Why Is Snapchat More Secure than the Federal Government? by Andrea Castillo

/in , /by

Cyberhawks have seized upon this year’s massive hack of the Office of Personnel Management (OPM) to shove a wolfish surveillance bill in a sheepish cybersecurity bill’s clothing down America’s throat.

But the “Cybersecurity Information Sharing Act of 2015” (CISA) would have done nothing to stop the hack that exposed as many as 14 million federal employees’ personnel records. The pro-NSA crowd’s arguments are obvious nonsense — if anything, the OPM hack clearly demonstrates the danger of trusting incompetent government bureaucracies to manage huge datasets of sensitive personal information.

But amid all of the hubbub, these self-styled champions of strong cybersecurity — who also just happen to be anti-private encryption and pro-surveillance — have neglected to raise one important question: Why did a goofy picture-sharing app implement basic security measures before the central repository for all federal personnel data did?

This week, Snapchat announced that the private picture messaging service was offering two-factor authentication for its users. This basic measure of security helps to verify that the person logging in is indeed the legitimate owner of their account by sending out a text message with a special access code to the owner’s cell phone.

That way, a hacker must obtain both your password and your mobile phone to access and control your account. It’s simple, but simple security solutions can sometimes mean the difference between a foiled infiltration and a very, very bad day for a Snapchat user.

Of course, it is too much to expect the chief steward of federal employee information to implement such a simple policy. As the beleaguered office’s Inspector General reported last fall, OPM does not require multi-factor authentication to access its information systems.

If a careless OPM employee chose a weak and easy-to-guess password, or emailed it in plain text across an insecure channel, or merely left it on a sticky note on his or her desk (as is common practice in the federal government), than any common hacker could potentially access vast amounts of federal data.

In other words, an application for sharing pictures of wild parties and funny cats has better authentication standards than the federal government’s primary steward of millions of current and former federal employees’ and contractors’ addresses, Social Security numbers, financial information, and health records. Oh, and that of our military leadership and intelligence contacts — several of which are embedded deep undercover in dangerous missions — as well.

Hackers also accessed the feds’ cache of Standard Form 86 files for the aforementioned groups, dragging countless family members, friends, and colleagues into the databreach crossfire.

To call this a huge mess would be the second biggest understatement of the year. The biggest? That OPM’s substantial information security vulnerabilities are entirely unacceptable and directly at fault for the hack.

The OPM’s annual information security reports to Congress have admitted “material weaknesses” and “significant deficiencies” for years. The department lacked an IT team with “professional security experience and certifications”until 2013. Disgruntled employees could have merely walked off with this data if they wanted to, since OPM does not “maintain a comprehensive inventory of servers, databases, and network devices.” Nor did the OPM encrypt any of the data that the hackers stole — they might as well have just invited our forward friends in China to sweep in through the front door!

As Ars Technica’s Sean Gallagher concludes, “Considering the overall condition of OPM’s security, it’s no surprise that an attacker — almost any attacker — could gain a foothold inside the agency’s network. But attackers didn’t just gain a foothold, they had practically a free run of the networks.”

It’s true that Snapchat has hardly been a paragon of good cybersecurity in the past, as previous security vulnerabilities, breaches, misleading marketing, and the infamous “Snappening” testify. However, there is another important difference between Snapchat and the OPM that puts the humble app ahead of the mighty federal office: Snapchat has to learn from its mistakes.

As a private service provider in a hotly-competitive market that must keep its users happy to stay afloat, Snapchat moved quickly to get its security house in order after their big mistakes. They hired the former social network security leader for Google and started to build a “culture of security” within the firm.

They may still have a long way to go, but these investments and cultural prioritization are important first steps that demonstrate a proactive sense of ownership in their platform’s security. And of course, if they keep screwing up, they’ll be sued out the nose and go out of business for good.

We see no such sense of urgency with OPM. The agency received what could have been a saving wakeup call in last year, when it was discovered that Chinese hackers had accessed OPM databases in March of 2014.

OPM had the opportunity to implement simple encryption and authentication measures, tighten up their ship, and increase employee education about good data and security practices. No such luck! The office more or less continued on its merry way.

No one was fired back then and it looks like no one will get fired now. It’s government work, after all.

Unfortunately, OPM is hardly the only sucker on cybersecurity in the federal government, as my research for the Mercatus Center has found. This kind of unbelievably poor cybersecurity posture is the norm rather than the exception.

In fact, it’s hard to pick what is scarier: that the federal government operates under the digital equivalent of leaving all of their doors and windows unlocked and wide open, or that these same federal agencies want more power to manage your personal data through CISA.


Andrea Castillo

Andrea Castillo is the program manager of the Technology Policy Program for the Mercatus Center at George Mason University and is pursuing a PhD in economics at George Mason University.

Alleged Israeli Cyber Spying on Iran Talks?

/in , , , /by

Outgoing Chairman of the U.S. Joint Chiefs of Staff, Gen. Martin Dempsey made his last visit to Tel Aviv to meet with IDF counterparts. Ostensibly this trip by outgoing JCS chief Dempsey was to assure the IDF that the U.S. would live up to its pledge to maintain the Qualitative Military Edge superiority of the IDF in the Middle East.  This was about Israeli concerns raised over advanced weapons systems like the F-35 being offered to Gulf Cooperation Council, notably Saudi Arabia. Saudi Arabia is caught between Iran’s hegemony over four Arab capitals, the threats of ISIS infiltrating the Kingdom perpetrating suicide bombings and the current conflict against Iranian trained Houthi rebels in Yemen. Somehow we are lent the impression that he may have been there to  promote  the benefits of a  looming  P5+1 deal against a nuclear Iran, trusting that any deal with Islamist Iran threatening to wipe Israel off the map of the word  wouldn’t interfere with the long coveted exchange of intelligence  and cyber-security information between the two allies.

Kaspersky labs Reuters-Serhgei Karpukhirt

Kaspersky Labs Moscow-based cyber security firm. Source: Reuters/Sergei Karpukhin

That impression was dispelled by news from Moscow-based Kaspersky Laboratories, a premier cyber security firm detecting a new malware, called Duqu Bet, named after the second alphabet in the Hebrew alphabet alleging possible Israeli development of a powerful cyber spy software system.  A Wall Street Journal report suggested that Duqu Bet was allegedly targeting posh hotels used for private U.S. Iranian negotiations in Switzerland and Austria. In a February 2015 Iconoclast post we noted Duqu 1.0 as a key component in the Equation group discovered by cyber security firm Kaspersky Labs based in Russia:

The Equation Group according to Kaspersky has a powerful and  geographically distributed network  covering more than 300 web domains  involving over 100 servers located in the U.S., UK, Italy, Germany, Netherlands, Panama, Costa Rica, Malaysia, Colombia and the Czech Republic.  Since 2001, it has infected tens of thousands of “high profile victims” in over 30 countries. Examples include: “Government and diplomatic institutions, Telecommunications, Aerospace, Energy, Nuclear research, Oil and Gas, Military, Nanotechnology, Islamic activists and scholars, Mass media, Transportation, Financial institutions and companies developing encryption technologies.”

 Business Insider noted the hypocrisy of Kaspersky disclosing this latest alleged Israeli Malware:

“The use of Duqu by Israel against Iran is not the question we should be asking,” Jeff Bardin, chief intelligence officer of Treadstone 71, told Business Insider. “The question should be why Kaspersky only finds code of this type by nation-states it does not consider friendly to Russia or those aligned to the West.” Is it because there is no code of this type [Duqu] coming out of Russia?” Bardin asks, “Or is it because disclosing code of this type that is Russian made and in use against target nation-states would place Eugene Kaspersky at risk of countering his country’s cyber espionage efforts and, at risk of incurring the wrath of Putin?”

