Showing posts with label passwords. Show all posts
Showing posts with label passwords. Show all posts

Saturday, July 15, 2017

The Intercept Discloses Top-Secret NSA Document On Russia Hacking Aimed At US Voting System

The report details an operation targeting voter registration in 2016.

By Ben Dreyfuss

On Monday, the Intercept published a classified internal NSA document noting that Russian military intelligence mounted an operation to hack at least one US voting software supplier—which provided software related to voter registration files—in the months prior to last year’s presidential contest. It has previously been reported that Russia attempted to hack into voter registration systems, but this NSA document provides details of how one such operation occurred.

According to the Intercept:
The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the US election and voting infrastructure. The report, dated May 5, 2017, is the most detailed US government account of Russian interference in the election that has yet come to light.
While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A US intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.
The report indicates that Russian hacking may have penetrated further into US voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.
Go read the whole thing.

Sunday, July 9, 2017

Trump’s Son Met With Russian Lawyer After Being Promised Damaging Information On Clinton

A meeting arranged by Donald Trump Jr. was held at Trump Tower in June 2016 with a Russian lawyer who has connections to the Kremlin. Credit Sam Hodgson for The New York Times
President Trump’s eldest son, Donald Trump Jr., was promised damaging information about Hillary Clinton before agreeing to meet with a Kremlin-connected Russian lawyer during the 2016 campaign, according to three advisers to the White House briefed on the meeting and two others with knowledge of it.

The meeting was also attended by his campaign chairman at the time, Paul J. Manafort, and his son-in-law, Jared Kushner. Mr. Manafort and Mr. Kushner only recently disclosed the meeting, though not its content, in confidential government documents described to The New York Times.

The Times reported the existence of the meeting on Saturday. But in subsequent interviews, the advisers and others revealed the motivation behind it.

The meeting — at Trump Tower on June 9, 2016, two weeks after Donald J. Trump clinched the Republican nomination — points to the central question in federal investigations of the Kremlin’s meddling in the presidential election: whether the Trump campaign colluded with the Russians. The accounts of the meeting represent the first public indication that at least some in the campaign were willing to accept Russian help.

And while Trump has been dogged by revelations of undisclosed meetings between his associates and the Russians, the episode at Trump Tower is the first such confirmed private meeting involving members of his inner circle during the campaign — as well as the first one known to have included his eldest son. It came at an inflection point in the campaign, when Donald Trump Jr., who served as an adviser and a surrogate, was ascendant and Mr. Manafort was consolidating power.

It is unclear whether the Russian lawyer, Natalia Veselnitskaya, actually produced the promised compromising information about Mrs. Clinton. But the people interviewed by The Times about the meeting said the expectation was that she would do so.

In a statement on Sunday, Donald Trump Jr. said he had met with the Russian lawyer at the request of an acquaintance. “After pleasantries were exchanged,” he said, “the woman stated that she had information that individuals connected to Russia were funding the Democratic National Committee and supporting Ms. Clinton. Her statements were vague, ambiguous and made no sense. No details or supporting information was provided or even offered. It quickly became clear that she had no meaningful information.”

He said she then turned the conversation to adoption of Russian children and the Magnitsky Act, an American law that blacklists suspected Russian human rights abusers. The law so enraged President Vladimir V. Putin of Russia that he retaliated by halting American adoptions of Russian children.

“It became clear to me that this was the true agenda all along and that the claims of potentially helpful information were a pretext for the meeting,” Mr. Trump said.

When he was first asked about the meeting on Saturday, he said only that it was primarily about adoptions and mentioned nothing about Mrs. Clinton.
President Trump’s son-in-law, Jared Kushner, also attended the meeting last year at Trump Tower. Credit Ruth Fremson/The New York Times
Mark Corallo, a spokesman for the president’s lawyer, said on Sunday that “Trump was not aware of and did not attend the meeting.”

Lawyers and spokesmen for Mr. Kushner and Mr. Manafort did not immediately respond to requests for comment. In his statement, Donald Trump Jr. said he asked Mr. Manafort and Mr. Kushner to attend, but did not tell them what the meeting was about.

American intelligence agencies have concluded that Russian hackers and propagandists worked to tip the election toward Donald J. Trump, in part by stealing and then providing to WikiLeaks internal Democratic Party and Clinton campaign emails that were embarrassing to Mrs. Clinton. WikiLeaks began releasing the material on July 22.

A special prosecutor and congressional committees are now investigating the Trump campaign’s possible collusion with the Russians. Mr. Trump has disputed that, but the investigation has cast a shadow over his administration.

Mr. Trump has also equivocated on whether the Russians were solely responsible for the hacking. On Sunday, two days after his first meeting as president with Mr. Putin, Mr. Trump said in a Twitter post: “I strongly pressed President Putin twice about Russian meddling in our election. He vehemently denied it. I’ve already given my opinion.....” He also tweeted that they had “discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded...””

On Sunday morning on Fox News, the White House chief of staff, Reince Priebus, described the Trump Tower meeting as a “big nothing burger.”

“Talking about issues of foreign policy, issues related to our place in the world, issues important to the American people is not unusual,” he said.

But Representative Adam B. Schiff of California, the leading Democrat on the House Intelligence Committee, one of the panels investigating Russian election interference, said he wanted to question “everyone that was at that meeting.”

“There’s no reason for this Russian government advocate to be meeting with Paul Manafort or with Mr. Kushner or the president’s son if it wasn’t about the campaign and Russia policy,” Mr. Schiff said after the initial Times report.

Ms. Veselnitskaya, the Russian lawyer invited to the Trump Tower meeting, is best known for mounting a multipronged attack against the Magnitsky Act.

The adoption impasse is a frequently used talking point for opponents of the act. Ms. Veselnitskaya’s campaign against the law has also included attempts to discredit the man after whom it was named, Sergei L. Magnitsky, a lawyer and auditor who died in 2009 in mysterious circumstances in a Russian prison after exposing one of the biggest corruption scandals during Mr. Putin’s rule.
Mr. Trump’s former campaign chairman, Paul J. Manafort, at the Republican National Convention in July 2016 in Cleveland. Credit Sam Hodgson for The New York Times
Ms. Veselnitskaya’s clients include state-owned businesses and a senior government official’s son, whose company was under investigation in the United States at the time of the meeting. Her activities and associations had previously drawn the attention of the F.B.I., according to a former senior law enforcement official.

Ms. Veselnitskaya said in a statement on Saturday that “nothing at all about the presidential campaign” was discussed. She recalled that after about 10 minutes, either Mr. Kushner or Mr. Manafort walked out.

She said she had “never acted on behalf of the Russian government” and “never discussed any of these matters with any representative of the Russian government.”

The Trump Tower meeting was disclosed to government officials in recent days, when Mr. Kushner, who is also a senior White House aide, filed a revised version of a form required to obtain a security clearance.

The Times reported in April that he had failed to disclose any foreign contacts, including meetings with the Russian ambassador to the United States and the head of a Russian state bank. Failure to report such contacts can result in a loss of access to classified information and even, if information is knowingly falsified or concealed, in imprisonment.

Mr. Kushner’s advisers said at the time that the omissions were an error, and that he had immediately notified the F.B.I. that he would be revising the filing.

