Category Archives: SPY AGENCIES

YAHOO SPIED ON 500M USERS EMAILS REQUESTED BY FEDERAL AGENCIES

Published on 5 Oct 2016

An unsettling report says Yahoo complied with government requests to scan all incoming user emails, and even wrote a special program to do so. Between this news and the massive data breach, how can consumers trust Yahoo with their privacy?

CLUB LIBIDO BANNER THE EYES HAVE IT

Henry Sapiecha

I wouldn’t hire James Bond, says real life M16 British spy chief

M16 Real spy chief gives the thumbs down to hiring 007 spy film hero of the silver screen

Actor Daniel Craig poses for photographers on the red carpet at the German premiere of the new James Bond 007 film "Spectre" in Berlin, Germany, October 28, 2015. REUTERS/Fabrizio Bensch/Files

Actor Daniel Craig poses for photographers on the red carpet at the German premiere of the new James Bond 007 film “Spectre” in Berlin, Germany, October 28, 2015. REUTERS/Fabrizio Bensch/Files

Actor Daniel Craig poses for photographers on the red carpet at the German premiere of the new James Bond 007 film ”Spectre” in Berlin, Germany, October 28, 2015. REUTERS/Fabrizio Bensch/Files

Despite his unrivalled record for single-handedly saving the world from disaster while seducing beautiful women along the way, James Bond would not get a job as a British spy, the head of external intelligence agency MI6 has said.

Alex Younger said real spies had to cope with complex moral and physical challenges in the most forbidding environments on Earth, which would rule out the agent known as 007 because he lacked a strong ethical core.

“In contrast to James Bond, MI6 officers are not for taking moral shortcuts,” Younger said in an interview published on Black History Month, a website dedicated to Britain’s annual celebration of its black culture and heritage.

Russian_Girl_1_728_90

“It’s safe to say that James Bond wouldn’t get through our recruitment process,” said Younger.

He added that while real MI6 spooks shared Bond’s qualities of patriotism, energy and tenacity, they needed additional values not displayed by the hero of “From Russia with Love”, “Goldfinger”, “Dr. No” or more recently “Skyfall” or “Spectre”.

“An intelligence officer in the real MI6 has a high degree of emotional intelligence, values teamwork and always has respect for the law — unlike Mr Bond.”

(Reporting by Estelle Shirbon; editing by Stephen Addison)

www.ispysite.com

www.mymoviefiles.com

SPP

Henry Sapiecha

 

Inside the global terror watch-list that secretly shadows millions

The database contains profiles on millions of “heightened-risk individuals,” and is used by dozens of leading banks, governments, and spy agencies

thomson-reuters-times-square image www.intelagencies.com

Thomson Reuters building in Times Square, New York. (Image: file photo)

There is a private intelligence database, packed full of personal details of millions of “heightened-risk” individuals, which is secretly having a devastating effect on those who are on it. Most have no idea they’re under the watchful gaze of some of the world’s largest and most powerful organizations, governments, and intelligence agencies.

But for its worth and value, it wasn’t nearly kept secure enough.

A copy of the database, dating back to mid-2014, was found on an unsecured server hosted by a London-based compliance company, which specializes in “know your customer” profiling and anti-money laundering services.

Chris Vickery, a security researcher at MacKeeper, who found the database, told me that it was stored on a server configured for public access.

This influential yet entirely unregulated database called World-Check lists over 2.2 million corporations, charities, and individuals — some notable, like politicians and senior government officials — which might be connected to illegal activities, like sanctions, violations or financial mismanagement.

Some have been pinned under the database’s “terrorism” category, or are thought to be connected to financing violence.

This data could affect a person’s ability to be lent money by a bank, their employment opportunities, and even influence the people who do business with them — simply based on a designation.

Word of the database first widely emerged earlier this year when Vice News disclosed the existence of the project. It said the database was “secretly wielding power over the lives of millions” who are said to have “hidden risk,” such as those who are violating sanctions or have laundered money or a connection to criminals — which has been linked to account closures and bank blacklisting. As the news site pointed out, simply being a high-profile individual can label someone at risk of bribery.

The report said the database now has over 2.7 million entries — including over 93,000 records relating to those associated with terrorism.