The firm’s billionaire founder and CEO, Eugene Kaspersky, used to work for the KGB and reportedly maintains relationships with former and current Russian intelligence officials.

“Kaspersky releases this information as a political tool,” Bardin said. “The absence of any photos of Kaspersky with Putin on the internet is itself evidence of direct alignment. Can you be a billionaire in Russia today without the direct scrutiny of Vladimir Putin?”

Bloomberg analysis of Kaspersky’s work generally supports Bardin’s suspicions: “While Kaspersky Lab has published a series of reports that examined alleged electronic espionage by the U.S., Israel, and the U.K., the company hasn’t pursued alleged Russian operations with the same vigor

Gav-Yam Technology Center source WSJDoubtless the Israeli military and national security echelons harrumphed about U.S. cyber security expertise given Chinese and Russian hacking of U.S. government and White House files. The Wall Street Journal reported Israel building a $5.9 billion cyber communication security complex near Beersheba in the Negev to house military high tech echelons including the fabled Unit 8200. That has attracted U.S. high tech and defense firms like EMC, Oracle and Lockheed Martin to build facilities in the planned development.

 The Pentagon recently announced “restocking” of supplies of tens of thousands of rockets, missiles, and quantities of ammunition held back at White House request during last summer’s Operation Defense Edge.  That may not include so-called  bunker busters or the Boeing developed CHAMP non-nuclear EMP cruise missile capable of   destroying computers  and communication nets  of Iran’s nuclear  program  without loss of life.  The Pentagon promoted this latest offering as an increase of weapons under the $1.8 billion military grant.

However, Dempsey’s leave taking and his successor, Marine General Marine Corps Gen. Joseph F. Dunford Jr. arrival under  Pentagon civilian chief, Secretary of Defense Ashton Carter may have a different agenda.  With 18 months left in the President’s second term and a possible diplomatic deal with Iran over its nuclear program releasing tens of billions of funds, Israel is clearly concerned. Concerned that Iran may already have achieved a nuclear threshold and been given funds to support state terrorism enabling delivery of more weapons to proxies, Hezbollah and Hamas.  Hezbollah’s Sheik Nasrallah threatened  “displacement of Millions of Israelis” in any future conflict with Israel raining down hundreds of thousands of Iranian supplied rockets and missiles on the Jewish nation.

Meanwhile, the alleged solid intelligence and security alliance between the U.S. and Israel appears tattered, awaiting a successor to President Obama in January 2017 who may return the previously productive relationship to solid footing.

EDITORS NOTE: This column originally appeared in the New English Review.

Cyber Security: Where are we now and where are we headed?

/in , , , , /by

I recently had an extended conversation with John Jorgensen, founder and CEO of the Sylint Group, and USAF Brigadier General (Ret.) Charly Shugg, Sylint’s Chief Operations Officer, on where we are on cyber security and where we are headed. Both John and Charly understand that technology is ubiquitous. It is present, appearing and found everywhere. As technology expands so does the possibility of those with the necessary skills to use it for both good and evil. The Sylint Group is focused on combating the evil – the cyber war being conducted at every level from the individual to the nation state every moment of every day.

The more we tune in, turn on and hook in to technology the greater the threat to individual privacy and freedom.

Mr. Jorgensen believes the greatest future threat is from “chipping” but more about that later.

What is the current threat?

What most individuals think about when you say cyber security is protecting their personal information (e.g. credit cards, medical records, telephone and email conversations). For corporations it is about protecting their data, corporate processes and networks. For nation states, like the U.S., it is about protecting national assets such as the electrical grid, nuclear power plants, government websites and government secrets. Each sector has its unique needs but are these needs to provide cyber security being met? According to Mr. Jorgensen they are not. Mr. Jorgensen in his column “A New Age – The Cyber Information Age” wrote:

We are connected to each other electronically through communications systems that we don’t understand and to people we don’t know personally, and maybe don’t know that they are connected to us. Our lives bleed out through on-line personal accounts and everyone knows our foibles and sins. Our hard earned money is stolen from our bank accounts by somebody in a mid-eastern country, which we didn’t know existed. And all of this is accomplished using 1’s and 0’s in a nanosecond of time from thousands of miles away.

I notice that the American Enterprise Institute (AEI) is held a conference titled “Road Ahead to Cybersecurity”. I don’t think that there is a “road ahead” for cyber security. There isn’t a road at all! The whole playing field has changed and there are no defined roads in or out.

I firmly believe that we are stuck in a quagmire alongside that “road” to the playing field and it dead ended at the entry to a new age called “the Cyber Information Age”.

What are the future threats?

bio chip embedded in hands

Sub-dermal chip implants.

Restorative and enhancement technologies, biohackers, cyborgs, grinders and sub-dermal technology (chipping). Restorative technologies include devices used to help individuals medically. They are devices, that include a computer chip, used to restore the lives of individuals to normal or near normal. Restorative technologies include devices such as: heart pace makers, insulin pumps and prosthetic devices.

Enhancement devices are those which the individual implants into their bodies outside of the medically approved arena. Individuals can for just $39 buy a glass-encased embeddable chip that works with some Android smartphones.  A full DIY cyborg kit, including a sterilized injector and gauze pads, runs about $100. Amal Graafstra, a cyborg who creates and sells biohacking devices, said, “Some people see the body as a spiritual vessel not to be tampered with.  And some people understand their body is their own, treating it like a sport utility vehicle. I see [biohacking] as, I got fancy new fog lights on my SUV. “

Some of these enhancement devices are being designed to be used with computer games. The idea is to give the gamer a more realistic experience by using sub-dermal technology to provide pleasure and pain as the game is played. Mr. Jorgensen states that the gaming industry is “spending $300 million annually” to provide sub-dermal gaming chips, effectively turning gamers into cyborgs.

If a gaming chip is implanted in an individual and it can impact that person emotionally or physiologically, then someone (biohackers) could access the chip and use it to control the individual. Mr. Jorgensen calls this phenomenon “chipping.” Mr. Jorgensen notes that the U.S. military used to use games to train our soldier but dropped the program. The reason was that games are all about the individual and not the team. The gamer games to win, regardless of the impact of those around him or her.

How will this impact society?

Jim Brandon in his column “Is there a microchip implant in your future?” wrote:

Like any tech advancement, there are downsides. Concerns about the wrong people accessing personal information and tracking you via the chips have swirled since the FDA approved the first implantable microchip in 2004.

Naam and Pang both cited potential abuses, from hacking into the infrastructure and stealing your identity to invading your privacy and knowing your driving habits. There are questions about how long a felon would have to use a tracking implant. And, an implant, which has to be small and not use battery power — might not be as secure as a heavily encrypted smartphone.

Troy Dunn, who attempts to locate missing persons on his TNT show “APB with Troy Dunn,” said a chip implant would make his job easier, but he is strongly against the practice for most people. “I only support GPS chip monitoring for convicted felons while in prison and on parole; for sex offenders forever; and for children if parents opt in,” he says. “I am adamantly against the chipping of anyone else.”

Using chip implants to locate abducted children could actually have the opposite effect. Pang says a microchip would make a missing person easier to rescue, but “Kidnappers want ransoms, not dead bodies. The most dangerous time for victims is during rescue attempts or when the kidnappers think the police are closing in.”

And beyond the obvious privacy issues, there’s something strange about injecting a chip in your body, Lipoff says. Yet pacemakers and other embedded devices are commonly used today. “People might find it a bit unsavory, but if it is not used to track you, and apart from the privacy issues, there are many interesting applications,” he says.

What happens if you, your child or grandchild decide to implant a chip in their body. What would you say, think, do?

RELATED ARTICLES:

Cybersecurity warnings: Will we ignore all of this?

