Electric Mind F*ck Magazine (EMFM), issue #1 of 1 (we're only releasing 1 version)

 

by Anonymous - January 19, 2014

 

1. N.S.A. Devises Radio Pathway Into Computers

2. These Guys Are Creating a Brain Scanner You Can Print Out at Home

3. Quietnet: Simple chat program using near ultrasonic frequencies.

4. Burglars Who Took On F.B.I. Abandon Shadows

5. Real-Time Face Substitution Will Hide You In The Scariest Way Possible

6. OpenBSD + Truecrypt + Rip Anywhere Mp3 player

7. 'Anti-Propaganda' Ban Repealed, Freeing State Dept. To Direct Its Broadcasting Arm At American Citizens

8. Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

9. MindFuck - They'll do it, believe me.

10. Pwned by NSA

11. NSA's ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware

12. US Military Commissions Sock Puppet Program

13. You don’t want your privacy: Disney and the meat space data race

 

##

 

1. N.S.A. Devises Radio Pathway Into Computers

 

By david e. sanger and thom shanker = jan. 14, 2014

 

= URL: http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html

=Image: http://cryptome.org/2014/01/nsa-quantum-radio.jpg

== Coverage #1: http://news.slashdot.org/story/14/01/15/1324216/nyt-nsa-put-100000-radio-pathway-backdoors-in-pcs

== Coverage #2: http://cryptome.org/2014/01/nsa-quantum-radio.htm

== Coverage #3: http://rt.com/usa/nsa-radio-wave-cyberattack-607/

=== Archive: http://web.archive.org/web/20140116010210/http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html

 

"WASHINGTON - The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.

 

While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.

 

The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.

 

The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.

 

The N.S.A. calls its efforts more an act of "active defense" against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.

 

Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls "computer network exploitation."

 

"What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before," said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. "Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before."

 

No Domestic Use Seen

 

There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.

 

"N.S.A.'s activities are focused and specifically deployed against - and only against - valid foreign intelligence targets in response to intelligence requirements," Vanee Vines, an agency spokeswoman, said in a statement. "We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of - or give intelligence we collect to - U.S. companies to enhance their international competitiveness or increase their bottom line."

 

Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.

 

President Obama is scheduled to announce on Friday what recommendations he is accepting from an advisory panel on changing N.S.A. practices. The panel agreed with Silicon Valley executives that some of the techniques developed by the agency to find flaws in computer systems undermine global confidence in a range of American-made information products like laptop computers and cloud services.

 

Embracing Silicon Valley’s critique of the N.S.A., the panel has recommended banning, except in extreme cases, the N.S.A. practice of exploiting flaws in common software to aid in American surveillance and cyberattacks. It also called for an end to government efforts to weaken publicly available encryption systems, and said the government should never develop secret ways into computer systems to exploit them, which sometimes include software implants.

 

Richard A. Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group’s reasoning in an email last week, saying that "it is more important that we defend ourselves than that we attack others."

 

"Holes in encryption software would be more of a risk to us than a benefit," he said, adding: "If we can find the vulnerability, so can others. It’s more important that we protect our power grid than that we get into China’s."

 

From the earliest days of the Internet, the N.S.A. had little trouble monitoring traffic because a vast majority of messages and searches were moved through servers on American soil. As the Internet expanded, so did the N.S.A.'s efforts to understand its geography. A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.

 

A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables - it calls them "covert, clandestine or cooperative large accesses" - not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted "more than 50,000 worldwide implants," and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.

 

That map suggests how the United States was able to speed ahead with implanting malicious software on the computers around the world that it most wanted to monitor - or disable before they could be used to launch a cyberattack.

 

A Focus on Defense

 

In interviews, officials and experts said that a vast majority of such implants are intended only for surveillance and serve as an early warning system for cyberattacks directed at the United States.

 

"How do you ensure that Cyber Command people" are able to look at "those that are attacking us?" a senior official, who compared it to submarine warfare, asked in an interview several months ago.

