Category Archives: National Security

Software Industry Greed is Driving the Assault on our Privacy & Security

The motivation to release software, without proper testing, in order to generate a quick buck is as much of a threat to our security and privacy as the activities of hackers and alphabet agencies. It is time that software companies started to pay the price for the sorry mess that their greed is helping to create.

Once upon a time these matters could be considered in isolation but with the “Internet of Things” connecting millions more devices every day we are headed for a world that will have 28 billion IoT devices by 2020.

Consumer concern will not halt the rollout. A staggeringly high number of consumers hold serious concerns about the possibility of their information getting stolen from everyday devices – their smart home, their tablet, their laptop. One would think therefore that this concern would pressure software manufacturers to be more rigorous in their pre-GA testing activities. Not so.

Why? Because so much of this IoT stuff is embedded and consumer awareness is mainly limited to the high profile exposures. Consumers are not hesitating to purchase connected devices because consumers do not know that the devices are connected.

Samsung’s SmartThings smart home platform is a leaky colander of loosely connected hack prone software. IoT security hardening is not just about the particular application but also about building security into the network connections that link applications and that link devices.

And then there is the “Data”. The amount of this stuff that is generated by IoT is intractably large. As few as 10,000 households can generate 215 million discrete data points every day. This creates more entry points for hackers and leaves sensitive information vulnerable.

The number and variety of privacy attack vectors becomes unmanageable very quickly. From the CIA hacking your Samsung TV, uBeacons doing their bit (uXDT & Audio Beacons – Introduce your Paranoia to your Imagination), hackers controlling your car, it’s a worryingly real threat to the personal security and privacy of every one of us.

If the CIA’s Directorate of Digital Innovation (DDI), who are tasked with delivering cyber-espionage tools and intelligence gathering capabilities, cannot even secure their own USB drives then what chance do the rest of us have.

Unfortunately the answer is that we have no chance.

ENDS 

All The Presidents’ Messes

It is a convenient attitude after marshalling a global coalition (twice) for intervention in Kuwait (Gulf War 1) and again in Iraq (Gulf War 2) for the purposes of US energy security that Trump now wishes to pursue a kind of “splendid isolationist” foreign policy after his predecessors have left behind a not so splendid mess. A mess which he is now doing his best to compound.

These previous US initiated actions have spiralled into the regional mess we now have in the Middle East, North Africa and Southern Europe. Trumpites think we should all applaude them now for leaving everyone else to handle the social fallout of their actions even those of us who were not part of their pair of “grand coalitions”.

The Ongoing Erosion of US Prestige & Influence

The Trumpites view that their outcome will be a glory filled jingoistic romanticised dreamland is delusional. The outcome of Trump will be the further erosion of US influence and prestige globally as the US (Democrat and Republican) for some reason best known to themselves continue to hand Russia, China and Iran the initiative and like always we “over here” [Europe] pick up most of their bill (socially).

I wonder how prepared Trump supporters are for sectarian domestic warfare instead of their preferred modus operandi of taking a giant shit on everyone from a great distance.

Selective hearing is one thing when it comes to “hearing” the reality of past US foreign policy disasters. Selective memory to justify a US foreign policy of “splendid isolation” is another thing entirely.

Trumpites Are Unprepared For The Outcomes That They Will Cause

Not content with splitting external regions in two the US has elected Trump after some minor civil unrest and a number of tragic radical Islamist atrocities and divided their own country. But the numbers of deaths on US soil are tiny in relative terms and Trumpites think that they are ready for domestic sectarian strife that Trump policies will inevitably lead to – if pursued.

The election of Trump is in reaction to how many deaths from terrorist attacks on US soil? The US cannot handle terrorism on their own soil without making wildly disproportionate decisions.

The US hasn’t had a serious conflict on their soil since the Civil War. Since then it has all been one sided affairs for them locally. The Spanish-American War, the native American Indian genocide and a few spats with Mexico.

