Category Archives: INTELLIGENCE SERVICES

Oversight of Australia’s intelligence agencies

The Parliamentary Joint Committee on Intelligence and Security has today fulfilled one of its key statutory oversight responsibilities with the tabling of its review into the administration and expenditure of the Australian intelligence agencies for the 2015–16 financial year.

The Committee concluded that the six agencies making up the Australian Intelligence Community are overseeing their administration and expenditure appropriately.

On presenting the report to the Parliament, the Committee Chair, Mr Andrew Hastie MP, highlighted the changing security environment in which the agencies work. This includes ongoing challenges in relation to terrorism, communal violence, border integrity, espionage and foreign interference.

“Agencies have continued to respond to the changing security environment”, Mr Hastie said. “The Committee has previously noted its concerns about the constant resourcing pressure on agencies as they carry out their work to secure the Australian people and our interests.”

He added, “During the period, agencies benefited from additional funding under a range of new funding measures. As the Committee notes in its report, both ASIO and ASIS were provided with additional funding by the Government to support their operations and strengthen their capacity to meet strategic priorities. These measures are welcomed by the Committee as they will offset some of the resourcing pressures on the agencies. The Committee will continue to monitor the resourcing of both agencies in future reviews.”

The six agencies of the Australian Intelligence Community are the Australian Security Intelligence Organisation (ASIO), the Australian Secret Intelligence Service (ASIS), the Office of National Assessments (ONA), the Australian Signals Directorate (ASD), the Australian Geospatial-Intelligence Organisation (AGO), and the Defence Intelligence Organisation (DIO).

Through its review, the Committee received comprehensive submissions and conducted private hearings with each of the agencies. The Committee also took evidence from the Australian National Audit Office and the Inspector-General of Intelligence and Security.

Further information about the inquiry, including the Committee’s report, can be accessed via the Committee’s website at http://www.aph.gov.au/pjcis.

www.ozrural.com.au

Henry Sapiecha

Around AU$200m later, data retention mostly used for chasing drugs, not terror

The Attorney-General’s Department has exposed a report outlining the opening months of Australia’s data retention scheme.

Australia’s telecommunications companies have been left with a funding hole of over AU$70 million to cover the capital costs of Australia’s data retention scheme, according to the Telecommunications Interception And Access Act 1979 Annual Report 2015-16 [PDF], while data authorisations for terrorism ranked below those for illicit drug offences.

www.policesearch.net

Despite handing out AU$128 million in grants last year, the report, released on Monday, states that the capital cost to industry will total AU$198 million by the end of the 2016-17 financial year.

“Information collected from industry through the Data Retention Industry Grants Programme indicates that the estimated capital cost of implementing data retention obligations over the period between 30 October 2014 and 13 April 2017 is AU$198,527,354,” the report said.

“[Costs] relate to the anticipated direct upfront capital costs and not the recurring or indirect costs associated with compliance.”

In 2015, Attorney-General George Brandis said he expected the average ongoing cost for telcos to run their data retention system would be around AU$4 per month.

The report said the Attorney-General’s Department (AGD) received 210 applications for funding, of which 10 were withdrawn, and 180 telecommunications providers were found to be eligible for funding. Of that 180, “most” were awarded a grant to cover 80 percent of their costs.

It was also detailed that during the implementation period for the data retention scheme, AGD received 402 data retention implementation plans from 310 providers.

Under Australia’s data retention laws, passed by both major parties in March 2015, telecommunications carriers must store customer call records, location information, IP addresses, billing information, and other data for two years, accessible without a warrant by law-enforcement agencies.

Over the period from October 13, 2015 to June 30, 2016, the report said the offence for which the highest number of authorisations to telco data was made was illicit drug offences, with 57,166. This was followed in ranking by miscellaneous, homicide, robbery, fraud, theft, and abduction.

Terrorism offences ranked below property damage and cybercrime, with 4,454 authorisations made.

As part of the data retention laws, the spirit of the legislation was to restrict access to stored metadata to a list of approved enforcement agencies, with those agencies not on the list theoretically having access removed on October 12, 2015.

Overall, the report said 63 enforcement agencies made 333,980 authorisations for retained data, of which 326,373 related to criminal law.