‘Smart Cities’ Will Know Everything About You

Hack of security clearance system affected 21.5 million people, federal authorities say

Here Comes the Birth Control “Implant Your Daughter” Crusade

German ‘Romeo’ drugs girlfriend to keep playing video games for hours on end

The OPM breach: Can the U.S. respond to the “Pearl Harbor” of cyber-attacks?

Schools Implant IUDs in Girls as Young as 6th Grade Without Their Parents Knowing

Strategic Risks of Ambiguity in Cyberspace

Cliff Davis: Startling confession peels back layers of a murder suspect’s mind

RELATED VIDEO: Video courtesy of Grinders: David Forbes and his column “Tomorrow’s Cyberpunks are here Today” [NSFW]

Islamic State issues new “Message to America,” threatening massive hacking and cyber attacks

/in , , , , , /by

Stop drawing Muhammad cartoons, people, and these good folks will be mollified and hold a barbecue for us.

RELATED ARTICLES:

Video: Media rushes to abandon the principle of freedom of speech

The ISIS death fatwa

You Will Become Muslims When We Rape You, ISIS Told Yazidi Girls

Raymond Ibrahim: U.S. State Dept. Invites Muslim Leaders, Denies Christians

Raymond Ibrahim: Islamic Supremacism — the True Source of Muslim ‘Grievances’

BBC likens jihad preacher Anjem Choudary to Gandhi and Mandela

Israeli Ambassador on Iran Deal: ‘We Cannot Roll the Dice’ on Survival of Jewish State

Court: NSA’s Mass Surveillance Is Illegal: The 2nd Circuit strikes down bulk collection of U.S. phone records by JULIAN SANCHEZ

/in , , , , , /by

In a ruling certain to profoundly shape the ongoing debate over surveillance reform in Congress, the US Court of Appeals for the Second Circuit today held that the National Security Agency’s indiscriminate collection of Americans’ telephone calling records exceeds the legal authority granted by the Patriot Act’s controversial section 215, which is set to expire at the end of this month.

Legislation to reform and constrain that authority, the USA Freedom Act, has drawn broad bipartisan support, but Senate Majority Leader Mitch McConnell has stubbornly pressed ahead with a bill to reauthorize §215 without any changes. But the Second Circuit ruling gives even defenders of the NSA program powerful reasons to support reform.

McConnell and other reform opponents have consistently insisted, in defiance of overwhelming evidence, that the NSA program is an essential tool in the fight against terrorism, and that any reform would hinder efforts to keep Americans safe — a claim rejected even by the leaders of the intelligence community. (Talk about being more Catholic than the Pope!) . . .

A few notable points from the ruling itself: Echoing the reasoning of the Privacy and Civil Liberties Oversight Board’s extremely thorough report on §215, the Second Circuit rejected the tortured legal logic underpinning both the NSA telephone program and a now-defunct program that gathered international Internet metadata in bulk.

The government had persuaded the Foreign Intelligence Surveillance Court to interpret an authority to get records “relevant to an authorized investigation” as permitting collection of entire vast databases of information, the overwhelming majority of which are clearly not relevant to any investigation, on the premise that this allows NSA to later search for specific records that arerelevant.

As the court noted, this not only defies common sense, but it is wildly inconsistent with the way the standard of “relevance” — which governs subpoenas and court orders used in routine criminal investigations — has been interpreted for decades.

If every American’s phone records are “relevant” to counterterrorism investigations, after all, why wouldn’t those and other records be similarly “relevant” to investigations aiming to ferret out narcotics traffickers or fraudsters or tax cheats?

Past cases invoked by the government, in which courts have blessed relatively broad subpoenas under a standard of “relevance” only underscore how unprecedented the NSA’s interpretation of that standard truly is — since even the broadest such subpoenas fall dramatically short of the indiscriminate, indefinite hoovering the agency is now engaged in.

The court also quickly dispatched arguments that the plaintiffs here lacked standing to challenge the NSA program.

In general, parties seeking to challenge government action must demonstrate they’ve been harmed in some concrete way — which presents a significant hurdle when the government operates behind a thick veil of secrecy. Since documents disclosed to press by Edward Snowden — and the government’s own subsequent admissions — leave little question that the plaintiffs’ phone records are indeed being obtained, however, there’s no need for a further showing that those records were subsequently reviewed or used against the plaintiffs.

That’s critical because advocates of broad surveillance powers have often sought to argue that the mere collection of information, even on a massive scale, does not raise privacy concerns — and the focus should instead be on whether the information is used appropriately.

The court here makes plain that the unauthorized collection of data — placing it in the control and discretion of the government — is itself a privacy harm.

Finally, the court repudiated the Foreign Intelligence Surveillance Court’s strained use of the doctrine of legislative ratification to bless the NSA program.

Under this theory — reasonable enough in most cases — when courts have interpreted some statutory language in a particular way, legislatures are presumed to incorporate that interpretation when they use similar language in subsequent laws.

The FISC reasoned that Congress had therefore effectively “ratified” the NSA telephone program, and the sweeping legal theory behind it, by repeatedly reauthorizing §215.

But as the court pointed out — somewhat more diplomatically — it’s absurd to apply that doctrine to surveillance programs and legal interpretations that were (until the Snowden leaks) secret, even from many members of Congress, let alone the general public.

While the court didn’t reach the crucial question of whether the program violates the Fourth Amendment, the ruling gives civil libertarians good reason to hope that a massive and egregious violation of every American’s privacy will finally come to an end.

Julian Sanchez

Julian Sanchez is a Senior Fellow at the Cato Institute, studying technology, privacy, and civil liberties, with a focus on national security and intelligence surveillance. Julian Sanchez is a Senior Fellow at the Cato Institute, where a version of this post first appeared.

When Internet Explorer Ruled the World

/in , , /by

The government tried to destroy Microsoft for giving away a browser by JEFFREY A. TUCKER.

Microsoft announced this month that it was finally taking Internet Explorer out behind the woodshed, officially ending its two decade reign as the king (and then later the court jester) of web browsers. The main focus of media coverage has been how IE was outcompeted by Firefox, Safari, and Chrome — not to mention mobile apps that are rapidly overtaking traditional computer programs as a share of Internet browsing. But once upon a time, Internet Explorer ruled the World Wide Web.

On the sites I’ve managed, I watched as IE went from 95% of traffic to 20%, a spectacular and well-deserved crash that took fully 20 years. Microsoft was never able to fix its interminable security problems. Each new version, from 1 to 10, seemed to fix some issues from the previous version while introducing more problems.

It wasn’t entirely Microsoft’s fault, either: as the dominant browser, it was subjected to non-stop hacking from every malware creator on earth. Even a team of a thousand developers couldn’t overcome this, and it didn’t help that Microsoft itself was crippled by its sheer size and bureaucratic management structure.

On one level, this is a classic story of creative destruction. IE was cool, once upon a time — really! — and it way better than the jalopy it displaced (Netscape Navigator), but it was unable to keep up against the nimble innovators it inspired. It had a 20-year run of it, which isn’t so bad in the software business. But history moves forward, and in the wild world of the Internet, no one can presume that market dominancemeans permanent market control.

But just you try telling that to the Department of Justice.

DoJ was the main player in a witch hunt surrounding Internet Explorer that began in 1995 and lasted until 2004, hounding Microsoft for a full decade over its allegedly “monopolistic” behavior. (FEE, of course, provided ongoing commentary the entire time.)

Even in the early years of the web, government regulators and judges presumed to know better than entrepreneurs and consumers how to structure the market. In a long series of judgements, regulations, settlements, and impositions, the antitrust regulators diverted countless millions of dollars away from product development and towards litigation, which, in the end, turned out to be over absolutely nothing.

The “browser wars” were not settled in court; they were fought, won, and lost on the desktops, phones, and tablets of hundreds of millions of users, and it was those consumers — not all-powerful monopolies or benevolent regulators  who decided IE’s fate.