Over-Simplification & Generalisation

Among all the pro-Trump comments there is a common theme of over-simplification and generalising. It is possible to be outraged and hold a contrary opinion to the mainstream without relying on prejudice, racism or extremism.

It is also possible to hold composite opinions that are not contradictory. I am and continue to be a vocal opponent (who regularly has taken the time to write these opinions down and publish them) of political correctness, mass migration and open door policies, the undermining of Western cultural values, radical Islam, sharia law, “states within states” groups who refuse to assimilate and expect everyone to cater to their often radical demands.

All Values Can Be Accommodated 

In order to aggressively assert your values you do not have to destroy the values and beliefs of others or go to war with conflicting ideologies.

I held a position of Special Advisor – Security Affairs (Oman, Qatar, United Arab Emirates, Yemen) Undisclosed – NGO (Mass Migration Predictive Profiling – Radicalisation Threats). My focus was on rigour in vetting and processing immigrants along appropriate lines using appropriate methods, not blanket bans.

My blog is full of content that places my opinion on the record – from November 2015 “Weak-willed West Needs To Aggressively Assert Its Values“:

* “We can fret about the potential rise of Islamic extremism in this country and fool ourselves into thinking that we are immune. But why should we be uniquely exempt from other European countries? Extremism doesn’t even have to be violent to have an impact. Extremism can be seen in Muslim clerics who, post-‘Charlie Hebdo’, threatened prosecution of anyone who reprinted the offending cartoons. Extremism is seen on Irish campuses where Sharia-spouting whackjobs are given a round of applause while anyone espousing liberal, Western values is shouted down as a racist – assuming they are allowed to speak in the first place. The terrifying truth is not the strength of ISIL’s convictions, but the weakness of ours. Put simply, they want it more than we do and until we start to aggressively assert Western values in Western countries, is it any wonder that they despise us? Frankly, I can’t say I blame them.”

* (Re-blogged from an article in The Irish Independent by Ian O’Doherty)

Clever Interventions Are Far More Effective Than Populist Broad Brush Strokes

It is a highly complex world with a highly complex security problem. A history lesson and the roots of the current mess is not possible here. But briefly the US finds itself dealing with large scale domestic socio-economic problems; Europe is in a monetary, economic and cultural crisis; social cohesion has disintegrated in large parts of the Middle East and North Africa.

There are rising far right groups in Europe and the US has elected a man with explicit alt-right sympathies as President. Subtlety and diplomacy and clever interventions are far more effective than broad brush strokes like Trump has begun to take. The majority only see the headlines and do not care to or want to dig deeper. A man and a set of policies that appeal to populist sentiment are a dangerous combination.

Excerpt from “The Future of Populism in the Trump Era” by Paul Wayne:

“Already emboldened by the Brexit vote in June, the election of “an outsider” as President of the world’s oldest democracy has given particularly the core of Europe’s right-wing populist parties a rather vainglorious halo. These three—France’s Marine LePen, the Netherlands’ Geert Wilders, and Germany’s Frauke Petry—stand to create a political environment which could ultimately eclipse the European project. All in 2017, the same year in which the Union plans to celebrate its very founding with the 60th anniversary of the Treaty of Rome. The European Union can survive Brexit. Frexit—Marine LePen’s goal in her planned referendum on EU membership—would be Europe’s death knell.”

Two Party System – Universally Awful

The US is the architect of its own problems. I detest the Republican Party and the Democratic Party. Clinton was an awful candidate. Trump was an awful candidate. But both represent exactly what the USA has become. A polarised, corrupted dystopia who regularly foment problems internationally and when it does not work out then walk away and leave a sorry mess behind them.