In a statement on Saturday, Mr. Kushner’s lawyer, Jamie Gorelick, said: “He has since submitted this information, including that during the campaign and transition, he had over 100 calls or meetings with representatives of more than 20 countries, most of which were during transition. Mr. Kushner has submitted additional updates and included, out of an abundance of caution, this meeting with a Russian person, which he briefly attended at the request of his brother-in-law Donald Trump Jr. As Mr. Kushner has consistently stated, he is eager to cooperate and share what he knows.”

Mr. Manafort, the former campaign chairman, also recently disclosed the meeting, and Donald Trump Jr.’s role in organizing it, to congressional investigators who had questions about his foreign contacts, according to people familiar with the events. Neither Mr. Manafort nor Mr. Kushner was required to disclose the content of the meeting.

A spokesman for Mr. Manafort declined to comment.

Since the president took office, Donald Trump Jr. and his brother Eric have assumed day-to-day control of their father’s real estate empire. Because he does not serve in the administration and does not have a security clearance, Donald Trump Jr. was not required to disclose his foreign contacts.

Federal and congressional investigators have not publicly asked for any records that would require his disclosure of Russian contacts.

Ms. Veselnitskaya is a formidable operator with a history of pushing the Kremlin’s agenda. Most notable is her campaign against the Magnitsky Act, which provoked a Cold War-style, tit-for-tat dispute with the Kremlin when President Barack Obama signed it into law in 2012.

Under the law, about 44 Russian citizens have been put on a list that allows the United States to seize their American assets and deny them visas. The United States asserts that many of them are connected to the fraud exposed by Mr. Magnitsky, who after being jailed for more than a year was found dead in his cell. A Russian human rights panel found that he had been assaulted. To critics of Mr. Putin, Mr. Magnitsky, in death, became a symbol of corruption and brutality in the Russian state.
An infuriated Mr. Putin has called the law an “outrageous act,” and, in addition to banning American adoptions, he compiled what became known as an “anti-Magnitsky” blacklist of United States citizens.

Among those blacklisted was Preet Bharara, then the United States attorney in Manhattan, who led notable convictions of Russian arms and drug dealers. Mr. Bharara was abruptly fired in March, after previously being asked to stay on by President Trump.

One of Ms. Veselnitskaya’s clients is Denis Katsyv, the Russian owner of Prevezon Holdings, an investment company based in Cyprus. He is the son of Petr Katsyv, the vice president of the state-owned Russian Railways and a former deputy governor of the Moscow region. In a civil forfeiture case prosecuted by Mr. Bharara’s office, the Justice Department alleged that Prevezon had helped launder money linked to the $230 million corruption scheme exposed by Mr. Magnitsky by putting it in New York real estate and bank accounts. Prevezon recently settled the case for $6 million without admitting wrongdoing.

Ms. Veselnitskaya and her client also hired a team of political and legal operatives to press the case for repeal. And they tried but failed to keep Mr. Magnitsky’s name off a new law that takes aim at human-rights abusers across the globe. The team included Rinat Akhmetshin, an √©migr√© to the United States who once served as a Soviet military officer and who has been called a Russian political gun for hire. Fusion GPS, a consulting firm that produced an intelligence dossier that contained unverified allegations about Mr. Trump, was also hired to do research for Prevezon.

Ms. Veselnitskaya was also deeply involved in the making of a film that disputes the widely accepted version of Mr. Magnitsky’s life and death. In the film and in her statement, she said the true culprit of the fraud was William F. Browder, an American-born financier who hired Mr. Magnitsky to investigate the fraud after three of his investment funds companies in Russia were seized.

Mr. Browder called the film a state-sponsored smear campaign.

“She’s not just some private lawyer,” Mr. Browder said of Ms. Veselnitskaya. “She is a tool of the Russian government.”

John O. Brennan, a former C.I.A. director, testified in May that he had been concerned last year by Russian government efforts to contact and manipulate members of Mr. Trump’s campaign. “Russian intelligence agencies do not hesitate at all to use private companies and Russian persons who are unaffiliated with the Russian government to support their objectives,” he said.

The F.B.I. began a counterintelligence investigation last year into Russian contacts with any Trump associates. Agents focused on Mr. Manafort and a pair of advisers, Carter Page and Roger J. Stone Jr.

Among those now under investigation is Michael T. Flynn, who was forced to resign as Mr. Trump’s national security adviser after it became known that he had falsely denied speaking to the Russian ambassador about sanctions imposed by the Obama administration over the election hacking.

Congress later discovered that Mr. Flynn had been paid more than $65,000 by companies linked to Russia, and that he had failed to disclose those payments when he renewed his security clearance and underwent an additional background check to join the White House staff.

In May, the president fired the F.B.I. director, James B. Comey, who days later provided information about a meeting with Mr. Trump at the White House. According to Mr. Comey, the president asked him to end the bureau’s investigation into Mr. Flynn; Mr. Trump has repeatedly denied making such a request. Robert S. Mueller III, a former F.B.I. director, was then appointed as special counsel.

The status of Mr. Mueller’s investigation is not clear, but he has assembled a veteran team of prosecutors and agents to dig into any possible collusion.

Saturday, June 24, 2017

Obama’s secret struggle to punish Russia for Putin’s election assault

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. 

Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent.

Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.

https://www.washingtonpost.com/graphics/2017/world/national-security/obama-putin-election-hacking/?utm_term=.12a31b9dd507&hpid=hp_hp-top-table-main_russiaobama-banner-7a%3Ahomepage%2Fstory

2016 election is officially illegitimate. TIME: Hackers Altered Voter Rolls

http://time.com/4828306/russian-hacking-election-widespread-private-data/

Election Hackers Altered Voter Rolls, Stole Private Data, Officials Say
Massimo Calabresi - Jun 22, 2017

The hacking of state and local election databases in 2016 was more extensive than previously reported, including at least one successful attempt to alter voter information, and the theft of thousands of voter records that contain private information like partial Social Security numbers, current and former officials tell TIME.

In one case, investigators found there had been a manipulation of voter data in a county database but the alterations were discovered and rectified, two sources familiar with the matter tell TIME. Investigators have not identified whether the hackers in that case were Russian agents.

The fact that private data was stolen from states is separately providing investigators a previously unreported line of inquiry in the probes into Russian attempts to influence the election. In Illinois, more than 90% of the nearly 90,000 records stolen by Russian state actors contained drivers license numbers, and a quarter contained the last four digits of voters’ Social Security numbers, according to Ken Menzel, the General Counsel of the State Board of Elections.

Congressional investigators are probing whether any of this stolen private information made its way to the Trump campaign, two sources familiar with the investigations tell TIME.

“If any campaign, Trump or otherwise, used inappropriate data the questions are, How did they get it? From whom? And with what level of knowledge?” the former top Democratic staffer on the House Intelligence Committee, Michael Bahar, tells TIME. “That is a crux of the investigation."

Tuesday, May 9, 2017

Why The Sally Yates Hearing Was Very Bad News For The Trump White House

The president just lost his favorite piece of spin for countering the Russia scandal.



The much-anticipated Senate hearing on Monday afternoon with former acting attorney general Sally Yates and former director of national intelligence James Clapper confirmed an important point: the Russia story still poses tremendous trouble for President Donald Trump and his crew.

Yates recounted a disturbing tale. She recalled that on January 26, she requested and received a meeting with Don McGahn, Trump's White House counsel. At the time, Vice President Mike Pence and other White House officials were saying that ret. Lt. Gen. Michael Flynn, Trump's national security adviser, had not spoken the month before with the Russian ambassador to the United States, Sergey Kislyak, about the sanctions then-President Barack Obama had imposed on the Russians as punishment for Moscow's meddling in the 2016 presidential campaign. Yates' Justice Department had evidence—presumably intercepts of Flynn's communications with Kislyak—that showed this assertion was flat-out false.

