Category Archives: Big Surveillance

PODCAST Panel #1: PeerTalk™ Privacy -vs- National Security


Since mid December 2017 our panel was preparing for this first in the series of discussions regarding Privacy -vs- National Security hosted by and drawn from Peerlystcommunity members.

The panel was drawn from a range of disciplines and interests but what united all of the participants was that we are people who are passionate about infosec, civil liberties, and the rule of law.

This series is primarily concerned with how we might align the privacy rights of citizens with the imperatives of predicting, preventing, and reacting to internal & external national security threats.

Our objective was to deliver an opening discussion on the subject matter that would compel further debate and interest, but also attempt to compartmentalise the discrete elements, for discussion on future panels , while at the same time demonstrating the scale of the issues involved with practical real world, non-theoretical examples.

Over the preparation period several pieces were authored on the subject of Privacy -vs- National Security. The links to these associated posts are:

  1. PeerTalk™ Privacy -vs- National Security: One Post To Rule Them All
  2. Video Introduction to Podcast #1 of the PeerTalk™ Privacy -v- National Security Podcast Panel Series
  3. PeerTalk™ Privacy -vs- National Security: Preserve Peace Through (Cyber & Intelligence) Strength
  4. PeerTalk™ Privacy -vs- National Security Sources: In Isolation & Where They Intersect
  5. PeerTalk™ Peerlyst Panel: Privacy vs National Security
  6. PeerTalk™ Privacy -vs- National Security: Gülen FETÖ/PDY, Millî İstihbarat Teşkilatı (MİT) & ByLock
  7. PeerTalk™ Privacy -vs- National Security: You (encryption advocates) are “jerks”, “evil geniuses”, and “pervert facilitators”
  8. PeerTalk™ Privacy -vs- National Security: The Rogues Gallery of Encryption Luddites (Updated 01.16.2018)
  9. Also included below were two essays from panel member Geordie B Stewart MSc CISSP
    1. Polluting the Privacy Debate
    2. Ethical Compromises in the Name of National Security

The questions to the panel in preparation for the discussion were these:

  1. Are recent actions by the Turkish intelligence community reasonable with the backdrop of an alleged serious threat to the security of the state?
  2. Could one ever imagine a similar scenario in the West and if so would it ever be justified?
  3. Does the panel think that while broad brush application of these types of tools and methods by law enforcement and the intelligence community does not happen in the West, does it happen on a case by case basis?
  4. If so, is protecting one person from a miscarriage of justice using illegally obtained surveillance data more important than allowing warrantless mass surveillance and trusting that the intelligence community and political / commercial interests will not abuse the knowledge yielded from the data and rather use it for the national interest?
  5. Finally, does the panel have faith in the oversight and governance mechanism looking to protect citizens of Western nations whose data is acquired by programs such as PRISM and queried using tools such as XKeyscore?”

The panellists were:

Graham Joseph Penrose‍ (Moderator), Interim Manager in a range of Startups, Privacy Advocate, Avid Blogger, and Homeless Activist. I began my career in IT 30 years ago in Banking and in the intervening period I have applied technology and in particular secure communications to assist me in various roles but most aggressively as the owner of a Private MilitarySecurity Company operating in High Risk Areas globally. I am apparently a Thought Leader and Authority in the Privacy space according to various independent third party research organisations and I am member of the IBM Systems Innovators Program.

Kim Crawley‍, Cybersecurity Journalist. A respected and valued contributor to Peerlyst and publications including Cylance,AlienVault, Tripwire, and Venafi.

Emily Crose‍, Network Security Researcher with 10 years experience in both offensive and defensive security roles, 7 of those years were spent in the service of the United States Intelligence Community. She is currently the director of the Nemesis projectand works for a cyber security startup in the Washington DC area.