 

"That is what the submarines do all the time," said the official, speaking on the condition of anonymity to describe policy. "They track the adversary submarines." In cyberspace, he said, the United States tries "to silently track the adversaries while they’re trying to silently track you."

 

If tracking subs was a Cold War cat-and-mouse game with the Soviets, tracking malware is a pursuit played most aggressively with the Chinese.

 

The United States has targeted Unit 61398, the Shanghai-based Chinese Army unit believed to be responsible for many of the biggest cyberattacks on the United States, in an effort to see attacks being prepared. With Australia’s help, one N.S.A. document suggests, the United States has also focused on another specific Chinese Army unit.

 

Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China - perhaps through front companies - from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems - and they have, on systems like those at the Pentagon and at The Times - the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.

 

At that session, Mr. Obama tried to differentiate between conducting surveillance for national security - which the United States argues is legitimate - and conducting it to steal intellectual property.

 

"The argument is not working," said Peter W. Singer of the Brookings Institution, a co-author of a new book called "Cybersecurity and Cyberwar." "To the Chinese, gaining economic advantage is part of national security. And the Snowden revelations have taken a lot of the pressure off" the Chinese. Still, the United States has banned the sale of computer servers from a major Chinese manufacturer, Huawei, for fear that they could contain technology to penetrate American networks.

 

An Old Technology

 

The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.

 

In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.

 

One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer "through a covert channel" that allows "data infiltration and exfiltration." Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer - either in the field or when they are shipped from manufacturers - so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.

 

The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer "from as far away as eight miles under ideal environmental conditions." It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.

 

Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.

 

Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.

 

The N.S.A. refused to talk about the documents that contained these descriptions, even after they were published in Europe.

 

"Continuous and selective publication of specific techniques and tools used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies," Ms. Vines, the N.S.A. spokeswoman, said.

 

But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.

 

One feature of the Stuxnet attack was that the technology the United States slipped into Iran’s nuclear enrichment plant at Natanz was able to map how it operated, then "phone home" the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program.

 

But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as "the remains of a device capable of intercepting data from computers at the plant." The origins of that device have never been determined.

 

On Sunday, according to the semiofficial Fars news agency, Iran’s Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting - and making no mention of what are suspected of being its own attacks on Saudi Arabia’s largest oil producer."

 

"A version of this article appears in print on January 15, 2014, on page A1 of the New York edition with the headline: N.S.A. Devises Radio Pathway Into Computers."

 

@@@

 

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events.

 

@@@

 

This is based mostly on the NSA Catalog released by Jacob Appelbaum and Der Spiegel on 30 December 2013:

 

http://cryptome.org/2013/12/nsa-catalog.zip (16.2MB)

 

NY Times reportedly has the full Snowden material sent to it by The Guardian but, like others, has published very little of it:

 

http://cryptome.org/2013/11/snowden-tally.htm

 

##

 

2. These Guys Are Creating a Brain Scanner You Can Print Out at Home

 

- http://www.wired.com/wiredenterprise/2014/01/openbci/

 

-- http://www.openbci.com/

-- https://github.com/OpenBCI

 

"Bootstrapped with a little funding help from DARPA — the research arm of the Department of Defense — the device is known as OpenBCI. It includes sensors and a mini-computer that plugs into sensors on a black skull-grabbing piece of plastic called the “Spider Claw 3000,” which you print out on a 3-D printer. Put it all together, and it operates as a low-cost electroencephalography (EEG) brainwave scanner that connects to your PC."

 

Archived: http://web.archive.org/web/20140113131516/http://www.wired.com/wiredenterprise/2014/01/openbci/

 

##

 

3. Quietnet: Simple chat program using near ultrasonic frequencies.

 

Quietnet: Simple chat program using near ultrasonic frequencies.

 

"Simple chat program using near ultrasonic frequencies. Works without Wifi or Bluetooth and won't show up in a pcap.

