Cult of War, Violence, Greed

Reading is the ability to cheat in life’s open book test.  Those who don’t use this ability will risk failing life’s challenges and become the victim of wicked traps set by those who lived before.

America is a unique class of humans from any perspective, with the recent school shootings it seems a reminder is needed that America is a country, and a culture, built on blood, violence, greed, and the most carnal instincts of the bottom of the Maslow pyramid.  First let’s start with a bit of history.

The “Founding Fathers” as they are called, actually there were many groups who came to America at the same time.  Finally they all sort of worked together.  Mostly we can categorize them as two groups:

  • Greedy Entrepreneurs (those who wanted to find riches in the new world) AND
  • Religious Zealots whose beliefs were SO NUTTY they were exiled from their home countries, or their way of life was banned there (I.e. Illuminati)

The poor class of ‘sick and weak’ workers really just wanted a job, they didn’t really form any institutions or influence the culture here – they just worked their ass off.  This silent working class still exists today, although it is less potent than 100 years ago.

The ‘Founding Fathers’ to be precise were a bunch of White European slaveowners that said all men are created equal.  The world didn’t take America serious until Truman maimed millions of Japanese at Hiroshima and Nagasaki, so all this early history has never really been explored from this perspective aside from a few books on the topic.  America was a land of freaks and nuts and counterculture revolutionaries, witches, racists, and warriors.  The American Revolution was the first realization of this collective that all agreed that violence is the first answer to solve any problem.  Fuck the British, throw the tea in the river.  The sissies that didn’t buy this line escaped quietly North and started Canada.  They wanted to remain part of George’s Empire (And Ironically, Canada is the only country to technically invade the United States mainland and burned down the White House… we’re not forgetting that one)

So how many people has USA killed?  By some estimates, it can be 20 Million[i] but who is counting.  Millions of innocent Iraqis died during the recent Gulf War 2.  The point is not the death count, but that historically throughout all known history the US has the highest civilian to soldier kill ratio.  During GW2 depending on who you ask and how you calculate it’s as high as 10.  The Military admitted it was not as low as they wanted but claim a much lower 2 or 3.  That means that if we take the average the US Army killed roughly 5 or 6 innocent civilians for every 1 combatant.  This is no joke, missiles that bomb the wrong country are subject to a refund (this is written into the contract).  These are the “Smart” bombs (see the irony, remember these were a bunch of frat buddies growing Hemp that had slaves and wrote a document saying all men are created equal).

American wars have been particularly bloody, most notably the Civil War[ii].  But we must also consider the war against the American Indians, World Wars I & II in which America was a significant player, the Spanish American war, and the ‘wars’ after World War 2 Which were not wars by the traditional definition (Vietnam for example, was not a ‘war’).

The civil war is interesting as most ‘civil wars’ are mostly fought by 2 revolutionary guerilla groups fighting for power, whereas the civil war was really a war against 2 countries that used to be one.  Something comparable doesn’t exist in Europe or Asia.  And readers should note that the Civil War was MUCH MORE bloody than was depicted in films.  There wasn’t really any medicine in that time but weapons could rip and tear flesh like never before.

If you look at the atrocities against American Indians, the biochemical infections, slaughtering of natives, infants, children, women – it was worse than the most gory Vampire flick.  They say ’80-90%’ were killed but we all know this is a fantasy, it’s more like 98% or 99%[iii].  We needed to make space for shopping malls and there was no space for tent cities, they needed to be eliminated.

If you look at the violence in turn of the century industrial cities, up until the Great Depression, there was violence permeated through every part of the American existence.  Violence led to invention, and suddenly there was a budding arms industry unique to USA.   Customers included gangs operating in USA, the Mafia, but mostly foreign clients who wanted an edge.  Guns, bombs, landmines, and other weapons were exported around the world and a new business was born:  War, Inc.  This was all just a bubble ready to pop, until something came along that made it all explode: Hitler.

It’s important to understand how Hitler and World War 2 changed the Cult of War.  Before Hitler, Americans were not interested in ‘foreign entanglements’.  Nor did the average American understand or care about foreign politics (why should they.)  But what happened during WW2 was a major paradigm shift, a passing of the baton from Britain to America, it’s former colony.  But due to a number of technological advances, War Inc. swelled in America – but there was only one problem.  There was peace!  After the defeat of Hitler (including the fact that Americans bombed Germany MONTHS after the war was over), there was a problem for the war business – no war.  War had built an economy, made people rich, made people powerful, built companies like IBM into global powerhouses.  But what now?

So the Elite invested in research and development, and with the help of Edward Bernays, invented a system that would create the need for War without any Hitler.  It’s really a complex and ingenious process, but to understand it one needs only to watch the film ‘wag the dog’.  The idea is basically to create many ‘little Hitlers’ and an information campaign – basically an advertising campaign, talking about how evil this Osama bin Laden is well he’s just like the Devil they have no soul and they ‘hate us for our freedoms’ and other ridiculous mantras.

This system is very profitable for the owners and it continues to this day.  It is made possible by the end user – the consumer, that still chooses to participate in it.  What this means?  The media manipulates people and information – we all know that.  But why do people allow it?  Here’s where it gets tricky.

Americans like blood.  They like gossip, they like to watch a disaster, a Hurricane – a big drama.  If the news media played stories about education, science, life extension, or anything intelligent no one would watch it.  It’s a catch 22.  If people stopped watching the news, the blood reporting would stop.  And thus, people would ask why 30% of their tax dollars goes to pay for murder for hire and other military actions?  Why not help puppies?  Endangered species?  It just doesn’t get enough traction.  Everyone loves a sob story but at the end of the day if we are to gauge real economic activity, like viewership, it’s always a bloody murder.  My private school literally shut down during key moments of the OJ trial.  Americans are not intellectuals.  We are bloodthirsty hedonists, innovators and entrepreneurs, robber barons and social climbers.  Jews fit here like a hat on a bald head.  Yeah, they probably engineered 911 – let them have it, they were pushed around for a few thousand years – it’s payback time!  That’s the American thinking.  We encourage and cultivate such behaviors.   In fact, if you immigrate under such circumstances you’re eligible for an SBA loan.  White American males need not apply for any benefits.  Smart people – punished.  We’re the land of the world’s revenge, politically, economically, genetically, culturally.

I am Jack’s limbic revenge.

To elaborate on the mechanism of violence and the cultivation of violence, it isn’t only a business per se, it’s also a generator for new growth opportunities.  Violence is simply the medium of exchange – it’s like the Bitcoin of the Military Industrial Complex.  There are an unlimited number of verticals to capitalize on.  Most obviously, school shootings lead to a surge in gun sales, a boost in protective measures like hardened schools, security systems, and related systems.  The additional benefit is the extreme transfer of power to school authorities who under the guise of ‘protection’ have completely militarized schools.  How do children feel going to school through metal detectors, pat downs, and being scrutinized and controlled?  Ask any of them, it’s unpleasant – it’s a breeding ground for more shooters.  Anyone confined in a cage, as any lifers will tell you – being on the inside of an institution (meaning Prison) will make you violent and certainly change you for the worse.  Now schools are becoming like that.

We’re training the next generation of militants.  Of the current school population, only a percentage will be violent militants.  90% of them will join the Army and the other 10% will become radical terrorists, joining up with a local ISIS faction or creating their own.  The current policy will have this result.  So the system itself has a vested interest in seeing school shootings continue, because it perpetuates the cult of war necessary to keep the dollars flowing “The Spice Must Flow.”

Of course, the majority of these school shootings are not false flags (but some of them ARE).  The point is that these children are the result of a violent bloody culture, a real Cult of War.  Violent video games, violent movies such as directed by Quinten Tarantino, Death music, and to a lesser extent books – create a foundation of violence in a young American who is becoming who he is.  This is most effective on teenagers, as they have the tendency to rebel and ‘think different’ but really they are being tricked as they are not thinking any different than the billions of teenagers who came before them.

If they really wanted to stop school shootings, we could put a ban on anything that encourages violent behavior, such as violent movies, video games, and sports like Football (American Football not soccer).  End the US involvement in Afghanistan, Syria, and other places, bring the troops home and have them plant trees  (this isn’t such a revolutionary idea, under Roosevelt’s Civilian Conservation Corps that’s exactly what we did with idle physical laborers during the 30’s and their work is still visible in National Parks today[iv].  There are thousands of potential non-violent roles the US Military can play here at home domestically that fit right into Trump’s America First policy, such as building roads and bridges, making new parks and adventure centers, training camps for learning useful skills, technology parks for research and development, or any number of other useful things (there are thousands of needy causes that can have a positive economic benefit too.)  But it would be impossible for Trump or any President to implement such a plan, without the consent of the people.  The guardians of the system would not allow it to happen, like they did not allow JFK to implement significant reforms.  An immediate media ban on coverage on topics of violence like shootings, whether school shootings, war, or concert sniping – this would be a good start.  But of course ratings would drop, and establishment lackeys would fear cracks would form in their dam that keeps the vast resources of intelligence in American’s trapped in potential energy; that the dam finally would break and ultimately people would question why we need these idiots to form opinions for us, why we need millions of highly paid government workers to push paper and tell us why they need to do it in a useless activity of perpetual self-justification?  That’s the irony of American government workers, they are hired to tell us why they need to be hired – remember this is the same country founded by Elite white slaveowners that said all men are created equal.  Especially when we consider Blockchain, 99% of government activities can be automated – that’s not an exaggeration.  The government has become a virus that only knows how to suck the life out of a host before moving on to the next one – whether you are a taxpayer or a victim client state like Iraq the end result is the same; a complete obliteration of any intelligence and the imposing of a bureaucratic state so powerful that if you don’t accept the management you’ll end up like Gaddafi.  Remember the Irony – US is the enemy of “Socialism” when practicing the world’s largest Socialist state right here at home.  Really what’s going on here is the US is the enemy of “Socialism not controlled by Washington.”

Here’s what the data shows (See US violence in Orange)[v]

Why the huge gap?  Do you think just MAYBE there is a correlation to THIS CHART:

What is “Military Spending” you ask?  It’s the cost of building tanks, planes, bombs, training professional killers, developing new weapons and population control systems, you can read the 124 page summary[vi] – but that’s just what we KNOW about, of course much of the Military’s budget is top secret so we’ll never publicly know where that money goes (we know, we just can’t substantiate it).

We need to be fair to the American way of life, which means this analysis is done with something more American than Apple Pie – Dollars and Cents.  We’re looking at this purely economically.  Who cares that millions are killed, injured, and otherwise offended by the US Military Machine?  It’s just collateral damage – you can’t make an omelet without breaking some eggs.  But is this money well spent?   What are we really ‘getting’ for our money?  When the British maintained the British Empire, their colonies provided vast resources which made Britain extremely wealthy.

Could it be Global Empire has become a perverse reality show funded by the Elite?  When you have 3 mansions, your own private island, a fleet of private jets, what more could one ask for?  A revolution in the country where your father immigrated from, of course!  And it’s no joke.  Dig deep and you’ll see the connections glaring you in the face, such as George Tenet being the DCI while ‘liberating’ Albania.

Cult of War has gone beyond Colonialism, it’s not Neo-Colonialism, Imperialism, or some evolved form of rule and conquer.  It’s a grotesque hobby.  They say in War there are no real victors only victims.  That’s certainly the case here.  Romans used to feed Christians to Lions and they would watch them be mauled and finally eaten.  What we’re looking at today in the reality show called Cult of War, is much more sophisticated, we’re seeing the mass slaughter of native peoples which are fundamentally changing the history of the planet.  The more native people that are destroyed, the less competition for the sterile “American.”  Now Syria is the target, and thankfully Trump was elected or you can bet we’d be at war there too.

Going back to President Trump, a reality TV star – who is a megalomaniac and a total jerk “You’re Fired” – who better to act in the lead role in the reality show “Cult of War” than President Trump?  He was a shoe in, even though the writers, creators, and producers of “Cult of War” didn’t put him on the casting list, and were concerned that someone without a SAG card finally got in the White House.  But the role was made for this guy – there can be no better President, in a system which promotes and cultivates violence for profit.  Cult of War is America’s biggest most profitable and most watched reality show.   It is a self-feeding cycle, that one has to ask the question – who came first the chicken or the egg?  If TV was made illegal, would the violence still exist?  The answer is a likely “YES” which is why we started this essay reminding us of the bloody early history of America.  It is part of why Trump is such a perfect actor in this drama, because he’s really in some ways naïve to the way the world works, probably he’s never killed anyone or hired a hitman.  Google “Clinton Body Count” and you’ll see a long list of Clinton advisors, bodyguards, and other staff who have mysteriously died by various causes[vii].  With Trump being the big exception, all leaders have literally shot and killed their way to the top, and by doing the nefarious bidding of their dark overlords.

General Norman Schwarzkopf created a new paradigm in real time viewing of the Cult of War reality show; he put cameras in planes, on solidiers, and even on missiles.  Although they will claim it was for targeting accuracy, the fact that the images wound up on CNN at 7pm should not be ignored.  There are no coincidences, accidents do not happen.  There are no accidents!

Suddenly, war was delivered right into the living room.  And at the same time, it was completely controlled.  Reality became what was on TV.  Years later a film was made about this “Wag the Dog” which was Hollywood’s genius tell all to the world.  Science Fiction authors often write fiction as it makes for better sales and you often have the plausible deniability if anyone comes after you.

In the 1960’s an unholy alliance was formed between Hollywood and Washington.  Hollywood being mostly controlled by Jews, were happy to reward the country that saved them from utter annihilation.  Jews loved America perhaps more than other immigrant groups for obvious reasons.  Here’s the facts, dear readers, on how the CIA and Pentagon influence major motion pictures[viii]:

Tom Secker and Matthew Alford report on their astonishing findings from trawling through thousands of new US military and intelligence documents obtained under the Freedom of Information Act.  The documents reveal for the first time the vast scale of US government control in Hollywood, including the ability to manipulate scripts or even prevent films too critical of the Pentagon from being made? – not to mention influencing some of the most popular film franchises in recent years.  This raises new questions not only about the way censorship works in the modern entertainment industry, but also about Hollywood’s little known role as a propaganda machine for the US national security apparatus.  These documents for the first time demonstrate that the US government has worked behind the scenes on over 800 major movies and more than 1,000 TV titles.

