Commie Bastards…

A group of between 50 and 100 professional hackers operating out of China has been systematically targeting businesses, military and government agencies around the world since at least 2009, security vendor Symantec said in a report released on Tuesday.  The group, calledhidden-lynx-640x475 Hidden Lynx, is believed connected to the Operation Aurora espionage campaign of 2010 in which dozens of major companies, including Google and Microsoft, were targeted.  More recently, Hidden Lynx was associated with an attack on security vendor Bit9 earlier this year, and also with numerous “watering hole” attacks against hundreds of organizations in the United States.  The group has a long history of attacking organizations in the defense industrial base, financial services sector, education, government, supply chain and the engineering sector, Symantec noted in its report. More than half of the attacks have been against U.S.-based companies, but the group has been going after targets in other countries as well.  What makes Hidden Lynx notable is its access to a seeming arsenal of sophisticated malware tools that includes zero-day vulnerabilities, said Kevin Haley, director of Symantec Security Response.  The tools include one named Trojan.Naid, which the group apparently reserves for use against high-value targets such as those in Operation Aurora. Another, dubbed Backdoor Moudoor, is used for more general-purpose hacking campaigns.  Haley said members of Hidden Lynx appear loosely organized into two teams: an A-team, comprising a relatively small number of elite hackers with access to sophisticated tools like Trojan Naid; and a B-team, which appears comprised mainly of foot soldiers responsible for carrying out large attacks using Backdoor Moudoor and similar tools.  The elite hackers are usually deployed for special operations involving a high-degree of skill and secrecy, Haley noted. Often, this group appears to have advanced knowledge of, and access to, information on fresh zero-day vulnerabilities, Haley said.  Read More…  Is anyone not blocking Chinese access to their sites?

UPDATE – 10/15/13 – Hacker Group Hiden Lynx target Mandiant CEO Via Limo Service

Schneier – “The NSA has destroyed the fundamental fabric of the Internet…”

The U.S. National Security Agency’s efforts to defeat encrypted Internet communications, detailed in recent news stories, are an attack on the security of the Internet and on users’ trust in the network, some security experts said.  The NSA and intelligence agencies in allied countries have found ways to circumvent much of the encryption used on the Internet, according to stories published by The New York Times, ProPublica and the Guardian. The NSA, the British GCHQ and other spy agencies have used a variety of means to defeat encryption, including supercomputers, court orders and behind-the-scenes agreements with technology companies, according to the news reports.

bruce_schneierThe reports, relying on documents provided by former NSA contractor Edward Snowden, show that many tech companies are collaborating with the spy agencies to “destroy privacy,” said cryptographer and security specialist Bruce Schneier. “The fundamental fabric of the Internet has been destroyed.”  Digital rights group the Center for Democracy and Technology echoed some of Schneier’s concerns, with CDT senior staff technologist Joseph Lorenzo Hall calling the NSA’s encryption circumvention efforts “a fundamental attack on the way the Internet works.”

But Matthew Green, a cryptographer and research professor at Johns Hopkins University, suggested Microsoft is due for scrutiny on encryption security, if encryption has been compromised, as the recent news stories suggest. Most commercial encryption code uses a small number of libraries, with Microsoft CryptoAPI being among the most common, he wrote in a blog post.  The good news for privacy-minded Internet users is that security researchers questioned whether the foundations of cryptography itself have been compromised. Some encryption protocols are vulnerable, but it’s likely that the NSA is attacking the software that encryption is implemented with or relying on human mistakes, Green wrote.

Friends, as Bruce Schneier said, “trust no one…” and as the Villainous VooDoo said, “the only digital privacy you can expect is that which you make for yourself…

UPDATE – 09/23/13 – “NSA Spying Is Making Us Less Safe…”NSA surveillance: A guide to staying secure

Pirate Bay introduces Web browser to elude censorship

The Pirate Bay has introduced its own browser, which can be used to circumvent censorship and blockades.  The PirateBrowser is a simple, one-click, pre-configured Firefox browser that makes The Pirate Bay and other blocked sites instantly available and accessible in countries where the site is blocked, the torrent search website said in a blog post over the weekend.  pirate_bay_logoPirateBrowser uses Vidalia, a cross-platform graphical controller for the Tor software that allows users to start and stop the Tor anonymizing network.  This client is bundled with Mozilla’s Firefox portable browser with the FoxyProxy addon, a set of proxy management tools for Firefox, Google Chrome and Internet Explorer that bypass content-filtering in certain countries.  Combined with some custom adjustments, the PirateBrowser allows users to “circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, the Netherlands, Belgium, Finland, Denmark, Italy, and Ireland impose onto their citizens,” according to the PirateBrowser site.  The launch of the browser that celebrates the 10th anniversary of The Pirate Bay is only intended to circumvent censorship, The Pirate Bay said. PirateBrowser is available for Windows on piratebrowser.com. Linux or Mac versions were not announced.