 

Note: If you can clearly hear the send script working then your speakers may not be high quality enough to produce sounds in the near ultrasonic range.

Usage

 

run python send.py in one terminal window and python listen.py in another. Text you input into the send.py window should appear (after a delay) in the listen.py window.

 

Warning: May annoy some animals and humans."[1]

 

https://github.com/Katee/quietnet

[1] https://kate.io/

via: http://boingboing.net/2014/01/11/quietnet-near-ultrasonic-mess.html

 

##

 

4. Burglars Who Took On F.B.I. Abandon Shadows

 

http://web.archive.org/web/20140109031337/http://www.nytimes.com/2014/01/07/us/burglars-who-took-on-fbi-abandon-shadows.html

 

By MARK MAZZETTIJAN. 7, 2014

 

PHILADELPHIA — The perfect crime is far easier to pull off when nobody is watching.

 

So on a night nearly 43 years ago, while Muhammad Ali and Joe Frazier bludgeoned each other over 15 rounds in a televised title bout viewed by millions around the world, burglars took a lock pick and a crowbar and broke into a Federal Bureau of Investigation office in a suburb of Philadelphia, making off with nearly every document inside.

 

They were never caught, and the stolen documents that they mailed anonymously to newspaper reporters were the first trickle of what would become a flood of revelations about extensive spying and dirty-tricks operations by the F.B.I. against dissident groups.

 

The burglary in Media, Pa., on March 8, 1971, is a historical echo today, as disclosures by the former National Security Agency contractor Edward J. Snowden have cast another unflattering light on government spying and opened a national debate about the proper limits of government surveillance. The burglars had, until now, maintained a vow of silence about their roles in the operation. They were content in knowing that their actions had dealt the first significant blow to an institution that had amassed enormous power and prestige during J. Edgar Hoover’s lengthy tenure as director.

 

“When you talked to people outside the movement about what the F.B.I. was doing, nobody wanted to believe it,” said one of the burglars, Keith Forsyth, who is finally going public about his involvement. “There was only one way to convince people that it was true, and that was to get it in their handwriting.”

 

Mr. Forsyth, now 63, and other members of the group can no longer be prosecuted for what happened that night, and they agreed to be interviewed before the release this week of a book written by one of the first journalists to receive the stolen documents. The author, Betty Medsger, a former reporter for The Washington Post, spent years sifting through the F.B.I.’s voluminous case file on the episode and persuaded five of the eight men and women who participated in the break-in to end their silence.

 

Unlike Mr. Snowden, who downloaded hundreds of thousands of digital N.S.A. files onto computer hard drives, the Media burglars did their work the 20th-century way: they cased the F.B.I. office for months, wore gloves as they packed the papers into suitcases, and loaded the suitcases into getaway cars. When the operation was over, they dispersed. Some remained committed to antiwar causes, while others, like John and Bonnie Raines, decided that the risky burglary would be their final act of protest against the Vietnam War and other government actions before they moved on with their lives.

 

“We didn’t need attention, because we had done what needed to be done,” said Mr. Raines, 80, who had, with his wife, arranged for family members to raise the couple’s three children if they were sent to prison. “The ’60s were over. We didn’t have to hold on to what we did back then.”

 

A Meticulous Plan

 

The burglary was the idea of William C. Davidon, a professor of physics at Haverford College and a fixture of antiwar protests in Philadelphia, a city that by the early 1970s had become a white-hot center of the peace movement. Mr. Davidon was frustrated that years of organized demonstrations seemed to have had little impact.

 

In the summer of 1970, months after President Richard M. Nixon announced the United States’ invasion of Cambodia, Mr. Davidon began assembling a team from a group of activists whose commitment and discretion he had come to trust.

 

The group — originally nine, before one member dropped out — concluded that it would be too risky to try to break into the F.B.I. office in downtown Philadelphia, where security was tight. They soon settled on the bureau’s satellite office in Media, in an apartment building across the street from the county courthouse.