The saga began when Microsoft released its browser as a preinstalled part of the Windows operating system. Government regulators declared this to be a terrible thing because it represented an exploitative vertical integration of products (which somehow harmed consumers), and stood in violation of a court order dating from 1994.

Microsoft had promised not to “abuse” its monopoly status in the operating system market by “bundling” its other products with Windows, thereby “forcing” consumers to purchase them. But then they decided to include IE with Windows, and antitrust attorneys from Washington swooped in to save consumers, stop the big corporate bully, and right all wrongs.

But there was a slight problem with this story: Microsoft was giving IE away for free! In a brilliant maneuver, Microsoft decided not to charge for the browser so that it could avoid paying sales royalties to the providers of its basecode (Spyglass, Inc.). The whole rationale of old-timey antitrust laws was that consumers were being robbed and exploited by corporate monopolies. It didn’t fit this scenario at all, but government attorneys still pursued the case, forcing the country to listen to ten years of tedious debates about whether IE was a separate “product” or just a “feature” of Windows.

And yet every antitrust case, no matter how silly on the surface, has a deeper history. In this case, the prime mover — the snake whispering in the ear of the king — was Netscape. Its Navigator was the main browser on the market in 1995, and the one most threatened by Microsoft’s innovation.

After years of depositions, hearings, trials, appeals, and endless kvetching by Netscape (while its market share whittled away to nothing), the trial ultimately ended in a judgement against Microsoft, and featured such goofy scenes as the judge deleting the shortcut to IE from the desktop, and then proclaiming that he had removed it from the computer.

It was amazing to watch: even as this titan of industry was fighting for the right to give its products away for free, other companies were sneaking up behind to offer better browsers. Even more extraordinary, new operating systems were coming along to threaten the nearly universal use of Windows — the monopoly that formed the whole basis for the government’s case about Internet Explorer!

We who opposed this harassment of Microsoft would often point out that competitors could someday displace both IE and Windows. Someday people might even use IE for nothing other than downloading one of its replacements! Our suggestions were met with incredulous guffaws and cynical snickers. It was just obvious that without some major government action to shatter Microsoft, the company’s powerful monopoly would last forever!

These were also the years in which Mozilla’s Firefox browser became the fashionable choice among the tech set. Some prefered eccentric tools like Opera, and Safari, as part of the emergent Apple operating system, was waiting in the wings, while still others were experimenting with using open-source systems like Linux for consumer use.

It was very clear to anyone in the industry at the time that Microsoft’s dominance was extremely fragile. But that’s not how the DoJ saw it. Government attorneys treated Bill Gates like he was some latter-day Rockefeller, a digital-age robber baron who deserved the harshest possible punishment for his egregious innovation that brought millions of people online.

All these years later, standing over IE’s freshly dug grave, we can see who was right. The free-market critics of the antitrust action nailed it perfectly. Linux eventually came to be rolled into Google’s new browser Chrome and became its own free-standing operating system, powered by downloadable applications, not software suites.

What’s even more extraordinary is how applications running on smartphones have begun to eat into the market for web browsers in general. Here again was a development that no one could have imagined even ten years ago.

One reason that people don’t talk about this case much anymore is that it never amounted to anything. It was eventually settled long after it didn’t matter, and nobody cared about why we were fighting. The entire case, once called World War Three, has been relegated to a strange footnote about a soon-to-be defunct piece of software.

But how many resources and how much development attention was wasted in the course of those ten years—  half of IE’s lifespan? It’s impossible to say. IE would probably have died regardless. But it’s possible that, had the government not litigated so hard all those years, millions of consumers might have been spared some of IE’s security holes, and maybe Chrome and Safari would have faced stiffer competition on their way up.

We’ll never really know. What we do know is that this antitrust action didn’t help a single consumer on the planet. It was all a gigantic diversion from the heart of the story.

But like all political stories, it had winners and losers. Consumers likely lost out from the wasted resources and chilling effects on competition. The original beneficiary of the suit, Netscape Navigator, did the world a favor and went extinct anyway. And, of course, the lawyers, bureaucrats, and grandstanding politicians all came out ahead.

But something much more substantial and important happened in these years. A revolutionary and fundamentally disruptive company, Microsoft, came to be civilized on Washington’s terms.

It opened up lobbying offices in Washington, DC, and began pumping in increasingly large amounts of money (at least $133 million since 1996) to curry favor in low places  It started a program of large-scale political contributions. It ended its practice of permissionless innovation and started playing the game.

In short, Microsoft made the decision to work its way into the political apparatus rather than face unending harassment and possible death at the hands of the regime. I can’t blame them for their choice — they had a bottomline to protect, an obligation to their shareholders — but let’s not be blind as to the real purpose of all this litigation: rent-extraction and pummelling an outsider into submission.

Competitive markets are a process of ongoing upheaval in service of the consuming public. There is nothing government can (or will) do to improve this process, but plenty it can do to blackmail innovators into a compliant posture, at least for a time.

ABOUT JEFFREY A. TUCKER

Jeffrey Tucker is a distinguished fellow at FEE, CLO of the startup Liberty.me, and editor at Laissez Faire Books. Author of five books, he speaks at FEE summer seminars and other events. His latest book is Bit by Bit: How P2P Is Freeing the World.

EDITORS NOTE: The featured image is courtesy of FEE and Shutterstock.

Net Nonsense

/in , , , , , /by

Market competition is creating a better Internet, without the FCC by JULIAN ADORNEY.

Over the past few years, millions of concerned citizens have called on the FCC to pass Net Neutrality. Many claimed that without tight regulation, Internet service providers (ISPs) would wreak all kinds of mischief, from creating “slow lanes” for ordinary users to blocking access to certain sites. After a number of false starts and under pressure from the White House, the FCC gave in and voted to regulate the Internet as a public utility in order to ban such practices, thus saving the Internet from a variety of boogeymen.

This is a tempting narrative. It has conflict, villains, heroes, and even a happy ending. There’s only one problem: it’s a fairy tale. Such mischief has been legal for decades, and ISPs have almost never behaved this way. Any ISP that created “slow lanes” or blocked content to consumers would be hurting its own bottom line. ISPs make money by seeking to satisfy consumers, not by antagonizing them.

There are two reasons that ISPs have to work to satisfy their customers. First, every company needs repeat business. DISH Network couldn’t grow if customers signed up for one month, suffered from poor access, and then decided to spend their money elsewhere. If — as Net Neutrality advocates fear — DISH decided to throttle Internet access to regular users or small businesses, these irritated consumers would just switch brands.

For Internet service providers, getting new business is expensive. To convince me to sign up for their service, DISH must first spend a lot of money on advertising. After I sign up, they must pay for the dish itself and for employees to install it at my house. But after that initial up-front cost, the marginal cost to provide me with Internet access falls to almost nothing. Satisfying customers so that they continue subscribing is cheaper, easier, and more profitable than continually replacing them. ISPs’ self-interest pushes them to add value to their customers just to keep them from jumping ship to their competitors.

In fact, this is what we’ve seen. ISPs have invested heavily in new infrastructure, and Internet speeds have increased by leaps and bounds. From 2011 to 2013, the top three national providers alone invested over $100 billion upgrading their infrastructure to provide cutting edge service. In 2013, average broadband speed grew by 31 percent. These faster speeds have not been limited to big corporate customers: ISPs have routinely improved their services to regular consumers. They didn’t do so because the FCC forced them. For the past twenty years, “slow lanes” have been perfectly legal and almost as perfectly imaginary.

In one sense, ISPs do have fast and slow lanes, because customers can pay for higher speeds. When I called DISH, for instance, their sales reps offered me a variety of packages from 7Mbps (megabits per second) to 20Mbps. But tiered service is different from the nightmare scenario that Net Neutrality advocates are worried about.