“In 2015-16, law enforcement agencies made 366 arrests, conducted 485 proceedings, and obtained 195 convictions based on evidence obtained under stored communications warrants,” the report said.

During 2015-16, 3,857 telecommunication interception warrants were issued, with interception data used in 3,019 arrests, 3,726 prosecutions, and 1,812 convictions. Total cost for interception warrants was AU$70.3 million, at an average cost of AU$619,200 per warrant.

Australia Post accounted for 64 authorisations between June 30 and October 12, 2015, compared to none the year before; and the Victorian Department of Economic Development, Jobs, Transport and Resources made 173 authorisations in 3.5 months compared to 226 the entire financial year prior.

It was also noted that on six occasions, warrants were exercised by people not authorised to; in three instances, the Ombudsman could not determine whether stored communications related to the person named on a warrant; and in one instance, it could not determine who had received stored communications from a carrier.

It was also revealed that during the 2015-16 year, the Western Australia Police had received a pair of journalist warrants, which saw 33 authorisations of data made.

“These authorisations were for the purpose of enforcing the criminal law,” the report said.

In April, the Australian Federal Police (AFP) revealed that it had “mistakenly” accessed a journalist’s call records without a warrant in breach of the data retention legislation.

It was subsequently learned that AGD had advised government departments to skirt metadata laws and rely on coercive powers.

In May, the Commonwealth Ombudsman found the AFP to be handling metadata in a compliant manner, but noted a number of exceptions.

“We identified two instances where a stored communications warrant had been applied for and subsequently issued in respect of multiple persons, which is not provided for under the Act,” the report said.

In response, the AFP said its warrant templates were not clear enough.

www.druglinks.info

Henry Sapiecha

Committee recommends budget relief for Australian intelligence agencies

oz-fed-gov-logo image www.australianmortgageloans.com

The Parliamentary Joint Committee on Intelligence and Security has today fulfilled one of its key statutory oversight responsibilities with the tabling of its review into the administration and expenditure of the Australian intelligence agencies for the 2014–2015 financial year.

The Committee concluded that the six agencies comprising the Australian Intelligence Community are overseeing their administration and expenditure appropriately. Matters addressed by the Committee included agencies’ strategic planning, staffing, security, budget and financial performance.

In relation to expenditure, the report recommends that the efficiency dividend be removed from all Australian Security Intelligence Organisation (ASIO), Australian Secret Intelligence Service (ASIS) and Australian Federal Police (AFP) operations.

Committee Chair, Mr Andrew Hastie MP, commented that “while the funding pressures faced by agencies were reduced somewhat during 2014–15 by the additional funding to support counter-terrorism capabilities and other initiatives, ASIO and ASIS continued to face pressure in other areas”.

“Our intelligence and security agencies need sufficient base funding to meet all of their obligations. This means that funding is required to not only to deal with the increased threat to the community from terrorism, but also other significant external threats such as foreign espionage and cyber-attacks.”

“We need to make sure our agencies are resourced adequately as they seek to detect, disrupt and defeat threats to the Australian people.”

During its review, the Committee received comprehensive submissions and conducted private hearings with each intelligence agency and the Inspector-General of Intelligence and Security. The Committee’s final hearing was conducted on 2 May 2016, shortly before prorogation of the 44th Parliament. The review lapsed on prorogation and was resumed early in the 45th Parliament.

Further information about the inquiry, including the Committee’s report, can be accessed via the Committee’s website at http://www.aph.gov.au/pjcis.

CLUB LIBIDO BANNER BRUNETTE I LOVE YOU SIGN

www.crimefiles.net

Henry Sapiecha

 

Evidence points to another Snowden at the NSA it appears

nsa-building-usa image www.intelagencies.com

In the summer of 1972, state-of-the-art campaign spying consisted of amateur burglars, armed with duct tape and microphones, penetrating the headquarters of the Democratic National Committee. Today, amateur burglars have been replaced by cyberspies, who penetrated the DNC armed with computers and sophisticated hacking tools.

Where the Watergate burglars came away empty-handed and in handcuffs, the modern- day cyber thieves walked away with tens of thousands of sensitive political documents and are still unidentified.