 

That decision carried its own risks: Nobody could be certain whether the satellite office would have any documents about the F.B.I.’s surveillance of war protesters, or whether a security alarm would trip as soon as the burglars opened the door.

 

The group spent months casing the building, driving past it at all times of the night and memorizing the routines of its residents.

 

“We knew when people came home from work, when their lights went out, when they went to bed, when they woke up in the morning,” said Mr. Raines, who was a professor of religion at Temple University at the time. “We were quite certain that we understood the nightly activities in and around that building.”

 

But it wasn’t until Ms. Raines got inside the office that the group grew confident that it did not have a security system. Weeks before the burglary, she visited the office posing as a Swarthmore College student researching job opportunities for women at the F.B.I.

 

The burglary itself went off largely without a hitch, except for when Mr. Forsyth, the designated lock-picker, had to break into a different entrance than planned when he discovered that the F.B.I. had installed a lock on the main door that he could not pick. He used a crowbar to break the second lock, a deadbolt above the doorknob.

 

After packing the documents into suitcases, the burglars piled into getaway cars and rendezvoused at a farmhouse to sort through what they had stolen. To their relief, they soon discovered that the bulk of it was hard evidence of the F.B.I.’s spying on political groups. Identifying themselves as the Citizens’ Commission to Investigate the F.B.I., the burglars sent select documents to several newspaper reporters. Two weeks after the burglary, Ms. Medsger wrote the first article based on the files, after the Nixon administration tried unsuccessfully to get The Post to return the documents.

 

Other news organizations that had received the documents, including The New York Times, followed with their own reports.

 

Ms. Medsger’s article cited what was perhaps the most damning document from the cache, a 1970 memorandum that offered a glimpse into Hoover’s obsession with snuffing out dissent. The document urged agents to step up their interviews of antiwar activists and members of dissident student groups.

 

“It will enhance the paranoia endemic in these circles and will further serve to get the point across there is an F.B.I. agent behind every mailbox,” the message from F.B.I. headquarters said. Another document, signed by Hoover himself, revealed widespread F.B.I. surveillance of black student groups on college campuses.

 

But the document that would have the biggest impact on reining in the F.B.I.’s domestic spying activities was an internal routing slip, dated 1968, bearing a mysterious word: Cointelpro.

 

Neither the Media burglars nor the reporters who received the documents understood the meaning of the term, and it was not until several years later, when the NBC News reporter Carl Stern obtained more files from the F.B.I. under the Freedom of Information Act, that the contours of Cointelpro — shorthand for Counterintelligence Program — were revealed.

 

Since 1956, the F.B.I. had carried out an expansive campaign to spy on civil rights leaders, political organizers and suspected Communists, and had tried to sow distrust among protest groups. Among the grim litany of revelations was a blackmail letter F.B.I. agents had sent anonymously to the Rev. Dr. Martin Luther King Jr., threatening to expose his extramarital affairs if he did not commit suicide.

 

“It wasn’t just spying on Americans,” said Loch K. Johnson, a professor of public and international affairs at the University of Georgia who was an aide to Senator Frank Church, Democrat of Idaho. “The intent of Cointelpro was to destroy lives and ruin reputations.”

 

Senator Church’s investigation in the mid-1970s revealed still more about the extent of decades of F.B.I. abuses, and led to greater congressional oversight of the F.B.I. and other American intelligence agencies. The Church Committee’s final report about the domestic surveillance was blunt. “Too many people have been spied upon by too many government agencies, and too much information has been collected,” it read.

 

By the time the committee released its report, Hoover was dead and the empire he had built at the F.B.I. was being steadily dismantled. The roughly 200 agents he had assigned to investigate the Media burglary came back empty-handed, and the F.B.I. closed the case on March 11, 1976 — three days after the statute of limitations for burglary charges had expired.