To demo the slow lane it feared, for instance, Neocities dropped the speed at which their website was delivered to 28.8 Kbps, or about 1/250th of the slowest speed DISH offered me. Brad Feld proposed an Internet-wide “slow day” of 1 or even 0.5 Mbps to show what life in a hypothetical slow lane might look like. For DISH to offer such slow speeds would be ludicrous: consumers would switch service providers in a heartbeat. ISPs shy away from creating slow lanes not because they have to but because they have a vested interest in offering fast service to all customers.

Contrary to the myth about ISPs being localized monopolies80 percent of Americans live in markets with access to multiple high-speed ISPs. While expensive regulations can discourage new players from entering the market, competition in most cities is increasingly robust. Google Fiber recently expanded into several cities, offering speeds up to an astounding 1Gbps (1,000Mbps), with predictable results. AT&TGrande Communications, and other service providers have rushed to match the offer, and Verizon is pushing its own fiber optic services. Even the lumbering telecom giant Comcast is under pressure to upgrade its network.

ISPs still have to compete with each other for customers. If one ISP sticks them in the slow lane or blocks access to certain sites — or even just refuses to upgrade its service — consumers can simply switch to a competitor.

The second reason that ISPs seek to satisfy customers is that every business wants positive word of mouth. Consumers who receive excellent service talk up the service to their friends, generating new sign-ups. Consumers who receive mediocre service not only leave but badmouth the company to everyone they know.

In fact, this happened in one of the few cases where an ISP chose to discriminate against content. When Verizon blocked text messages from a pro-choice activist group in 2007, claiming the right to block “controversial or unsavory” messages, the backlash was fierce. Consumer Affairs notes that, “after a flurry of criticism, Verizon reversed its policy” on the pro-choice texts. The decision may have been ideological, but more likely Verizon reversed a policy that was driving away consumers, generating bad press, and hurting its bottom line.

In 2010, an FCC order made such “unreasonable discrimination” illegal (until the rule was struck down in 2014), but even without this rule, consumers proved more than capable of standing up to big corporations and handling such discrimination themselves.

In competitive markets, the consumer’s demand for quality prevents companies from cutting corners. Before the FCC imposed public utility regulations on the Internet, ISPs were improving service and abandoning discriminatory practices in order to satisfy their users. Net Neutrality advocates have spent years demanding a government solution to a problem that  markets had already solved.

ABOUT JULIAN ADORNEY

Julian Adorney is Director of Marketing at Peacekeeper, a free app that offers an alternative to 911.  He’s also an economic historian, focusing on Austrian economics.  He has written for the Ludwig von Mises Institute, Townhall, and The Hill.

RELATED ARTICLES:

Broadband: A Basic Right? MARCH 01, 2006 by MAX BORDERS

Does the Internet Prove the Need for Government Investment? NOVEMBER 01, 1998 by ANDREW P. MORRISS

Internet at the Speed of Government MARCH 10, 2015 by LAWRENCE W. REED

EDITORS NOTE: The featured image is courtesy of FEE and Shutterstock.

Internet at the Speed of Government

/in , , , /by

Warmed over regulations from 80 years ago won’t fix the Web by LAWRENCE W. REED.

Last month, the Federal Communications Commission launched a historic power grab over the Internet, euphemistically known as “net neutrality,” based on a Great Depression-era law to regulate public utilities. While entrepreneurs are pursuing cutting-edge business models and developing previously unimaginable technologies, Washington bureaucrats are reaching back eight decades to find a rationale to control a booming industry that didn’t even exist 25 years ago.

Conventional wisdom holds that government regulation is created by benevolent policymakers in order to protect the public from dangerous, exploitative private industry. But the idealistic progressives who push for an expansive regulatory state rarely follow up to see what the regulation accomplished in practice. That job is usually left to those whose warnings about incentives and unintended consequences were ignored in the first place.

People who support high-minded regulation in theory should survey how such bureaucratic “solutions” have tended to work (or not) in practice. That history gives us little reason to expect that the latest, greatest experiment in heavy-handed control will turn out any differently.

Consider one of the first attempts to control American communications. Mail delivery was humming along just fine until Congress banned privately-delivered first class mail in the 19th century. It did so not because private firms were lousy, but precisely because they were so good they were depriving the federal post office of business and hence congressmen of patronage jobs.

Or look closer at one of the textbook cases for regulation: the government’s noble attempt to save us from the predatory railroad robber barons. In reality, it was federal and state subsidies to railroads, not market forces, that produced the abuses that led to the creation of the Interstate Commerce Commission, which then played a central role in bankrupting American railroads and strangling interstate commerce for decades.

Anti-trust regulations were also sold as a way to protect the little guy from the big guy. But now we know that, in practice, they’ve functioned to curtail competition, slow innovation, and stop the little guy from ever becoming a big guy.

The 1906 Meat Inspection Act, lauded as the first of many crucial “public safety” regulations, was inspired by Upton Sinclair’s fictional work The Jungle and was supported by the major meat packers who wanted to put the taxpayers on the hook for the cost of inspection. The upshot was that government inspectors actually spread deadly disease through unscientific and unsanitary methods of detecting meat quality.

Speaking of cattle, disease, and government, the sacred cow known as the Food and Drug Administration seems to actually cost more lives than it saves by keeping life-saving drugs off the market for more than a decade on average.

In 1913, Congress created the Federal Reserve System and told the country it would protect the integrity of the currency, iron out the business cycle, and promote full employment. A hundred years later, we have gotten a dollar worth perhaps a nickel of its 1913 value, a Great Depression, a Great Recession, and more volatility than in the century before the Fed.

Franklin D. Roosevelt’s New Deal was a blizzard of regulations designed to help prop up big industry and labor unions; we now know its principal effect was prolonging the Great Depression by about seven years.

The Civil Aeronautics Board, for instance, cartelized the airline industry for decades, restricting plane travel to wealthy citizens who could afford the high fares it mandated, until its dissolution in 1985. Interstate trucking also suffered from high prices under similarly byzantine rules and restrictions until it was deregulated in the 1970s and 1980s.

Remember the FCC’s Orwellian “fairness doctrine”? In the name of “fairness,” the FCC stifled diversity of opinion in broadcasting. The doctrine’s abolition led to an immediate blossoming of new voices and new media, but now the same government agency that censors radio and television is putting itself in charge of making sure the Internet is “fair” and “open” and “neutral,” so that corporations don’t slow down our content. Like so many benign-sounding schemes before it, Internet at the speed of government is liable to be more (and, in the end, quite a bit less) than regulation activists bargained for.

In the Wall Street JournalL. Gordon Crovitz asks, “What if at the beginning of the Web, Washington had opted for Obamanet instead of the open Internet?” The thought is appalling: “Yellow Pages publishers could have invoked ‘harm’ and ‘unjust and unreasonable’ competition from online telephone directories. This could have strangled Alta Vista and Excite, the early leaders in search, and relegated Google to a Stanford student project. Newspapers could have lobbied against Craigslist for depriving them of classified advertising. Encyclopedia Britannica could have lobbied against Wikipedia.”

One would think that with such a sorry track record, Washington would be looking for market-based ways to solve problems, instead of constantly taking on the responsibility of fixing every real or imagined problem. But such is not the nature of the beast.

So here we are in 2015 with this massive, wondrous, global network called the Internet. It’s empowering billions of people, rich and poor, with a universe of knowledge and opportunities. While virtually everyone is going online for virtually everything, from education and entertainment to shopping and employment, here come the troglodyte regulators with their 80-year-old hammers, once again, planning to “fix” it for us. No thanks.