No wonder it’s popular with law enforcement agencies and government departments, which subscribe to the database in an effort to uncover potentially improper conduct. Most of the world’s largest banks and law firms, and over 300 government and intelligence agencies are subscribers, according to a 2015 sales document from its owner, information and finance giant Thomson Reuters, which in 2011 bought the company for $530 million .

Because of the sensitivity of the data, access is limited to a few thousand customers, which have been carefully vetted and are bound by secrecy and non-disclosure agreements.

Vickery reported the leak to Thomson Reuters, but he still went public in an effort to spark a debate on whether these profiling databases are being run appropriately.

“If governments and banks are going to alter lives based upon information in a database like this, then there needs to be some sort of oversight,” he said in an email.

The problem is, there isn’t.

Vickery shared access to the database with ZDNet.

Each profile lists a person’s potential risks such as “narcotics” or “terrorism,” “organized crime,” or “politically exposed person.” Given the list’s potential power to alter a person’s opportunities, many would not approve of their name being on it.

Take one example. Maajid Nawaz ran for the British parliament as a Liberal Democrat in the last election, as profiled by Vice. He is a former member of the radical Islamic group Hizb ut-Tahrir, which calls for its own Islamic state. He was detained in Egypt for five years, but is best known for his publicized and well-documented transition away from radical views. He later set up a think-tank dedicated to challenging the extremist narrative, and advised former prime ministers from Tony Blair onwards on Islamic extremism. And yet, after looking up his profile on the World-Check database, created in 2002, it’s still maintained with a “terrorism” tag and updated as recently as August 2013, despite “no further information recorded,” let alone any connection to extremists or terrorists.

nawaz copy www.intelagencies.com

He called the database “archaic,” and said that the inclusion of his name has had a “material impact” on his life.

It’s not just individuals who are designated as affiliates with terrorism, despite equally publicly available data to suggest the contrary.

A BBC investigation last year showed the process behind banking giant HSBC’s bid to shut down accounts associated with several prominent British Muslims. A mosque in North London was given a “terrorism” label, despite new management that was installed more than a decade ago.

Other names in the database include diplomats and ambassadors, and senior ranking officials associated with global financial institutes, such as the World Bank, as was previously reported.

Based on how profiles are built, potentially anyone with an internet footprint could be included.

Much of the data comes from law enforcement sources, political information, articles, blog posts, and social media, among other sources. From the records we looked at, the data would often contain names, locations, and dates of birth and details of education. but also in some cases social security numbers, and citizenship and passport numbers were included.

The profiles themselves often have little or no justification for the entry. From our searches, we found high ranking global government officials who were named in the files yet there was no visible or clear justification for why they were there. In most cases there were just a handful of external links to publicly available documents, like speeches, election results or pages linking to official government websites for justification of their presence.

Many of the “reports” list a person’s risk as “to be determined,” suggesting there were no improprieties, illegal activities, or even an apparent reason for a profile, except for their status as a public figure.

The database we examined is two years old, and the records may have changed since, however.

A spokesperson for Thomson Reuters didn’t specifically respond to a question in relation to how profiles are built, vetted, or designated, but pointed me to the World Check privacy policy, which reiterates its effort to get data based on information in the public domain.

This entire market of “know your customer” and profiling remains unregulated and ungoverned — despite being used by some of the most powerful countries and organizations today. This industry is growing at a rapid rate — some say by over $30 billion by the start of the next decade. Even though the service has to stand up to strict European and UK data protection rules, a lack of public scrutiny and accountability makes that task almost impossible.

Those who are named in the database have little or no recourse to have their data corrected or removed.

In Nawaz’s case, Thomson Reuters reportedly removed his profile earlier this year. But given that the contents of the database are shrouded in secrecy, not everyone will have the same luck, let alone know they’re on a database in the first place.

SDNN
Henry Sapiecha

IBM to set up cyber centre in Canberra

Led by a former federal police assistant commissioner, the new centre is intended to bring together business and government to tackle security issues.

IBM-Logo-in-blue image www.intelagencies.com

IBM has announced that it will create a National Cyber Security Centre (NCSC) in Canberra, to be headed by Kevin Zuccato, a former Australian Federal Police assistant commissioner and head of the Australian High Tech Crime Centre.

The company said the NCSC would allow access to IBM’s threat-sharing platform used by more than 2,000 businesses around the world, provide emergency response teams for security incidents, and would be partnering with its Australian Security Development Lab on the Gold Coast.