Lewis De Payne‍, Board Member, Vice President & CTO/CISO of medical diagnostics company aiHEALTH, LLC. CTO/CIIO of a social commerce startup and a founding shareholder in Keynetics responsible for the patented online fraud control tools known as Kount. Lewis has had some adversarial contacts with the FBI that are documented in several of Kevin Mitnick’s (and other writers’) books. Lewis electronically wiretapped the FBI and other law enforcement bureaus, and recorded some of their activities (which included having informants perform illegal wiretaps, so they could gain probable cause to obtain search warrants). In his younger days, Lewis took the US government to court several times In one case his proceedings set legalprecedent when the 9th Circuit Court of Appeals heard his Jencks Action and ruled in his favour causing the FBI to have to return all seized property (and computers) to him, and others.

Geordie B Stewart MSc CISSP‍, Director at Risk Intelligence which company provides a range of specialist infosec services to organisations including risk analysis, policy development, security auditing and compliance, education, training, and continuity planning. Geordie writes and speaks frequently on the topics of Privacy, Ethics and National Security. Partly because he thinks they are important topics, but partly to increase his embarrassment when his web history eventually leaks. Geordie also writes the security awareness column for the ISSA Journal and works in senior security leadership roles for large organisations.

Dean Webb‍, Network Security Specialist. Dean has 12 years of experience in IT and IT Security, as well as over two decades as an instructor and journalist with particular focus on national security issues, espionage, and civil rights.

We enjoyed a wide ranging and informative discussion over the course of the 90 minutes and while we were not in a position to cover all of the material it was a very acceptable starting point and a stake in the ground with respect to what the community can expect from this series of panels.

I opened the discussion with the question:

“Where do the panellists believe that the line should be drawn between what are personal privacy rights versus the needs of national security and do the panellists think that in recent years the public in an atmosphere of “fear” has too easily surrendered a range of privacy rights in favour of national security?”

Please enjoy the recording below which we hope you will find compelling enough to share with your community. We are looking forward to your feedback and we would be very pleased to have your comments, suggestions, and questions. (Don’t forget to subscribe to the Peerlyst YouTube channel so as not to miss the next in our series and also recordings of all of the other panels coming out of the PeerTalk™ initiative.)


Profile of “genius” Parscale, who “won” for Trump & the Facebook political influence juggernaut

Parscale — and every political consultant in a similar situation — is doing this interview to build his business. The introduction of sophisticated digital tools to the process of electing candidates has resulted in a bumper crop of people claiming that they have mastered this inscrutable system and that you should hire them.

Fleshed out, Parscale is the man behind the Trump campaign’s digital media efforts in 2016. He was hired to create a website for $1,500 (as he explained in that “60 Minutes” interview) and then his role expanded until he was managing tens of millions of dollars intended to promote the presidential candidate online.

The point of the interview was, in part, to serve as a profile of Parscale but, more broadly, to explain the primary way in which those millions were spent. Per Parscale’s accounting, that was largely on Facebook advertising. Trump’s team advertised on other platforms, too, but “Facebook was the 500-pound gorilla, 80 percent of the budget kind of thing,” Parscale said.

If you do a search for Brad Parscale’s appearance on “60 Minutes,” the first thing that pops up above the results as of Monday morning is an ad for Brad Parscale. And that, in a nutshell, is Brad Parscale.

Right after the campaign, it was the firm Cambridge Analytica that was making this case, arguing that its black-box analysis of the psychology of American voters allowed Trump to target specific sorts of people with ads that dug deep into their brains to trigger a response. The company (owned in part by the family of Robert Mercer, which was in other ways essential to Trump’s success) wanted to convince future candidates that they could work their magic to get them elected, too.

To “60 Minutes,” Parscale dismissed that claim — in part because he was in the midst of claiming that he was the one with the magic touch. He didn’t think Cambridge Analytica’s system of creating “psychographic” profiles of people was sinister, he said — he just didn’t think it worked.