That’s right, and there is actually a ‘liason’ whose job it is only one function: Scrub and edit pre-production scripts all day.  The NAZI regime would famously burn books which were not pro-German (TV didn’t exist in that time).  Now, history and reality is being warped in real time.  Think of all the movies with great endings which were ‘changed’ by Phil Strub.  Was this program the real reason Hollywood films began to suck?  No, as their work is mostly editing and changing minute things (not relevant to the film but very relevant for the social control paradigm, and for the advertising image of USA abroad).

The Cult of War is made possible by an advertising system created by super Genius psychologists, the architect being Edward Bernays (but his early work was really just a foundation, for much more complex and effective methods which were developed in the 60’s, 70’s, and 80’s.).  This program is very well funded to the tune of several billion dollars, and it has several positive side benefits.  One is the training of new recruits.  Fresh meat from foreign countries that grew up watching Hollywood films will sell their child’s Kidney for a ticket to immigrate to USA and work as a security guard or housekeeper.  Cult of War depends on these new entrants as the local gene pool is sterile, and – for reasons of information security, foreigners cannot possibly know that the whole thing is just a big show (whereas, a growing number of Americans know it, such as the ‘truther’ 911 movement and other groups).  Foreigners are the naïve bait needed to hook another generation of gullible and easily malleable participants – on which the system relies.  The irony about the ‘revolutionaries’ who speak of ‘change’ do not realize that all that is needed for change is lack of participation.  If no one showed up to vote in a fraud election there cannot be a fraud.  If people stopped paying their taxes the military would be defunded.  Et Cetera.

So how do they really control people?  First, like with any hypnosis, people need to accept and submit.  Foreigners do this blindly, without prejudice.  So they are perfect candidates.  Then, they appeal to the limbic system.  It’s a really simple process really but those involved aren’t aware of it at the time (or else they might not like it!)  They are subjects in a big experiment.  So the way it works is very subtle and intelligent.  The topic is never the means of control – it’s always what’s called in science ‘control’ – talk about something useless and benign like ‘Gun Control’ get people thinking about the wrong topics, and suggest opinions to them.  Present people who they can identify with, with compelling stories to appeal to their egos – that people can say “Yeah, I’m like that guy, I’m a star.  I’m also for gun control.  If we could just stop these killers from getting their hands on automatic weapons, school shootings would stop.  I’ll vote for that!”  They are all simplistic and designed for mass appeal.  So this doesn’t work on 100% of the population, actually it only works on about 30% – 40% if they are lucky.  But this margin is enough to sway an election or stave off revolution.  Public opinion needs to be moved only 10% to really effect change (this was realized by the FBI during the civil rights movement).  But even those who are not affected, they are affected in other ways – for example it takes up your time (when you could be doing other productive things like curing cancer, planting trees, building fences, designing robots, or just pursuing a hobby).  What the system wants from the subjects (slaves) is their time.  Free time is a real threat to the establishment.  If people were left to simply exist, there could be enough critical mass of intelligence left in their brains otherwise flooded by Prozac, invasive Hz through TV, Bluetooth, Radio, Cell networks, Aerosol Spraying, Chemicals in the food and other systems designed to disrupt normal and natural bodily functions in order to insert ‘something else’ (which is this artificial manufactured thoughts, opinions, existence).  What this means?  These Zombies are not in control of their own minds.  They are not free thinkers.  They cannot come to their own conclusions, form their own opinions, have original thought.  They are zombie-slave-drones that do what they are told on CNN.  The scary thing about this class of people, we can roughly estimate it at around 100 Million people in USA, they are candidates to be the next Manchurian candidate (especially the younger ones).  It is a long process of cultivation, in the case of George Tenet it would be the American born son of an Albanian (although masquerading like “Greeks”), not the Albanian born, who would terrorize, slaughter, and punish a generation of Serbian nationals, natural enemies to Albanians.  The complications of Balkan politics in the last 500 years are exactly the kind of fertile ground the Cult of War needs to divide and conquer, proliferate, and dominate.  For example if the US created a completely artificial country like “Meritocrastan” it would need to be created from the ground up, including its own artificial culture, story, place, actors, etc.  So by backing a fake country like “Kosovo” immediately all the old emotions, plot, actors, setting, backdrop, and drama come into effect.  Cult of War likes playing with ancient fire.  These fires were lit generations ago and continue burning to this day.  Unfortunately there are a limited number of such fires, which is why the US is taking an eye to Russia, as the list of potential enemies is dwindling to zero.  Terrorism has proven to be a non-starter and only an emergency go to plot when things get dicey.

Cult of War needs to turn domestically.  They are turning the homeland into a battlefield.  Now it’s the schools – next it can be hospitals, churches, sporting events, concerts, name it.  That’s the new episode in Cult of War.  But here’s the good news – now you know.  You can turn it off.  There is real freedom in America.  All this Cult of War is by choice.  People choose to participate.  If you don’t’ like it – stop watching CNN!  Stop hating other people and stop the ridiculous Politically Correct movement which is out of control.  Black guys can play better basketball than White Guys and White Guys on average are better Chess players – it’s not racist if you are an NBA team owner to hire all black guys nor does it make you a racist if you want to stack your chess team with White guys.   Stop going to concerts, shopping malls, order online – avoid the crowds.

“Cult” comes from the world “Culture” which is[ix]:

Culture (/ˈkʌltʃər/) is the social behavior and norms found in human societies. Some aspects of human behavior, social practices such as culture, expressive forms such as artmusicdanceritual, and religion, and technologies such as tool usagecookingshelter, and clothing are said to be cultural universals, found in all human societies. The concept of material culture covers the physical expressions of culture, such as technology, architecture and art, whereas the immaterial aspects of culture such as principles of social organization (including practices of political organization and social institutions), mythologyphilosophyliterature (both written and oral), and science comprise the intangible cultural heritage of a society.[1]

We can look at the mechanisms of social control behind each of these individually (but this essay would become a voluminous work).  We’ve discussed the most obvious and aggressive form of media, that of TV and the News Media, but how about others?  Have you noticed that American Music has had a dark tone to it for the last 30 years or so?  Grunge?  Gangsta Rap?  Are these trends homegrown, or are they spread artificially?  Let’s look at Nirvana.

Nirvana changed the music scene and created a genre of alternative rock known as “Grunge” an era that lasted 10 years strong and remnants of it still exist today.  The slacker culture that accompanied the Grunge movement should be noted, as a potential release for the growing unemployed and underemployed class, now around 95 Million and growing.  Or do new entrants join this culture and not want to work?  Which comes first the chicken or the egg?  That’s not the right question to be asking, the right question to be asking is who killed Kurt Cobain and why, as he clearly was murdered, as evidenced by this Private Detective and former LA County Sheriff Tom Grant[x].

Such events are truly conspiracies as we will never know the real truth of what happened; but the takeaway knowledge isn’t to pinpoint exactly what happened it’s to know 100% what DIDN’T happen.  Kurt Cobain did not kill himself it was an impossibility.   The “Dream Machine” his drug addiction and substance abuse, Depression; all fit the scenario.  This is how a director portrays a character.  Thus we should not be looking at Nirvana’s influence on pop culture but the followers, such as Green Day, Blink 182, and so on.

Other cultural influencers like Tupac Shakur, who obviously was gunned down by retaliatory gang violence, also were killed by unknown assailants[xi].

One year after the shooting, Las Vegas Metro Police homicide Sgt. Kevin Manning, who headed the investigation, told Las Vegas Sun investigative reporter Cathy Scott that Shakur’s murder “may never be solved”. The case slowed early in the investigation, he said, as few new clues came in and witnesses clammed up. He said the investigation was at a standstill.[23] E.D.I. Mean, a collaborator of Shakur’s and a member of Outlawz, said he was positive law enforcement knew “what happened” and added, “This is America. We found Bin Laden.”[18]

Why is it that such a high profile gang related target is shot in cold blood in the middle of city limits and the murder ‘may never be solved’ ?  Perhaps it wasn’t as simple as Tupac beating another gang member hours earlier (as is the MO with many establishment hits, the alleged murder suspect was killed 2 years later).

The glorification of gang violence, mob violence, and how it is just a normal part of society – is permeated through rap music, violent movies and mob movies.  Films like Goodfellas doubled their investment at the box office whereas films like “Dune” with complex plots that stimulate the imagination consistently lose money.

To understand how Cult of War works we need to see how these seemingly unrelated things are all intertwined.  It seems logical that the CIA would approve or modify movie scripts which are pro-American.  If this, and the proliferation of violent video games, were the only 2 points of observation, they could be coincidental.  But there are hundreds upon hundreds of examples of state sponsored pro-violent movements.  Since the changing of the name “War Department” to the “Department of Defense” a complex psy-op has been executed that allows for the continuation of war as a business.  This means that, if the President of the United States got on TV and said “We’re going to bomb brown people, but we need a few billion in tax dollars” of course no one would agree.  So it needs to be carefully crafted as being something good.  The military liberates a village by bombing it (in any other context this would be illegal).  This is the twisted logic of selling war to the people.  It has to have a high ethical ground, there has to be a victim, someone who is being ‘liberated’ or ‘saved’ – and in this way, America is ‘helping people.’

Cult of War provides jobs, entertainment, and re-establishes the status quo on a global scale, daily.  What can go wrong?  By the way, we aren’t exposing anything secret here, this issue has been documented by nearly all major media at some point.  If you’d like to read a good mainstream news article on this topic try this NY Times article entitled ”Worldwide Propaganda Network Built by the CIA”[xii]:

C.I.A.: Secret Shaper Of Public Opinion: A decade ago, when the agency’s communications empire was at its peak, embraced more than SOO news and public information organizations and individuals, According to one C.I.A. official, they ranged in importance “from Radio Free Europe to a third‐string guy in Quito who could get something in the local paper.”  Although the network was known officially as the “Propaganda Assets Inventory,” to those inside the C.I.A. it was “Wisner’s Wurlitzer.” Frank G. Wisner, who is now dead, was the first chief of the agency’s covert action staff.  Like the Mighty Wurlitzer, almost at the push of a button, or so Mr. Wisner liked to think, the “Wur‐1 litzer” became the means for orches‐1 tracing, in almost any language anywhere in the world, whatever tune the C.I.A.; was in a mood to hear.

Well, if it’s in the NY Times it’s not so secret is it, so this is about the closed programs.  We can only wonder what the CIA and friends at the NSA are up to these days?  We know what they’re not doing, they’re not sending agents (in body) in theater like they did 20 years ago.  The days of spying are mostly over.  In a world of global electronic surveillance, the modern spy is a signal processing expert, a computer programmer, or similar job sitting in a bunker style office somewhere sifting through big data being recorded by Echelon, and other systems.  Maybe their game now is Cryptocurrency tracking?  Silk Road sure was the biggest and easiest bust in agency history.

Now that you have read this article completely (thank you!) if you want to get a real life example of how Cult of War works, and how the world really works, checkout the book “IBM and the Holocaust” you will not be disappointed.  It is a real life story that explains some of the history here of Cult of War, specifically about ties between the US Military and big business interests.   Or you can checkout our works, start with Splitting Pennies.

[i] https://www.globalresearch.ca/us-has-killed-more-than-20-million-people-in-37-victim-nations-since-world-war-ii/5492051

[ii] https://www.civilwar.org/learn/articles/civil-war-casualties

[iii] https://rationalwiki.org/wiki/American_Indian_Genocide

[iv] https://en.wikipedia.org/wiki/Civilian_Conservation_Corps

[v] http://www.slate.com/blogs/the_slatest/2015/10/02/is_the_u_s_more_violent_than_other_countries_what_the_data_shows.html

[vi] http://comptroller.defense.gov/Portals/45/Documents/defbudget/fy2017/FY2017_Budget_Request_Overview_Book.pdf

[vii] http://zpub.com/un/un-bc-body.html

[viii] https://www.zerohedge.com/news/2017-07-05/documents-expose-how-hollywood-promotes-war-behalf-pentago-cia-nsa

[ix] https://en.wikipedia.org/wiki/Culture

[x] http://www.cobaincase.com/

[xi] https://en.wikipedia.org/wiki/Murder_of_Tupac_Shakur

[xii] https://www.nytimes.com/1977/12/26/archives/worldwide-propaganda-network-built-by-the-cia-a-worldwide-network.html




‘Trojan Horse’ Bug Lurking in Vital US Computers Since 2011

A destructive “Trojan Horse” malware program has penetrated the software that runs much of the nation’s critical infrastructure and is poised to cause an economic catastrophe, according to the Department of Homeland Security.

National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat.

The hacked software is used to control complex industrial operations like oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants. Shutting down or damaging any of these vital public utilities could severely impact hundreds of thousands of Americans.

DHS said in a bulletin that the hacking campaign has been ongoing since 2011, but no attempt has been made to activate the malware to “damage, modify, or otherwise disrupt” the industrial control process. So while U.S. officials recently became aware the penetration, they don’t know where or when it may be unleashed.

DHS sources told ABC News they think this is no random attack and they fear that the Russians have torn a page from the old, Cold War playbook, and have placed the malware in key U.S. systems as a threat, and/or as a deterrent to a U.S. cyber-attack on Russian systems – mutually assured destruction.

The hack became known to insiders last week when a DHS alert bulletin was issued by the agency’s Industrial Control Systems Cyber Emergency Response Team to its industry members. The bulletin said the “BlackEnergy” penetration recently had been detected by several companies.

DHS said “BlackEnergy” is the same malware that was used by a Russian cyber-espionage group dubbed “Sandworm” to target NATO and some energy and telecommunications companies in Europe earlier this year. “Analysis of the technical findings in the two reports shows linkages in the shared command and control infrastructure between the campaigns, suggesting both are part of a broader campaign by the same threat actor,” the DHS bulletin said.

The hacked software is very advanced. It allows designated workers to control various industrial processes through the computer, an iPad or a smart phone, sources said. The software allows information sharing and collaborative control.

http://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476




The Dark Web: haven for drugs, guns, sex slavery

Drugs, guns, and counterfeit cash are all for sale in the so-called Dark Web, a secret and sinister part of the internet that’s flourishing despite a massive crackdown. The Dark Web is the subject of an historic trial that begins in November in New York City.