Now, in the latest twist, hacking tools themselves, likely stolen from the National Security Agency, are on the digital auction block. Once again, the usual suspects start with Russia – though there seems little evidence backing up the accusation.

In addition, if Russia had stolen the hacking tools, it would be senseless to publicize the theft, let alone put them up for sale. It would be like a safecracker stealing the combination to a bank vault and putting it on Facebook. Once revealed, companies and governments would patch their firewalls, just as the bank would change its combination.

A more logical explanation could also be insider theft. If that’s the case, it’s one more reason to question the usefulness of an agency that secretly collects private information on millions of Americans but can’t keep its most valuable data from being stolen, or as it appears in this case, being used against us.

In what appeared more like a Saturday Night Live skit than an act of cybercrime, a group calling itself the Shadow Brokers put up for bid on the Internet what it called a “full state-sponsored toolset” of “cyberweapons.” “!!! Attention government sponsors of cyberwarfare and those who profit from it !!!! How much would you pay for enemies cyberweapons?” said the announcement.

The group said it was releasing some NSA files for “free” and promised “better” ones to the highest bidder. However, those with loosing bids “Lose Lose,” it said, because they would not receive their money back. And should the total sum of the bids, in bitcoins, reach the equivalent of half a billion dollars, the group would make the whole lot public.

While the “auction” seemed tongue in cheek, more like hacktivists than Russian high command, the sample documents were almost certainly real. The draft of a top-secret NSA manual for implanting offensive malware, released by Edward Snowden, contains code for a program codenamed SECONDDATE. That same 16-character string of numbers and characters is in the code released by the Shadow Brokers. The details from the manual were first released by The Intercept last Friday.

The authenticity of the NSA hacking tools were also confirmed by several ex-NSA officials who spoke to the media, including former members of the agency’s Tailored Access Operations (TAO) unit, the home of hacking specialists.

“Without a doubt, they’re the keys to the kingdom,” one former TAO employee told the Washington Post. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.” Another added, “From what I saw, there was no doubt in my mind that it was legitimate.”

Like a bank robber’s tool kit for breaking into a vault, cyber exploitation tools, with codenames like EPICBANANA and BUZZDIRECTION, are designed to break into computer systems and networks. Just as the bank robber hopes to find a crack in the vault that has never been discovered, hackers search for digital cracks, or “exploits,” in computer programs like Windows.

Credit: MATT MAHURIN

Credit: MATT MAHURIN

The most valuable are “zero day” exploits, meaning there have been zero days since Windows has discovered the “crack” in their programs. Through this crack, the hacker would be able to get into a system and exploit it, by stealing information, until the breach is eventually discovered and patched. According to the former NSA officials who viewed the Shadow Broker files, they contained a number of exploits, including zero-day exploits that the NSA often pays thousands of dollars for to private hacking groups.

The reasons given for laying the blame on Russia appear less convincing, however. “This is probably some Russian mind game, down to the bogus accent,” James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained.

Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations.

In December 2013, another highly secret NSA document quietly became public. It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network Technology (ANT) catalog, it consisted of 50 pages of extensive pictures, diagrams and descriptions of tools for every kind of hack, mostly targeted at devices manufactured by U.S. companies, including Apple, Cisco, Dell and many others.

Like the hacking tools, the catalog used similar codenames. Among the tools targeting Apple was one codenamed DROPOUTJEEP, which gives NSA total control of iPhones. “A software implant for the Apple iPhone,” says the ANT catalog, “includes the ability to remotely push/pull files from the device. SMS retrieval, contact-list retrieval, voicemail, geolocation, hot mic, camera capture, cell-tower location, etc.”

Another, codenamed IRATEMONK, is, “Technology that can infiltrate the firmware of hard drives manufactured by Maxtor, Samsung, Seagate and Western Digital.”

In 2014, I spent three days in Moscow with Snowden for a magazine assignment and a PBS documentary. During our on-the-record conversations, he would not talk about the ANT catalog, perhaps not wanting to bring attention to another possible NSA whistleblower.

I was, however, given unrestricted access to his cache of documents. These included both the entire British, or GCHQ, files and the entire NSA files.