Which is a simply bizarre claim in the broader context. It isn’t that Parscale doesn’t think that building profiles of people to target ads to them doesn’t work. It’s that Parscale doesn’t seem to realize that this is basically what Facebook was doing for him, in real-time.

By its very nature, Facebook does a more complete and more robust version of what Cambridge Analytica claims to accomplish. In 2014, we explained how Facebook’s political tools work, how it combines data about what you’ve clicked with outside consumer data to get as complete a picture of who you are and what you like as anything that exists. But then it overlays the ability to advertise specific things to specific people — and to test and refine and improve on those ads.

This is what Parscale was describing to “60 Minutes” — not his genius, but Facebook’s. He shows the nifty tricks that you can do with Facebook, A/B testing (as the process is known) different versions of ads with different photos and ads that allow the most effective to quickly rise to the surface. He clearly used all of those secret buttons, clicks and technology that he sought, leveraging Facebook’s deep sense of its individual users and tools to target them. Stepping back, Parscale comes off like the guy who hires LeBron James to play on his team in a 3-on-3 basketball tournament and then brags about his capable coaching. He’s an ad buyer, who lets the platform — say, on Google, when you search for his name — do the work.

The takeaway from the “60 Minutes” interview is simple. Facebook is a juggernaut that’s probably more influential in politics than it realizes itself. (See this New York magazine article to that end.)

Parscale says that his wife likes to say that “[he] was thrown into the Super Bowl, never played a game and won.” Right. It’s just that, in that example, he’s neither Tom Brady nor Bill Belichick. At best, he’s the guy who decided to hire them.

Full story ‘60 Minutes’ profiles the genius who won Trump’s campaign: Facebook

Boiling Privacy Frogs

I really wish that I understood more about psychology and the human condition. The behaviour that puzzles me over and over again and for which I have no explanation is our ability to observe something happening that is detrimental to us in every way and yet do nothing.

It is the “Boiling Frog Phenomenon” which was allegedly a 19th century science experiment where a frog was placed in a pan of boiling water, the frog quickly jumped out. However, when the frog was put in cold water and the water slowly boiled over time, the frog did not perceive the danger and just boiled to death. The hypothesis being that the change in temperature was so gradual that the frog did not realize it was boiling to death.

To demonstrate the same effect in terms of the privacy, surveillance, unwarranted government intrusion debate just trace the evolving public attitude to the J. Edgar Hoover’s Subversive Files, COINTELPRO, The Iraq WMD Lie, Snowden & PRISM, and WikiLeaks Vault 7.

I have come to the conclusion that in relation to our right to privacy that we are all frogs in tepid water, the temperature of which is starting to rise rapidly, and we have no intention of jumping out.


The Laurel & Hardy of Cybersecurity

When Turnbull and Brandis shuffle off to some home for the bewildered in a few years it is all of us that will be left with the legacy of their carry-on.

Here are some of the victories that these two beauties have presided over, and they don’t even know how it works, not even a little bit:

In an effort to drag the continent out from under the “stupid boy” stereotype, the Lowy Institute for International Policy, has just attempted to polish a turd by proposing that despite everything “Australia might be on the right encryption-cracking track” after all.

“From a cyber security perspective, as Patrick Gray has pointed out, sufficient safeguards could be placed around these ‘updates’ to ensure that they couldn’t be reverse engineered – they wouldn’t need to be a ‘backdoor,’ open to abuse. And by focusing on a device rather than a specific app, the displacement effect, so obvious in focusing government efforts on just What’s App or Telegram, would not apply.

In theory then, this model appears promising. How closely it aligns with the legislation promised by Turnbull and George Brandis last week remains to be seen. But whichever legislative model Australia pursues, its progress will be watched closely by governments across the world. And of course, by a whole host of technology and communications companies.

Recent developments suggest that underneath the techno-babble, political point scoring and counter-terrorism blame game, governments the world over are faced by a very real policy problem. Australia may prove to be the test case for a policy solution that has far reaching consequences for privacy, technological development and the future of law enforcement operations.”