 

Michael P. Kortan, a spokesman for the F.B.I., said that “a number of events during that era, including the Media burglary, contributed to changes to how the F.B.I. identified and addressed domestic security threats, leading to reform of the F.B.I.’s intelligence policies and practices and the creation of investigative guidelines by the Department of Justice.”

 

According to Ms. Medsger’s book, “The Burglary: The Discovery of J. Edgar Hoover’s Secret F.B.I.,” only one of the burglars was on the F.B.I.’s final list of possible suspects before the case was closed.

 

A Retreat Into Silence

 

The eight burglars rarely spoke to one another while the F.B.I. investigation was proceeding and never again met as a group.

 

Mr. Davidon died late last year from complications of Parkinson’s disease. He had planned to speak publicly about his role in the break-in, but three of the burglars have chosen to remain anonymous.

 

Among those who have come forward — Mr. Forsyth, the Raineses and a man named Bob Williamson — there is some wariness of how their decision will be viewed.

 

The passage of years has worn some of the edges off the once radical political views of John and Bonnie Raines. But they said they felt a kinship toward Mr. Snowden, whose revelations about N.S.A. spying they see as a bookend to their own disclosures so long ago.

 

They know some people will criticize them for having taken part in something that, if they had been caught and convicted, might have separated them from their children for years. But they insist they would never have joined the team of burglars had they not been convinced they would get away with it.

 

“It looks like we’re terribly reckless people,” Mr. Raines said. “But there was absolutely no one in Washington — senators, congressmen, even the president — who dared hold J. Edgar Hoover to accountability.”

 

“It became pretty obvious to us,” he said, “that if we don’t do it, nobody will.”

 

_

 

A version of this article appears in print on January 7, 2014, on page A1 of the New York edition with the headline: Burglars Who Took On F.B.I. Abandon Shadows.

 

_

 

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events.

 

##

 

5. Real-Time Face Substitution Will Hide You In The Scariest Way Possible

 

http://kotaku.com/real-time-face-substitution-will-hide-you-in-the-scarie-1496953478

 

"Audun Mathias Øygard's creative experiment uses real-time facial recognition to hide your face in a webcam feed with different masks."

 

http://auduno.github.io/clmtrackr/examples/facesubstitution.html

 

##

 

6. OpenBSD + Truecrypt + Rip Anywhere Mp3 player

 

OpenBSD + Truecrypt + Rip Anywhere Mp3 player

 

Give me an MP3 player which has the following features:

     

1. OpenBSD

2. TrueCrypt - choice of encrypting all of device with 1st run and in settings

3. Rip from any device - an extension to the device (like the front part of ST:TNG ship's dish which separates for example) which allows CDs to be inserted and ripped on the fly without a computer connection, and the ability to plug into any electronic device which has the ability to contain audio files, scan for, and rip any audio files - all with the option to convert them to a format of your choosing

4. Complete support of as many audio/image/video codecs as possible.

5. Nothing about the device should be proprietary, neither hardware or software.

     

Before you say, "Why would you want to use a device with the MP3 format?" As #4 points out, and you should really know unless you're trolling, if you look at all of the MP3 players currently for sale, most support many audio, image (JPG and more) and sometimes several video formats.

 

##

 

7. 'Anti-Propaganda' Ban Repealed, Freeing State Dept. To Direct Its Broadcasting Arm At American Citizens

 

https://www.techdirt.com/articles/20130715/11210223804/anti-propaganda-ban-repealed-freeing-state-dept-to-direct-its-broadcasting-arm-american-citizens.shtml

 

For decades, a so-called anti-propaganda law prevented the U.S. government's mammoth broadcasting arm from delivering programming to American audiences. But on July 2, that came silently to an end with the implementation of a new reform passed in January. The result: an unleashing of thousands of hours per week of government-funded radio and TV programs for domestic U.S. consumption in a reform initially criticized as a green light for U.S. domestic propaganda efforts.

 

##

 

8. Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

 

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms

 

(The reader should know this article was written and distributed prior to the "badBIOS" revelations.)