But going through this archive using a sophisticated digital search tool, I could not find a single reference to the ANT catalog. This confirmed for me that it had likely been released by a second leaker. And if that person could have downloaded and removed the catalog of hacking tools, it’s also likely he or she could have also downloaded and removed the digital tools now being leaked.

In fact, a number of the same hacking implants and tools released by the Shadow Brokers are also in the ANT catalog, including those with codenames BANANAGLEE and JETPLOW. These can be used to create “a persistent back-door capability” into widely used Cisco firewalls, says the catalog.

Consisting of about 300 megabytes of code, the tools could easily and quickly be transferred to a flash drive. But unlike the catalog, the tools themselves – thousands of ones and zeros – would have been useless if leaked to a publication. This could be one reason why they have not emerged until now.

Enter WikiLeaks. Just two days after the first Shadow Brokers message, Julian Assange, the founder of WikiLeaks, sent out a Twitter message. “We had already obtained the archive of NSA cyberweapons released earlier today,” Assange wrote, “and will release our own pristine copy in due course.”

The month before, Assange was responsible for releasing the tens of thousands of hacked DNC emails that led to the resignation of the four top committee officials.

There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange’s close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a “political exile” because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him “the most dangerous man in cyberspace.”

In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden.

In addition to WikiLeaks, for years Appelbaum worked for Tor, an organization focused on providing its customers anonymity on the Internet. But last May, he stepped down as a result of “serious, public allegations of sexual mistreatment” made by unnamed victims, according to a statement put out by Tor. Appelbaum has denied the charges.

Shortly thereafter, he turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. “It’s a situation that will possibly get worse” if she is elected to the White House, he said, according to Yahoo News.

It was only a few months later that Assange released the 20,000 DNC emails. Intelligence agencies have again pointed the finger at Russia for hacking into these emails.

Yet there has been no explanation as to how Assange obtained them. He told NBC News, “There is no proof whatsoever” that he obtained the emails from Russian intelligence. Moscow has also denied involvement.

There are, of course, many sophisticated hackers in Russia, some with close government ties and some without. And planting false and misleading indicators in messages is an old trick. Now Assange has promised to release many more emails before the election, while apparently ignoring email involving Trump. (Trump opposition research was also stolen.)

Edward Snowden speaks via video link from Moscow to attendees at a discussion about an International Treaty on the Right to Privacy, Protection Against Improper Surveillance and Protection of Whistleblowers in New York City, September 24, 2015. REUTERS/Andrew Kelly

Edward Snowden speaks via video link from Moscow to attendees at a discussion about an International Treaty on the Right to Privacy, Protection Against Improper Surveillance and Protection of Whistleblowers in New York City, September 24, 2015. REUTERS/Andrew Kelly

In hacktivist style, and in what appears to be phony broken English, this new release of cyberweapons also seems to be targeting Clinton. It ends with a long and angry “final message” against “Wealthy Elites . . . breaking laws” but “Elites top friends announce, no law broken, no crime commit[ed]. . . Then Elites run for president. Why run for president when already control country like dictatorship?”

Then after what they call the “fun Cyber Weapons Auction” comes the real message, a serious threat. “We want make sure Wealthy Elite recognizes the danger [of] cyberweapons. Let us spell out for Elites. Your wealth and control depends on electronic data.” Now, they warned, they have control of the NSA’s cyber hacking tools that can take that wealth away. “You see attacks on banks and SWIFT [a worldwide network for financial services] in news. If electronic data go bye-bye where leave Wealthy Elites? Maybe with dumb cattle?”

Snowden’s leaks served a public good. He alerted Americans to illegal eavesdropping on their telephone records and other privacy violations, and Congress changed the law as a result. The DNC leaks exposed corrupt policies within the Democratic Party.

But we now have entered a period many have warned about, when NSA’s cyber weapons could be stolen like loose nukes and used against us. It opens the door to criminal hackers, cyber anarchists and hostile foreign governments that can use the tools to gain access to thousands of computers in order to steal data, plant malware and cause chaos.

It’s one more reason why NSA may prove to be one of Washington’s greatest liabilities rather than assets.