Try again gents.


Building A Global Nation State SMB Exploit Honeypot Infrastructure With A £50 Budget #EternalPot

Note to post: All words, IP ownership, analysis, opinions, data, graphs et al are the property of Kevin Beaumont and where altered and extracted are done so remaining true to the original meaning / assertions. From and article by “Kevin Beaumont InfoSec, from the trenches of reality. Email | Twitter: @gossithedog on Twitter” titled “EternalPot — Lessons from building a global Nation State SMB exploit honeypot infrastructure” at

Worthy of note before beginning to read this beauty – Mr. Beaumont predicted that this would happen back in April 2017:

Now over to the expert ….

Extracts BEGIN (again full original article here

A week ago I started building #EternalPot, a honeypot for the Equation Group SMB exploits leaked by the Shadow Brokers last month.” (May 2017) – “My entire budget for one of this is £50, as I self fund all my InfoSec research — I work for a company that makes crab paste, so everything is done outside of work, on my own time. I highly recommend working InfoSec for a company where the CapEx tap is turned off temporarily, by the way, as you’ll find out how skilled your workforce are and you’ll get back to the most important part of InfoSec: the basics. Build simple solutions, always…..



There has been a lot of vendor and press coverage of WannaCry which has been inaccurate. Despite what has been said, WannaCry was not spread via phishing or email — in fact, it was an SMB worm. Seeing a constant stream of misinformation from InfoSec vendors still around this has been depressing — it still continues to this day, long since the major players and initial victims walked back the email line…..



The EternalPot data has shown advanced attacks, multiple coin miners, remote access trojans and lateral movement attempts into corporate networks — all via the Windows SMBv1 service. One of the exploits — EternalBlue — was used by the WannaCry ransomware spreader…..



As you can see pre-WannaCry (refer to diagram in article and below), these SMB attacks were almost non-existent. It’s an SMB worm like the ones from the prior decade. Another angle to the press coverage was Windows XP being impacted — in fact, an entire weekend of UK mainstream media and political commentary ran about this. While SMBv1 has serious issues on Windows XP and 2003 (and on later OSes!) and should be patched and firewalled (aka disabled), the reality was the WannaCry spreader didn’t work on Windows XP SP3…..




All the WannaCry samples seen so far — thousands delivered in real world honeypots — have two factors:

  1. They are one of two corrupt versions, where they spread but fail to execute ransomware as the PE headers are corrupt.
  2. They contain working killswitches.

If you’re pondering why WannaCry seemed to disappear almost completely, here we are. The authors simply disappeared. The Tor payment pages don’t even exist now. We owe MalwareTech more than pizza…..



Another angle to the press coverage was Windows XP being impacted — in fact, an entire weekend of UK mainstream media and political commentary ran about this. While SMBv1 has serious issues on Windows XP and 2003 (and on later OSes!) and should be patched and firewalled (aka disabled), the reality was the WannaCry spreader didn’t work on Windows XP SP3. Here’s Kaspersky’s graph of infected operating systems…..




One thing I will say — I don’t want to name the vendors, but some of the biggest next-generation security productssimply aren’t detecting SMB attacks nearly well enough. Malware regularly infects these systems, and they have to be reimaged as a result. It is amazing seeing next gen, premium tools with machine learning etc running Coin Miners andremote access trojans delivered via old exploits, with the tools not even noticing. It has been very eye opening for me. The marketing to reality Venn diagram here isn’t so Venn. At times it is so bad it is actually jaw dropping seeing certain attacks not being detected…..

Extracts END (again full original article here


Love False Positives – The Day The Bank Said I Bought A Heavy Machine Gun Online

On the 15th November 2013 I made a wire transfer using Permanent TSB Open24. Open24 is an online banking service. For those of you who do not know, Permanent TSB is a retail bank that operates in the Republic of Ireland.