Groklaw falls victim to the NSA…

Groklaw, an award-winning legal news website has stopped work, saying it cannot operate under current US surveillance policies.  Pamela Jones, Groklaw founder, cited the alleged US practice of screening emails from abroad and storing messages “enciphered or otherwise thought to contain secret meaning” for five years.  Groklaw had promised its sources anonymity, but said it could not now ensure contributors would stay secret.  A screenshot of the Groklaw websitePeople, remember when I said: “…privacy is something you make for yourself…”?  We all know the NSA is snooping around and now we’re seeing fallout from it.  “There is no way to continue doing Groklaw, not long term, which is incredibly sad,” Ms Jones wrote, adding: “There is now no shield from forced exposure.”  Ms Jones suggested that the anonymity of Groklaw contributors could be at risk, since emails were screened by the US government.  “I can’t do Groklaw without your input,” she said. “There is now no private way, evidently, to collaborate.”  London-based patent lawyer Andrew Alton, of Urquhart-Dykes and Lord, said: “Groklaw has been a great resource because it brings together all the available documents, instead of reading second or third hand analysis.  “I understand why Ms Jones has decided it cannot continue.  “There is a danger that, by encouraging people to contribute, those individuals might be incriminating themselves.”  As the Villainous VooDoo has warned before, Big Brother Obama is listening.  Had enough yet?

UPDATE – 09/16/13 – Interesting reading on the subject.

Encryption App Silent Circle Shuts Down…

The communications encryptions firm ‘Silent Circle’ chose to shut down it’s e-mail service as one if its competitors ‘Lavabit’ recently shut down it’s core email service.  Lavabit cited that he had been the subject of a U.S. government investigation and gag order.  It appears the NSA came knocking and instead of fighting for our disappearing privacy rights, Lavabit decided to fold.  Silent-Circle-screenshot5Co-founder and CTO Jon Callas said in a blog post Friday that Silent Circle’s e-mail service had “always been something of a quandary for us.” This, in spite of the fact that one of Silent Circle’s other co-founder is Phil Zimmermann, inventor of the popular e-mail encryption software PGP.  Electronic mail uses standard internet protocols that cannot have the same security guarantees that real-time communication has, Callas said. “Email as we know it with SMTP, POP3, and IMAP cannot be secure.”

“We’ve been thinking about this for some time, whether it was a good idea at all. Yesterday, another secure email provider, Lavabit, shut down their system lest they ‘be complicit in crimes against the American people.’ We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail.”  Callas said Silent Circle had not received subpoenas, warrants or anything other similar request from any government. The company had been debating what to do about its email service for weeks, and up until Friday was ready to phase the service out so that it would continue for existing customers. “It is always better to be safe than sorry,” Callas said.  What he meant was “…better whipped and submissive than free…”

Friends, this is truly sad.  On a daily basis, I see our rights and liberties evaporating due to the efforts of our government and it’s agencies that LIE to us and SPY on us, all under the banner of Social Reform.  This post show that a society that fears and distrusts it’s own leaders cannot thrive.  Had enough yet?

UPDATE – 08/15/13 – Monterey-based Privato Security sped up the launch of its email service.  “I think it is a golden opportunity for us,” CEO Neal Smith, 68, said Tuesday.  Privato works by sending an email to a cloud server, an Internet-based storage system, where it stays — heavily encrypted — until the recipient downloads it, instantly deleting it from the server.  Check it out.

UPDATE – 08/16/13 – NBC reports that senior US Attorney James Trump sent Lavabit founder Ladar Levison and his lawyer a veiled arrest threat when Levison shut down his private email service (used by NSA leaker Edward Snowden) rather than comply with a secret order to spy on his customers.  More interesting reading on the subject here.

UPDATE – 08/23/13 – Ladar Levison, the owner of the now-shuttered encrypted email service used by Edward Snowden said that he will continue to defend online security free of government surveillance, hopefully with success in courts or a possible move of his company overseas.

UPDATE – 08/29/13 – Usage for Tor doubles in wake of secure email shutdowns.

UPDATE – 09/16/13 – Interesting reading on the subject.

  • Ads