About the Author

James Bamford is the author of The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America. He is a columnist for Foreign Policy magazine.

www.ispysite.com

Beautiful_Russian_2_300_250

Henry Sapiecha

 

Interpol arrests alleged ringleader of $60 million online scam network

Suspected head of an international criminal network, which took $60 million from victims, has been caught — following cooperation between authorities and cybersecurity firms.

interpol-online-fraud-investigation screen image www.intelagencies.com

Interpol worked with Nigerian authorities, Trend Micro and Fortinet on the investigation. (Image: Interpol)

The alleged head of an international network responsible for compromising the email accounts of businesses across the world and then using them to scam victims out of a combined $60 million has been arrested by Interpol.

Known as ‘Mike’, the 40 year-old Nigerian national behind the scams is suspected of deceiving thousands of victims, with one incident of this business email compromise scam resulting in one target being conned out of $15.4 million.

Interpol hopes physical border security will solve virtual borders

Although physical and virtual borders are vastly different, Interpol is already seeing results suggesting that it can apply the concept to online criminal activity.

‘The suspect headed a network of cybercriminals and hackers across Nigeria, Malaysia, and South Africa who used malware to compromise the accounts of small and medium-sized businesses then use the hijacked accounts — including those of executives — to carry out cyber fraud,” Interpol said.

Organisations in Australia, Canada, India, Malaysia, Romania, South Africa, Thailand, and the US all had their email accounts compromised by the cybercriminal gang, which then used trust in emails from the hacked business to trick unsuspecting victims into transferring them money for items and services they would never receive.

The man accused of leading the operation was arrested in Port Harcourt, Nigeria, following collaboration between Interpol, the Nigerian Economic, and Financial Crime Commission (EFCC), using intelligence provided by cybersecurity firms Trend Micro and Fortinet.

Working with the Interpol Digital Crime Centre, Trend Micro — which has been sharing threat information with the global police since 2014 — and Fortinet were able to help locate the suspect in Nigeria, which then led to his arrest in June.

Following the arrest, a forensic examination of seized devices showed that he’d been involved in a range of cybercriminal activities, with two main schemes that used the compromised business email accounts, the agency said.

Firstly, the operation engaged in payment diversion fraud where a supplier’s email was compromised and used to send fake messages to the buyer, asking for payments to a bank account under criminal control.

The gang also engaged in CEO fraud, hacking email accounts of executives, and then using their privileges to request money be transferred, with the funds ending up in a bank account operated by the fraudsters.

In total, victims were scammed out of over $60 million, which was laundered through accounts in China, Europe, and the US in order to avoid detection. According to Interpol, business email fraud represents a significant growing threat with tens of thousands of companies having fallen victim in recent years.

“The public, and especially businesses, need to be alert to this type of cyber-enabled fraud,” said Noboru Nakatani, executive director of the Interpol Global Complex for Innovation.

“Basic security protocols such as two-factor authentication and verification by other means before making a money transfer are essential to reduce the risk of falling victim to these scams,” he added.

‘Mike’ and another suspect arrested in Nigeria face charges of hacking, conspiracy, and obtaining money under false pretences. Both are currently on bail as the investigation continues.

Hot_Russian_300_250

Henry Sapiecha

www.crimefiles.net

www.scamsfakes.com

Inside the global terror watch-list that secretly shadows millions

The database contains profiles on millions of “heightened-risk individuals,” and is used by dozens of leading banks, governments, and spy agencies

thomson-reuters-times-square image www.intelagencies.com

Thomson Reuters building in Times Square, New York. (Image: file photo)

There is a private intelligence database, packed full of personal details of millions of “heightened-risk” individuals, which is secretly having a devastating effect on those who are on it. Most have no idea they’re under the watchful gaze of some of the world’s largest and most powerful organizations, governments, and intelligence agencies.

But for its worth and value, it wasn’t nearly kept secure enough.

A copy of the database, dating back to mid-2014, was found on an unsecured server hosted by a London-based compliance company, which specializes in “know your customer” profiling and anti-money laundering services.

Chris Vickery, a security researcher at MacKeeper, who found the database, told me that it was stored on a server configured for public access.