All The Presidents Messes

In my lifetime the American people have elected Nixon (Vietnam, Laos, Cambodia), Ford (by accident), Carter (Iranian Revolution & Iran Hostage debacle), Reagan (Funded the Taliban / Iran-Contra Affair / Nicaragua / El Salvador / Guatemala), Bush the first (Gulf War I), Clinton (Somalia, Rwanda, Haiti / Israel-Palestine / Ethnic Wars in Europe – Croats, Serbs and Bosnian Muslims / Kosovo & Albania), Bush the Second (Iraq / Afghanistan), Obama (IRANDEAL, global appeasement, the relatively unopposed rise of ISIS, and the disintegration of Syria and Libya and Egypt as a result of US Foreign Policy failures) and now Trump.

In every case each of these presidents presided over a root cause of the current problem. The US does not have a good record. Trump supporters cite the border control, internal dissent and socio-economic problems as the main reasons for justifying a man like Trump yet most of his actions are having global fallout.

Always The Right Man, Until They Are Not

The US electorate who support the winning candidate always declare that they have elected the right man until he is not the right man and then they elect the right man again until he is not.

I do hope that they get it right soon because to date they keep getting it wrong, at their own and everyone else’s expense.

When the “Muslim” issue is “discussed” with Trumpites they will trot out the history of Muslim conquest and Crusader comparisons in terms of scale. It is a basic piece to any SME on History but it will like all base line rhetoric be offered as the lowest common denominator response masquerading as knoweldge instead of evolving the debate in to mature rather than reactionary territory.

“Small Nation, Small Thinking” But Wider Experience 

Trumpites have referred to me and my opinions as being the result of being an inhabitant of a ‘small nation’ with “small thinking”.

Next week I will travel to the 27th Muslim country that I have visited for work and / or pleasure. How many Americans have been outside their state let alone their country?

I can tell you. Of the 311 million U.S. residents, there are over 109 million valid U.S. passports in circulation according to the State Department. The real number of Americans that actually traveled (took trips) overseas in 2009 for either business or leisure, was about 15.5 million —or just five percent of the nation’s 311 million residents.

If you take the jet setting HNWI’s traveling ways into account less than 14.6 million Americans actually traveled overseas in 2009 — maybe as low as just 11.6 million, or about 3.5% of all U.S. residents.

America’s most popular overseas countries are: England (9% of all trips), France (7%), Italy (7%), Germany (5%), Dominican Republic (5%), Jamaica (5%), Japan (4%), China (4%), India (4%) and Spain (4%). Other significant countries visited include: Bahamas (3%) and Costa Rica (3%).

With just six percent of Americans trips going to the Middle East, and even fewer, just three percent, visiting the whole continent of Africa, and two percent going to Australia/New Zealand.

The US is a nation where most of the population and certainly most of the Trump supporters have never seen first hand many of the places which they hold aggressively contrary opinions toward.

For a nation where remarkably few of the residents have ever set foot in or spoke to a citizen of these countries yet seem to know all about their motivations and traditions it is amusing to me that according to Trumpites that I should take my “small nation” thinking and replace it with the opinions of insular Americans.

Amusing because the majority of them derive their opinions from second hand biased TV & radio commentators, and politicians rather than first hand experience.

Well that’s just lazy isn’t it really?

“Self Informed” Rather Than “Externally Conditioned” 

Americans who wish to mouth off about culture and integration (Reds & Blues) should try visiting some of these places and see the root causes for immigration or the effect of their past “right man at the time” presidents’ failed foreign policies.

A Trumpite responded in reply to this suggestion of taking time to travel and talk to Muslims in affected countries to gain a wider understanding by quoting (knowingly or not) the late comedian Chris Farley in the movie “Tommy Boy” that:

“Of course, I can get a hell of a good look at a T-Bone steak by sticking my head up a bull’s ass, but I’d rather take the butcher’s word for it.”

To which I replied “Well you couldn’t do that with Trump anyway pal cos his head is already up his own ass – plan B I guess”.

END

Official Government Response to “Repeal the new Surveillance Laws (Investigatory Powers Act)” Petition

Dear Graham Penrose,

The Government has responded to the petition you signed – “Repeal the new Surveillance laws (Investigatory Powers Act)”.