First some semantics. The Dark Web: what is it? It’s a part of the Internet that cannot be accessed by search engines like Google. It’s hidden on purpose. You need a special web browser to access it, and it’s designed to be used anonymously — no tracing. But this year, the light has shined very harshly on the Dark Web. A high-profile criminal case goes to trial next month. At the center of that case is a Dark Web site called Silk Road.

The U.S. government says Ross Ulbricht is behind one of the largest drug and crime rings in history. The man seen in a video on the “Free Ross” website certainly does not look like a worldwide menace, an Internet mobster.

In a video on the site, his mother, Lyn Ulbricht, said Ross “Is the most peaceful, non-violent, positive compassionate person I’ve ever met.”

Ulbricht was arrested last fall on charges of running Silk Road, a Dark Web site akin to Amazon or eBay with buyers, sellers, user and product reviews, except the product in Silk Road’s case is usually drugs.

Ulbricht’s family began a legal defense fund at the freeross.org.

After Ulbricht’s arrest, Silk Road was shut down. But now somebody has launched a new version.

“People did studies on Silk Road and found that the customer satisfaction level was remarkably high,” said Greg Virgin, whose day job is running RedJack, a company that keeps businesses and government agencies safe from hackers.

We asked him to use his knowledge to take us inside the Dark Web. To access it, we used the free TOR browser. Virgin said “TOR” stands for “the onion router.”

“So, it’s a network of servers that relay your traffic across one another so nobody can figure out who you are, where you are,” he said.

Our first stop, Virgin took us to a site that is essentially a Dark Web directory. Without listings like these, the sites would be impossible to access unless we knew the exact addresses.

“People have estimated that more than 70 percent of the activity on the Dark Net is illegal,” Virgin said.

A lot of that illegal activity revolves around money; fake money, in some cases. We saw listings for euros, PayPal accounts, cloned credit cards with PINs, and more.

One ad offered corporate account numbers for sale. Another showed off stacks of counterfeit $20 bills; 10 bills cost $80. And users offered advice on how to spend it: “I’ve finally ordered 10 bills and found a way of spending them at nightclubs. I just ask random drunks for change. 100% success rate.”

On almost every site, it was easy to find ads for electronics, such as new, unlocked iPhone 6 smartphones for sale. Plenty offered fake passports and IDs.

One site seeks donations to recruit jihadists in the United States “to establish a new Islamic front both in the United States and around the world.”

Murder does seem to be big business on the Dark Web. One site seeks to crowd fund assassinations. Another website says it’s easy to obtain high-powered firearms. Of course, no questions are asked. No pesky background checks are undergone.

The currency — as with most things on the Dark Web — is bitcoin.

“Bitcoin is a virtual currency that obscures the people doing the transaction, so the buyer and the seller,” said Bruce Upbin, a managing editor for Forbes. “It’s a piece of code that’s shared between two parties to replace currency.”

Anyone can buy bitcoin, but it’s not cheap. One bitcoin is about $300, although it’s been as high as $1,000.

And then, there is what Greg Virgin said is most disturbing about the Dark Web.

“There are a number of atrocious child exploitation sites,” he said.

In his spare time, Virgin works with the International Justice Mission to find and rescue children being sold on the Dark Web as sexual slaves. He said because of his work, he believes arrests are coming in the near future.

“We believe we’ve found dozens of victims, that there’s a strong possibility for rescue,” he said.

Shawn Henry spent 15 years leading cyber investigations around the world for the FBI before retiring as an executive assistant director.

“Imagine from a law enforcement perspective the challenge in identifying people who have never gotten together physically, who live in five separate countries,” Henry said, adding that the Dark Web is a nightmare for law enforcement.

It is also the source of all the high-profile hacks we’ve seen this past year. Target, Home Depot, Chase, Neiman Marcus have all been broken into. Even the U.S. government database holding personal information for employees with sensitive security clearance was breached.

“Can you protect the network from being breached? That’s out the window now,” Henry said. “We need to change the paradigm here and it needs to be: how soon after an adversary makes access do we detect them.”

His biggest fear is hackers, working through the Dark Web’s anonymity, going after power plants and financial systems; cyber terrorism.

“There are actually terrorist groups that are calling for electronic jihad,” Henry said. “What if the lights go out for a week, two weeks, a month? How do we handle that as a nation?” He said he believed it “absolutely” possible.

So, where did this come from? It may be hard to believe but TOR, the software that makes this anonymous and so hard to track and makes much of what you’ve just seen possible, was created by the United States Navy. Part of the goal was help people in oppressed nations have Internet freedom. So the Dark Web is not all bad.

“For us in America we live in a free society, for the most part, but there’s plenty of people in the world who don’t, who live in oppressive regimes, where they control the Internet,” Upbin of Forbes said.

Whether it’s pro-democracy protests in Hong Kong or the Arab Spring, the Dark Web’s anonymity helps makes it possible by letting organizers spread the word.

That brings us back to Silk Road and the criminal case pending against Ross Ulbricht.

Julia Tourianski, a blogger from Toronto, said she believes internet freedom in the U.S. rests on the outcome of the Silk Road case.

“This is about the future of our Internet freedom,” she said. “If Ross Ulbricht loses then I think what will happen is anybody who uses TOR networks or anonymous systems will be considered a criminal by default.”

Tourianski is a supporter of Ulbricht’s mother, who said the U.S. government is trying to rewrite law.

Lyn Ulbricht has traveled the country to raise awareness about the Silk Road case and has become something of an Internet star. She would not agree to an interview with us, but we caught her speech at Liberty Fest in Brooklyn. She believes the outcome of the case could lead to a world where everyone’s activities on the web are monitored.

Of course, Edward Snowden showed us last year the NSA is already collecting information about phone calls and emails.

“It’s something far more dangerous than any website could be and that is what our government has become and how they operate,” Lyn Ulbricht said at Liberty Fest.

Tourianski said the Dark Web’s dark side is worth living with.

“Most people are inherently good, and just because a small percentage of people may or may not commit a crime, we shouldn’t police everybody,” Tourianski said. “And if we do, that’s not a world anybody wants to live in.”

Ross Ulbricht has pleaded not guilty to all charges. His trial is set to begin November 10. No matter the outcome for him, the Dark Web seems to continue defying law enforcement despite their pledge to crack down.

Ulbricht’s lawyer and the U.S. attorney prosecuting the case declined to comment for our story.

If Ulbricht is convicted of the most serious charges he faces a maximum sentence of life in prison.

http://www.myfoxny.com/story/26785177/dark-web-haven-crime




FBI director: iPhones shields pedophiles from cops

NEW YORK (CNNMoney)

Apple’s new privacy features protect kidnappers, pedophiles and terrorists, according to FBI director James Comey.

In an interview on CBS’ “60 Minutes” on Sunday, Comey said Apple’s encryption standards for iPhones and iPads “put people beyond the law.”

Apple (AAPL, Tech30) recently took measures to enhance user privacy. Now, only users have the key to unlock text messages, photos and emails on their device. As such, iOS 8 will shield your data from anyone — including police.

Here’s how it works: You send a text message that’s encrypted on your device. It passes through Apple servers as jumbled code nobody can crack. And it can only get decrypted by your friend’s iPhone passcode.

Google (GOOG) has announced it’s doing the same for its Android devices.

The FBI director isn’t pleased.

“The notion that people have devices… that with court orders, based on a showing of probable cause in a case involving kidnapping or child exploitation or terrorism, we could never open that phone? My sense is that we’ve gone too far when we’ve gone there,” Comey told CBS.

Comey compared selling iPhones to selling “cars with trunks that couldn’t ever be opened by law enforcement with a court order.”

But there are two things that are wrong with that statement:

1) The FBI can still get your phone data. Now, they can’t do it secretly by going to Apple or Google. Agents must knock on your front door with a warrant in hand — the way it’s always been.

If you don’t give the FBI access to your phone, it can ask a federal judge to force you. If you refuse, the government can throw you in jail and hold you in contempt of court.

The FBI and Apple did not respond to requests for comment.

Joel Kurtzberg is a New York lawyer who specializes in First Amendment cases (in which journalists often refuse court orders to disclose sources). He said the biggest difference now is that the FBI can’t be covert when it wants your data.

“This is going to make it harder for law enforcement. Now, they’ll have to tip off their target,” he said. “And it will result in instances where someone will destroy evidence.”

But even for the most dangerous cases, there are still workarounds. Video surveillance — the classic kind — can spy on someone as they type their passcode. And the NSA has technology to slip device-controlling malware into phones anyway.

iPhone 6 vs. Galaxy Alpha: Cost to make

2) Opening devices to law enforcement means opening them to hackers. When it comes to data, possession of a key is everything. If your passcode is the only thing that unlocks your digital life, then it doesn’t matter if the FBI presents Apple or Google with a warrant — or if hackers break into the company’s servers. They won’t get anything useful.

The FBI wants companies to keep a backdoor into your life. That’s a problem, because as Comey himself has said in the past, everyone is under attack by hackers.

As Comey said in a previous episode of 60 Minutes: “There are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese.”

Related: Kmart says payment systems hacked

“You can’t have it both ways,” said David Oscar Markus, a Miami defense attorney with expertise in police searches and seizures. “If there’s a backdoor, it can be exploited. The government shouldn’t get to pick and choose what’s protected.”

CNNMoney is investigating recent hacks. Have you had money stolen from your bank account? Has someone stolen your identity? Share your story.

Related: Snapchat isn’t private. Period.

Related: How safe are you? CNNMoney’s cybersecurity Flipboard magazine

 

http://money.cnn.com/2014/10/13/technology/security/fbi-apple/index.html




Southcom Keeps Watch on Ebola Situation

By Jim Garamone
DoD News, Defense Media Activity

WASHINGTON, Oct. 8, 2014 – The potential spread of Ebola into Central and Southern America is a real possibility, the commander of U.S. Southern Command told an audience at the National Defense University here yesterday.

“By the end of the year, there’s supposed to be 1.4 million people infected with Ebola and 62 percent of them dying, according to the [Centers for Disease Control and Prevention],” Marine Corps Gen. John F. Kelly said. “That’s horrific. And there is no way we can keep Ebola [contained] in West Africa.”

If it comes to the Western Hemisphere, many countries have little ability to deal with an outbreak of the disease, the general said.

“So, much like West Africa, it will rage for a period of time,” Kelly said.

This is a particularly possible scenario if the disease gets to Haiti or Central America, he said. If the disease gets to countries like Guatemala, Honduras or El Salvador, it will cause a panic and people will flee the region, the general said.

“If it breaks out, it’s literally, ‘Katie bar the door,’ and there will be mass migration into the United States,” Kelly said. “They will run away from Ebola, or if they suspect they are infected, they will try to get to the United States for treatment.”

Also, transnational criminal networks smuggle people and those people can be carrying Ebola, the general said. Kelly spoke of visiting the border of Costa Rica and Nicaragua with U.S. embassy personnel. At that time, a group of men “were waiting in line to pass into Nicaragua and then on their way north,” he recalled.

“The embassy person walked over and asked who they were and they told him they were from Liberia and they had been on the road about a week,” Kelly continued. “They met up with the network in Trinidad and now they were on their way to the United States — illegally, of course.”

Those men, he said, “could have made it to New York City and still be within the incubation period for Ebola.”

Kelly said his command is in close contact with U.S. Africa Command to see what works and what does not as it prepares for a possible outbreak in the area of operations.

http://www.defense.gov/news/newsarticle.aspx?id=123359




“Common People Do Not Carry This Much Currency” – How Police Justify Stealing American Citizens’ Money

Submitted by Mike Krieger via Liberty Blitzkrieg blog,

Police confiscating Americans’ hard earned cash, as well as a wide variety of other valuables, without an arrest or conviction is a disturbing and growing practice throughput these United States. Since cops get to keep the seized funds and use the money on pretty much anything they want, the practice is becoming endemic in certain parts of the nation. The theft is often referred to simply as civil forfeiture, or civil asset forfeiture. Incredibly, under civil forfeiture laws your property is incredibly “guilty until you prove it innocent.”

The extent of the problem came to my attention last summer after reading an excellent article by Sarah Stillman in the New Yorker. The article struck such a chord with me, I penned a post highlighting it and addressing the issue, titled: Why You Should Never, Ever Drive Through Tenaha, Texas. That article ended up being one of my most popular posts of 2013.

Fast forward a year, and many mainstream publications have also jumped on the topic. Most notably, the Washington Post published an excellent article last month titled, Stop and Seize, which I strongly suggest reading if you haven’t already.

Fortunately for us all, the issue has also caught the eye of the always hilarious, John Oliver of Last Week Tonight. The following clip from his show is brilliant. Not only is it hilarious, but it will hopefully educate a wider audience about this insidious practice so that it can be stopped once and for all.

As one officer admitted in an affidavit justifying his confiscation of an innocent driver’s cash:

“Common people do not carry this much U.S. currency.”

Enjoy:

 




Top Doctors: Ebola May Become Airborne … And May ALREADY Be Transmissible Via Aerosols

Michael T. Osterholm – director of the Center for Infectious Disease Research and Policy at the University of Minnesota – wrote in the New York Times last month:

Viruses like Ebola are notoriously sloppy in replicating, meaning the virus entering one person may be genetically different from the virus entering the next. The current Ebola virus’s hyper-evolution is unprecedented; there has been more human-to-human transmission in the past four months than most likely occurred in the last 500 to 1,000 years. Each new infection represents trillions of throws of the genetic dice.

If certain mutations occurred, it would mean that just breathing would put one at risk of contracting Ebola. Infections could spread quickly to every part of the globe, as the H1N1 influenza virus did in 2009, after its birth in Mexico.

Why are public officials afraid to discuss this? They don’t want to be accused of screaming “Fire!” in a crowded theater — as I’m sure some will accuse me of doing. But the risk is real, and until we consider it, the world will not be prepared to do what is necessary to end the epidemic.

In 2012, a team of Canadian researchers proved that Ebola Zaire, the same virus that is causing the West Africa outbreak, could be transmitted by the respiratory route from pigs to monkeys, both of whose lungs are very similar to those of humans. Richard Preston’s 1994 best seller “The Hot Zone” chronicled a 1989 outbreak of a different strain, Ebola Reston virus, among monkeys at a quarantine station near Washington. The virus was transmitted through breathing, and the outbreak ended only when all the monkeys were euthanized. We must consider that such transmissions could happen between humans, if the virus mutates.