This influential yet entirely unregulated database called World-Check lists over 2.2 million corporations, charities, and individuals — some notable, like politicians and senior government officials — which might be connected to illegal activities, like sanctions, violations or financial mismanagement.

Some have been pinned under the database’s “terrorism” category, or are thought to be connected to financing violence.

This data could affect a person’s ability to be lent money by a bank, their employment opportunities, and even influence the people who do business with them — simply based on a designation.

Word of the database first widely emerged earlier this year when Vice News disclosed the existence of the project. It said the database was “secretly wielding power over the lives of millions” who are said to have “hidden risk,” such as those who are violating sanctions or have laundered money or a connection to criminals — which has been linked to account closures and bank blacklisting. As the news site pointed out, simply being a high-profile individual can label someone at risk of bribery.

The report said the database now has over 2.7 million entries — including over 93,000 records relating to those associated with terrorism.

No wonder it’s popular with law enforcement agencies and government departments, which subscribe to the database in an effort to uncover potentially improper conduct. Most of the world’s largest banks and law firms, and over 300 government and intelligence agencies are subscribers, according to a 2015 sales document from its owner, information and finance giant Thomson Reuters, which in 2011 bought the company for $530 million .

Because of the sensitivity of the data, access is limited to a few thousand customers, which have been carefully vetted and are bound by secrecy and non-disclosure agreements.

Vickery reported the leak to Thomson Reuters, but he still went public in an effort to spark a debate on whether these profiling databases are being run appropriately.

“If governments and banks are going to alter lives based upon information in a database like this, then there needs to be some sort of oversight,” he said in an email.

The problem is, there isn’t.

Vickery shared access to the database with ZDNet.

Each profile lists a person’s potential risks such as “narcotics” or “terrorism,” “organized crime,” or “politically exposed person.” Given the list’s potential power to alter a person’s opportunities, many would not approve of their name being on it.

Take one example. Maajid Nawaz ran for the British parliament as a Liberal Democrat in the last election, as profiled by Vice. He is a former member of the radical Islamic group Hizb ut-Tahrir, which calls for its own Islamic state. He was detained in Egypt for five years, but is best known for his publicized and well-documented transition away from radical views. He later set up a think-tank dedicated to challenging the extremist narrative, and advised former prime ministers from Tony Blair onwards on Islamic extremism. And yet, after looking up his profile on the World-Check database, created in 2002, it’s still maintained with a “terrorism” tag and updated as recently as August 2013, despite “no further information recorded,” let alone any connection to extremists or terrorists.

nawaz copy www.intelagencies.com

He called the database “archaic,” and said that the inclusion of his name has had a “material impact” on his life.

It’s not just individuals who are designated as affiliates with terrorism, despite equally publicly available data to suggest the contrary.

A BBC investigation last year showed the process behind banking giant HSBC’s bid to shut down accounts associated with several prominent British Muslims. A mosque in North London was given a “terrorism” label, despite new management that was installed more than a decade ago.

Other names in the database include diplomats and ambassadors, and senior ranking officials associated with global financial institutes, such as the World Bank, as was previously reported.

Based on how profiles are built, potentially anyone with an internet footprint could be included.

Much of the data comes from law enforcement sources, political information, articles, blog posts, and social media, among other sources. From the records we looked at, the data would often contain names, locations, and dates of birth and details of education. but also in some cases social security numbers, and citizenship and passport numbers were included.

The profiles themselves often have little or no justification for the entry. From our searches, we found high ranking global government officials who were named in the files yet there was no visible or clear justification for why they were there. In most cases there were just a handful of external links to publicly available documents, like speeches, election results or pages linking to official government websites for justification of their presence.

Many of the “reports” list a person’s risk as “to be determined,” suggesting there were no improprieties, illegal activities, or even an apparent reason for a profile, except for their status as a public figure.

The database we examined is two years old, and the records may have changed since, however.

A spokesperson for Thomson Reuters didn’t specifically respond to a question in relation to how profiles are built, vetted, or designated, but pointed me to the World Check privacy policy, which reiterates its effort to get data based on information in the public domain.

