leaking in traffic sent from the Silk Road website when FBI agents interacted with it. After examining the leaking IP addresses, the FBI says it found IP addresses that were not associated with the Tor network. When those IP addresses were entered into a non-Tor web browser, a partial Silk Road login screen appeared, which the FBI saw as confirmation that the IP addressed belonged to the Silk Road server.

The FBIs next step was to contact authorities in Iceland, where the servers were located and ask for routing information and images of the server contents. The Reykjavik Metropolitan Police sent the FBI routing information, which revealed a high volume of Tor traffic flowing to the server. The RMP then sent the FBI server images containing databases of vendor postings, transaction records, private messages between users, and other data reflecting user activity, which confirmed that the servers were hosting the Silk Road. Additionally, computer code from the servers in Iceland led the feds to a Silk Road server backup at a data center in Pennsylvania. After obtaining warrants, the FBI searched those databases twice before seizing the servers in October.

In the scenario described by the FBI, the takedown of the Silk Road happened not because of a Tor software failure but because of a failure to properly secure the website, according to Forbes contributor and Tor expert Runa Sandvik. To have a secure Tor service, one needs to ensure that the code is secure, that the web server only accepts connections from Tor, and that the server does not reveal its real IP address. The vulnerability through which the FBI says it discovered the servers is surprisingly simple. Sandvik says shes surprised that the FBI would be the first to discover a vulnerability that simple when there were Silk Road users hunting for bugs daily on the website.

Beyond satisfying curiosity, the way the Silk Road servers were seized has important implications for evidence in Ulbrichts case. According to the fruit of a poisonous tree argument presented by Ulbrichts attorney Joshua Dratel in the July motion, if the original searches violated Ulbrichts rights, then all evidence stemming from those searches should be suppressed.

The rebuttal makes the claim that all FBI searches were legal and not violations of Ulbrichts rights. In short, notwithstanding the lengthy exposition of Fourth Amendment jurisprudence in Ulbrichts briefmost of which has nothing to do with this casehis various claims are bereft of any support of the law, the rebuttal reads. Because the servers were located overseas, the FBI says it didnt need a warrant to ask foreign authorities to search the serves, and the rest of the 59-page rebuttal argues for the legality of the rest of the searches leading up to Ulbrichts arrest.

Presented with both the defenses motion and the prosecutions rebuttal, the courts will make a decision about whether to uphold or deny the motion to suppress evidence because of a Fourth Amendment rights violation. In July, Judge Katherine Forrest denied Ulbrichts first motion to dismiss charges. That motion asked if Ulbricht could be charged with money laundering when Bitcoin isnt recognized as currency, and if he could be charged with drug trafficking for simply running the Silk Road website.

Ulbricht has pleaded not guilty to all charges, and his trial is scheduled to begin on November 3, 2014.

Check out the rest of the Forbes Silk Road coverage here.

View post:

The Feds Explain How They Seized The Silk Road Servers

How To Trade One Kind Of Cryptocurrency For A Different Kind Of Cryptocurrency – Video

Posted on by


How To Trade One Kind Of Cryptocurrency For A Different Kind Of Cryptocurrency
In this video we show you how easy it is to exchange (or trade) one kind of cryptocurrency for another. We like using Bleutrade - https://bleutrade.com/home/...

By: Cryptolix

See the original post:

How To Trade One Kind Of Cryptocurrency For A Different Kind Of Cryptocurrency - Video