Government responded:

The Investigatory Powers Act dramatically increases transparency around the use of investigatory powers. It protects both privacy and security and underwent unprecedented scrutiny before becoming law.

The Government is clear that, at a time of heightened security threat, it is essential our law enforcement, security and intelligence services have the powers they need to keep people safe.

The Investigatory Powers Act transforms the law relating to the use and oversight of Investigatory powers. It strengthens safeguards and introduces world-leading oversight arrangements.

The Act does three key things. First, it brings together powers already available to law enforcement and the security and intelligence agencies to obtain communications and data about communications. It makes these powers – and the safeguards that apply to them – clear and understandable.

Second, it radically overhauls the way these powers are authorised and overseen. It introduces a ‘double-lock’ for the most intrusive powers, including interception and all of the bulk capabilities, so warrants require the approval of a Judicial Commissioner. And it creates a powerful new Investigatory Powers Commissioner to oversee how these powers are used.

Third, it ensures powers are fit for the digital age. The Act makes a single new provision for the retention of internet connection records in order for law enforcement to identify the communications service to which a device has connected. This will restore capabilities that have been lost as a result of changes in the way people communicate.

Public scrutiny

The Bill was subject to unprecedented scrutiny prior to and during its passage.

The Bill responded to three independent reports: by David Anderson QC, the Independent Reviewer of Terrorism Legislation; by the Royal United Services Institute’s Independent Surveillance Review Panel; and by the Intelligence and Security Committee of Parliament. All three of those authoritative independent reports agreed a new law was needed.

The Government responded to the recommendations of those reports in the form of a draft Bill, published in November 2015. That draft Bill was submitted for pre-legislative scrutiny by a Joint Committee of both Houses of Parliament. The Intelligence and Security Committee and the House of Commons Science and Technology Committee conducted parallel scrutiny. Between them, those Committees received over 1,500 pages of written submissions and heard oral evidence from the Government, industry, civil liberties groups and many others. The recommendations made by those Committees informed changes to the Bill and the publication of further supporting material.

A revised Bill was introduced in the House of Commons on 1 March, and completed its passage on 16 November, meeting the timetable for legislation set by Parliament during the passage of the Data Retention and Investigatory Powers Act 2014. Over 1,700 amendments to the Bill were tabled and debated during this time.

The Government has adopted an open and consultative approach throughout the passage of this legislation, tabling or accepting a significant number of amendments in both Houses of Parliament in order to improve transparency and strengthen privacy protections. These included enhanced protections for trade unions and journalistic and legally privileged material, and the introduction of a threshold to ensure internet connection records cannot be used to investigate minor crimes.

Privacy and Oversight

The Government has placed privacy at the heart of the Investigatory Powers Act. The Act makes clear the extent to which investigatory powers may be used and the strict safeguards that apply in order to maintain privacy.

A new overarching ‘privacy clause’ was added to make absolutely clear that the protection of privacy is at the heart of this legislation. This privacy clause ensures that in each and every case a public authority must consider whether less intrusive means could be used, and must have regard to human rights and the particular sensitivity of certain information. The powers can only be exercised when it is necessary and proportionate to do so, and the Act includes tough sanctions – including the creation of new criminal offences – for those misusing the powers.
The safeguards in this Act reflect the UK’s international reputation for protecting human rights. The unprecedented transparency and the new safeguards – including the ‘double lock’ for the most sensitive powers – set an international benchmark for how the law can protect both privacy and security.

Home Office

Click this link to view the response online:

https://petition.parliament.uk/petitions/173199?reveal_response=yes

This petition has over 100,000 signatures. The Petitions Committee will consider it for a debate. They can also gather further evidence and press the government for action.

The Committee is made up of 11 MPs, from political parties in government and in opposition. It is entirely independent of the Government. Find out more about the Committee: https://petition.parliament.uk/help#petitions-committee

Thanks,
The Petitions Team
UK Government and Parliament

Ireland Late Again To Recognise Threat From Radical Islamists

Islamic State suspected to have been using Ireland as easy access to U.K.  The Islamic State militant group (ISIS) suspects will be prevented from using Irish ports as an easy access to get to Britain after gardai decided to crack down, based on threats. Launching the ‘Operation Mutiny’, a garda operation began after doubts arose that there might be suspects using the ports due to its weak security and surveillance systems.