This entire market of “know your customer” and profiling remains unregulated and ungoverned — despite being used by some of the most powerful countries and organizations today. This industry is growing at a rapid rate — some say by over $30 billion by the start of the next decade. Even though the service has to stand up to strict European and UK data protection rules, a lack of public scrutiny and accountability makes that task almost impossible.

Those who are named in the database have little or no recourse to have their data corrected or removed.

In Nawaz’s case, Thomson Reuters reportedly removed his profile earlier this year. But given that the contents of the database are shrouded in secrecy, not everyone will have the same luck, let alone know they’re on a database in the first place.

SDNN
Henry Sapiecha

IBM to set up cyber centre in Canberra

Led by a former federal police assistant commissioner, the new centre is intended to bring together business and government to tackle security issues.

IBM-Logo-in-blue image www.intelagencies.com

IBM has announced that it will create a National Cyber Security Centre (NCSC) in Canberra, to be headed by Kevin Zuccato, a former Australian Federal Police assistant commissioner and head of the Australian High Tech Crime Centre.

The company said the NCSC would allow access to IBM’s threat-sharing platform used by more than 2,000 businesses around the world, provide emergency response teams for security incidents, and would be partnering with its Australian Security Development Lab on the Gold Coast.

“With the establishment of the IBM National Cyber Security Centre in Canberra, we will provide a destination for government and organisations to proactively collaborate on strategy and policy,” said Kerry Purcell, IBM ANZ managing director. “The NCSC will drive a culture of innovation and openness, essential if we are to tackle this growing issue for every organisation.”

IBM did not specify the timing of the centre’s opening, nor the number of employees it would have.

The new centre will align with the federal government’s cyber strategy, IBM said, and will look to support both government and business in improving information security capabilities.

Announced in April, the AU$240 million Cyber Security Strategy had as its centrepiece the sharing of threat information between business and government, using the existing Australian Cyber Security Centre (ACSC) and new portals in capital cities.

As part of the package, the government said it would create two new roles: Minister assisting the prime minister on cyber security, and special adviser on cyber security within the Department of Prime Minister and Cabinet — the latter of which was filled by former e-safety commissioner Alastair MacGibbon.

In its Defence White Paper, launched in February, the Australian government said it would spend between AU$300 million and AU$400 million over the decade to the 2025-26 financial year on its Cyber Security Capability Improvement program

SPP

Henry Sapiecha

 

Inside the NSA: America’s Cyber Secrets [Full Video x 2 Documentary]

3r5g6yu

Henry Sapiecha

French and German Intelligence Services Knew Paris Attack Was Coming a Month Ago

There should be no doubt that the number one reason for the alleged Paris Terror attacks is to completely lock down Paris in order to totally control the upcoming Climate Summit. That’s not to say there aren’t other very significant purposes operating in the backgrground, especially concerning some quite stealthy geopolitical strategies.

There can be no overstatement about the profound importance and dire urgency of this global meeting which is known as the 2015 United Nations Climate Change Conference.

ooo

Henry Sapiecha

Committee supports budget relief for Australian intelligence agencies

aust gov logo white on black

The Parliamentary Joint Committee on Intelligence and Security has today fulfilled one of its key statutory oversight responsibilities with the tabling of its review into the administration and expenditure of the Australian Intelligence Agencies for the 2013–2014 financial year.

The Committee concluded that the agencies comprising the Australian Intelligence Community are overseeing their administration and expenditure appropriately.

Matters addressed by the Committee included agencies’ strategic planning, staffing, security, budget and financial performance.

Committee Chair, Mr Dan Tehan, commented that ‘for a number of years now, the Committee has monitored the impact of the efficiency dividend and other savings measures on agencies and sought assurances that each agency continued to have the necessary resources to address Australia’s national security priorities.’

‘While outside the period under review, increases to the ongoing funding of intelligence agencies, and the Office of National Assessment’s exemption from the efficiency dividend, help allay the Committee’s concerns that agencies were at the point of being unable to find further efficiencies without affecting ongoing capability or operations,’ Mr Tehan said.

Further information about the inquiry, including the Committee’s report, can be accessed via the Committee’s website at http://www.aph.gov.au/pjcis.

For media comment, please contact the Office of the Chair, Dan Tehan MP, on 6277 4393.

ooo

Henry Sapiecha