At that meeting, Yates shared two pressing concerns with McGahn: that Flynn had lied to the vice president and that Flynn could now be blackmailed by the Russians because they knew he had lied about his conversations with Kislyak. As Yates told the members of the Senate subcommittee on crime and terrorism, "To state the obvious: you don't want your national security adviser compromised by the Russians." She and McGahn also discussed whether Flynn had violated any laws.

The next day, McGahn asked Yates to return to the White House, and they had another discussion. According to Yates, McGahn asked whether it would interfere with the FBI's ongoing investigation of Flynn if the White House took action regarding this matter. No, Yates said she told him. The FBI had already interviewed Flynn. And Yates explained to the senators that she had assumed that the White House would not sit on the information she presented McGahn and do nothing.

But that's what the White House did. McGahn in that second meeting did ask if the White House could review the evidence the Justice Department had. She agreed to make it available. (Yates testified that she did not know whether this material was ever reviewed by the White House. She was fired at that point because she would not support Trump's Muslim travel ban.) Whether McGahn examined that evidence about Flynn, the White House did not take action against him. It stood by Flynn. He remained in the job, hiring staff for the National Security Council and participating in key policy decision-making.

On February 9, the Washington Post revealed that Flynn had indeed spoken with Kislyak about the sanctions. And still the Trump White House backed him up. Four days later, Kellyanne Conway, a top Trump White House official, declared that Trump still had "full confidence" in Flynn. The next day—as a media firestorm continued—Trump fired him. Still, the day after he canned Flynn, Trump declared, "Gen. Flynn is a wonderful man. I think he has been treated very, very unfairly by the media, as I call it, the fake media in many cases. And I think it is really a sad thing that he was treated so badly." Trump displayed no concern about Flynn's misconduct.

The conclusion from Yates' testimony was clear: Trump didn't dump Flynn until the Kislyak matter became a public scandal and embarrassment. The Justice Department warning—hey, your national security adviser could be compromised by the foreign government that just intervened in the American presidential campaign—appeared to have had no impact on Trump's actions regarding Flynn. Imagine what Republicans would say if a President Hillary Clinton retained as national security adviser a person who could be blackmailed by Moscow.

The subcommittee's hearing was also inconvenient for Trump and his supporters on another key topic: it destroyed one of their favorite talking points.

On March 5, Clapper was interviewed by NBC News' Chuck Todd on Meet the Press and asked if there was any evidence of collusion between members of the Trump campaign and the Russians. "Not to my knowledge," Clapper replied. Since then, Trump and his champions have cited Clapper to say there is no there there with the Russia story. Trump on March 20 tweeted, "James Clapper and others stated that there is no evidence Potus colluded with Russia. The story is FAKE NEWS and everyone knows it!" White House press secretary Sean Spicer has repeatedly deployed this Clapper statement to insist there was no collusion.

At Monday's hearing, Clapper pulled this rug out from under the White House and its comrades. He noted that it was standard policy for the FBI not to share with him details about ongoing counterintelligence investigations. And he said he had not been aware of the FBI's investigation of contacts between Trump associates and Russia that FBI director James Comey revealed weeks ago at a House intelligence committee hearing. Consequently, when Clapper told Todd that he was not familiar with any evidence of Trump-Russia collusion, he was speaking accurately. But he essentially told the Senate subcommittee that he was not in a position to know for certain. This piece of spin should now be buried. Trump can no longer hide behind this one Clapper statement.

Clapper also dropped another piece of information disquieting for the Trump camp. Last month, the Guardian reported that British intelligence in late 2015 collected intelligence on suspicious interactions between Trump associates and known or suspected Russian agents and passed this information to to the United States "as part of a routine exchange of information." Asked about this report, Clapper said it was "accurate." He added, "The specifics are quite sensitive." This may well have been the first public confirmation from an intelligence community leader that US intelligence agencies have possessed secret information about ties between Trump's circle and Moscow. (Comey testified that the FBI's counterintelligence investigation of links between Trump associates and Russian began in late July 2016.)

So this hearing indicated that the Trump White House protected a national security adviser who lied and who could be compromised by Moscow, that Trump can no longer cite Clapper to claim there was no collusion, and that US intelligence had sensitive information on interactions between Trump associates and possible Russian agents as early as late 2015. Still, most of the Republicans on the panel focused on leaks and "unmasking"—not the main issues at hand. They collectively pounded more on Yates for her action regarding the Muslim travel ban than on Moscow for its covert operation to subvert the 2016 election to help Trump.

This Senate subcommittee, which is chaired by Sen. Lindsey Graham (R-S.C.), is not mounting a full investigation comparable to the inquiry being conducted by the Senate intelligence committee (and presumably the hobbled House intelligence committee). It has far less staff, and its jurisdiction is limited. But this hearing demonstrated that serious inquiry can expand the public knowledge of the Trump-Russia scandal—and that there remains much more to examine and unearth.

Thursday, March 30, 2017

Majority Want Trump To Resign If His Campaign Colluded With Russia

If the Trump campaign worked with Russia to sway the 2016 election, the American people want the president to start packing his bags.

By Sean Colarossi

If it turns out that Donald Trump’s campaign did, indeed, work with the Russians to defeat Hillary Clinton in last fall’s presidential election, a majority of the country – 53 percent – thinks the president should resign.

According to the explosive new poll from Public Policy Polling (PPP), which debuted Wednesday night on MSNBC’s Rachel Maddow Show, the American people said – by a 14-point margin – that Trump should step down if there was collusion.



Another result revealed on Maddow’s program found that a plurality of the country believes Trump’s campaign did, in fact, work with Russia to swing the 2016 election in his favor.

If you’re keeping score at home: The American people think both that Trump’s campaign colluded with Russia and that the president should resign as a result.

While there is endless political polling released on a weekly basis asking about hypothetical scenarios, what should be terrifying to the White House is that the explosive Russia scandal is just one more investigation or one more small piece of evidence away from making the questions posed in the PPP survey a reality.

At that point, the president will have to face a country that doesn’t just believe he isn’t doing a good job, as polls repeatedly suggest, but also that he should no longer have the job at all.

Friday, March 24, 2017

Republicans tried to hide payments to Russia-linked intel firm for dirt-digging on Hillary Clinton

By David Ferguson

The Republican National Committee (RNC) tried to conceal payments it made during the 2016 election to a shadowy intelligence-gathering firm for opposition research against Democratic candidate Hillary Clinton.

Politico reported on Friday that the RNC paid $41,500 to the Hamilton Trading Group, a Virginia-based private company run by former CIA operatives. The agency worked with a former Russian spy to hunt for information that would show conflicts of interest between Clinton’s role as Secretary of State and her interests as a private citizen and leader of the Clinton Foundation.

Observers in politics and intelligence noted that it would be odd for the RNC to make payments to Hamilton Trading given that the group specializes in matters pertaining to Russia.

“RNC officials and the president and co-founder of Hamilton Trading Group, an ex-CIA officer named Ben Wickham, insisted the payments, which eventually totaled $41,500, had nothing to do with Russia,” wrote Politico’s Kenneth P. Vogel and Eli Stokols.