“With the establishment of the IBM National Cyber Security Centre in Canberra, we will provide a destination for government and organisations to proactively collaborate on strategy and policy,” said Kerry Purcell, IBM ANZ managing director. “The NCSC will drive a culture of innovation and openness, essential if we are to tackle this growing issue for every organisation.”

IBM did not specify the timing of the centre’s opening, nor the number of employees it would have.

The new centre will align with the federal government’s cyber strategy, IBM said, and will look to support both government and business in improving information security capabilities.

Announced in April, the AU$240 million Cyber Security Strategy had as its centrepiece the sharing of threat information between business and government, using the existing Australian Cyber Security Centre (ACSC) and new portals in capital cities.

As part of the package, the government said it would create two new roles: Minister assisting the prime minister on cyber security, and special adviser on cyber security within the Department of Prime Minister and Cabinet — the latter of which was filled by former e-safety commissioner Alastair MacGibbon.

In its Defence White Paper, launched in February, the Australian government said it would spend between AU$300 million and AU$400 million over the decade to the 2025-26 financial year on its Cyber Security Capability Improvement program

SPP

Henry Sapiecha

 

JACOB APPELBAUM EXPOSES NSA TOOLS HACKING YOUR COMPUTER-BACK DOORS & MALWARE

Published on Dec 30, 2013

NSA AGENTS who specialize in SECRET BACK DOORS FOR SPYING ON YOU are able to keep an eye on all levels of our digital lives. THE NSA ILLEGAL GOVT HACKERS SPY ON computing centers to individual computers, and from laptops to mobile phones. UNLOCKING ANY AND ALL PHONES AND COMPUTERS AND LABTOPS. FOR EVERY SECURED COMPUTER OR NETWORK the ANT seems to have a key in its toolbox TO OPEN AND GAIN INSTANT ACCESS TO EVERYONE. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.
THE NSA 50-page CATAOLOG HAS A list that reads like a mail-order catalog. ALL NSA employees can order technologies from the ANT division for tapping their targets’ data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000. In the case of Juniper, the name of this particular digital lock pick is “FEEDTROUGH.” This NSA MALWARE burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive “across reboots and software upgrades.” In this way, US GOVERNMENT SPIES can SECURE and PLANT themselves a permanent presence in ANY computer networks. The catalog states that FEEDTROUGH “has been deployed on many target platforms.”
NSA SPECIALISTS at ANT which stands for Advanced or Access Network Technology, ARE GOVT EMPLOYED MASTER HACKERS for the NSA’s department for Tailored Access Operations (TAO). In cases where TAO’s usual hacking and data-skimming methods don’t suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such “IMPLANTS,” as they are referred to in NSA parlance, have played a considerable role in the intelligence agency’s ability to establish a global covert network that operates alongside the Internet.
http://www.spiegel.de/international/w…
AND GRAPHICS SHOWING NSA SPY TOOLS http://www.spiegel.de/international/w…

uib7

www.scamsfakes.com

Henry Sapiecha

The NSA Can “Literally Watch Every Keystroke You Make” TV report video interview.

Published on Dec 30, 2013

http://www.democracynow.org – The German publication Der Spiegel has revealed new details about a secretive hacking unit inside the National Security Agency called the Office of Tailored Access Operations, or TAO. The unit was created in 1997 to hack into global communications traffic. Hackers inside the TAO have developed a way to break into computers running Microsoft Windows by gaining passive access to machines when users report program crashes to Microsoft. In addition, with help from the CIA and FBI, the NSA has the ability to intercept computers and other electronic accessories purchased online in order to secretly insert spyware and components that can provide backdoor access for the intelligence agencies. American Civil Liberties Union Deputy Legal Director Jameel Jaffer and journalist Glenn Greenwald join us to discuss the latest revelations, along with the future of Edward Snowden, who has recently offered to assist U.S. targets Germany and Brazil with their respective probes into NSA spying.

ACS

Henry Sapiecha

Inside the NSA: America’s Cyber Secrets [Full Video x 2 Documentary]

3r5g6yu

Henry Sapiecha

Twitter warns users about potential ‘state-sponsored’ hacks

twitter blue logo image www.intelagencies.com

Attackers may have been looking for “email addresses, IP addresses, and/or phone numbers”, Twitter says. Photo: Bloomberg

Twitter has issued an alert to some users warning them that state-sponsored hackers may have tried to obtain sensitive data from their accounts, the company said, the first such warning by the microblogging site.