 

How many rootkits does the US[2] use officially or unofficially?

 

How much of the free but proprietary software in the US spies on you?

 

Which software would that be?

 

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

 

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

 

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

 

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

 

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

 

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

 

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

 

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

 

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

 

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

 

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

 

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

 

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

 

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

 

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even then... you won't notice it.

 

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

 

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

 

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you would not notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

 

[3] http://www.stallman.org/

 

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

 

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

 

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

 

##

 

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

 

There's thermal attacks against cpus and temp, also:

 

ENF (google it)

 

A treat (ENF Collector in Java):

 

sourceforge dot net fwdslash projects fwdslash nfienfcollector

 

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

 

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

 

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

 

When is the last time you:

 

Audited your sound card for malware?

Audited your graphics card for malware?

Audited your network card for malware?

 

Google for:

 

* AGP and PCI rootkit(s)

* Network card rootkit(s)

* BIOS/CMOS rootkit(s)

 

Our modern PC hardware is capable of much more than many can imagine.

 

Do you:

 

    Know your router's firmware may easily be replaced on a hacker's whim?

    Shield all cables against leakage and attacks

    Still use an old CRT monitor and beg for TEMPEST attacks?

    Use TEMPEST resistant fonts in all of your applications including your OS?

    Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?

    Use your PC on the grid and expose yourself to possible keypress attacks?

    Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?

    Sarch out informative papers on these subjects and educate your friends and family about these attacks?

    Contact antimalware companies and urge them to protect against many or all these attacks?

 

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

 

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

 

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either don't need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

 

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

 

#

 

I'm more concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

 

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

 

Some have begun with BIOS security:

 

http://www.biosbits.org/

 

Some BIOS has write protection in its configuration, a lot of newer computers don't.

 

#

 

"Disconnect your PC from the internet and don't add anything you didn't create yourself. It worked for the NOC list machine in Mission Impossible"

 

The room/structure was likely heavily shielded, whereas most civvies don't shield their house and computer rooms. There is more than meets the eye to modern hardware.

 

Google:

 

subversion hack:

tagmeme(dot)com/subhack/

(This domain expired and has been replaced by different content. Please visit Archive.org - The Wayback Machine and dig for previous versions of original content)

 

network card rootkits and trojans

pci rootkits

packet radio

xmit "fm fingerprinting" software

"specific emitter identification"

forums(dot)qrz(dot)com

 

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

 

Unless your computer room is shielded properly, the computers may still be attacked and used, I've personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didn't find it all.

 

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

 

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

 

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

 

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

 

##

 

9. MindFuck - They'll do it, believe me.

 

there will be no revolt

there will be no resistance

they are moving us to a future where

implanted chips will be the norm

they will read and record our thoughts

and perhaps they will physically move us, too

and since they're working on removing memories

we won't remember what happened when they 'moved' us.

 

even the bible says there will come a time when people

will seek death but won't be able to find it ...

because THEY won't let you.

 

It's all downhill, folks, they want your brain

without enlisting in any force

and they will take us by force

yesterday the chip in the head people were crazies

now we have the reality, they just have to introduce it

 

they will seduce us into this electronic tattoo, pill swallow and monitor health, implantable chip and even stronger, more hideous technology in the name of many things, safety, health, entertainment, g00g1e gl4ss is the beginning. Soon they will say, "WHY AREN'T YOU WEARING ONE?" and you'll be forced to wear one like good old Wesley Crusher was.

 

freedom - it was good while it lasted.