Wickham and the RNC initially claimed that the payments were in return for building and security analyses of RNC headquarters in Washington.

“But RNC officials now acknowledge that most of the cash — $34,100 — went towards intelligence-style reports that sought to prove conflicts of interest between Democratic presidential candidate Hillary Clinton’s tenure as Secretary of State and her family’s foundation,” Politico said.

HTG produced two dossiers, both of which attempted to make a case that Clinton directed U.S. interventions in Bulgaria and Israel on behalf of energy firms that donated to the Clinton Foundation, said individuals familiar with the documents.

Wickham told Politico in a Thursday interview that he floated the building inspection story because “any other work we may have done for them” was covered under a nondisclosure agreement.

“I’m not denying that I wasn’t totally forthcoming, but I’m telling you why,” Wickham told Politico.

“The security stuff that we did, which is legitimate, was not covered by any kind of a confidentiality agreement, so I can discuss that.”

Last June, when the RNC filed financial disclosures with the Federal Elections Commission (FEC), a $3,400 payment to Hamilton attracted attention because the firm is not known for building security consultations, but rather for espionage work related to Russia.

“Adding to the intrigue are the firm’s intelligence connections in Russia, where it was known to perform background checks and provide security services for American officials and companies,” said Politico.

The job was handed to former KGB agent Gennady Vasilenko, who declined to comment on the matter.

Wickham denied that his firm looked into any connections between the Trump campaign and the Russian government, saying he has “never had any contact with … Trump or Manafort or their people.” Politico said the RNC has produced documents detailing a list of Clinton-related issues it tasked Hamilton Trading with researching.

He said that while his firm is not well-known for building security, it did an assessment for the RNC to protect against a “McVeigh-type” bombing attack or a gun-wielding intruder like the San Bernardino mass shooting.

“We certainly are not widely known, as we have always been a two- to three-man company and have done little advertising,” Wickham said, adding that the firm has done anti-terror security consultations for Amtrak and the International Monetary Fund’s offices in Moscow.

Friday, March 10, 2017

Moscow's work didn't end on Nov. 8, 2016

Rachel Maddow Says Helping Trump Become POTUS Was Only The Beginning Of Russia’s Operation
 
Maddow says there is growing evidence that Moscow's work didn't end on Nov. 8, 2016 – that was only the opening act. 


The MSNBC star said events that have unfolded during Trump’s time in office show that “Russia may now be reaping its reward, maybe getting what it wants out of the United States government as payback for running the successful op that helped install the new head of the American government.”



During the opening of her show, Maddow said that it’s one thing for the Trump campaign and its officials to meet and seemingly work with the Russians during the campaign – but it’s becoming apparent that the election may have just been the opening act of Moscow’s operation.

The new developments that Wikileaks – the same folks that worked with the Russians to expose hacked DNC emails last year – released a trove of classified CIA material is further proof, Maddow says, that the Russians are likely still trying to meddle in U.S. affairs at the direction of Vladimir Putin. Instead of influencing an election, the goal now seems to be disrupting and undermining U.S. intelligence agencies.

Like usual, there is a connection between the latest WikiLeaks release and the President of the United States.

As Maddow pointed out, Trump supporter Nigel Farage, who recently had dinner with Trump, met with Wikileaks founder Julian Assange just two days after the classified CIA information was reportedly released by the organization. When asked why he was visiting Assange, Farage said he “couldn’t remember.”

While the focus is rightfully on Russia’s involvement in last year’s election and what connection the Russians had with the Trump campaign, it’s also important to consider that Moscow now may be influencing our government. In other words, the election may have just been the beginning.

Maddow brings that point home:
The Russian government attacked our election. The Russian government was in contact with multiple Trump campaign sources while they were doing it. Russian nemeses in the American government – U.S. State Department, CIA – are not faring well since Donald Trump came to power. Is the operation that Russia started during the campaign, is it over? Or are they still running it? Are we still in this now?
It’s unsettling to consider the possibility that Russia, after helping put Donald Trump in the White House, is still influencing U.S. affairs. But there is mounting evidence that Moscow’s work didn’t end on Nov. 8, 2016 – that was only the beginning.

Thursday, March 9, 2017

Rachel Maddow Drops Major Reality Check: Trump-Russia Collusion Looks Increasingly Likely

The MSNBC host told America to "get back to the main point," which is that it's slowly looking like the Trump campaign was working with Russia to topple Hillary Clinton.

On MSNBC’s Rachel Maddow Show on Tuesday, the liberal superstar dropped another Russian reality check on viewers, telling America to “get back to the main point,” which is that it’s slowly looking like the Trump campaign was working with Russia to topple Hillary Clinton last year.

In her opening segment, Maddow focused on a so-far unsubstantiated dossier released in January that details damning links between Trump and high-ranking Russian officials. While Trump and his apologists try to muddy the waters, point fingers, and deny any wrongdoing, more and more of that controversial dossier has become verified as truth.

As Maddow said, pieces from that document continue to fall into place, which is slowly raising the likelihood that Russia and Trump’s campaign worked together.

Rachel Maddow notes that while the dossier of intelligence about Donald Trump ties to Russia remains unconfirmed, pieces of it have checked out upon investigation by the press, though the primary government investigators are former Trump campaign officials.



Maddow said:
Forget all the salacious personal stuff. Forget all the stuff that made the White House so mad when this was published. The bottom line of this dossier, the bottom line allegation, the point of it is that the Trump campaign didn’t just benefit from Russia interfering in our presidential campaign. The point of this is that they colluded, they helped, they were in on it. The money quote from this dossier is, “The operation had been conducted with the full knowledge of Trump and senior members of his campaign team.” That’s basically what this whole dossier alleges – that the Trump folks were in on it.  There were multiple people close to Trump, involved in the Trump campaign, who were in contact with the Russian government about the Russian government’s attacks on Hillary Clinton, while those attacks were happening, while Russia was waging these attacks. Overall, yes, we still have to describe this as a sheaf of uncorroborated allegations, but little pieces supporting that bottom line thesis really do keep falling in line.
Maddow then listed the series of Russian revelations – and secret meetings between Trump associates and the Russian officials – that have come out over the past several weeks, despite initial claims from the president that nobody on his team met with the Russians during the campaign.

It turns out that more than a half-dozen Trump associates are linked to Russia, including Jeff Sessions, Michael Flynn, Carter Page, J.D. Gordon, Paul Manafort, Roger Stone and Michael Cohen.

As Maddow noted in her coverage, it was reported by Politico on Tuesday that one of those associates, Carter Page, was given permission by the Trump campaign last year to make a visit to Russia in the heat of the 2016 election cycle.

The president himself even met with Russian ambassador Sergey Kislyak before giving a campaign speech last year.

All of these bits of information are turning what was previous an unverified dossier into a credible document implicating Donald Trump’s presidential campaign in what would be the biggest political scandal in U.S. history.

Even though there is so much going on in our politics right now, much of it disturbing and distracting, we must not lose focus on this scandal.

Saturday, December 31, 2016

When did Trump develop fealty to Russia, & why does it persist after their cyber attack?


ALTHOUGH PRESIDENT Obama’s sanctions against Russia for interfering with the U.S. presidential election came late, his action on Thursday reflected a bipartisan consensus that penalties must be imposed for Moscow’s audacious hacking and meddling. 

But one prominent voice in the United States reacted differently. President-elect Donald Trump said “it’s time for our country to move on to bigger and better things.” Earlier in the week, he asserted that the “whole age of computer has made it where nobody knows exactly what is going on.”