The notice said there was no indication the hackers obtained sensitive information from what it said were a “small group of accounts” targeted.

It did not provide additional information about the attack or possible suspects in its investigation.

Twitter’s notice is the latest amid concern about cyber attacks by state-sponsored organisations. Government agencies, businesses and media have all been hacked.

One organisation that said it received the notice, a Canadian nonprofit called Coldhak, said the warning from Twitter came on Friday. The notice said the attackers may have been trying to obtain information such as “email addresses, IP addresses, and/or phone numbers”.

Coldhak’s Twitter account, @coldhakca, retweeted reports from a number of other users who said they received the notice. Coldhak and the other users did not indicate why they may have been singled out.

Colin Childs, one of the founding directors of Coldhak, told Reuters his organisation has seen “no noticeable impact of this attack”.

Google and Facebook have also started issuing warnings to users possibly targeted by state-sponsored attacks.

Reuters
ooo

Henry Sapiecha

FBI: Surveillance flights by the book, rarely track phones

FILE - In this May 26, 2015, file photo, a small plane flies near Manassas Regional Airport in Manassas, Va. The plane is among a fleet of surveillance aircraft by the FBI, which are primarily used to target suspects under federal investigation. The FBI assured Congress on June 17, in an unusual, confidential briefing that its plane surveillance program is a by-the-books operation short on high-definition cameras, with some planes equipped with binoculars. (AP Photo/Andrew Harnik)

FILE – In this May 26, 2015, file photo, a small plane flies near Manassas Regional Airport in Manassas, Va. The plane is among a fleet of surveillance aircraft by the FBI, which are primarily used to target suspects under federal investigation. The FBI assured Congress on June 17, in an unusual, confidential briefing that its plane surveillance program is a by-the-books operation short on high-definition cameras, with some planes equipped with binoculars. (AP Photo/Andrew Harnik)

In this May 26, 2015, file photo, a small plane flies near Manassas Regional Airport in Manassas, Va. The plane is among a fleet of surveillance aircraft by the FBI, which are primarily used to target suspects under federal investigation. (AP Photo/Andrew Harnik)

The FBI assured Congress in an unusual, confidential briefing that its plane surveillance program is a by-the-books operation short on high-definition cameras — with some planes equipped with binoculars — and said only five times in five years has it tracked cellphones from the sky.The FBI would not openly answer some questions about its planes, which routinely orbit major U.S. cities and rural areas. Although the FBI has described the program as unclassified and not secret, it declined to disclose during an unclassified portion of a Capitol Hill briefing any details about how many planes it flies or how much the program costs. In a 2009 budget document, the FBI said it had 115 planes in its fleet.

The briefing Wednesday to Senate staff was the first effort in recent years — if ever — to impose oversight for the FBI’s 30-year aerial surveillance program that gives support to specific, ongoing investigations into counterterrorism, espionage and criminal cases and ground surveillance operations. While it withheld some details, it offered assurances that the planes are not intended to perform mass surveillance or bulk intelligence collection. However, there is still no formal oversight regimen for the program.

The briefing came two weeks after the FBI confirmed to The Associated Press for the first time its wide-scale use of the aircraft, after the AP traced at least 50 planes registered to fake companies back to the FBI. The AP investigation identified more than 100 flights in 11 states over a 30-day period this spring. The planes since June 1 have flown more than two-dozen times over at least seven states, including parts of Texas, Georgia and the Pacific Northwest.

The ubiquity of the flights, combined with few details about the surveillance equipment aboard the planes, raised civil liberties concerns over Americans’ privacy.

The AP had reported that, in rare circumstances, the FBI equipped the planes with technology capable of tracking thousands of cellphones using a device known as a “cell-site simulator.” These can trick pinpointed cellphones into revealing identification numbers of subscribers, including those not suspected of a crime.

The FBI said that technology has been used on its surveillance aircraft only five times since 2010, according to one Senate staffer present at the briefing. The FBI would not say how often it has used the technology in ground surveillance operations.