ABOUT LAWRENCE W. REED

Lawrence W. (“Larry”) Reed became president of FEE in 2008 after serving as chairman of its board of trustees in the 1990s and both writing and speaking for FEE since the late 1970s. Prior to becoming FEE’s president, he served for 20 years as president of the Mackinac Center for Public Policy in Midland, Michigan. He also taught economics full-time from 1977 to 1984 at Northwood University in Michigan and chaired its department of economics from 1982 to 1984.

EDITORS NOTE: The featured image is courtesy of FEE and Shutterstock.

Brookings Study of ISIS Twitter Accounts Reveals U.S. among Top Targets

/in , , , /by

A Brookings Institution examination of a complete data set of 20,000 ISIS Twitter accounts ranked Saudi Arabia, Iraq, Syria and US as the top four locations of twitter users, The ISIS Twitter Census: Defining and Describing the population of ISIS supporters on Twitter. The authors of the ISIS Twitter census are J.M. Berger and Jonathan Morgan.  Berger “is a non-resident fellow with the Project on U.S. Relations with the Islamic World at Brookings and the author of Jihad Joe: Americans Who Go to War in the Name of Islam (Potomac Books, 2011) and ISIS: The State of Terror (Ecco, 2015).”  Morgan “is a technologist, data scientist, and startup veteran. He runs technology and product development at CrisisNET, Ushahidi’s streaming crisis data platform, and consults on machine learning and network analysis. Morgan is also co-host of Partially Derivative, a popular data science podcast.”  The Brookings ISIS Twitter project was “commissioned by Google Ideas and published by Brookings”.

The Brookings Saban Middle East Center think tank has had a close relationship with the Obama National Security Council. Use of social media by Islamic extremist groups like ISIS figured prominently in President Obama’s recent, Summit to Counter Violent Extremism. See our March 2015 NER article, ‘Did President Obama’s Violent Extremism Conference Fail?

Notwithstanding the provenance of the Brookings Twitter Census report, the data and methodology are credible and revealing of  how ISIS and supporters use social media.  The authors noted three classes of Twitter users as a precaution interpreting the study results:

Covert supporters of ISIS:

Users who took medium to strong steps to conceal their support due to fear of prosecution or suspension by Twitter. Users who took only casual steps to disguise their support were generally detectable.

Pro-ISIS intelligence operatives:

Some users who follow accounts related to the enemies of ISIS, such as rival jihadists, would be coded as non-supporters under the conservative criteria we employed.

Anti-ISIS intelligence operatives:

These are accounts created to appear as ISIS supporters in order to allow ISIS’s enemies to monitor its activities, which would be coded as supporters (if done effectively).

Brookings ISIS Twitter top locations_jpg SMALL

Locations of ISIS Twitter Accounts. Source: The ISIS Twitter Census, Brookings Institution, 2015.

 Here is the  Twitter Census Data Snapshot drawn from the Brookings study:

Best estimate of total number of overt ISIS supporter accounts on Twitter: 46,000

Maximum estimate of ISIS supporter accounts on Twitter: 90,000

Number of accounts analyzed for demographics information: 20,000

Estimated percentage of overt ISIS supporters in demographics data set: 93.2 percent (+/- 2.54 percent)

Period over which data was collected: October 4 through November 27, 2014, with some seed data collected in late September 2014

Top Locations of Accounts: “Islamic State,” Syria, Iraq, Saudi Arabia, U.S.

Most common year accounts were created: 2014

Most common month accounts were created: September 2014

Number of accounts detected using bots and deceptive spam tactics: 6,216 using bot or spam technology for some tweets; 3,301 accounts were excluded from the Demographics Dataset for primarily sending bot or spam content

Average number of tweets per day per user: 7.3 over lifetime of account, 15.5 over last 200 tweets by user

Average number of tweets per user (Over lifetime of the Account): 2,219

Average number of followers: 1,004

Smartphone usage: 69 percent Android, 30 percent iPhone, 1 percent Blackberry

Among the principal findings from the Brookings Twitter Census were:

  • From September through December 2014, the authors estimate that at least 46,000 Twitter accounts were used by ISIS supporters, although not all of them were active at the same time.
  • Typical ISIS supporters were located within the organization’s territories in Syria and Iraq, as well as in regions contested by ISIS. Hundreds of ISIS-supporting accounts sent tweets with location metadata embedded.
  • Almost one in five ISIS supporters selected English as their primary language when using Twitter. Three quarters selected Arabic.
  • ISIS-supporting accounts had an average of about 1,000 followers each, considerably higher than an ordinary Twitter user. ISIS-supporting accounts were also considerably more active than non-supporting users.
  • A minimum of 1,000 ISIS-supporting accounts were suspended by Twitter between September and December 2014. Accounts that tweeted most often and had the most followers were most likely to be suspended.
  • Much of ISIS’s social media success can be attributed to a relatively small group of hyperactive users, numbering between 500 and 2,000 accounts, which tweet in concentrated bursts of high volume.

Based on their analysis, the authors concluded:

Recommend social media companies and the U.S government work together to devise appropriate responses to extremism on social media. Approaches to the problem of extremist use of social media, Berger and Morgan contend, are most likely to succeed when they are mainstreamed into wider dialogues among the broad range of community, private, and public stakeholders.

Our assessment is that given the close Brookings Middle East Center liaison with the Obama National Security Council and Undersecretary of State for Public Diplomacy, Richard Stengel, the latter tasked with social media counter messaging,  that little follow will occur. That is reflected in Google sponsorship of this Brookings Twitter Census report and overarching concerns of social media like Facebook, Google YouTube, Twitter and  Instagram about maintaining Constitutional guarantees of free speech.  These social media would prefer to establish their own criteria for suspending terrorists and supporters accounts.  Monitoring and development of metadata from  ISIS Twitter supporters in the West, especially in the US and the UK, should be left to counter terrorism intelligence echelons or private groups like SITE Intelligence Group and effective individuals like our colleague Joseph Shahda. Congressional Homeland Security and Select Intelligence Committees should hold hearings and investigations into current terrorist social media surveillance, especially for those US ISIS accounts identified in the Brookings ISIS Twitter Census.  Shahda commented after reading:

The only way to stop the terrorists propaganda and recruitment is to keep shutting down all their means of communications which means all their social media (Facebook, Twitter) accounts as well as their websites.

EDITORS NOTE: This column with graphics originally appeared in the New English Review.

Iran behind cyber-attack on Adelson’s Sands Corp.

/in , , , /by

Adelson is “a leading U.S. supporter of Israel and of Republican political candidates.”

Since Obama is relentlessly courting Iran and making concession after concession to the mullahs, this is unlikely to be taken in the highest circles in Washington as a belligerent act. After all, they hate Adelson, too.

“Iran Behind Cyber-Attack on Adelson’s Sands Corp., Clapper Says,” by Anthony Capaccio, David Lerman, and Chris Strohm, Bloomberg, February 26, 2015 (thanks to Marc):

(Bloomberg) — The top U.S. intelligence official confirmed for the first time that Iran was behind a cyber attack against the Las Vegas Sands Corp. last year.

Identifying Iran as the perpetrator came more than a year after the Feb. 10, 2014, attack against the world’s largest gambling company, which crippled many of the computer systems that help run the $14 billion operation. Sands’ chairman and chief executive officer and top shareholder is billionaire Sheldon Adelson, a leading U.S. supporter of Israel and of Republican political candidates.

James Clapper, the director of national intelligence, told the Senate Armed Services Committee Thursday that the attack by Iran, followed by the hacking of Sony Corp. by North Korea in November, marked the first destructive cyber-assaults on the U.S. by nation-states. Iran’s role in the attack that crippled operations at several of Sands’ U.S. casinos was reported in December by Bloomberg Businessweek.

“While both of these nations have lesser technical capabilities in comparison to Russia and China, these destructive attacks demonstrate that Iran and North Korea are motivated and unpredictable cyber-actors,” Clapper said.