No, Mr. Trump, it is not time to move on. U.S. intelligence agencies are in agreement about “what is going on”: a brazen and unprecedented attempt by a hostile power to covertly sway the outcome of a U.S. presidential election through the theft and release of material damaging to Democratic nominee Hillary Clinton. The president-elect’s dismissive response only deepens unanswered questions about his ties to Russia in the past and his plans for cooperation with Vladi­mir Putin.

For his part, Mr. Putin seems to be eagerly anticipating the Trump presidency. On Friday, he promised to withhold retaliatory sanctions, clearly hoping the new Trump administration will nullify Mr. Obama’s acts. Then Mr. Trump cheered on Twitter: “Great move on delay (by V. Putin) — I always knew he was very smart!”

For any American leader, an attempt to subvert U.S. democracy ought to be unforgivable — even if he is the intended beneficiary. Some years ago, then-Defense Secretary Leon Panetta warned of a “cyber-Pearl Harbor,” and the fear at the time was of a cyberattack collapsing electric grids or crashing financial markets. Now we have a real cyber-Pearl Harbor, though not one that was anticipated. Mr. Obama has pledged a thorough investigation and disclosure; the information released on Thursday does not go far enough. Congress should not shrink from establishing a select committee for a full-scale probe.

Mr. Obama also hinted at additional retaliation, possibly unannounced, and we believe it would be justified to deter future mischief. How about shedding a little sunshine on Mr. Putin’s hidden wealth and that of his coterie?

Mr. Trump has been frank about his desire to improve relations with Russia, but he seems blissfully untroubled by the reasons for the deterioration in relations, including Russia’s instigation of an armed uprising in Ukraine, its seizure of Crimea, its efforts to divide Europe and the crushing of democracy and human rights at home.

Why is Mr. Trump so dismissive of Russia’s dangerous behavior? Some say it is his lack of experience in foreign policy, or an oft-stated admiration for strongmen, or naivete about Russian intentions. But darker suspicions persist. Mr. Trump has steadfastly refused to be transparent about his multibillion-dollar business empire. Are there loans or deals with Russian businesses or the state that were concealed during the campaign? Are there hidden communications with Mr. Putin or his representatives? We would be thrilled to see all the doubts dispelled, but Mr. Trump’s odd behavior in the face of a clear threat from Russia, matched by Mr. Putin’s evident enthusiasm for the president-elect, cannot be easily explained.

Read more on this topic:
 
Greg Sargent: The Trump camp’s spin on Russian interference is falling apart
Ruth Marcus: On Russia, Trump is incapable of looking past politics
Jennifer Rubin: A moment of truth on Russia

Friday, December 2, 2016

DS Programming For Newbies

This is a PDF file that contains the posts made by Foxi4 in this post as an introduction into C programming.

This is so that people can download & view on mobile devices or print out, without having to go through each & every post he's done.

Tuesday, November 8, 2016

How To Rig An Election

By

It’s almost over. Will we heave a sigh of relief, or shriek in horror? Nobody knows for sure, although early indications clearly lean Clinton. Whatever happens, however, let’s be clear: this was, in fact, a rigged election.

The election was rigged by state governments that did all they could to prevent nonwhite Americans from voting: The spirit of Jim Crow is very much alive — or maybe translate that to Diego Cuervo, now that Latinos have joined African-Americans as targets. Voter ID laws, rationalized by demonstrably fake concerns about election fraud, were used to disenfranchise thousands; others were discouraged by a systematic effort to make voting hard, by closing polling places in areas with large minority populations.

The election was rigged by Russian intelligence, which was almost surely behind the hacking of Democratic emails, which WikiLeaks then released with great fanfare. Nothing truly scandalous emerged, but the Russians judged, correctly, that the news media would hype the revelation that major party figures are human beings, and that politicians engage in politics, as somehow damning.

The election was rigged by James Comey, the director of the F.B.I. His job is to police crime — but instead he used his position to spread innuendo and influence the election. Was he deliberately putting a thumb on the electoral scales, or was he simply bullied by Republican operatives? It doesn’t matter: He abused his office, shamefully.

The election was also rigged by people within the F.B.I. — people who clearly felt that under Mr. Comey they had a free hand to indulge their political preferences. In the final days of the campaign, pro-Trump agents have clearly been talking nonstop to Republicans like Rudy Giuliani and right-wing media, putting claims and allegations that may or may not have anything to do with reality into the air. The agency clearly needs a major housecleaning: Having an important part of our national security apparatus trying to subvert an election is deeply scary. Unfortunately, Mr. Comey is just the man not to do it.

The election was rigged by partisan media, especially Fox News, which trumpeted falsehoods, then retracted them, if at all, so quietly that almost nobody heard. For days Fox blared the supposed news that the F.B.I. was preparing an indictment of the Clinton Foundation. When it finally admitted that the story was false, Donald Trump’s campaign manager smugly remarked, “The damage is done to Hillary Clinton.”

The election was rigged by mainstream news organizations, many of which simply refused to report on policy issues, a refusal that clearly favored the candidate who lies about these issues all the time, and has no coherent proposals to offer. Take the nightly network news broadcasts: In 2016 all three combined devoted a total of 32 minutes to coverage of issues — all issues. Climate change, the most important issue we face, received no coverage at all.

The election was rigged by the media obsession with Hillary Clinton’s emails. She shouldn’t have used her own server, but there is no evidence at all that she did anything unethical, let alone illegal. The whole thing is orders of magnitude less important than multiple scandals involving her opponent — remember, Donald Trump never released his tax returns. Yet those networks that found only 32 minutes for all policy issues combined found 100 minutes to talk about Clinton emails.

It’s a disgraceful record. Yet Mrs. Clinton still seems likely to win.

If she does, you know what will happen. Republicans will, of course, deny her legitimacy from day one, just as they did for the last two Democratic presidents. But there will also — you can count on it — be a lot of deprecation and sneering from mainstream pundits and many in the media, lots of denial that she has a “mandate” (whatever that means), because some other Republican would supposedly have beaten her, she should have won by more, or something.

So in the days ahead it will be important to remember two things. First, Mrs. Clinton has actually run a remarkable campaign, demonstrating her tenacity in the face of unfair treatment and remaining cool under pressure that would have broken most of us. Second, and much more important, if she wins it will be thanks to Americans who stood up for our nation’s principles — who waited for hours on voting lines contrived to discourage them, who paid attention to the true stakes in this election rather than letting themselves be distracted by fake scandals and media noise.

Those citizens deserve to be honored, not disparaged, for doing their best to save the nation from the effects of badly broken institutions. Many people have behaved shamefully this year — but tens of millions of voters kept their faith in the values that truly make America great.

Monday, July 11, 2016

Sharing Your Netflix Password Is Now A Federal Crime

Court upholds conviction of ex-employee who shared database access.

On July 5th , the U.S. Ninth Circuit Court of Appeals issued an opinion which found, in part, that sharing passwords is a crime prosecutable under the Computer Fraud and Abuse Act (CFAA). The decision, according to a dissenting opinion on the case, makes millions of people who share passwords for services like Netflix and HBOGo into “unwitting federal criminals.”

Saturday, April 30, 2016

The Blacklist - The Artax Network S3 E20

Reeling with grief, the task force hunts the organization behind Liz's failed abduction - who is Solomon working for and why was Liz the target? Meanwhile, Red confronts a man from his past. Brian Dennehy guest stars.