The Guardian reports today:

There is a ‘nightmare’ chance that the Ebola virus could become airborne if the epidemic is not brought under control fast enough, the chief of the UN’s Ebola mission has warned.

 

Anthony Banbury, the Secretary General’s Special Representative, said that aid workers are racing against time to bring the epidemic under control, in case the Ebola virus mutates and becomes even harder to deal with.

Two Infectious Disease Experts Say Ebola In Its CURRENT Form Is ALREADY Spread By Aerosols

But perhaps most challenging to the mainstream assumption that Ebola can only be spread through physical contact with a person who is showing symptoms of infection is the followingexplanation by two national experts on infectious disease transmission, both professors in the School of Public Health, Division of Environmental and Occupational Health Sciences, at the University of Illinois at Chicago (footnotes omitted):

We believe there is scientific and epidemiologic evidence that Ebola virus has the potential to be transmitted via infectious aerosol particles both near and at a distance from infected patients, which means that healthcare workers should be wearing respirators, not facemasks. [Aerosols are liquids or small particles suspended in air. An example is sea spray:  seawater suspended in air bubbles, created by the force of the surf mixing water with air.]

The important points are that virus-laden bodily fluids may be aerosolized and inhaled while a person is in proximity to an infectious person and that a wide range of particle sizes can be inhaled and deposited throughout the respiratory tract.

 

***

 

Being at first skeptical that Ebola virus could be an aerosol-transmissible disease, we are now persuaded by a review of experimental and epidemiologic data that this might be an important feature of disease transmission, particularly in healthcare settings.

 

***

 

Many body fluids, such as vomit, diarrhea, blood, and saliva, are capable of creating inhalable aerosol particles in the immediate vicinity of an infected person. Cough was identified among some cases in a 1995 outbreak in Kikwit, Democratic Republic of the Congo, and coughs are known to emit viruses in respirable particles. The act of vomiting produces an aerosol and has been implicated in airborne transmission of gastrointestinal viruses. Regarding diarrhea, even when contained by toilets, toilet flushing emits a pathogen-laden aerosol that disperses in the air.

 

***

 

There is also some experimental evidence that Ebola and other filovirusescan be transmitted by the aerosol route. Jaax et alreported the unexpected death of two rhesus monkeys housed approximately 3 meters from monkeys infected with Ebola virus, concluding that respiratory or eye exposure to aerosols was the only possible explanation.

 

Zaire Ebola viruses have also been transmitted in the absence of direct contact among pigsand from pigs to non-human primates, which experienced lung involvement in infection. Persons with no known direct contact with Ebola virus disease patients or their bodily fluids have become infected.

 

***

 

Experimental studies have demonstrated that it is possible to infect non-human primates and other mammals with filovirus aerosols. [Ebola is a type of filovirus]

 

Altogether, these epidemiologic and experimental data offer enough evidence to suggest that Ebola and other filoviruses may be opportunistic with respect to aerosol transmission. That is, other routes of entry may be more important and probable, but, given the right conditions, it is possible that transmission could also occur via aerosols.

In other words, these two infectious disease experts believe that Ebola is already – in itscurrent form – transmissible via aerosols.  They therefore urge all doctors and nurses working with Ebola patients to wear respirators.

If they’re right, the government’s assumptions about and strategies towards Ebola are all wrong. At the very least – as the two experts quoted above urge – all frontline healthcare workers should wear respirators.  And it may be necessary to consider travel restrictions until the epidemic is contained.

http://www.zerohedge.com/news/2014-10-02/top-doctors-ebola-may-become-airborne-%E2%80%A6-and-may-already-be-transmissible-aerosols




For the first time, Russia has more deployed nuclear warheads than U.S.

For the first time, Russia, which is in the midst of a major strategic nuclear modernization, has more deployed nuclear warheads than the United States, according to the latest numbers released by the State Department.

Russia now has 1,643 warheads deployed on intercontinental ballistic missiles, submarine-launched ballistic missiles and heavy bombers. The United States has 1,642, said the fact sheet released Wednesday.

The warhead count for the Russians, based the Sept. 1 report required under the 2010 New Strategic Arms Reduction Treaty (START), shows an increase of 131 warheads since the last declaration on March 1. The U.S. reported a warhead increase of 57 during the same period. It is not clear why the warhead numbers increased.

The treaty limits each side to 1,550 deployed warheads, 700 deployed missiles and bombers and 800 deployed and non-deployed launchers.

On New START delivery systems, the latest fact sheet reveals that the current Russian arsenal of deployed intercontinental ballistic missiles, silo-launched ballistic missiles and heavy bombers is 528, up from 498.

Mark Schneider, a former Pentagon strategic weapons specialist, said the latest fact sheet confirms Russian officials’ promises during New START ratification to increase their deployed nuclear arsenal.

“While so little information is released under New START that there is no way to say for sure, the Russian increases appears to reflect the arming of the two new Borey class ballistic missile submarines,” Mr. Schneider said.

“All U.S. numbers have declined since New START entry into force,” he added. “The fact that this is happening reflects the ineffectiveness of the Obama administration’s approach to New START.”

Sen. James Inhofe of Oklahoma, ranking Republican on the Senate Committee on Armed Services, called for a new U.S. policy aimed at halting Moscow’s nuclear arms buildup.

“Not only did Russia violate the Intermediate-Range Nuclear Forces (INF) Treaty, signed by President Ronald Reagan and Soviet leader Mikhail Gorbachev in 1987, it did so while negotiating with the Obama administration over New START, a 2010 arms reduction treaty,” Mr. Inhofe stated in a recent op-ed in Foreign Policy. “The White House was at best nave to Russian duplicity; at worst it was complicit.”

Mr. Inhofe stated that Russian deception in negotiating an arms reduction treaty while building up nuclear arms “poses a direct threat to the United States.”

CULTURAL DIVIDE

The massive compromise of classified documents to WikiLeaks revealed a cultural divide between Army leaders and soldiers of a largely unpatriotic and valueless millennial generation, according to a recently released Army report.

An investigative report on the case of Army Pfc. Bradley Manning, who is serving a 35-year prison term for espionage, identifies several lapses in Army security and personnel procedures that allowed Manning to remain in the service and gain access to classified documents.

Manning, 26, who now calls himself Chelsea, illegally downloaded hundreds of thousands of secret documents on Iraq and Afghanistan, along with State Department cables. After copying the documents on rewritable digital media, he turned them over to the anti-secrecy website WikiLeaks, which posted them online.

It was the largest leak of classified documents in U.S. history before last year’s disclosure of secrets by renegade NSA contractor Edward Snowden. The magnitude of that compromise is still unfolding.

“Over the course of this investigation, it became apparent that there is currently a cultural gap between the first-line and mid-level leaders and the soldiers they lead,” wrote Army Lt. Gen. Robert L. Caslen Jr., the report’s investigating officer and author. “The soldiers they lead are, in major part, of the so-called Millennial Generation.”

An Army spokesman had no comment. A spokesman for Gen. Caslen, now superintendent of the U.S. Military Academy at West Point, New York, had no immediate comment.

According to the report, which is dated Feb. 14, 2011, but was released Sept. 26 on an Army website, Manning, as a millennial, is part of a youth cohort generally marked by narcissism and technological savvy, but “isolated from the physical world,” resulting in “strong loyalties in the virtual world.”

Millennials’ values often clash with traditional values and loyalties in the physical world as a result of playing games online and using social media, the report says.

“In their virtual world — comprised of online gaming and blogging — Millennials believe it acceptable to act in any way one wishes — their actions generate no perceived consequences for which they may be held to account,” the report states.

As an example, the report cites emails sent by Manning to former hacker Adrian Lamo revealing his pilfering of classified documents.

For the military, many millennials’ favoring of transparency over secrecy is troubling since the survival of soldiers and their units often depends on keeping the enemy from gaining access to sensitive intelligence.

Millennials “must begin to understand that service as a soldier entails adherence to standards and values,” the report says.

“Loyalty to nation, obedience to orders of the chain of command, and commitment to the welfare of the small unit are non-negotiable,” the report states.

Trustworthiness of soldiers must be monitored and granting soldiers’ access to secrets requires careful scrutiny.

In the case of Manning, the Army missed signs of behavioral problems that could have prevented him from gaining access to the documents he leaked, the report says. They included several physical assaults, “tantrum fits of rage,” lying to investigators about past behavior, and comments made to colleagues. In 2009, the report said, Manning told a colleague he had “no loyalty” to the United States and the American flag patch on his uniform “meant nothing” to him.

The report suggests Manning is a “bellwether” of the cultural divide between Army leaders and young soldiers. Mid-level commanders are comfortable with Army hierarchy while millennials are not.

Because the Army’s success demands small unit cohesion, “a young soldier who is familiar with, and most comfortable in, the virtual world of the Internet — where the self is praised and individuality as well as transparency are glorified — may be unable to adapt to the military’s focus on teamwork and operational and information security,” the report says.

Additionally, an erosion of leadership skills in the Army is exacerbating problems caused by the millennial generation gap.

Army leaders are “proficient in combat,” but are challenged in leading troops in peace time, the report says.

The Army needs to better educate young soldiers on the need for secrecy and security, and teach them that a failure to protect sensitive information can put them at risk, it says.

“We must undertake an educated and concerted effort to identify and understand the attributes associated with Millennials if we hope ever to bridge the gap fully,” the report states.

AIMING AT TURKEY

Islamic State terrorists advanced toward towns near the Syrian-Turkish border this week, prompting U.S. airstrikes in the region amid signs that NATO-ally Turkey may join the fight.

News reports from the region stated that militants launched a ground offensive against Kobani, an ethnic Kurdish town near the Turkish border also known in Arabic as Ayn al Arab, and several surrounding villages. The town is about 120 miles northeast of Aleppo, Syria.

U.S. Central Command said Tuesday that it conducted attacks at Mazra al Duwad near Ayn al Arab, damaging or destroying an Islamic State armored vehicle, two artillery pieces, two rocket launchers, and an armed vehicle.

Turkish newspaper Today’s Zaman reported that it is not clear that the U.S. airstrikes have slowed the terrorists’ advance, which reached within 3 miles of Kobani with mortar and artillery attacks on the town.

Because of the fighting, some 150,000 Syrian Kurds have fled to Turkey.

The Islamic State is said to be adapting to the U.S.-led airstrikes by taking steps to limit its aerial targets, including reducing the number of road checkpoints and the use of mobile phones, which U.S.-led forces use to identify and target militants.

According to counterterrorism officials, the Islamic State also is launching a Twitter media campaign to limit tweets and photos that can be used to target its fighters.

One Islamic State supporter warned against harming the militants by “advertising their movements” on Twitter.

http://www.washingtontimes.com/news/2014/oct/1/inside-the-ring-compromise-of-classified-documents/print/




U.S. Ramping Up Major Renewal in Nuclear Arms

KANSAS CITY, Mo. — A sprawling new plant here in a former soybean field makes the mechanical guts of America’s atomic warheads. Bigger than the Pentagon, full of futuristic gear and thousands of workers, the plant, dedicated last month, modernizes the aging weapons that the United States can fire from missiles, bombers and submarines.

It is part of a nationwide wave of atomic revitalization that includes plans for a new generation of weapon carriers. A recent federal study put the collective price tag, over the next three decades, at up to a trillion dollars.

This expansion comes under a president who campaigned for “a nuclear-free world” and made disarmament a main goal of American defense policy. The original idea was that modest rebuilding of the nation’s crumbling nuclear complex would speed arms refurbishment, raising confidence in the arsenal’s reliability and paving the way for new treaties that would significantly cut the number of warheads.

Continue reading the main story

Modernizing a Nuclear Arsenal

The government is upgrading major nuclear weapon plants and laboratories, which employ more than 40,000 people.

The new Tritium Engineering Building was recently completed.

Supporters of arms control, as well as some of President Obama’s closest advisers, say their hopes for the president’s vision have turned to baffled disappointment as the modernization of nuclear capabilities has become an end unto itself.

“A lot of it is hard to explain,” said Sam Nunn, the former senator whose writings on nuclear disarmament deeply influenced Mr. Obama. “The president’s vision was a significant change in direction. But the process has preserved the status quo.”

With Russia on the warpath, China pressing its own territorial claims and Pakistan expanding its arsenal, the overall chances for Mr. Obama’s legacy of disarmament look increasingly dim, analysts say. Congress has expressed less interest in atomic reductions than looking tough in Washington’s escalating confrontation with Moscow.

“The most fundamental game changer is Putin’s invasion of Ukraine,” said Gary Samore, Mr. Obama’s top nuclear adviser in his first term and now a scholar at Harvard. “That has made any measure to reduce the stockpile unilaterally politically impossible.”

That suits hawks just fine. They see the investments as putting the United States in a stronger position if a new arms race breaks out. In fact, the renovated plants that Mr. Obama has approved for a smaller force of more precise, reliable weapons could, under a different president, let the arsenal expand rapidly.

Arms controllers say the White House has made some progress toward Mr. Obama’s broader agenda. Mr. Nunn credits the president with improving nuclear security around the globe, persuading other leaders to sweep up loose nuclear materials that terrorists could seize.

In the end, however, budget realities may do more than nuclear philosophies to curb the atomic upgrades. “There isn’t enough money,” said Jeffrey Lewis, of the Monterey Institute of International Studies, an expert on the modernization effort. “You’re going to get a train wreck.”

While the Kansas City plant is considered a success — it opened ahead of schedule and under budget — other planned renovations are mired in delays and cost overruns. Even so, Congress can fight hard for projects that represent big-ticket items in important districts.

Skeptics say that the arsenal is already dependable and that the costly overhauls are aimed less at arms control than at seeking votes and attracting top talent, people who might otherwise gravitate to other fields.

But the Obama administration insists that the improvements to the nuclear arsenal are vital to making it smaller, more flexible and better able to fulfill Mr. Obama’s original vision.

Daniel B. Poneman, the departing deputy secretary of energy, whose department runs the complex, said, “The whole design of the modernization enables us to make reductions.”

A Farewell to Arms

Photo

The new National Security Campus in Kansas City, Mo.CreditThe Kansas City Star

In the fall of 2008, as Barack Obama campaigned for the presidency, a coalition of peace groups sued to halt work on a replacement bomb plant in Kansas City. They cited the prospect of a new administration that might, as one litigant put it, kill the project in “a few months.”