The security has tightened and has become widespread over the past few weeks at the ports in Dublin and Rosslare.

Sources have revealed the details of the operation, its initiation and its importance. Several meetings were reportedly held with senior Garda officers and their U.K. counterparts after the summer Brexit referendum.

Vast amounts of overtime has been promised to those willing to work with the garda operations to protect the country.The management is Rosslare alone has sanctioned 100 hours of overtime a day.

According to the Herald, a source said, “Security at our ports was found to be porous and weak. The U.K. authorities were very concerned that IS terrorists could use these ports to get into Britain to launch a terrorist attack so Operation Mutiny was put in place.”

“There were a number of meetings held between representatives of the different forces and these ultimately led to the drawing up of a policing plan which has been successful so far,” the source went on to add.

“This has been a sustained and massive operation which has meant that gardai have been checking virtually every vehicle coming into and out of these ports,” the source further told the Herald.

Adding, “Overtime for officers is being offered on a daily basis and there can be no doubt that these ports are far more secure than they were even a couple of months ago.”

Heavily armed Garda have been deployed, apart from the existing Garda units from the Garda Regional Support Unit (RSU). Due to unavailability of officers in the South East, the southern region of the RSU has taken charge in the ports of Rosslare.

‘Significant seizures’ of stolen property has been noted even though no ISIS interception has been made yet.

Burglaries that involve members of Romanian and other Eastern European organised crime gangs have been spotted and put an end to through the activities of the RSU.

Several cars reported stolen, have been found and the success in finding significant stolen goods has made the operation partly successful. However, it is expected for the operation to be ‘wound down’ by the end of the year.

Full Article: http://www.irishsun.com/index.php/sid/249415673

Hijacked Jihadi Forum “Asrar Al­Ghurabaa’“ – Offense & Exploitation

In late 2013, following on from the general panic surrounding the reliability of previously trusted technologies – as a direct result of the revelations made by snowden‍ and greenwald‍ – ISIS‍ “declared” that they had launched a new encryption‍ service called Asrar Al­ Ghurabaa’.

It was described as being the first website for secure communications. A forum used by jihadists calledShabakat Al Iraq Wal Sham announced the launch. The announcement declared that the new resourcefor jihadis would be a rival to Asrar AlMujahideen (Mujahedeensecrets which was launched circa 2007).

The new service was an NSA‍ front and was to be found at asrar006.com. It allowed the input of text which was then encrypted‍ or decrypted‍ , as required. Simply put, rather like the google translate service it applied the required encryption keys to inputted text strings resulting in a “translation”.

It did not allow for message transmission but was more “accurate, secure, and user friendly than Asrar Al­Mujahideen” according to the statement. The service required no software downloads or installations and therefore removed several points of potential risk associated with the Asrar Al­Mujahideen alternative. No code could be injected, files infected and so on.

Within a couple of days the Global Islamic Media Front (GIMF‍ ) denounced the new encryption platform in a statement “Warning About the Use of the Program ‘Asrār al-Ghurabā” stating:

“We warn all the brothers using the new encryption program called “Asrar al-Ghurabaa” – the program is suspicious and its source is not trusted. Likewise, we confirm that there wasn’t any relationship between the program “Asrar al-Ghurabaa” and the Front’s encryption program “Asrar al-Mujahdeen”, and therefore, we advise and warn the brothers not to use the program “Asrar al-Ghurabaa” entirely!