Wednesday, November 4, 2015

Hackers Expose 11 Major Security Flaws In Samsung Galaxy S6 Edge











Thursday, August 27, 2015

Who Hacked Ashley Madison?

By  Brian Krebs

AshleyMadison.com, a site that helps married people cheat and whose slogan is “Life is Short, have an Affair,” recently put up a half million (Canadian) dollar bounty for information leading to the arrest and prosecution of the Impact Team — the name chosen by the hacker(s) who recently leaked data on more than 30 million Ashley Madison users. Here is the first of likely several posts examining individuals who appear to be closely connected to this attack.

zu-launchpad-july-20

It was just past midnight on July 20, a few hours after I’d published an exclusive story about hackers breaking into AshleyMadison.com. I was getting ready to turn in for the evening when I spotted a re-tweet from a Twitter user named Thadeus Zu (@deuszu) who’d just posted a link to the same cache of data that had been confidentially shared with me by the Impact Team via the contact form on my site just hours earlier: It was a link to the proprietary source code for Ashley Madison’s service.
Initially, that tweet startled me because I couldn’t find any other sites online that were actually linking to that source code cache. I began looking through his past tweets and noticed some interesting messages, but soon enough other news events took precedence and I forgot about the tweet.

I revisited Zu’s tweet stream again this week after watching a press conference held by the Toronto Police (where Avid Life Media, the parent company of Ashley Madison, is based). The Toronto cops mostly recapped the timeline of known events in the hack, but they did add one new wrinkle: They said Avid Life employees first learned about the breach on July 12 (seven days before my initial story) when they came into work, turned on their computers and saw a threatening message from the Impact Team accompanied by the anthem “Thunderstruck” by Australian rock band AC/DC playing in the background.

After writing up a piece on the bounty offer, I went back and downloaded all five years’ worth of tweets from Thadeus Zu, a massively prolific Twitter user who typically tweets hundreds if not thousands of messages per month. Zu’s early years on Twitter are a catalog of simple hacks — commandeering unsecured routers, wireless cameras and printers — as well as many, many Web site defacements.

On the defacement front, Zu focused heavily on government Web sites in Asia, Europe and the United States, and in several cases even taunted his targets. On Aug. 4, 2012, he tweeted to KPN-CERT, a computer security incident response team in the Netherlands, to alert the group that he’d hacked their site. “Next time, it will be Thunderstruck. #ACDC” Zu wrote.

The day before, he’d compromised the Web site for the Australian Parliament, taunting lawmakers there with the tweet: “Parliament of Australia bit.ly/NPQdsP Oi! Oi! Oi!….T.N.T. Dynamite! Listen to ACDC here.”

I began to get very curious about whether there were any signs on or before July 19, 2015 that Zu was tweeting about ACDC in relation to the Ashley Madison hack. Sure enough: At 9:40 a.m., July 19, 2015 — nearly 12 hours before I would first be contacted by the Impact Team — we can see Zu is feverishly tweeting to several people about setting up “replication servers” to “get the show started.” Can you spot what’s interesting in the tabs on his browser in the screenshot he tweeted that morning?

Twitter user ThadeusZu tweets about setting up replication servers. Note which Youtube video is playing on his screen.
Twitter user ThadeusZu tweets about setting up replication servers. Did you spot the Youtube video he’s playing when he took this screenshot?

Ten points if you noticed the Youtube.com tab showing that he’s listening to AC/DC’s “Thunderstruck.”

A week ago, the news media pounced on the Ashley Madison story once again, roughly 24 hours after the hackers made good on their threat to release the Ashley Madison user database. I went back and examined Zu’s tweet stream around that time and found he beat Wired.com, ArsTechnica.com and every other news media outlet by more than 24 hours with the Aug. 17 tweet, “Times up,” which linked to the Impact Team’s now infamous post listing the sites where anyone could download the stolen Ashley Madison user database.

ThadeusZu tweeted about the downloadable AshleyMadison data more than 24 hours before news outlets picked up on the cache.
ThadeusZu tweeted about the downloadable Ashley Madison data more than 24 hours before news outlets picked up on the cache.


WHO IS THADEUS ZU?

As with the social networking profiles of others who’ve been tied to high-profile cybercrimes, Zu’s online utterings appear to be filled with kernels of truth surrounded by complete malarkey– thus making it challenging to separate fact from fiction. Hence, all of this could be just one big joke by Zu and his buddies. In any case, here are a few key observations about the who, what and where of Thadeus Zu based on information he’s provided (again, take that for what it’s worth).

Zu’s Facebook profile wants visitors to think he lives in Hawaii; indeed, the time zone set on several of his social media counts is the same as Hawaii. There are a few third-party Facebook accounts of people demonstrably living in Hawaii who tag him in their personal photos of events on Hawaii (see this cached photo, for example), but for the most part Zu’s Facebook account consists of pictures taken from stock image collections and do not appear to be personal photos of any kind.

A few tweets from Zu — if truthful and not simply premeditated misdirection — indicate that he lived in Canada for at least a year, although it’s unclear when this visit occurred.
thad-canada
Zu’s various Twitter and Facebook pictures all feature hulking, athletic, and apparently black male models (e.g. he’s appropriated two profile photos of male model Rob Evans). But Zu’s real-life identity remains murky at best. The lone exception I found was an image that appears to be a genuine group photo taken of a Facebook user tagged as Thadeus Zu, along with an unnamed man posing in front of a tattoo store with popular Australian (and very inked) model/nightclub DJ Ruby Rose.

That photo is no longer listed in Rose’s Facebook profile, but a cached version of it is available here.

Rose’s tour schedule indicates that she was in New York City when that photo was taken, or at least posted, on Feb. 6, 2014. Zu is tagged in another Ruby Rose Facebook post five days later on Valentine’s Day. Update, 2:56 p.m.: As several readers have pointed out, the two people beside Rose  in that cached photo appear to be Franz Dremah and Kick Gurry, co-stars in the movie Edge of Tomorrow).

Other clues in his tweet stream and social media accounts put Zu in Australia. Zu has a Twitter account under the Twitter nick @ThadeusZu, which has a whopping 11 tweets, but seems rather to have been used as a news feed. In that account Zu is following some 35 Twitter accounts, and the majority of them are various Australian news organizations. That account also is following several Australian lawmakers that govern states in south Australia.

Then again, Twitter auto-suggests popular accounts for new users to follow, and usually does so in part based on the Internet address of the user. As such, @ThadeusZu may have only been using an Australian Web proxy or a Tor node in Australia when he set up that account (several of his self-published screen shots indicate that he regularly uses Tor to obfuscate his Internet address).

Even so, many of Zu’s tweets going back several years place him in Australia as well, although this may also be intentional misdirection. He continuously references his “Oz girl,” (“Oz” is another word for Australia) uses the greeting “cheers” quite a bit, and even talks about people visiting him in Oz.
Interestingly, for someone apparently so caught up in exposing hypocrisy and so close to the Ashley Madison hack, Zu appears to have himself courted a married woman — at least according to his own tweets. On January 5, 2014, Zu ‏tweeted:

“Everything is cool. Getting married this year. I am just waiting for my girl to divorce her husband. #seachange
MARRIEDzu
A month later, on Feb. 7, 2014, Zu offered this tidbit of info:

“My ex. We were supposed to get married 8 years ago but she was taken away from me. Cancer. Hence, my downward spiral into mayhem.”
DOWNwardspiral
To say that Zu tweets to others is a bit of a misstatement. I have never seen anyone tweet the way Zu does; He sends hundreds of tweets each day, and while most of them appear to be directed at nobody, it does seem that they are in response to (if not in “reply” to) tweets that others have sent him or made about his work. Consequently, his tweet stream appears to the casual observer to be nothing more than an endless soliloquy.

But there may something else going on here. It is possible that Zu’s approach to tweeting — that is, responding to or addressing other Twitter users without invoking the intended recipient’s Twitter handle — is something of a security precaution. After all, he had to know and even expect that security researchers would try to reconstruct his conversations after the fact. But this is far more difficult to do when the Twitter user in question never actually participates in threaded conversations.

People who engage in this way of tweeting also do not readily reveal the Twitter identities of the people with whom they chat most.

Thadeus Zu — whoever and wherever he is in real life — may not have been directly involved in the Ashley Madison hack; he claims in several tweets that he was not part of the hack, but then in countless tweets he uses the royal “We” when discussing the actions and motivations of the Impact Team. I attempted to engage Zu in private conversations without success; he has yet to respond to my invitations.

It is possible that Zu is instead a white hat security researcher or confidential informant who has infiltrated the Impact Team and is merely riding on their coattails or acting as their mouthpiece. But one thing is clear: If Zu wasn’t involved in the hack, he almost certainly knows who was.

KrebsOnSecurity is grateful to several researchers, including Nick Weaver, for their assistance and time spent indexing, mining and making sense of tweets and social media accounts mentioned in this post. Others who helped have asked to remain anonymous. Weaver has published some additional thoughts on this post over at Medium.

Saturday, February 8, 2014

How Hackers and Software Companies are Beefing Up NSA Surveillance

Companies like Endgame Systems have for years sold information and digital loopholes to the NSA to help bolster spying.

Fri Feb. 7, 2014 9:50 A.M. GMT
This story first appeared on the TomDispatch website.

Imagine that you could wander unseen through a city, sneaking into houses and offices of your choosing at any time, day or night. Imagine that, once inside, you could observe everything happening, unnoticed by others—from the combinations used to secure bank safes to the clandestine rendezvous of lovers. Imagine also that you have the ability to silently record everybody's actions, whether they are at work or play without leaving a trace. Such omniscience could, of course, make you rich, but perhaps more important, it could make you very powerful.

That scenario out of some futuristic sci-fi novel is, in fact, almost reality right now. After all, globalization and the Internet have connected all our lives in a single, seamless virtual city where everything is accessible at the tap of a finger. We store our money in online vaults; we conduct most of our conversations and often get from place to place with the help of our mobile devices. Almost everything that we do in the digital realm is recorded and lives on forever in a computer memory that, with the right software and the correct passwords, can be accessed by others, whether you want them to or not.

Now—one more moment of imagining—what if every one of your transactions in that world was infiltrated? What if the government had paid developers to put trapdoors and secret passages into the structures that are being built in this new digital world to connect all of us all the time? What if they had locksmiths on call to help create master keys for all the rooms? And what if they could pay bounty hunters to stalk us and build profiles of our lives and secrets to use against us?

Well, check your imagination at the door, because this is indeed the brave new dystopian world that the US government is building, according to the latest revelations from the treasure trove of documents released by National Security Agency whistleblower Edward Snowden.

Over the last eight months, journalists have dug deep into these documents to reveal that the world of NSA mass surveillance involves close partnerships with a series of companies most of us have never heard of that design or probe the software we all take for granted to help keep our digital lives humming along.

There are three broad ways that these software companies collaborate with the state: a National Security Agency program called "Bullrun" through which that agency is alleged to pay off developers like RSA, a software security firm, to build "backdoors" into our computers; the use of "bounty hunters" like Endgame and Vupen that find exploitable flaws in existing software like Microsoft Office and our smartphones; and finally the use of data brokers like Millennial Media to harvest personal data on everybody on the Internet, especially when they go shopping or play games like Angry Birds, Farmville, or Call of Duty.

Of course, that's just a start when it comes to enumerating the ways the government is trying to watch us all, as I explained in a previous TomDispatch piece, "Big Bro is Watching You." For example, the FBI uses hackers to break into individual computers and turn on computer cameras and microphones, while the NSA collects bulk cell phone records and tries to harvest all the data traveling over fiber-optic cables. In December 2013, computer researcher and hacker Jacob Appelbaum revealed that the NSA has also built hardware with names like Bulldozer, Cottonmouth, Firewalk, Howlermonkey, and Godsurge that can be inserted into computers to transmit data to US spooks even when they are not connected to the Internet.

"Today, [the NSA is] conducting instant, total invasion of privacy with limited effort," Paul Kocher, the chief scientist of Cryptography Research, Inc. which designs security systems, told the New York Times. "This is the golden age of spying."

Building Backdoors

Back in the 1990's, the Clinton administration promoted a special piece of NSA-designed hardware that it wanted installed in computers and telecommunication devices. Called the Clipper Chip, it was intended to help scramble data to protect it from unauthorized access—but with a twist. It also transmitted a "Law Enforcement Access Field" signal with a key that the government could use if it wanted to access the same data.

Activists and even software companies fought against the Clipper Chip in a series of political skirmishes that are often referred to as the Crypto Wars. One of the most active companies was RSA from California. It even printed posters with a call to "Sink Clipper." By 1995, the proposal was dead in the water, defeated with the help of such unlikely allies as broadcaster Rush Limbaugh and Senators John Ashcroft and John Kerry.

But the NSA proved more tenacious than its opponents imagined. It never gave up on the idea of embedding secret decryption keys inside computer hardware—a point Snowden has emphasized (with the documents to prove it).

A decade after the Crypto Wars, RSA, now a subsidiary of EMC, a Massachusetts company, had changed sides. According to an investigative report by Joseph Menn of Reuters, it allegedly took $10 million from the National Security Agency in exchange for embedding an NSA-designed mathematical formula called the Dual Elliptic Curve Deterministic Random Bit Generator inside its Bsafe software products as the default encryption method.

The Dual Elliptic Curve has a "flaw" that allows it to be hacked, as even RSA now admits.

Unfortunately for the rest of us, Bsafe is built into a number of popular personal computer products and most people would have no way of figuring out how to turn it off.

According to the Snowden documents, the RSA deal was just one of several struck under the NSA's Bullrun program that has cost taxpayers over $800 million to date and opened every computer and mobile user around the world to the prying eyes of the surveillance state.

"The deeply pernicious nature of this campaign—undermining national standards and sabotaging hardware and software—as well as the amount of overt private sector cooperation are both shocking," wrote Dan Auerbach and Kurt Opsahl of the Electronic Frontier Foundation, a San Francisco-based activist group that has led the fight against government surveillance. "Back doors fundamentally undermine everybody's security, not just that of bad guys."