He also said the cyberthreat from Russia is “more severe than we have previously assessed,” without elaborating.

Computer attacks such as those by Iran and North Korea are more likely to threaten the U.S. in the future than a single massive assault crippling the country’s infrastructure, he said….

RELATED ARTICLES:

Islamic Republic of Iran: Authorities raid Christian homes, ask them to leave country

Muslim cleric: Those who don’t respect Muslims have “no right to live”

Islamic State: Pro-Palestinians in Europe actually sleeper Islamic State cells

AFA Parental alert for McDonald’s and Starbucks

/in , , , /by

The American Family Association (AFA) is reporting that, “Public Wi-Fi hotspots are attracting pedophiles and sex offenders to McDonald’s – where we bring our children to eat and play – and where illegal p*rn can be accessed easily with anonymity. According to federal officers, open Wi-Fi like that at McDonald’s, Starbucks, and other companies is being increasingly used to traffic child p*rnography and the sexual solicitation of children – serious criminal felonies that are hard to stop because of the anonymity offered by open Wi-Fi.”

“He spent 12-15 hours per day at the McDonald’s because of the free Wi-Fi. Tonight, a sex offender is arrested – caught using free internet in public to download child p*rnography…

Detectives say the 25-year-old spent the past two years using the free Wi-Fi at the McDonald’s… He worked on his computer and was a known regular of sorts in the children’s play area at the restaurant.”News story here.

AFA notes, “Because there are no filters to block online p*rnography and child p*rnography in these restaurants that so many families like yours and mine frequent, this toxic illegal content is readily available in every Starbucks and McDonald’s in America.”

The best way to combat this growing trend – and to protect our children – is for you and me to pressure companies like McDonald’s and Starbucks to implement filtering to block p*rnography on their public Wi-Fi networks.

Both McDonald’s and Starbucks have already proactively filtered their public WiFi services in other nations including the United Kingdom and Australia.

“If they can protect children in other nations, then why won’t they protect our children here in America – where they are headquartered?” asks AFA.

AFA is asking concerned citizens to sign a letter of petition to McDonald’s and Starbucks to be delivered to the CEO’s of both companies and their Board of Directors. AFA will include only your name and state on the petition.

AFA notes, “Your support will help us get protective WiFi in McDonald’s and Starbucks 25,000 combined locations to protect children and families.”

The King of Espionage Malware Revealed: The Equation Group

/in , , , /by

The Kaspersky Lab  left its Moscow headquarters with  its wintry grip behind to hold a Security Analyst Summit in sunny Cancun, Mexico. Kaspersky has already made it a torrid conference with disclosures last weekend of an estimated $ 1 billion stolen from 100 banks by a network of hackers. CNN reported what was revealed in the Kaspersky report:

…hackers surreptitiously installed spying software on bank computers, eventually learned how to mimic bank employee workflows and used the knowledge to make transfers into bank accounts they had created for this theft.

Yesterday, at the Summit, they introduced another cyber security bombshell, a super malware, The Crown Creator of Espionage: the Equation Group.

Equation Group linkage to other Malware

Equation Group Connections to Malware Stuxnet, Flame and Duqu. Source:  Kaspersky.

 Consider it the granddaddy of Zero-days Malware starting earlier than Stuxnet, and its offspring Duqu, and Flame/Gauss.  Kaspersky dramatically announced:

The team has seen nearly everything, with attacks becoming increasingly complex as more nation-states got involved and tried to arm themselves with the most advanced tools. However, only now Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades – The Equation Group

Malware in the Group use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims.

To infect their victims, the group uses a powerful arsenal of “implants” (Trojans) including the following that have been named by Kaspersky Lab: Equation Laser, EquationDrug, DoubleFantasy, TripleFantasy, Fanny and GrayFish. Without a doubt there will be other “implants” in existence.

equation group timeline-650-38010-260926

For a larger view click on the chart.

According to  Kaspersky what makes the Equation group dangerous  is:

Ultimate persistence and invisibility- ability to enter hard drives  enabling  reprogramming of firmware:

Ability to retrieve data from isolated networks- using the Fanny malware to map networks via USB memory sticks, and;

Classic spying methods to deliver malware – through  internet and physical means.

The Equation Group according to Kaspersky has a powerful and  geographically distributed network  covering more than 300 web domains  involving over 100 servers located in the US, UK, Italy, Germany, Netherlands, Panama, Costa Rica, Malaysia, Colombia and the Czech Republic.  Since 2001, it has infected tens of thousands of “high profile victims”  in over 30 countries. Examples  include: “Government and diplomatic institutions, Telecommunications, Aerospace, Energy, Nuclear research, Oil and Gas, Military, Nanotechnology, Islamic activists and scholars, Mass media, Transportation, Financial institutions and companies developing encryption technologies.”

Kaspersky has observed the Equation Group malware in a number of zero days exploits against, for example Firefox and the Tor browser.   It notes the prowess of its detection with this comment:

Automatic Exploit Prevention technology which generically detects and blocks exploitation of unknown vulnerabilities. The Fanny worm, presumably compiled in July 2008, was first detected and blacklisted by our automatic systems in December 2008.

A FoxNews report gave further examples of  the power of this “sneakiest” of malware:

Kaspersky’s researchers say that the Equation group uses a hacking tool called “GROK.” That is a tool exclusively used by the NSA’s elite cyber-warfare unit, Tailored Access Operations, according to classified NSA documents released by former contractor Edward Snowden last year.

Kaspersky says the Equation group also appears to have ties to Stuxnet, the computer worm that sabotaged Iran’s nuclear enrichment program in 2010 and was later revealed to be a joint U.S.-Israeli project.

The history of the Equation Group malware origins stretches back nearly 20 years:

Kaspersky research director Costin Raiu said the Equation Group hacked into hospitals in China; banks and aerospace companies in Iran; energy companies and government offices in Pakistan; and universities, military facilities and rocket science research institutions in Russia.

They attacked Iran the most, researchers said.

The Equation group also spied on Muslim scholars in the United States and the United Kingdom, Raiu said. It emerged last year that the NSA and FBI have been monitoring the emails of prominent Muslim-American lawyers and activists.

The group monitored keystrokes and stole documents from computers. In one instance in the Middle East, the hackers programmed the malware to specifically look for oil-related shipping contracts and inventory price lists.

Malware attacked Windows computers, Macs and even iPhones.

Unlike other hackers, however, the Equation Group wasn’t interested in destroying computers or wiping them clean, the way North Koreans hurt Sony last year.

“They’re interested in long-term intelligence gathering,” Raiu said.

[How far back does this go?] Kaspersky researchers say the Equation group built some of its earliest malware in 2002, but the computer infrastructure used to spread the group’s computer viruses dates back to 1996.

Their ability to stay quiet this long goes to show how talented they are, the Kaspersky report noted.

As the Kaspersky report stated Enterprise Group could be a co-development of  state sponsors. Given the connections to Stuxnet, Flame/Duqu Groups, it may be likely that it is  a joint project  of the US and Israel.  For a useful understanding of the development and detection of Malware, read Free eBook: Stopping Zero Day Exploits for Dummies.  Also  read the fascinating chronicle of  discovery of Stuxnet by a researcher at a small Belarus anti-virus firm  and  by international cyber sleuths from  anti-virus firms like Kaspersky and others in, In Countdown to Zero Day by Wired cybersecurity writer Kim Zetter.

EDITORS NOTE: This column originally appeared in the New English Review.

You’ll Never Guess Who’s Trying to Hack Your iPhone, Hint: It rhymes with Eff Bee Eye by Nichole Kardell

/in , , , , , , /by

The FBI wants to search through your electronic life. You may think it’s a given that the government is in the business of collecting everyone’s personal data — Big Brother run amok in defiance of the Constitution. But under the limits of the Fourth Amendment, nothing it finds can be used to prosecute its targets. Now the FBI is taking steps to carry out broad searches and data collection under the color of authority, making all of us more vulnerable to “fishing expeditions.”