Worthy of note is that retail banking in the Republic is characterised by spectacular systems malfunctionsoutages, IT meltdowns and downright thievery.

But that’s ok because the government of Ireland loves banks and they can really do or not do (as is often the case) what they like – without fear of sanction. Oh, and when they lose their shirts gambling with their customers money then the Irish tax payer gets to pay for it. But I digress.

When Kids Try To Be Adults

I first became aware of my international arms purchasing activities when I received a phone call on my cell phone from a private number. I answered and was greeted by a what sounded like a teenage girl who informed me that an intermediary bank, used by Permanent TSB for payments to South East Asia, had sent an email to the bank requesting information about an international payment that I had made a few days previously.

Before describing the contents of the email, the clearly worried banker (worried because she was talking to an international arms dealer who buys his weapons over the open internet (who needs the Dark Web)), stated that I had bought a heavy machine gun and that I had asked that it be mailed to the address of one of our corporate apartments in Dublin, Ireland. As you do.

The intermediary bank was CitiBank in Frankfurt she informed me. They had contacted the Treasury Department and they in turn were dealing directly with the beneficiary bank in Singapore who were the first to flag the transaction.

The email read:


The beneficiary Bank sent the below SWIFT message to our treasury department via CitiBank:


      1. FULL NAME.

I trust the above is in order.

Kind Regards,


She informed me that the Bank could not facilitate international arms purchases and that law enforcement had been informed including the local police station to the bank branch from which my transaction emanated, the Organised Crime Unit, and of course Security & Intelligence. The latter is the central point of contact for An Garda Síochána with all external agencies – both law enforcement and security/intelligence – with regard to international cooperation in the fight against terrorism and organised crime.

The Very Boring Reality

The transfer that caused this international “counter-terrorism / counter organised crime” flurry of activity between one local bank, two international banks and law enforcement in three countries was made by me to an organisation called SERVCORP.

SERVCORP is a company in SINGAPORE that provide a telephone answering service for my company TMG Corporate Services. The actual mandate for the transfer had been set up months previously by Permanent TSB themselves at the request of TMG Corporate Services Accounts Department. The same payment had been made on several previous occasions.

The transfer they said was for the purchase of an automatic weapon namely a BROWNING M2 Machine Gun TMG F70.

And how had they come to this conclusion? Well, simply because the reference on the payment was TMGF70. The reference was TMGF70 because that was the reference used by SERVCORP on the invoice that they had issued for that months services.

“TMG” being an acronym for The Mediator Group and F70 some internal reference for SERVCORP.

The Browning M2

The Browning M2 is a chain-fed, air-cooled heavy machine gun (TMG) in caliber 12.70 x 99 mm NATO , produced by the American manufacturer Browning at the end of World War II. The rifle has a maximum range of 7,500 meters and an effective range of 1,800 meters and can use different types of ammunition: full sharp, armor, armor fire and tracer.

Here I am proudly modelling a “Ma Deuce” I managed to buy in the duty free shop at Heathrow Airport.

Ma Deuce

Bargain Hunter

What was even more impressive about my purchase was that I acquired this impressive weapon for SGD$70 or EUR€45.25 at todays spot rate on XE.COM.



The CIA Dark Triad – Windows, macOS & Linux

According to the WikiLeaks Vault 7 dump the CIA deploys malware that includes the capability to hack, remotely view and/or clone devices running the Windows, macOS, and Linux operating systems.

This seems to suggest that the agency has no problem bypassing encryption, proxies, VPN and that Tor anonymity is a myth.

This does not mean that each of the point solutions offering a product under each of the above headings have been compromised. Rather it means that the OS level hack capability of the CIA – as seen on iOS and Android – means that they can gain full control of the device and render any point solution counter measures moot.

Therefore they subvert the platform which by extension means that anything that is running on the platform is subverted.

Tablet, laptop, smart-phone, AV device – it seems they are all fair game and in that case so is everything that you do on them.

You have been warned.

You are being watched.