The Kansas City plant, an initiative of the Bush years, seemed like a good target, since Mr. Obama had declared his support for nuclear disarmament.

The $700 million weapons plant survived. But in April 2009, the new president and his Russian counterpart, Dmitri A. Medvedev, vowed to rapidly complete an arms treaty called New Start, and committed their nations “to achieving a nuclear-free world.”

Five days later, Mr. Obama spoke in Prague to a cheering throng, saying the United States had a moral responsibility to seek the “security of a world without nuclear weapons.”

“I’m not naïve,” he added. “This goal will not be reached quickly — perhaps not in my lifetime. It will take patience and persistence.”

That October, the Nobel committee, citing his disarmament efforts, announced it would award Mr. Obama the Peace Prize.

The accord with Moscow was hammered out quickly. The countries agreed to cut strategic arms by roughly 30 percent — from 2,200 to 1,550 deployed weapons apiece — over seven years. It was a modest step. The Russian arsenal was already declining, and today has dropped below the agreed number, military experts say.

Even so, to win Senate approval of the treaty, Mr. Obama struck a deal with Republicans in 2010 that would set the country’s nuclear agenda for decades to come.

Republicans objected to the treaty unless the president agreed to an aggressive rehabilitation of American nuclear forces and manufacturing sites. Senator Jon Kyl, Republican of Arizona, led the opposition. He likened the bomb complex to a rundown garage — a description some in the administration considered accurate.

Under fire, the administration promised to add $14 billion over a decade for atomic renovations. Then Senator Kyl refused to conclude a deal.

Facing the possible defeat of his first major treaty, Mr. Obama and the floor manager for the effort, Senator John Kerry, now the secretary of state, set up a war room and made deals to widen Republican support. In late December, the five-week campaign paid off, although the 71-to-26 vote represented the smallest margin ever for the ratification of a nuclear pact between Washington and Moscow.

The Democrats were unanimous in favor, their ranks including six senators with atomic plants in their states. Among the Republicans joining the Democrats were Bob Corker and Lamar Alexander, both of Tennessee and both strong backers of modernization. (“We’re glad to have the thousands of jobs,” Mr. Alexander said recently in announcing financing for a new plant.)

Nuclear Spending

Annual spending by the Department of Energy and the Atomic Energy Commission on nuclear weapons research, development, testing and production.

In open and classified reports to Congress, Mr. Obama laid out his atomic refurbishment plans, which the Congressional Budget Office now estimateswill cost $355 billion dollars over the next decade. But that is just the start. The price tag will soar after 10 years as missiles, bombers and submarines made in the last century reach the end of their useful lives and replacements are built.

“That’s where all the big money is,” Ashton B. Carter, the former deputy secretary of defense, said last year. “By comparison, everything that we’re doing now is cheap.”

A Wave of Modernization

The money is flowing into a sprawling complex for making warheads that includes eight major plants and laboratories employing more than 40,000 people. Its oldest elements, some dating to 1943, have long struggled with fires, explosions and workplace injuries. This March, a concrete roof collapsed in Tennessee. More recently, chunks of ceiling clattered down a stairwell there, and employees were told to wear hard hats.

“It’s deplorable,” Representative Chuck Fleischmann, Republican of Tennessee, said at an April hearing. Equipment, he added, “breaks down on a daily basis.”

In some ways, the challenge is similar to what Detroit’s auto industry faces: Does it make sense to pour money into old structures or build new ones that are more secure, are fully computerized and adhere to modern environmental standards?

And if the government chooses the latter course, how does it justify that investment if the president’s avowed policy is to wean the world off nuclear arms?

The old bomb plant in Kansas City embodies the dilemma. It was built in World War II to produce aircraft engines and went nuclear in 1949, making the mechanical and electrical parts for warheads.

But a river flooded it repeatedly, and in the past year it was gradually shut down. Today, visitors see tacky furniture, old machinery and floors caked with mud.

Its replacement, eight miles south, sits on higher ground. Its five buildings hold 2,700 employees — just like the old plant — but officials say it uses half the energy, saving about $150 million annually. Everything is bright and modern, from the sleek lobby and cafeteria to the fitness center. Clean rooms for delicate manufacturing have tighter dust standards than hospital operating rooms.

It is called the National Security Campus, evoking a college rather than a factory for weapons that can pound cities into radioactive dust.

Rick L. Lavelock, a senior plant manager, said during a tour in July that employees had a “very great sense of mission” in keeping the arsenal safe and reliable.

Their main job now is extending the life of a nearly 40-year-old submarine warhead called the W-76. Drawing on thousands of parts, they seek to make it last 60 years — three times as long as originally planned.

The warhead’s new guts, a colorful assortment of electronic and mechanical parts, lay alongside a shiny nose cone on a metal table outside an assembly hall.

The last stop on the tour was a giant storage room. Mr. Lavelock said it covered 60,000 square feet — bigger than a football field. Laughing, he likened it to the “Raiders of the Lost Ark” scene showing a vast federal warehouse that seemed to go on forever.

If the Kansas City plant is the crown jewel of the modernization effort, other projects are reminders of how many billions have yet to be spent, and how even facilities completed successfully can go awry.

At Los Alamos National Laboratory in New Mexico, birthplace of the atomic bomb, plans for a new complex to shape plutonium fuel emerged a decade ago with a $660 million price tag. But antinuclear groups kept publicizing embarrassing details, like the discovery of a geologic fault under the site. The estimated cost soared to $5.8 billion, and in 2012, the Obama administration suspended the project.

“In the current fiscal crisis,” Charles F. McMillan, the director of Los Alamos, told a nuclear conference last year, building large facilities “may no longer be practical.”

A different problem hit the Y-12 National Security Complex in Oak Ridge, Tenn. A $550 million fortress was erected there to safeguard the nation’s main supplies of highly enriched uranium, a bomb fuel considered relatively easy for terrorists to make into deadly weapons.

In 2012, an 82-year-old Roman Catholic nun, Megan Rice, and two accomplices cut through fences, splashed blood on the stronghold and sprayed its walls with peace slogans. The security breach set off major investigations, and the nun was sentenced to almost three years in prison.

Now, the site’s woes have deepened. As Oak Ridge prepared for an even bigger upgrade — replacing buildings that process uranium — the price tag soared from $6.5 billion to $19 billion. This year, the Obama administration scuttled the current plan, and the lab is struggling to revise the blueprint.

Robert Alvarez, a policy adviser to the energy secretary during the Clinton administration, recently wrote in The Bulletin of the Atomic Scientists that Oak Ridge was the “poster child” of a dysfunctional nuclear complex.

Across the nation, 21 major upgrades have been approved and 36 more proposed, according to the Government Accountability Office. In nearly two dozen reports over five years, the congressional investigators have described the modernization push as poorly managed and financially unaccountable.

They recently warned — in typically understated language — that the managers of the atomic complex had repeatedly omitted and underestimated billions of dollars in costs, leaving the plan with “less funding than will be needed.”

Photo

The Y-12 National Security Complex in Oak Ridge, Tenn. CreditNational Nuclear Security Administration, via Reuters

The Military Deployments

The Obama administration says it sees no contradiction between rebuilding the nation’s atomic complex and the president’s vow to make the world less dependent on nuclear arms.

“While we still have weapons, the most important thing is to make sure they are safe, secure and reliable,” said Mr. Poneman, the deputy energy secretary. The improvements, he said, have reassured allies. “It’s important to our extended deterrent,” he said, referring to the American nuclear umbrella over nations in Asia and the Middle East, which has instilled a sense of military security and kept many from building their own arsenals.

The administration has told the Pentagon to plan for 12 new missile submarines, up to 100 new bombers and 400 land-based missiles, either new or refurbished. Manufacturing costs for these forces, if approved, will peak between 2024 and 2029, according to a recent study by Dr. Lewis and colleagues at the Monterey Institute.

It estimated the total cost of the nuclear enterprise over the next three decades at roughly $900 billion to $1.1 trillion. Policy makers, the report said, “are only now beginning to appreciate the full scope of these procurement costs.”

Nonetheless, lobbying for the new forces is heating up, with military officials often eager to show off dilapidated gear. In April, a “60 Minutes” segmentfeatured a tour of aging missile silos. Officials pointed out antiquated phones, broken doors, a missile damaged from water leaks and an old computer that relied on enormous diskettes.

The looming crackup between trillion-dollar plans and tight budgets is starting to get Washington’s attention. Modernization delays are multiplying and cost estimates are rising. Panels of experts are bluntly describing the current path as unacceptable.

A new generation of missiles, bombers and submarines “is unaffordable,” a bipartisan, independent panel commissioned by Congress and the Defense Department declared in July. Its 10 experts, including former Secretary of Defense William J. Perry, echoed other estimates in putting the cost at up to $1 trillion.

The overall investment, the panel said, “would likely come at the expense of needed improvements in conventional forces.”

In August, the White House announced it was reviewing the atomic spending plans in preparation for next year’s budget request to Congress, which will set federal spending for 2016.

“This is Obama’s legacy budget,” said a senior administration official who spoke on the condition of anonymity because of the topic’s political delicacy. “It’s his last chance to make the hard choices and prioritize.”

Already, the administration has delayed plans for the Navy’s new submarines, the atomic certification of new bombers and a new generation of warheads meant to fit more than one delivery system. And debate is rising on whether to ax production of the air-launched cruise missile, a new nuclear weapon for bombers, its cost estimated at some $30 billion.

One of the most dramatic calls for reductions came from Chuck Hagel shortly before he became defense secretary last year. He signed a study, headed by retired Gen. James Cartwright, a former vice chairman of the Joint Chiefs of Staff, that proposed cutting the nuclear arsenal to 900 warheads and eliminating most of the 3,500 weapons in storage. The nation’s military plan, the study concluded, “artificially sustains nuclear stockpiles that are much larger than required for deterrence today.”

In a speech in Berlin last year, the president said he would cut the arsenal to roughly 1,000 weapons — but only as part of a broader deal requiring Russian reductions. So far, the Russian president, Vladimir V. Putin, has shown no interest, and Mr. Obama has made clear he will not cut weapons unilaterally. Unless either man changes his approach, the president’s legacy will be one of modest nuclear cuts and a significantly modernized atomic complex.

“I could imagine Putin might well decide it’s in his interest to seek more cuts,” said Rose Gottemoeller, the undersecretary of state for arms control and international security, and the country’s top arms negotiator. “I don’t discard the notion we could do it again.”

Few of her colleagues are so optimistic. They predict that if Mr. Obama is to achieve the kind of vision he entered office with, he will have to act alone.

http://www.nytimes.com/2014/09/22/us/us-ramping-up-major-renewal-in-nuclear-arms.html




Pirate Bay fools the system with cloud technology

Despite years of persecution, the world’s most notorious pirated content exchange continues to flout copyright laws worldwide. The Pirate Bay team revealed how cloud technology made their service’s virtual servers truly invulnerable.

Two founders of The Pirate Bay (TPB) file exchange are in prison, but their creation continues to receive millions of unique visitors daily and remains among the 100 most popular websites worldwide.

Today The Pirate Bay has 21 “virtual machines” (VMs) scattered around the globe with cloud-hosting providers, and the new setup works just fine, reported TorrentFreak, having anonymously questioned the Pirate Bay team. The cloud technology made the site more portable, eliminated the need for any crucial pieces of hardware and therefore made the torrent harder to take down. Costs have decreased and better uptime is now guaranteed.

True geeks cannot follow up hardware and server setup anymore, but the advantages of the new tech set-up for the notorious torrent site outweigh any inconveniences.

After operating ‘in exile’ in Guyana and Peru without much luck, two years ago The Pirate Bay team made a landmark decision and decided to move away from operating physical servers and switched all of their operations to the cloud.

Reuters/Susanne Lindholm/Scanpix Sweden

Reuters/Susanne Lindholm/Scanpix Sweden

Two years ago there were just four VMs, but the increased traffic has heralded a five-fold growth of virtual machines.

Out of 21 VMs, eight are busy serving web pages. Six machines are processing the searches, while TPB’s database is being run on two VMs. The remaining five VMs are needed for load balancing, statistics, torrent storage, the proxy site on port 80 and controller functions.

The system operates using 182 GB of RAM and 94 GPU cores, with total storage capacity of 620 GB, which are not used in full, actually. Considering the scale of The Pirate Bay website, these characteristics are quite modest.
One of the secrets of the modern day TPB is that the commercial cloud providers hosting the torrent site have no idea that the PTB is among their clients. The load balancer VM that funnels all the traffic to other TPB virtual servers masks their activities, which means none of the IP-addresses of the cloud hosting providers are publicly linked to TPB. This makes the new TPB virtually ‘raid-proof’ and very hard for police to track it down. There are no more physical servers to be seized, too, as happened in 2006, when Swedish police raided TPB’s hosting company, seizing everything from servers to fax machines and blank CDs.

Despite occasional difficulties that hit the service from time to time, there have been no major breakdowns recently and no agency has attempted to shut the torrent site down.

It is true that cloud servers can be disconnected like any physical server, but even in that case restoration of the operation is much easier than before and services can be restored from a different provider relatively quickly.

Still, The Pirate Bay remains The Pirate Bay, and this name is widely known among registrars as the root of evil, burning through five separate domain names the last year alone. But that doesn’t dampen the spirits of the TPB team, as operators have dozens of alternative domain names waiting in the wings.

Pirate Bay co-founders Fredrik Neij (L), Gottfrid Svartholm (C) and Peter Sunde leave the city court after the last day of argument's in their copyright trial in Stockholm March 3, 2009. (Reuters/Bob Strong)

Pirate Bay co-founders Fredrik Neij (L), Gottfrid Svartholm (C) and Peter Sunde leave the city court after the last day of argument’s in their copyright trial in Stockholm March 3, 2009. (Reuters/Bob Strong)

Two of TPB’s original founders, Gottfrid Svartholm and Peter Sunde, are currently serving terms in prison and TPB has posted a banner asking visitors to send their support to the site’s founders.

“Show your support by sending them some encouraging mail! Gottfrid is only allowed to receive letters, while Peter gladly receives books, letters and vegan candy.”