 

##

 

10. Pwned by NSA

 

- 2013-1811.pdf         NSA TAO ANT COTTONMOUTH (DE Original)            December 29, 2013

http://cryptome.org/2013/12/nsa-tao-ant-pdf.pdf

 

- 2013-1810.pdf         NSA TAO ANT COTTONMOUTH                          December 29, 2013

http://cryptome.org/2013/12/nsa-tao-ant.pdf

 

__

 

-  Part 1: Inside TAO: Documents Reveal Top NSA Hacking Unit

 

1/3: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html

 

- Part 2: Targeting Mexico

2/3: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html

 

-  Part 3: The NSA's Shadow Network

3/3: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-3.html

 

__

 

- Shopping for Spy Gear: Catalog Advertises NSA Toolbox

 

http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html

 

__

 

- NSA reportedly intercepting laptops purchased online to install spy malware

 

http://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy

 

__

 

- Cryptome Mailing List

 

Unauthorized disclosures of secrets are essential for democracy

 

http://www.freelists.org/list/cryptome

http://www.freelists.org/archive/cryptome/

 

__

 

- New algorithm finds you, even in untagged photos

 

http://www.ece.utoronto.ca/news/aarabi-algorithm-finds-you/

 

__

 

- The World In An Eye

 

http://www.cs.columbia.edu/CAVE/projects/world_eye/

http://www1.cs.columbia.edu/CAVE/publications/pdfs/Nishino_IJCV06.pdf

http://www1.cs.columbia.edu/CAVE/publications/pdfs/Nishino_CVPR04.pdf

 

__

 

- Target’s Close Relationship to Government Needs to Be Watched

-- Target’s Forsenic Services is who the FBI, Secret Service, BATF and others have turned to for help for two decades

http://www.infowars.com/targets-close-relationship-to-government-needs-to-be-watched/

 

__

 

- New algorithm finds you, even in untagged photos

 

http://www.ece.utoronto.ca/news/aarabi-algorithm-finds-you/

 

__

 

- The World In An Eye

 

http://www.cs.columbia.edu/CAVE/projects/world_eye/

http://www1.cs.columbia.edu/CAVE/publications/pdfs/Nishino_IJCV06.pdf

http://www1.cs.columbia.edu/CAVE/publications/pdfs/Nishino_CVPR04.pdf

 

__

 

- On Hacking MicroSD Cards

 

http://www.bunniestudios.com/blog/?p=3554

https://news.ycombinator.com/item?id=6980058

https://events.ccc.de/congress/2013/wiki/Main_Page

 

__

 

- Are Your Windows Error Reports Leaking Data?

http://community.websense.com/blogs/securitylabs/archive/2013/12/29/dr-watson.aspx

 

__

 

- #1 ICS and SCADA Security Myth: Protection by Air Gap

http://www.blog.beldensolutions.com/1-ics-and-scada-security-myth-protection-by-air-gap/

 

__

 

- Edward Snowden Leaks

 

http://cryptome.org/2013/11/snowden-tally.htm

 

##

 

11. NSA's ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware

 

https://leaksource.wordpress.com/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware/

 

In ANT, Archive, Hacking, NSA, NSA Files, Surveillance, TAO, Technology on December 30, 2013 at 3:17 AM

 

##

 

12. US Military Commissions Sock Puppet Program

 

What's old is new again

 

http://yro.slashdot.org/story/11/03/18/023239/us-military-commissions-sock-puppet-program

 

"The Guardian and The Telegraph are reporting that US based Ntrepid Corporation has been awarded a $2.76 million contract to develop software aimed at manipulating social media. The project aims to enable military personnel to control multiple 'sock puppets' located at a range of geographically diverse IP addresses, with the aim of spreading pro-US propaganda. The project will not target English speaking web sites (yet) but will be limited to foreign languages, including Arabic, Farsi, Urdu and Pashto. The project will be funded as part of the $200 million Operation Earnest Voice program run by US Central Command."

 

http://www.ntrepidcorp.com/

http://www.guardian.co.uk/technology/2011/mar/17/us-spy-operation-social-networks

http://www.telegraph.co.uk/news/8388603/US-military-creates-fake-online-personas.html

 

##

 

13. You don’t want your privacy: Disney and the meat space data race

 

http://gigaom.com/2014/01/18/you-dont-want-your-privacy-disney-and-the-meat-space-data-race/

 

##

EOF