Staffers shared details with the AP on condition of anonymity because they were not authorized to speak publicly about them.

The FBI said 85 percent of the aircraft have commercially available infrared still and video cameras. The remaining 15 percent use binoculars for surveillance missions. The FBI said there were only eight high-definition cameras in the fleet, though it would like to have that technology for more of its planes.

The FBI, like the Drug Enforcement Administration, said it hides its aircraft behind fake companies so that it can discreetly conduct surveillance and protect the safety of the pilots. The FBI said most surveillance flights — some 64 percent — are part of national security investigations. It was unclear over what time period those flights took place.

Senate Judiciary Chairman Chuck Grassley, R-Iowa, pressed for answers about the FBI’s aerial surveillance program after The Washington Post reported in May that an FBI surveillance plane was used over Baltimore during rioting that erupted following the death of 25-year-old Freddie Gray, who sustained grievous injuries while in police custody. In that instance, the FBI was helping local police with aerial support.

Despite government concerns that publicity about the planes might impede surveillance, the number of flights has remained consistent since the AP first reported on the program, according to an AP review of flight records and radar data. Flights since June 2 have occurred a few times each day over cites across the United States, including San Francisco, Phoenix and Orange County, California. They are generally flown without a warrant, which the FBI says is consistent with the law.

Two senators proposed changing that Wednesday.

Sen. Dean Heller, a Nevada Republican, and Sen. Ron Wyden, an Oregon Democrat who has been outspoken about government surveillance, introduced a bill that would limit what the federal government can record from the skies and require a warrant to conduct surveillance from planes and drones.

“Technology has made it possible to conduct round-the-clock aerial surveillance. The law needs to keep up,” Wyden said in a statement. “Clear rules for when and how the federal government can watch Americans from the sky will provide critical certainty for the government, and help the unmanned aircraft industry reach its potential as an economic powerhouse in Oregon and the United States.”

The FBI said it does not comment on pending legislation, but maintained that a warrant was not necessary for the type of surveillance being conducted from its planes.

Courts are grappling with balancing constitutional protections against evolving technologies, as laws have not kept pace with technological advancements.

Among other reasons, the surveillance planes were exposed as belonging to the FBI because one of its fake companies shared a post office box with the Justice Department, creating a link between the companies and the FBI through publicly available Federal Aviation Administration records.

The FBI told Senate staffers it was working with the FAA to restore some cover to preserve operational security, but it did not plan to spend the money required to operate under “deep cover.”

ooo

Henry Sapiecha

Cyberattacks Increasingly Rapid and Deceptive: Symantec

Aspire-Hero-image www.intelagencies.com

In 2014, cybercriminals, using increasingly rapid and deceptive attacks, targeted the financial sector to stole massive amounts of data from major institutions, according to Mountain View, Calif.-based Symantec’s Internet Security Threat Report.

Other highlights: Twenty percent of financial, insurance and real estate companies were at risk of spear-phishing attacks in 2014, similar to the 2013 rate; 30% of finance workers were targeted with spear-phishing attacks, where emails were frequently sent requesting payment by credit card or the completion of a wire transfer; and, financial information was the fourth most common type of information exposed in 2014.

“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” Kevin Haley, director, Symantec Security Response said in a release. “We’re seeing attackers trick companies into infecting themselves by ‘Trojanizing’ software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access to the corporate network.”

In a record-setting year for zero-day vulnerabilities, Symantec research revealed that it took software companies an average of 59 days to create and roll out patches. That was up from only four days in 2013. Attackers took advantage of the delay and, in the case of Heartbleed, exploited the vulnerability within four hours.

Meanwhile, advanced attackers continued to breach networks with highly-targeted spear-phishing attacks. What makes last year particularly interesting is the precision of these attacks, which used 20% fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits.

Email remains a significant attack vector for cybercriminals, but they continue to experiment with new attack methods across mobile devices and social networks to reach more people, with less effort.

In a separate announcement the Department of Homeland Security, in collaboration with Interpol and the FBI, released a Technical Alert to provide further information about the Simda botnet that has compromised more than 770,000 computers worldwide with a self-propagating malware since 2009. A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.

Recommended actions to remediate Simda infections include use and maintain anti-virus software, change, keep operating system and application software up-to-date, and use anti-malware tools.

ooo

Henry Sapiecha