When Svartholm and Sunde are out of jail, they’ll find that the rules of the pirate game have changed – and most probably in their favor.

http://rt.com/news/189560-pirate-bay-cloud-servers/




CIA stops spying on friendly nations in W. Europe

WASHINGTON (AP) — Stung by the backlash over a German caught selling secrets to the U.S. and the revelations of surveillance by the National Security Agency, the CIA has stopped spying on friendly governments in Western Europe, according to current and former U.S. officials.

The pause in decades of espionage was designed to give CIA officers time to examine whether they were being careful enough and to evaluate whether spying on allies is worth running the risk of discovery, said a U.S. official who has been briefed on the situation.

Under the stand-down order, case officers in Europe largely have been forbidden from undertaking “unilateral operations” such as meeting with sources they have recruited within allied governments. Such clandestine meetings are the bedrock of spying.

CIA officers are still allowed to meet with their counterparts in the host country’s intelligence service and conduct joint operations with host country services. Recently, unilateral operations targeting third country nationals – Russians in France, for example – were restarted. But meetings with independent sources in the host country remain on hold, as do new recruitments.

The CIA declined to comment.

James Clapper, the director of national intelligence, said during a public event Thursday that the U.S. is assuming more risk because it has stopped spying on “specific targets,” though he didn’t spell out details.

Spying stand-downs are common after an operation is compromised, but “never this long or this deep,” said a former CIA official, who, like others interviewed for this article, spoke on condition of anonymity because it’s illegal to discuss classified material or activities. The pause, which has been in effect for about two months, was ordered by senior CIA officials through secret cables.

The pullback comes at an inopportune time, with the U.S. worried about monitoring European extremists who have fought in Syria, Europe’s response to Russian aggression and European hostility to American technology companies following revelations the companies turned over data to the NSA. While the U.S. cooperates closely with Europe against terrorism, spying can help American officials understand what their allies are planning and thinking, whether about counterterrorism or trade talks.

The current stand-down was part of the fallout from the July 2 arrest of a 31-year-old employee of the German intelligence service. Suspected of spying for Russia, he told authorities he passed 218 German intelligence documents to the CIA.

In a second case, authorities searched the home and office of a German defense official suspected of spying for the U.S., but he denied doing so, and no charges have been filed against him.

A few days later, Germany asked the CIA station chief in Berlin to leave the country, an unprecedented demand from a U.S. ally. The move demonstrated how seriously the Germans were taking the situation, having already been stung by revelations made by Edward Snowden, a former NSA systems administrator, that the agency had tapped German Chancellor Angela Merkel’s mobile phone.

The NSA disclosure infuriated Merkel, who demanded explanations from President Barack Obama. It embarrassed both world leaders and has left many Germans skeptical about cooperating with the U.S.

CIA managers were worried that the incident could lead European security services to begin closely watching CIA personnel. Many agency officers in Europe, operating out of U.S. embassies, have declared their status as intelligence operatives to the host country.

The “EUR” division, as it is known within the CIA, covers Canada, Western Europe and Turkey. While spying on Western European allies is not a top priority, Turkey is considered a high-priority target – an Islamic country that talks to U.S. adversaries such as Iran, while sharing a border with Syria and Iraq. It was not known to what extent the stand-down affected operations in Turkey.

European countries also are used as safe venues to conduct meetings between CIA officers and their sources from the Middle East and other high-priority areas. Those meetings have been rerouted to other locales while the pause is in place.

The European Division staff has long been considered among the most risk-averse in the agency, several former case officers said, speaking on condition of anonymity because they weren’t authorized to discuss secret intelligence matters by name.

A former CIA officer who worked under nonofficial cover wrote a 2008 book in which he described a number of operational “stand-downs” in Europe, including one in France in 1998 because of the World Cup soccer championship, and another in a European country in 2005, in response to unspecified security threats.

The former officer, whose real name has not be disclosed, wrote “The Human Factor: Inside the CIA’s Dysfunctional Intelligence Culture,” under a pseudonym, Ishmael Jones. He is a former Marine who served 15 years in the agency before resigning in 2006. The CIA acknowledged his status as a case officer when it successfully sued him for publishing the book without first submitting it for pre-publication censorship, as required under his secrecy agreement.

The CIA last faced that sort of blowback from a European ally in 1996, when several of its officers were ordered to leave France. An operation to uncover French positions on world trade talks was unraveled by French authorities because of poor CIA tactics, according to a secret CIA inspector general report, details of which were leaked to reporters.

The Paris flap left the EUR division much less willing to mount risky espionage operations, many former case officers have said.

http://hosted.ap.org/dynamic/stories/U/US_CIA_EUROPE_SPYING_PAUSE?SITE=CAOAK&SECTION=HOME&TEMPLATE=DEFAULT




Governments spy on journalists with weaponized malware – WikiLeaks

Journalists and dissidents are under the microscope of intelligence agencies, Wikileaks revealed in its fourth SpyFiles series. A German software company that produces computer intrusion systems has supplied many secret agencies worldwide.

The weaponized surveillance malware, popular among intelligence agencies for spying on “journalists, activists and political dissidents,” is produced by FinFisher, a German company. Until late 2013, FinFisher used to be part of the UK-based Gamma Group International, revealed WikiLeaks in the latest published batch of secret documents.

FinFisher’s spyware exploits and monitors systems remotely. It’s capable of intercepting communications and data from OS X, Windows and Linux computers, as well as Android, iOS, BlackBerry, Symbian and Windows Mobile portable devices. Three back-end programs are required for the spy program to operate. FinFisher Relay and FinSpy Proxy programs are FinFisher suite components that route and manage intercepted traffic, redirecting it to the FinSpy Master collection program. The spyware can steal keystrokes, Skype conversations, and even connect to your webcam and watch you in real time.

The whistleblower has a list of FinFisher surveillance software buyers. Among the German malware developer’s clients are intelligence agencies and police forces from Australia, Bosnia, Estonia, Hungary, Italy, Mongolia, the Netherlands, Pakistan and Qatar.

According to WikiLeaks’ estimates, FinFisher has already earned about 50 million euros in sales.

“FinFisher continues to operate brazenly from Germany selling weaponized surveillance malware to some of the most abusive regimes in the world,” the founder and editor-in-chief of Wikileaks, Julian Assange, said.

Earlier this year, the tapping of Chancellor Angela Merkel’s mobile phone by the American National Security Agency (NSA) created a scandal that rocked the German political establishment: a revelation made thanks to documents exposed by the former NSA contractor and whistleblower Edward Snowden.

Yet, despite all this, FinFisher continues its activities in Germany unhindered.

“The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher?” Assange asked.

Assange is calling for an ‘antidote’ to the German-made FinFisher FinSpy PC spyware, saying a tool is needed to repel such activities and expose those who do the surveillance by tracking down spying command and control centers.

WikiLeaks has made newly indexed FinFisher breach material public via torrents, “including new brochures and a database of the customer support website, that provide updated details on their product line and a unique insight into the company’s customer-base.”

“In order to make the data more easily accessible and consumable, all the new brochures, videos and manuals are now available organized under the related FinFisher product name. The database is represented in full, from which WikiLeaks compiled a list of customers, their eventual attribution, all the associated support tickets and acquired licenses, along with the estimated costs calculated from FinFisher’s price list,” the WikiLeaks memo said.

After the scandal that followed revelations of mass NSA spying worldwide, Germany and France came up with an idea to build a trustworthy data protection network in Europe to avoid data passing through the US.

The US slammed such plans to construct an EU-centric communication system, designed to prevent emails and phone calls from being swept up by the NSA, warning that such a move is a violation of trade laws.

http://rt.com/news/188052-german-spyware-wikileaks-journalists/




China wants explanation on allegations of US spying

China has demanded a clear explanation from the United States following reports that it infiltrated the servers of the Chinese telecoms giant, Huawei.

The company said it would condemn the invasion of its networks if the reports in the New York Times were true.

The newspaper quoted documents, allegedly from the US National Security Agency (NSA), released by the former contractor, Edward Snowden.

They said the NSA had spied on Huawei and had information on its customers.

The NSA has made no mention of the reports but said it focused only on what it called valid foreign intelligence targets.

It said it did not use intelligence to steal the secrets of foreign companies to help US businesses.

Chinese foreign ministry spokesman, Hong Lei, said China was extremely concerned about the allegations.

“China has already lodged many complaints with the United States about reports of its espionage activities,” he said demanding that Washington cease its activities and explain itself.

The New York Times said one of the goals of the US operation was to find out whether Huawei had connections with the People’s Liberation Army.

It said the operation, codenamed “Shotgiant”, also sought to conduct espionage through the systems and telephone networks that Huawei sold to other countries.

The newspaper said that the NSA had gained access to Huawei headquarters in the southern Chinese city of Shenzhen and found information on the internal workings of its switches and routers.

The German magazine, Der Spiegel, also citing what it said were NSA documents from Edward Snowden, said the US was positioned to launch cyber offensive operations against the Chinese leadership through its access to Huawei networks.

Washington has long seen Huawei as a potential security threat and has blocked some business deals in the US for fear that it would open the door to Chinese military hackers.

Edward Snowden fled to Hong Kong last year and has since been granted asylum in Russia.

He continues to release information that claims to reveal the global activities of the NSA.

http://www.bbc.com/news/world-asia-26712564




Busted! – U.S. Tech Giants Knew Of NSA Spying Says Agency’s Senior Lawyer

GIH: As it turns out, tech giants were in fact working with the NSA to collect user data electronically.  They have vehemently denied this.  It seemed to make more sense, that NSA had worked with them, compared to NSA being able to hack on multiple levels their systems.  Although the NSA has developed many technologies for advanced electronic surveillance, in many cases, they still rely on old world spy tricks, such as tapping into data lines at the point of transmission.  But now we can’t trust the NSA, and we can’t trust tech giants, who is left?


Submitted by Michael Krieger of Liberty Blitzkrieg blog,

This is why I’ve been so confused and frustrated by the repeated reports of the behavior of the US government. When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government.

The US government should be the champion for the internet, not a threat. They need to be much more transparent about what they’re doing, or otherwise people will believe the worst.

I’ve called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform.

So it’s up to us — all of us — to build the internet we want. Together, we can build a space that is greater and a more important part of the world than anything we have today, but is also safe and secure. I‘m committed to seeing this happen, and you can count on Facebook to do our part.

– Facebook CEO, Mark Zuckerberg in a post last week

Last week, Mark Zuckerberg made headlines by posting about how he called President Barack Obama to express outrage and shock about the government’s spying activities. Of course, anyone familiar with Facebook and what is going on generally between private tech behemoths and U.S. intelligence agencies knew right away that his statement was one gigantic heap of stinking bullshit. Well now we have the proof.

Earlier today, the senior lawyer for the NSA made it completely clear that U.S. tech companies were fully aware of all the spying going on, including the PRISM program (on that note read my recent post: The Most Evil and Disturbing NSA Spy Practices To-Date Have Just Been Revealed).

So stop the acting all of you Silicon Valley CEOs. We know you are fully on board with extraordinary violations of your fellow citizens’ civil liberties. We know full well that you have been too cowardly to stand up for the values this country was founded on. We know you and your companies are compromised. Stop pretending, stop bullshitting. You’ve done enough harm.

From The Guardian:

The senior lawyer for the National Security Agency stated unequivocally on Wednesday that US technology companies were fully aware of the surveillance agency’s widespread collection of data, contradicting month of angry denials from the firms.

Rajesh De, the NSA general counsel, said all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies – both for the internet collection program known as Prism and for the so-called “upstream” collection of communications moving across the internet.

Asked during at a Wednesday hearing of the US government’s institutional privacy watchdog if collection under the law, known as Section 702 or the Fisa Amendments Act, occurred with the “full knowledge and assistance of any company from which information is obtained,” De replied: “Yes.”

When the Guardian and the Washington Post broke the Prism story in June, thanks to documents leaked by whistleblower Edward Snowden, nearly all the companies listed as participating in the program – Yahoo, Apple, Google, Microsoft, Facebook and AOL –claimed they did not know about a surveillance practice described as giving NSA vast access to their customers’ data. Some, like Apple, said they had “never heard” the term Prism.

The disclosure of Prism resulted in a cataclysm in technology circles, with tech giants launching extensive PR campaigns to reassure their customers of data security and successfully pressing the Obama administration to allow them greater leeway to disclose the volume and type of data requests served to them by the government.

The NSA’s Wednesday comments contradicting the tech companies about the firms’ knowledge of Prism risk entrenching tensions with the firms NSA relies on for an effort that Robert Litt, general counsel for the director of national intelligence, told the board was “one of the most valuable collection tools that we have.”

Move along serfs, move along.

Full article here.




Why HTTPS and SSL are not as secure as you think

GIH: We are led to believe that by installing a certificate, or by other common security practices, we are safe.  The following shows that this may not be the case, especially considering the vulnerabilities of HTTPS protocol, the commonly accepted ‘safe’ way to browse:


In this day and age of well-known NSA spying, everyone keeps saying that the only way to be safe is to use SSL/TLS, commonly known as “browsing with https://”.

The sad reality is that HTTPS does virtually nothing to protect you from the prying eyes of alphabet soup agencies – or anybody else with enough knowledge about how these supposedly “secure” connections actually work.

It’s true that connecting to web sites with SSL will certainly prevent “script kiddies” and other more winky opponents from eavesdropping on your surfing or otherwise interfering in your affairs. But as for the Real Bad Guys, forget it…

We shall begin by taking a brief dive down the rabbit hole of SSL, hopefully in a way that will make sense to even the least technically inclined among us.

This issue is, after all, so extremely important that I think everyone needs to understand what is really going on, and how web security actually works, without needing a PhD in cryptography, computer science, or engineering!

Our story begins with a little e-mail I received the other day. The basic message can be found here:

Microsoft Security Advisory (2880823)

Of course, the idea that Microsoft of all companies is warning me about security is kind of laughable, so I didn’t pay much attention. Nevertheless, there was this little voice in the back of my mind that kept pestering me, so I decided to dig in and see what all the hoopla was about… or indeed if any hoopla was even warranted.

Boy, is it ever warranted!

From the above link, we read:

Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2. Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information.

Okay, so that’s probably like trying to read a foreign language to most people. Even I didn’t understand exactly how these hashing algorithms were used with SSL. So, I started digging. What I found nearly floored me:

MD5 considered harmful today: Creating a rogue CA certificate

Now, if you thought the M$ advisory was confusing, take a peek at the above link.

WOW! That’s wild.

In summary, way back in 2008, some smart people figured out a way to make themselves a Fake SSL Certificate Authority, and they accomplished this feat by using a weakness in the MD5 hashing algorithm.

“Eureka! This must be the key to our mystery,” I thought.

So, I began to read… and re-read… and think… and re-read. And then it clicked. To paraphrase Inspector Finch:

I suddenly had this feeling that everything was connected. It’s like I could see the whole thing, one long chain of events that stretched all the way back before the MD5 hash advisory in 2008. I felt like I could see everything that happened, and everything that is going to happen. It was like a perfect pattern, laid out in front of me. And I realised we’re all part of it, and all trapped by it.

“Well, that’s stunningly dramatic,” you think, “But just… What is going on?!”

System Failure

First, let’s define some terms – hopefully in Plain English:

SSL Web Site Certificate

This is a digital certificate, with a digital signature, that verifies that a website is who they say they are. When you connect to a web site using SSL (HTTPS), your browser says, “Papers, please!” The remote site then sends the SSL Web Site Certificate to your browser. Your browser then verifies the authenticity of this “passport”. Once verified, encrypted communications ensue. The point of the SSL Web Site Certificate is that under no circumstances should anyone else be able to create a valid, signed certificate for a web site that they do not own and operate. In order to obtain an SSL Web Site Cert, you must verify by varied means that you are the owner and operator of the web site involved. So, using HTTPS is not only for encryption of communications, but also a way to verify that the site you are communicating with is the Real Thing, and not an imposter. And of course you must pay for the certificate!

Certificate Authority (CA) Root Certificate

This is also a digital certificate, with a digital signature… But in this case, this certificate can be used to create and digitally sign normal SSL Web Site Certificates. This is the kind of certificate that a CA (Certificate Authority) has. These certificates also get passed to browser makers, and are then included in your web browser. This is so that when your browser receives an SSL Web Site cert, it can use the CA Root Certificate to verify that the Web Site Cert is in fact valid.

Certificate Authority (CA)

A CA is the kind of web site from which you would buy a valid, secure SSL Web Site Certificate to use for HTTPS on your site. For example: Verisign.com, RapidSSL.com, Geotrust.com, etc. are Certificate Authorities. They have CA Root Certificates for generating and signing valid SSL Web Site Certificates.

It’s helpful to understand that with all these certificates, there is a “chain of command”. SSL Web Site Certificates are validated and authenticated using CA Root Certificates. CA Root Certificates are validated with yet higher-authority certificates, all the way up the pyramid to The One Great Root Certificate, which is like the God of Certificates. Thus, each lower-ranking certificate is verified up the chain of command. This all happens behind the scenes, and you have no idea it’s occurring.

Certificate Authority Validation Chain

Each lower level certificate is validated using a certificate from the level above it.

Piece of cake, right?

Now, where do these hash algorithms like MD5, SHA-1, and SHA-2 come into play?

All certificates contain information, like:

  • Web site domain (www.mysite.com)
  • Site location (country, state, etc.)
  • Site owner info (company name)
  • Period of validity

This information is verified before a certificate is issued. Once verified, a hash of the data is generated. This hash acts as the digital signature for the certificate. The only thing you really need to understand about hash algorithms is that what is supposed to happen is this:

  1. Data of any length (30 characters, 3000 characters, 40MB, whatever) is passed into the hash algorithm
  2. The hash algorithm chops up the data and mathematically processes it, thereby spitting out a signature – or digital fingerprint – of the data
  3. The hash of no two chunks of data should ever be the same – just as the fingerprints of no two people should ever be the same
  4. The hash output is always the same size, regardless of the size of the input data (just like a fingerprint – no matter the size of the person)
Hash Fingerprint

Right. There is such a thing as a “hash collision”. This is when you have 2 hashes that are identical, but they were generated from different data. That’s like if you and your neighbor suddenly had the same thumbprint. OOPS!

Now, think about that for a minute… If the police were using these hashes, or thumbprints, to verify your identity, they might mistake you for your neighbor, or your neighbor for you, if you “had the same thumbprint”. If they did no other checking, and just relied on that thumbprint, they might very well “authenticate” your identities completely incorrectly. BIG OOPS!

This is exactly what happened with the MD5 SSL attack outlined at the above link.

These smarty-pants people were able to carefully buy a valid SSL Web Site Certificate from RapidSSL in 2008. Before they did that, they created their own CA Root Certificate in such a way that the hash (fingerprint) of their valid, just-purchased Web Site Cert was identical to the hash of the FAKE CA Root Certificate that they created out of thin air.

Since RapidSSL had just said, “Dudes, this Web Site Certificate fingerprint is valid!”, and since this was the same fingerprint on the fake CA Root Cert, the forged CA Root Certificate becomes valid.

Now, recall that a CA Root Certificate – as long as it has a valid hash/fingerpint that will validate up the “chain of authority” – can be used to generate a valid SSL Web Site Certificate for any web site in the world… And neither you, nor RapidSSL, nor your browser will ever know that anything is amiss.

Why is this a problem? For starters, consider a man-in-the-middle attack.

Man in the middle attack

© x-services.nl

You want to go to https://www.gmail.com. But some “hackers” have used another type of hack to insert their server between you and Gmail. Normally, this would not be possible, because you’re using HTTPS! You’re SAFE!

WRONG!

As far as anyone knows, you are connected to gmail.com over HTTPS. But in reality, what’s happening is this:

  1. You try to connect to https://www.gmail.com
  2. The attacker diverts your request (perhaps using DNS cache poisoning or some other such attack) to a fake server
  3. Since Attacker’s Server contains a falsely generated, perfectly valid SSL Web Site Certificate using the tricks outlined above, your browser doesn’t know any better. Everything appears to be legit.
  4. You begin doing e-mail, but all your data is actually going encrypted to Attacker’s Server, being decrypted and recorded/modified, and then Attacker’s Server then passes the data on to the real https://www.gmail.com (using Gmail’s actual, valid SSL cert).
  5. You have absolutely no clue that your “secure” communications are not secure in the least!

In other words, SSL / HTTPS means that the connection between your browser and the destination server at the URL you’re visiting is supposed to be encrypted. But due to the fact the certain types of SSL certificates (which help handle the encryption) can be forged, an attacker could set up their fake server that pretends to the be the real destination server, and thus insert themselves in the middle of the connection. When that is done, the attacker has control over the connection and the data, and can thus decrypt your data, manipulate it, and/or pass it on to the real intended destination server.

Now, isn’t that a daisy?

“But wait!” you say. “Isn’t it therefore good for Microsoft to recommend changing the hash function to SHA-256 if SHA-1 has the same potential problem as MD5 did back in 2008?”

An excellent question! Unfortunately, yes and no. Even if you, as a web site owner, change your SSL Web Site Certificate from one that is signed using SHA-1 to a new cert that is signed using SHA-2, you are still unsafe.

Why?

Because all it takes is for ONE Certificate Authority to use a “weak” hash algorithm, and someone who is up to no good can generate a forged CA Root Certificate. Once they have that, they can generate as many SSL Web Site Certs as they want – using any hashing algorithm they please – including a fake-yet-valid cert that they can use to impersonate your “secure” site!

In other words, the weakness in the hashing algorithm is just the tip of the iceberg. Due to the hierarchical “chain of authority” in the whole certificate system, if anyone manages to create a false CA Root Cert, they are more or less god in terms of creating false SSL Web Site Certs.

Thus, in order for Microsoft’s words to have an effect, there must not be ANY Certificate Authority (Web Site Cert issuer) in the whole world that still uses SHA-1. In order for the “security” to actually be more secure, everyone must upgrade right now. But this isn’t going to happen.

Now, if that isn’t bad enough, think about all the NSA spying. Think about how many people said, “Naw, man, I just surf using HTTPS, and I’m totally safe!”

You think so?

I don’t. You know why? Well, you should, by now… But there’s more!

Big Brother, NSA-Hauptquartier

Guess who??!

Guess who invented the SHA-1 hash algorithm in 1995?

The NSA.

Guess who invented SHA-2 in 2001?

The NSA.

So, why should all the Certificate Authorities switch from the NSA’s SHA-1 to the NSA’s SHA-2? Why, because the NSA created it the way they did for a reason!

SHA-1 already has been theoretically breached, and there are a few indications that SHA-2 isn’t quite as super-duper-safe as everyone thinks.

Imagine you are the NSA. You want to spy on everyone, everyone’s grandmother, the grandmothers’ cats, and the mice that are currently being digested inside the cats. SSL is kind of a problem… It can use pretty annoying encryption. Well, hell! No problem. Just compromise the “certificate authority chain” by forging one little CA Root Certificate, and blammo! You can eavesdrop and man-in-the-middle anybody you darn well please, SSL or not!

Web sites over SSL? No problem.

E-mail over SSL? No problem.

I have said it before, and I’ll say it again: There never was security or privacy on the internet, there is no security or privacy on the internet now, and most likely there never will be. Not unless some very big changes are made…

And do you know why all this (and much, much more) is possible?

Because just like you, I had no knowledge of the gaping holes in SSL. Awareness of this and many other issues – technological, political, psychological, social, etc. – is absolutely essential.

Otherwise, frankly, we’re screwed.

Avatar

Scott Ogrin

Scott Ogrin is an electrical and computer engineer with a BSEE and MSEE. After working in the automotive and telecom industries in hardware and testing, he ended up as a software engineer.

He joined SOTT in 2003 as an editor, and is currently the webmaster and Chief Techie for Sott.net. He is also part-owner of French publishing company Les Editions Pilule Rouge, and a member of the board of directors and engineering consultant for Quantum Future Group, Inc.

Although born in the USA, he became a Slovenian citizen and currently lives in France. He speaks English, French, Slovenian, and Spanish.

In his spare time, he works on his popular blog at ScottiesTech.Info.




‘What does ISP mean?’

GIH: Shocking information has come forth that government officials responsible for cybersecurity initiatives do not have basic knowledge about the internet, such as what an “ISP” is.  How can those who know nothing about a topic regulate or execute it?


One of the world’s leading cyberwarfare experts has warned of the damaging lack of government literacy in cybersecurity issues, pointing out that some senior officials don’t know how to use email, and that one US representative about to negotiate cybersecurity with China asked him what an “ISP” was.

Speaking at the SXSW festival, Dr Peter W Singer, director of the Center for 21st Century Security & Intelligence, cited a 2014 poll by the Pew research institute that found Americans are more afraid of cyberattack than attack by Iran or North Korea, climate change, the rise of China or authoritarian Russia.

Sketching out the scale of technology in our lives, Singer said that 40 trillion emails are sent a year, that 30 trillion websites now exist and that 9 new pieces of malware are discovered every second. He claimed that 97% of Fortune 500 companies have admitted they’ve been hacked – the other 3% just aren’t ready to admit it yet.

The consequent rise in cybercrime and state-sponsored attacks has not gone unnoticed. 100 nations now have cyber command, and the Pentagon’s own briefings, which contained the word ‘cyber’ 12 times during 2012, have already mentioned it 147 times so far this year.

Yet former head of US homeland security Janet Napolitano once told Singer. “Don’t laugh, but I just don’t use email at all,” Singer recalled. “It wasn’t a fear of privacy or security – it’s because she just didn’t think it was useful. A supreme court justice also told me ‘I haven’t got round to email yet’ – and this is someone who will get to vote on everything from net neutrality to the NSA negotiations.”

Obama himself, Singer said, had expressed concern that the complexity of the issue was overwhelming policy makers.

Singer added that another US official about to negotiate cybersecurity with China asked him to explain what “ISP” meant. “That’s like going to negotiate with the Soviets and not knowing what ‘ICBM’ means. And I’ve had similar experiences with officials from the UK, China and Abu Dhabi.

At the G20 conference diplomats were spearfished by an email with a link to nude photos of former French first lady Carla Bruni-Sarkozy, and many clicked – downloading spyware onto their computers.

“Cybersecurity is crucial, and as intimate to your life as your bank account. It’s treated as an area only for IT folk, and the technical community that understands the hardware and software but not the wetware – the human side. Without proper tools we cannot understand both what is possible and what is proper. Past myth and future hype weave together to obscure to what actually happen with where we will be in the future.”

Cybersecurity should be treated like public health

Singer also said many cybersecurity threats and solutions are misrepresented or overblown. Power lines are taken down far more often by squirrels, for example. The government response is often too reactionary – akin to the treatment of pirates and privateers in the age of sail – whereas investment in a public cyberhealth campaign would be far more effective.

“Ben Franklin said an ounce of prevention is worth a pound of cure. The Centre for Disease Control and Prevention says that is true of public health but it is also true of cybersecurity… very basic cyber hygiene would go an very long way. The top control measures would stop 90% of all cyber attacks.”

The most significant penetration of US secure networks happened when an infected USB stick was dropped in the car park after a ‘candy drop’; an employee picked it up and plugged it into his computer on their secure network. “That’s not cyber hygiene, that’s basic hygiene – the five second rule.”

Another problem is that different parts of government operate in contradiction to each other. “Tor was originally paid for by Navy money, and pushed by state departments as a way of dissidents and state departments to protect themselves simultaneously, but if you use it you get swept up by the NSA who assumes you are up to no good. We have to figure out these balances.”

Snowden – traitor or hero?

The argument over NSA surveillance has been reduced to bumper sticker values, Singer argued.

Three different kinds of activity have been exposed. The first is that the NSA carries out espionage against American enemies – smart, strategic espionage. The second is legally and politically questionable, and related to mass collection of American citizens’ information collected either directly by the agency or by its allies.

“The third is what you could kindly call unstrategic – or stupid – directly targeting close American allies and leaders and undermining American technology companies. People want to say Snowden was a traitor or a whistleblower and we pull from the bucket we care the most about, but that’s a bumper sticker way of talking about it because people can simultaneously do both good and bad actions.”

• Julian Assange tells SXSW audience: ‘NSA has grown to be a rogue agency’




How the NSA Plans to Infect ‘Millions’ of Computers with Malware

GIH:  As more information comes out about various spy agencies and their cyber divisions, it seems that those such as the NSA pose a larger threat to internet security than the hackers they are supposedly protecting us from.  The following information should make any user of the internet, be it a business or individual or government, reconsider use, policies, protocols, and security.