We also warn of using any encryption program which hasn’t been published through the Global Islamic Media Front or Al-Fajr Center for Media. And lastly, we remind that the sole source to download all of the technical programs for the Media Front: Mobile Encryption Program Asrar al-Dardashah Plugin Asrar al-Mujahideen Program”

END

Overwatch – The Five Eyes Espionage Alliance

The “Five Eyes” (FVEY‍) is an intel‍ alliance that unifies elements of the national alphabet agencies of theunited Kingdom, the United States, Australia, canada and New Zealand and their intel gathering infrastructures.

The AA’s in each member country and the terms of their information exchange mandate is encapsulated in the multilateral‍ agreement called the “UKUSA Agreement”.

The origins of the FVEY can be traced to the closing months of World War II when the Atlantic Charter was issued by the Allies to lay out their “goals” for a post-war world.

Signals Intelligence (SIGINT)

The espionagealliance‍ was conceived in order to deliver trans- jurisdictionalcoordination‍ andcooperation‍ for signals intelligence (SIGINT‍) but has expanded into many other areas especially in the last 20 years and most aggressively since the beginning of the vaguely defined parameters of the ” War‍ on Terror‍ “.

Not just a reactive program it is specifically proactive. The FVEY can count in many thousands theirdeployment of various rootkit‍ hacks, backdoors‍ , trojans‍ , worms‍ , spyware‍ , malware‍ , keystroke logging, PGP private key reversal and voice comms undermining projects. It has an eye watering arsenal of BH tactics‍ at its disposal. Take a peak at a tiny subset of them here .

GEMALTO & Public Scrutiny

But probably their most effective hack was undermining the integrity of sim card encryption after the highly successful (for them) Gemalto hack.

No citizen based protests or national laws or international regulations or Privacy advocates or leaks or “net neutrality” activists or whistleblowers will ever affect the activities of the Five Eyes.

It is and will remain the most pervasive, extensive, expansive and secretive (independent and to the large part unregulated) espionage alliance in history.

The ECHELON Program

During the course of the Cold War, the ECHELONsurveillance‍ system was initially developed by the FVEY to monitor the communications of the USSR‍ and European countries on the wrong side of the Iron Curtain.

The FVEY has been accused of monitor trillions of privatecommunications‍ worldwide.

In the late 1990s, the existence of ECHELON was disclosed and triggered a major debate in brusselsand to a lesser extent in Congress. As part of efforts in the ongoing, vaguely defined, War on Terror since 2001, the FVEY further expanded their surveillance‍ capabilities.

Internet Backbone

The bulk of the current focus is placed on monitoring digital comms across the internet backbones and much if not all of the cables delivering the service have FVEY listeners at the receiving stations and national termination points and not just in the member countries.

The current face-off between the US and china in South East asia – aside from the sabre rattling over the Paracel & Spratly issue and Chinese territorial claims in the South China Sea – is who will get to deliver and therefore control the internet backbone to Cambodia, terminating in Sihanoukville.

That cable will service the needs of the region (Laos, Myanmar, Thailand, Vietnam, Cambodia, and unofficially parts of China, Malaysia, Indonesia and Singapore)

Snowden (Again)

NSAwhistleblower / traitor (depending on your viewpoint) edward snowden described the Five Eyes as asupranational‍ intelligence organisation that doesn’t answer to the known laws of its own countries”.

Snowden’s leaks revealed that the alliance were spying on one another’s citizens and sharing the collected information with each other in order to circumvent restrictive domesticregulations‍ on surveillance of sovereign nations’ citizens in “peace time”.

Again the definition of “peace time” and its current status is in the eye of the beholder so to speak.

The Main Surveillance Programs

The main surveillance programs jointly operated by the Five Eyes are:

  • PRISM‍ – Operated by the NSA‍ together with the GCHQ‍ and the ASD
  • XKEYSCORE‍ – Operated by the NSA with contributions from the ASD and the GCSB
  • Tempora‍ – Operated by the GCHQ with contributions from the NSA
  • MUSCULAR‍ – Operated by the GCHQ and the NSA
  • STATEROOM‍ – Operated by the ASD, CIA‍ , csec‍ , GCHQ, and NSA

END

Privacy‍ , National Security