The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant.

It’s called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court’s jurisdiction.

The change may sound like a technical tweak, but it is a big leap from current procedure. As it stands, Rule 41(b) only allows (with few exceptions) a court to issue a warrant for people or property within that court’s district. The federal rules impose this location limitation — along with requirements that the agentspecifically identify the person and place to be searched, find probable cause, and meet other limiting factors — to reduce the impact an investigation could have on people’s right to privacy. Now the FBI is asking for the authority to hack into and search devices without identifying any of the essential whos, whats, wheres, or whys — giving the FBI the authority to search your computer, tablet, or smartphone even if you are in no way suspected of a crime.

All you have to do is cross the FBI’s virtual path. For instance, the proposed amendment would mean that agents could use tactics like creating online “watering holes” to attract their targets. Anyone who clicked on law enforcement’s false-front website would download the government malware and expose their electronic device to an agent’s search (and also expose the device to follow-on hackers). One obvious target for this strategy is any forum that attracts government skeptics and dissenters — FEE.org, for example.  Such tactics could inadvertently impact thousands of people who aren’t investigation targets.

This sort of sweeping authority is in obvious conflict with the Constitution. The Fourth Amendment makes it clear that the government cannot legally search your house or your personal effects, including your electronic devices, without (1) probable cause of a suspected crime (2) defined in a legal document (generally, a search warrant issued by a judge) (3) that specifically identifies what is to be searched and what is to be seized.

The FBI is not the first government agency to find itself challenged by the plain language of the Fourth Amendment. Past overreach has required judges and Congress to clarify what constitutes a legal search and seizure in particular contexts. In the 1960s, when electronic eavesdropping (via wiretaps and bugs) came about, Congress established the Omnibus Crime Control and Safe Streets Act of 1968 (the Wiretap Act). The law addressed concerns about these new surreptitious and invasive investigative tactics and provided several strictures on legal searches via wiretap or bug. Since covert investigative tools can be hard to detect, it was important to institute more rigorous standards to keep agents in line.

The same concerns that Congress addressed in the 1960s are present today, but they take on far greater significance. With our growing reliance on electronic devices to communicate with others, to transact business, to shop, travel, date, and store the details of our private lives, these devices are becoming our most important personal effects. The ability of government actors to enter our digital space and search our electronic data is a major privacy concern that must be checked by Fourth Amendment standards. As the Supreme Court recently pronounced in Riley v. California, the search of a modern electronic device such as a smartphone or computer is more intrusive to privacy than even “the most exhaustive search of a house.”

What seems most troubling, though, is that the FBI is attempting to override the Fourth Amendment, along with the body of law developed over the years to reign in surveillance powers, through a relatively obscure forum. Instead of seeking congressional authority or judicial clarification, it has sought a major power grab through a procedural rule tweak — a tweak that would do away with jurisdictional limitations and specificity requirements, among other important checks on law enforcement. The request seems objectively — and constitutionally — offensive.

ABOUT NICOLE KARDELL

Nicole Kardell is an attorney with Ifrah Law, a Washington DC-based law firm. She represents clients in government enforcement actions and other regulatory compliance matters before federal and state agencies.

Arkansas: Middle East Cyber Army hacks Little Rock School District website

/in , , , , , /by

“F**k Israel / Free Palestine / Jerusalem is Ours / Al khilafah is coming soon.” Why would they hack into the Little Rock School District’s website with such a message? For the same reason that a Muslim cleric would take hostages in a chocolate cafe in Sydney, Australia: to “strike terror into the hearts of the enemies of Allah” (Qur’an 8:60).

“Hackers Target Little Rock School District Website,” by Susanne Brunner, Fox16.com, December 12, 2014 (thanks to Creeping Sharia):

LITTLE ROCK, AR- If you typed in lrsd.org in the search engine around 7am Friday morning, chances are a hacking message popped up.

“I don’t like it. It doesn’t make me comfortable,” says Jason Spees, LRSD Parent.

Uncomfortable with the images and words displayed on the homescreen and the possible threat it could have on his two boys.

“I think they should notify everybody when there’s what could potentially be a terroristic threat. And that’s what that is to me,” he says.

The video playing on the site read “Hacked by MECA” the Middle East Cyber Army.According to its Facebook and Twitter pages, it appears to be a muslim group dedicated to cyber attacks around the world.

“It’s a little shocking to be informed of it,” he says.

Another parent I spoke with didn’t see it, but learned about the hack through an automated call from the school district around noon.

“It basically said there had been a cyber attack against the district’s landing page on their website,” says Mandy Shoptaw, LRSD Parent.

Shortly after, that message from LRSD was relayed via email to parents and staff saying, “No student, parent, or personnel data was compromised. That information is housed on separate servers. When we discovered the unauthorized information on the landing page, it was immediately removed.”…

RELATED ARTICLE:

Over 100 children massacred as Taliban storms school; ‘set teacher on fire, made kids watch’

Blood on Snowden’s hands: A Poster that Tells the Story

/in , , , /by

I have already made a few posters and book covers for Cliff Kincaid’s America’s Survival, Inc. This time the subject is the true story of Edward Snowden, whose theft and publication of U.S. intelligence files has allowed both Putin’s regime in Russia and the butchers of ISIS to avoid American surveillance and make brazen moves that resulted in thousands of dead bodies, both in the Middle East and Ukraine.

From the very start of the Ukrainian revolution Putin’s propaganda has been making claims that the Maidan was staged and financed by the CIA and the U.S. State Department in order to hurt Russia. But if that were true, Snowden’s archives would have revealed at least some proof of that.

Instead, Russia used Jen Psaki’s speech on YouTube and lame phone intercepts of the U.S. ambassador, which prove nothing at all – except, perhaps, by implication – that the FSB officers couldn’t find a thing about the alleged CIA involvement in Ukraine within Snowden’s files, otherwise the Kremlin would have trumpeted it to the world a long time ago.

However, Moscow did use Snowden’s information to avoid CIA detection in recreating the same scenario in Ukraine of which it accused the United States: Russia’s agents spread throughout Ukraine, planting disinformation and rumors about the intentions of the new Ukrainian government to kill off ethnic Russians, organizing violent armed groups, providing weapons and training, staging the takeover of government buildings and military facilities, setting up local “people’s governments,” and starting an all-out war that has already claimed 4,000 lives on both sides.

Thanks to Edward Snowden, the Crimean and “Novorossia” operations conducted by Russia’s FSB and the GRU (military intelligence) were a complete surprise to the U.S. and its allies. As for the Ukrainian security service (SBU), law enforcement and the government, they have been long ago penetrated by Russian agents, who are only now undergoing a massive lustration.

The methods, intentions, and very nature of Putin’s corrupt and violent regime speak volumes about Edward Snowden’s moral compass and his intellectual honesty. Granted, today’s America has its problems, but one can’t simply condemn the U.S., settle for a life in the Russian police state, and remain a credible defender of freedom, transparency, and individual rights.

Snowden might have been right in a Utopian world consisting of peaceful and transparent nations. But our world is full of violent thugs looking for an opportunity to get ahead. That makes Snowden’s disclosure of U.S. intelligence secrets both morally wrong and criminal.

In short, this is my take on Edward Snowden. Read Cliff Kincaid’s more extensive take on this issue in his recent article, The Bloody Hands of Edward Snowden.

On November 17, in Washington, D.C., ASI held a news conference on Edward Snowden’s KGB connections and espionage affair, in which my poster was used. Soon it will also become a cover for the upcoming book, Blood On His Hands.

blood on snowdens hands peoples cube

For a larger view click on the poster.

For further reading, see very informative key documents from this conference: