risking his life to tell you about NSA surveillance [ot]

"Thursday, December 4, 2014

Washington, D.C. – U.S. Senator Ron Wyden, D-Ore., today introduced the Secure Data Act to protect Americans’ privacy and data security. The bill prohibits government mandates to build backdoors or security vulnerabilities into U.S. software and electronics."

"Cyber vulnerabilities weaken cybersecurity. Once a backdoor is built in a security system, the security of the system is inherently compromised. For example, in 2005 it was revealed that an unknown entity had exploited a “lawful intercept” capability built into Greek cellphone systems and had used it to listen to users’ phone calls, including those of dozens of senior government officials."

"Within the U.S., there’s relatively little information on the prevalence of law enforcement hacking. The FBI only rarely discloses its use in criminal cases. Chris Soghoian, principal technologist with the American Civil Liberties Union’s Project on Speech, Privacy and Technology, who has closely tracked the FBI’s use of malware, says that agents use vague language when getting judges’ permission to hack devices. “This is a really, really, invasive tool,” Soghoian says. “If the courts don’t know what they’re authorizing, they’re not a good check on its use. If we as a society want malware to be used by the state, we ought to have a public debate.”"

"FBI Shutdown of Virus Demanded New Anti-Hacker Tactics
By Del Quentin Wilber and Chris Strohm Jun 10, 2014 9:01 PM PT


Dismantling one of the world's most insidious computer viruses required complex and fast-paced tactics that will be the blueprint for U.S. law enforcement's future cyberbattles.

By the time authorities claimed victory over Gameover Zeus last week, they had reverse-engineered how the virus communicated, seized command-and-control servers overseas and engaged in cyber battle with the hackers to keep them from re-establishing contact with their fast evaporating network.

“This was the most sophisticated hacking disruption we have attempted to date,” said Leslie Caldwell, the assistant attorney general in charge of the U.S. Justice Department’s criminal division. “It was a hand-to-hand combat type of situation.”

The takedown of Gameover Zeus illustrates how U.S. law enforcement is adapting to the threat of increasingly sophisticated cyber crime. Slapping handcuffs on a hacker and seizing his or her computers is no longer enough. In this case, the virus -- which the FBI said had been used to siphon more than $100 million from U.S. consumers and businesses over three years -- was designed to survive such disruptions.

FBI officials said confronting such a network would have been difficult, if not impossible, a few years ago because the bureau didn’t have the technical expertise or the manpower to address it.
Shifting Approach

The operation was successful, in part, FBI officials said, because the bureau has shifted the way it approaches global cyber crime by boosting the number of agents trained in cyber security, deploying them more widely and by working more closely with experts in private industry.

Computer crimes cut “across every responsibility the FBI has,” Director James Comey testified last month before Congress. “The challenge we face with cyber is that it blows away normal concepts of time and space and venue, and requires us to shrink the world just the way the bad guys have.”

Stopping the hacker behind Gameover Zeus wasn’t enough. While federal prosecutors in May charged a 30-year-old Russian programmer named Evgeniy Bogachev in the case, they still had to kill the virus.
Global Coordination

FBI agents in Pittsburgh, Omaha and Washington spearheaded the investigation. The bureau was joined by law enforcement officials in Canada, Britain, Ukraine, the Netherlands and Luxembourg in the final assaults on nefarious servers.

Consultants at private companies including CrowdStrike Inc., Dell Corp.’s SecureWorks, Microsoft Corp. (MSFT), McAfee Inc., and Symantec Corp. (SYMC) were joined by specialists from Carnegie Mellon University and Georgia Tech, who provided key technical assistance.

It was “the largest fusion of law enforcement and industry partner cooperation ever undertaken in support of an FBI cyber operation,” Robert Anderson Jr., an executive assistant director at the bureau, said.

A variant of a virus first detected in 2007 that operated in a fairly standard fashion by infecting a computer and then communicating with a server controlled by hackers, Gameover Zeus operated like a hydra. According to federal authorities, it was controlled by a tightly knit group based primarily in Russia and Ukraine.
Infected Computers

Once a computer was infected, often after its user clicked on a malicious link or e-mail attachment, it became a “bot” and started communicating with other infected computers as part of a “botnet.” While communicating with each other, the bots also passed along stolen banking information to servers that relayed that data to the hackers.

The hackers committed their cyber burglary by exploiting the security hole bored by Gameover Zeus. When they determined the time was right, the hackers transfered funds from compromised bank accounts -- frequently in excess of $1 million -- through third parties known as “money mules.”

The virus was particularly insidious because it was designed to survive attacks. If authorities separately captured a bunch of bots, relay servers or even the hacker’s main computers, the rest of the system could keep operating until communication was re-established.
Financial Accounts

The FBI estimated that Gameover Zeus eventually infected as many as 1 million computers, about 250,000 in the U.S., and had access to financial accounts that held about $2 billion.