Bounty Hunters

For the bargain basement price of $5,000, hackers offered for sale a software flaw in Adobe Acrobat that allows you to take over the computer of any unsuspecting victim who downloads a document from you. At the opposite end of the price range, Endgame Systems of Atlanta, Georgia, offered for sale a package named Maui for $2.5 million that can attack targets all over the world based on flaws discovered in the computer software that they use. For example, some years ago, Endgame offered for sale targets in Russia including an oil refinery in Achinsk, the National Reserve Bank, and the Novovoronezh nuclear power plant. (The list was revealed by Anonymous, the online network of activist hackers.)
While such "products," known in hacker circles as "zero day exploits," may sound like sales pitches from the sorts of crooks any government would want to put behind bars, the hackers and companies who make it their job to discover flaws in popular software are, in fact, courted assiduously by spy agencies like the NSA who want to use them in cyberwarfare against potential enemies.
Take Vupen, a French company that offers a regularly updated catalogue of global computer vulnerabilities for an annual subscription of $100,000. If you see something that you like, you pay extra to get the details that would allow you to hack into it. A Vupen brochure released by Wikileaks in 2011 assured potential clients that the company aims "to deliver exclusive exploit codes for undisclosed vulnerabilities" for "covertly attacking and gaining access to remote computer systems."
At a Google sponsored event in Vancouver in 2012, Vupen hackers demonstrated that they could hijack a computer via Google's Chrome web browser. But they refused to hand over details to the company, mocking Google publicly. "We wouldn't share this with Google for even $1 million," Chaouki Bekrar of Vupen boasted to Forbes magazine. "We don't want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers."

In addition to Endgame and Vupen, other players in this field include Exodus Intelligence in Texas, Netragard in Massachussetts, and ReVuln in Malta.

Their best customer? The NSA, which spent at least $25 million in 2013 buying up dozens of such "exploits." In December, Appelbaum and his colleagues reported in Der Spiegel that agency staff crowed about their ability to penetrate any computer running Windows at the moment that machine sends messages to Microsoft. So, for example, when your computer crashes and helpfully offers to report the problem to the company, clicking yes could open you up for attack.

The federal government is already alleged to have used such exploits (including one in Microsoft Windows)—most famously when the Stuxnet virus was deployed to destroy Iran's nuclear centrifuges.

"This is the militarization of the Internet," Appelbaum told the Chaos Computer Congress in Hamburg. "This strategy is undermining the Internet in a direct attempt to keep it insecure. We are under a kind of martial law." 


Harvesting your Data

Among the Snowden documents was a 20-page 2012 report from the Government Communications Headquarters—the British equivalent of the NSA—that listed a Baltimore-based ad company, Millennial Media. According to the spy agency, it can provide "intrusive" profiles of users of smartphone applications and games. The New York Times has noted that the company offers data like whether individuals are single, married, divorced, engaged, or "swinger," as well as their sexual orientation ("straight, gay, bisexuall, and 'not sure'").

How does Millennial Media get this data? Simple. It happens to gather data from some of the most popular video game manufacturers in the world. That includes Activision in California which makes Call of Duty, a military war game that has sold over 100 million copies; Rovio of Finland, which has given away 1.7 billion copies of a game called Angry Birds that allows users to fire birds from a catapult at laughing pigs; and Zynga—also from California—which makes Farmville, a farming game with 240 million active monthly users.

In other words, we're talking about what is undoubtedly a significant percentage of the connected world unknowingly handing over personal data, including their location and search interests, when they download "free" apps after clicking on a licensing agreement that legally allows the manufacturer to capture and resell their personal information. Few bother to read the fine print or think twice about the actual purpose of the agreement.

The apps pay for themselves via a new business model called "real-time bidding" in which advertisers like Target and Walmart send you coupons and special offers for whatever branch of their store is closest to you. They do this by analyzing the personal data sent to them by the "free" apps to discover both where you are and what you might be in the market for.

When, for instance, you walk into a mall, your phone broadcasts your location and within a millisecond a data broker sets up a virtual auction to sell your data to the highest bidder. This rich and detailed data stream allows advertisers to tailor their ads to each individual customer. As a result, based on their personal histories, two people walking hand in hand down a street might get very different advertisements, even if they live in the same house.

This also has immense value to any organization that can match up the data from a device with an actual name and identity—such as the federal government. Indeed, the Guardian has highlighted an NSA document from 2010 in which the agency boasts that it can "collect almost every key detail of a user's life: including home country, current location (through geolocation), age, gender, zip code, marital status…income, ethnicity, sexual orientation, education level, and number of children."

In Denial

It's increasingly clear that the online world is, for both government surveillance types and corporate sellers, a new Wild West where anything goes. This is especially true when it comes to spying on you and gathering every imaginable version of your "data."

Software companies, for their part, have denied helping the NSA and reacted with anger to the Snowden disclosures. "Our fans' trust is the most important thing for us and we take privacy extremely seriously," commented Mikael Hed, CEO of Rovio Entertainment, in a public statement.

"We do not collaborate, collude, or share data with spy agencies anywhere in the world."

RSA has tried to deny that there are any flaws in its products. "We have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use," the company said in a statement on its website. "We categorically deny this allegation." (Nonetheless RSA has recently started advising clients to stop using the Dual Elliptical Curve.)

Other vendors like Endgame and Millennial Media have maintained a stoic silence. Vupen is one of the few that boasts about its ability to uncover software vulnerabilities.

And the NSA has issued a Pravda-like statement that neither confirms nor denies the revelations.

"The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency," an NSA spokeswoman told the Guardian. "Any implication that NSA's foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true."

The NSA has not, however, denied the existence of its Office of Tailored Access Operations (TAO), which Der Spiegel describes as "a squad of [high-tech] plumbers that can be called in when normal access to a target is blocked."

The Snowden documents indicate that TAO has a sophisticated set of tools at its disposal—that the NSA calls "Quantum Theory"—made up of backdoors and bugs that allow its software engineers to plant spy software on a target computer. One powerful and hard to detect example of this is TAO's ability to be notified when a target's computer visits certain websites like LinkedIn and to redirect it to an NSA server named "Foxacid" where the agency can upload spy software in a fraction of a second.

Which Way Out of the Walled Garden?

The simple truth of the matter is that most individuals are easy targets for both the government and corporations. They either pay for software products like Pages and Office from well known manufacturers like Apple and Microsoft or download them for free from game companies like Activision, Rovio, and Zynga for use inside "reputable" mobile devices like Blackberries and iPhones.

These manufacturers jealously guard access to the software that they make available, saying that they need to have quality control. Some go even further with what is known as the "walled garden" approach, only allowing pre-approved programs on their devices. Apple's iTunes, Amazon's Kindle, and Nintendo's Wii are examples of this.

But as the Snowden revelations have helped make clear, such devices and software are vulnerable both to manufacturer's mistakes, which open exploitable backdoors into their products, and to secret deals with the NSA.

So in a world where, increasingly, nothing is private, nothing is simply yours, what is an Internet user to do? As a start, there is an alternative to most major software programs for word processing, spreadsheets, and layout and design—the use of free and open source software like Linux and Open Office, where the underlying code is freely available to be examined for hacks and flaws. (Think of it this way: if the NSA cut a deal with Apple to copy everything on your iPhone, you would never know. If you bought an open-source phone—not an easy thing to do—that sort of thing would be quickly spotted.) You can also use encrypted browsers like Tor and search engines like Duck Duck Go that don't store your data.

Next, if you own and use a mobile device on a regular basis, you owe it yourself to turn off as many of the location settings and data-sharing options as you can. And last but hardly least, don't play Farmville, go out and do the real thing. As for Angry Birds and Call of Duty, honestly, instead of shooting pigs and people, it might be time to think about finding better ways to entertain yourself.

Pick up a paintbrush, perhaps? Or join an activist group like the Electronic Frontier Foundation and fight back against Big Brother.