While Gameover Zeus mostly targeted computers operated by businesses, it was delivering a malware instrument called Cryptolocker that hit individuals, too. The virus encrypted a computer’s files and then demanded a fee, sometimes as much as $700, to release the documents, pictures or other personal information it was holding for ransom.

The operation to defeat it had to be carried out faster than the hackers could react. In court papers, the FBI said the hackers were capable of taking “simple, rapid steps to blunt or defeat the Government’s planned disruption.”

The first part of the operation took place in secret -- in government and private computer labs -- as engineers figured out ways to stop the bots from communicating with each other and then finding a way to block its failsafe mode.
Reverse Engineering

“We reverse engineered the malware,” said Adam Meyers, vice president of intelligence for CrowdStrike, a cyber security firm based in Laguna Niguel, California. “We found a way to prevent the adversary from putting in new commands to that network. Instead of talking to the hackers, they were talking to us.”

After additional testing ensured the technical phase would work, the consultants and U.S. law enforcement officials were ready to start seizing computers and servers in the network.

The first were command and control servers in the Ukrainian cities of Kiev and Donetsk on May 7. Although U.S. agents wanted to hit those servers closer to the start of the main operation on May 29, they decided they didn’t have a choice because the turmoil in Ukraine meant access couldn’t be guaranteed, according to two senior U.S. law enforcement officials who asked for anonymity because they were not permitted to talk about active investigations.

The FBI and consultants next examined the seized computers and learned more about how Gameover Zeus operated, and they tweaked their technical techniques to disrupt the network, the officials said.
Court Orders

Within days, Justice Department prosecutors and federal agents were on the phone with representatives of major Internet service providers and domain registries, alerting them to a pending court order that would require them to block infected computers from communicating with the hackers in Russia.

On May 19, federal prosecutors filed charges against Bogachev. Nine days after that, prosecutors obtained a court order in the U.S. permitting the government to redirect malware communications from the infected computers to its own servers. The order also allowed the government to gather information on what computers had been infected and to pass that information along to companies that could alert the victims.

To ensure Bogachev couldn’t take steps to save his network, the operation was carried out in secret.

Starting on Friday, May 30, law enforcement officials began what they described as fast-paced weekend of coordinated seizures of computers around the globe. They hit servers in Canada, France, Germany, Luxembourg, Ukraine and the U.K. As they took down the servers, the hackers caught on to what was transpiring and unsuccessfully tried to reclaim their bots through new servers and other methods, which the FBI and cyber experts blocked on the fly.

The weekend-long cyber duel freed more than 300,000 computers from the botnet, said Justice Department officials, who added they were working with Russian authorities to arrest and extradite Bogachev. They conceded that he and other hackers could still start over. Even so, the officials said, authorities had delivered a financial blow to the hackers’ enterprise -- severing them from $2 billion just waiting to be stolen. "

"Little has been discussed in public about U.S. Cyber Command’s specific capabilities since, though budget documents detail a growing commitment to this form of warfare. The Pentagon’s cyberwarfare budget has grown from $3.9 billion in 2013 to $4.7 billion in 2014 and an estimated $5.1 billion in 2015."

In an age when computers and the Internet rule communications, it could be that old-fashioned radios are the true tools of the New World Order. That's because if you want to collaborate with other governments to oppress the masses, it's best not to leave a digitized trail -- you never know when an Edward Snowden might unravel your conspiracy. So instead, you'd send indecipherable details of your fiendish plots via numbers stations.

Since World War II, so-called numbers stations have been transmitting coded messages via shortwave radio antennas. These transmissions are eerie and weird to casual listeners, nonsensical and puzzling to cryptographers ... and to the right set of ears, may contain information that changes the course of history.

But let's not get ahead of ourselves. At their most basic, numbers stations are simply shortwave radio transmitters, generally operating between 3,000 and 30,000 kilohertz. They're located in many, many countries, but no one knows just how numerous they are. They often transmit strings of numbers or numbers intoned by a computerized-sounding voice. Others send broadcasts via Morse code or they just emit various types of noise.

Some stations have been airing their signals for decades, and hit their peaks during the Cold War. Many have gone quiet since the Berlin Wall fell. Untold others continue filling the airwaves -- yet for what purpose, few know. And those that do know? They aren't talking.

You could try backtracking through a paper trail to see who operates numbers stations. But unlike most transmitters, they aren't licensed to broadcast, so you won't find any record of them in government documents.

They are essentially pirate stations (meaning they operate unlicensed and illegally) but no government agency shuts them down. That's because the government most likely operates them. Of course, no organization or government officially accepts responsibility for numbers stations. They are strictly off the record.

A lot of journalists have tried to untangle the mystery of numbers stations. They've found enough information that we can safely guess the purpose of these transmitters: espionage.

Keep reading and you'll see why old-school numbers stations might be the greatest spy tool ever, even in the age of the Internet and satellite phones.