Featured photo - How the NSA Plans to Infect ‘Millions’ of Computers with MalwareOne presentation outlines how the NSA performs “industrial-scale exploitation” of computer networks across the world.

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”

In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.” The system manages the applications and functions of the implants and “decides” what tools they need to best extract data from infected machines.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.”

“That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”

The NSA declined to answer questions about its deployment of implants, pointing to a new presidential policy directive announced by President Obama. “As the president made clear on 17 January,” the agency said in a statement, “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

 

“Owning the Net”

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secretinternal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands.

To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices.

In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations.

But the NSA recognized that managing a massive network of implants is too big a job for humans alone.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”

 

 

TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.”

In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations.

The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)

 

 

Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations.

Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers.

The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.”

The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”

 

Circumventing Encryption

The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes.

One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer.

An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.

The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption.

It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.

Previous reports have alleged that the NSA worked with Israel to develop the Stuxnet malware, which was used to sabotage Iranian nuclear facilities. The agency also reportedly worked with Israel to deploy malware called Flame to infiltrate computers and spy on communications in countries across the Middle East.

According to the Snowden files, the technology has been used to seek out terror suspects as well as individuals regarded by the NSA as “extremist.” But the mandate of the NSA’s hackers is not limited to invading the systems of those who pose a threat to national security.

In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes.

The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”

Similar tactics have been adopted by Government Communications Headquarters, the NSA’s British counterpart. As the German newspaper Der Spiegel reported in September, GCHQ hacked computers belonging to network engineers at Belgacom, the Belgian telecommunications provider.

The mission, codenamed “Operation Socialist,” was designed to enable GCHQ to monitor mobile phones connected to Belgacom’s network. The secret files deem the mission a “success,” and indicate that the agency had the ability to covertly access Belgacom’s systems since at least 2010.

Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications.

Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through aVirtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.

The implants also track phone calls sent across the network via Skype and other Voice Over IP software, revealing the username of the person making the call. If the audio of the VOIP conversation is sent over the Internet using unencrypted “Real-time Transport Protocol” packets, the implants can covertly record the audio data and then return it to the NSA for analysis.

But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.

 

“Mass exploitation potential”

Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network.

According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds.

There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious.

Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.

To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second.

In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.

The documents show that QUANTUMHAND became operational in October 2010, after being successfully tested by the NSA against about a dozen targets.

According to Matt Blaze, a surveillance and cryptography expert at the University of Pennsylvania, it appears that the QUANTUMHAND technique is aimed at targeting specific individuals. But he expresses concerns about how it has been covertly integrated within Internet networks as part of the NSA’s automated TURBINE system.

“As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that’s terrifying,” Blaze says.

“Forget about how the NSA is intending to use it. How do we know it is working correctly and only targeting who the NSA wants? And even if it does work correctly, which is itself a really dubious assumption, how is it controlled?”

In an email statement to The Intercept, Facebook spokesman Jay Nancarrow said the company had “no evidence of this alleged activity.” He added that Facebook implemented HTTPS encryption for users last year, making browsing sessions less vulnerable to malware attacks.

Nancarrow also pointed out that other services besides Facebook could have been compromised by the NSA. “If government agencies indeed have privileged access to network service providers,” he said, “any site running only [unencrypted] HTTP could conceivably have its traffic misdirected.”

A man-in-the-middle attack is a similar but slightly more aggressive method that can be used by the NSA to deploy its malware. It refers to a hacking technique in which the agency covertly places itself between computers as they are communicating with each other.

This allows the NSA not only to observe and redirect browsing sessions, but to modify the content of data packets that are passing between computers.

The man-in-the-middle tactic can be used, for instance, to covertly change the content of a message as it is being sent between two people, without either knowing that any change has been made by a third party. The same technique is sometimes used by criminal hackers to defraud people.

A top-secret NSA presentation from 2012 reveals that the agency developed a man-in-the-middle capability called SECONDDATE to “influence real-time communications between client and server” and to “quietly redirect web-browsers” to NSA malware servers called FOXACID. In October, details about the FOXACID system were reported by the Guardian, which revealed its links to attacks against users of the Internet anonymity service Tor.

But SECONDDATE is tailored not only for “surgical” surveillance attacks on individual suspects. It can also be used to launch bulk malware attacks against computers.

According to the 2012 presentation, the tactic has “mass exploitation potential for clients passing through network choke points.”

Blaze, the University of Pennsylvania surveillance expert, says the potential use of man-in-the-middle attacks on such a scale “seems very disturbing.” Such an approach would involve indiscriminately monitoring entire networks as opposed to targeting individual suspects.

“The thing that raises a red flag for me is the reference to ‘network choke points,’” he says. “That’s the last place that we should be allowing intelligence agencies to compromise the infrastructure – because that is by definition a mass surveillance technique.”

To deploy some of its malware implants, the NSA exploits security vulnerabilities in commonly used Internet browsers such as Mozilla Firefox and Internet Explorer.

The agency’s hackers also exploit security weaknesses in network routers and in popular software plugins such as Flash and Java to deliver malicious code onto targeted machines.

The implants can circumvent anti-virus programs, and the NSA has gone to extreme lengths to ensure that its clandestine technology is extremely difficult to detect. An implant named VALIDATOR, used by the NSA to upload and download data to and from an infected machine, can be set to self-destruct – deleting itself from an infected computer after a set time expires.

In many cases, firewalls and other security measures do not appear to pose much of an obstacle to the NSA. Indeed, the agency’s hackers appear confident in their ability to circumvent any security mechanism that stands between them and compromising a computer or network. “If we can get the target to visit us in some sort of web browser, we can probably own them,” an agency hacker boasts in one secret document. “The only limitation is the ‘how.’”

 

Covert Infrastructure

The TURBINE implants system does not operate in isolation.

It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.

The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England.

The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet.

When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack.

The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter.

Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.

What’s more, the TURBINE system operates with the knowledge and support of other governments, some of which have participated in the malware attacks.

Classification markings on the Snowden documents indicate that NSA has shared many of its files on the use of implants with its counterparts in the so-called Five Eyes surveillance alliance – the United Kingdom, Canada, New Zealand, and Australia.

GCHQ, the British agency, has taken on a particularly important role in helping to develop the malware tactics. The Menwith Hill satellite eavesdropping base that is part of the TURMOIL network, located in a rural part of Northern England, is operated by the NSA in close cooperation with GCHQ.

Top-secret documents show that the British base – referred to by the NSA as “MHS” for Menwith Hill Station – is an integral component of the TURBINE malware infrastructure and has been used to experiment with implant “exploitation” attacks against users of Yahoo and Hotmail.

In one document dated 2010, at least five variants of the QUANTUM hacking method were listed as being “operational” at Menwith Hill. The same document also reveals that GCHQ helped integrate three of the QUANTUM malware capabilities – and test two others – as part of a surveillance system it operates codenamed INSENSER.

GCHQ cooperated with the hacking attacks despite having reservations about their legality. One of the Snowden files, previously disclosed by Swedish broadcaster SVT, revealed that as recently as April 2013, GCHQ was apparently reluctant to get involved in deploying the QUANTUM malware due to “legal/policy restrictions.” A representative from a unit of the British surveillance agency, meeting with an obscure telecommunications standards committee in 2010, separately voiced concerns that performing “active” hacking attacks for surveillance “may be illegal” under British law.

In response to questions from The Intercept, GCHQ refused to comment on its involvement in the covert hacking operations. Citing its boilerplate response to inquiries, the agency said in a statement that “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight.”

Whatever the legalities of the United Kingdom and United States infiltrating computer networks, the Snowden files bring into sharp focus the broader implications. Under cover of secrecy and without public debate, there has been an unprecedented proliferation of aggressive surveillance techniques. One of the NSA’s primary concerns, in fact, appears to be that its clandestine tactics are now being adopted by foreign rivals, too.

“Hacking routers has been good business for us and our 5-eyes partners for some time,” notes one NSA analyst in a top-secret document dated December 2012. “But it is becoming more apparent that other nation states are honing their skillz [sic] and joining the scene.”

———

Documents published with this article:




ALERT: Point of Sale RAM scraper malware

Advances in technology have led to more sophisticated crimes by exploiting security vulnerabilities of new technologies.  This is exacerbated by the fact that understanding of these technologies and their use is only by a few, while the majority of end-users are unaware.  Generally speaking, following standard security practices will thwart 95% of electronic crimes such as phishing, hacking, etc.  This includes using complex passwords (Sf9$fpq%f82bsS), using network firewalls, encrypted emails, etc.  But the new POS RAM scraper is dangerous because the vendors are not the victims of their bad security, and you may never know where your credit card or other information was scraped from.


A look at Point of Sale RAM scraper malware and how it works

From Sophos:

A special kind of malware has been hitting the headlines recently – that which attacks the RAM of Point of Sale (PoS) systems.

Although it’s been getting quite a bit of publicity recently, we actually first identified it as a threat back in December 2009 and wrote about it in an article on Naked Security entitled Will RAM scraping loosen the sky and make it fall?.

Answering that question today, it just might!

Actually, the situation isn’t that bad – yet – but this malware family has definitely become more complex and far-reaching. In this article, we take a step back from the technical details and look at the evolution of PoS RAM scrapers.

What do PoS RAM scrapers do?

In a nutshell, PoS RAM scrapers steal payment data – such as credit card track one and track two data – from the RAM of PoS systems.

The payment card industry has a set of data security standards known asPCI-DSS. These standards require end-to-end encryption of sensitive payment data when it is transmitted, received or stored.

This payment data is decrypted in the PoS’s RAM for processing, and the RAM is where the scraper strikes. Using regular expression searches, they harvest the clear-text payment data and send that information to rogue callhome servers.

Why do we care about PoS RAM scrapers? How does it hurt me?

I believe this malware family has a higher probability of burning a hole in your pocket compared to other prevalent malware families.

In today’s plastic money economy people are carrying cash a lot less than before. Aside from a handful of stores, the majority of retailers accept debit or credit cards. Payment cards are convenient, quick, supposedly-secure, and you don’t have change jingling around in your pockets.

PoS RAM scrapers target the systems which process debit and credit card transactions and steal the sensitive payment information. Your home computer might be super secure, but there is no guarantee the PoS system at your neighborhood grocery store has the same level of security. You might end up losing your credit card data buying a candy bar!

How have PoS RAM scrapers evolved?

Sophos detects PoS RAM scraper malware under the family name Trackr(e.g. Troj/Trackr-GenTroj/Trackr-A) Other AV vendors detect this malware family with a variety of names, the most common name being Alina.

Some of the earliest variants of Trackr had simple functionality that worked like this:

  1. Install as a service
  2. Use a legitimate-looking name
  3. Scan RAM for credit card track one and track two data
  4. Dump the results into a text file. This text file was then probably accessed remotely or manually.

Over the years Trackr has become more industrialized, with some cosmetic changes and added bot and network functionality.

Our friends at Trustwave SpiderLabs have written two excellent articles,Alina: Casting a Shadow on PoS and Alina: Following The Shadow, about the inner workings of the Trackr family.

Till now we have observed the following types of Trackr:

  • Basic version (not packed, scrapes RAM for credit card information)
  • Complex version (added socially-engineered filenames, bot and network functionality)
  • Installed DLL version (the DLL is registered as a service and performs the RAM scraping)
  • Versions one and two packed with a commercially-available packer
  • Versions one and two packed with a custom packer

Most recently, SophosLabs discovered the highly-prevalent Citadel crimeware targeting PoS systems.

The Citadel malware uses screen captures and keylogging instead of the RAM-scraping technique used by Trackr. Citadel’s focus on PoS systems demonstrates that this avenue is fast becoming a point of serious concern.

Who do PoS RAM scrapers target?

One of the earliest serious PoS RAM scraper attacks that we observed was back in November 2011 when we found that a university and several hotels had their PoS systems compromised. Later we saw varied targets including an auto dealership in Australia infected with Trackr.

To better understand the threat we gathered statistics about the various industries targeted by Trackr during the past 6 months (as observed using Sophos Live Protection):

Trackr infections by industry

It doesn’t come as a surprise that the biggest targeted industries are:

  • Retail
  • Service
  • Healthcare
  • Food services
  • Education
  • Hotel and tourism

In these industries there’s a high volume of credit and debit card transactions taking place, meaning they have goldmines of payment data that can be harvested.

Compromising a single PoS system (e.g. in a fast food outlet) may yield thousands of credit cards per week, cheaply – much easier to gather 10,000 credit card details from one PoS system then attempt to infect 10,000 PCs, hoping to grab the data from there.

If not protected properly, PoS systems become easy targets – a single point of failure that can affect thousands of people.

In addition to the breakdown of industries targeted, we also looked at the countries where we saw Trackr infections over the same time period:

Trackr infections by country

Again, no surprises that the developed countries top this chart with the US, where credit cards are abundant, taking the #1 spot.

In fact, the Trackr infection numbers match up closely with the credit card country usage statistics published by Visa.

So how does Trackr get on a PoS system?

We have used the term PoS quite generally throughout this article. PoS is the place where a retail transaction is completed. So a PoS could be some custom hardware/software solution, a regular PC running PoS software, a credit card transaction server, or something similar.

Big box retailers and chain stores have security-hardened PoS systems, and we have not seen any major evidence of these large organizations getting compromised with Trackr.

The victims tend to be mostly small to medium sized organizations who will typically have less investment in defensive counter-measures.

Based on our analysis there were two main methods of infection:

Insider job

Someone with active knowledge of the payment processing setup installs a RAM scraper to gather data. The early Trackr samples dropped their harvested data in a plain text file which we suspect was manually retrieved or remotely accessed.

The malware had no network functionality and we found no evidence of a top-level dropper/installer.

Phishing/Social Engineering

These are the common infection vectors with the more complex versions of Trackr. The socially engineered filenames we have observed includeTaskmgr.exewindowsfirewall.exesms.exejava.exewin-firewall.exe, andadobeflash.exe. This suggests that the files were delivered as part of a phishing campaign, or social engineering tricks were used to infect the system.

Importantly however, Trackr is not seen regularly in the mass-spammed malware campaigns that we observe daily. Rather it is highly targeted towards a group of relevant businesses.

To conclude, it is not always a safe solution to pay for everything with cards.

Everyone should follow computer security best practices and consumers should proactively sign-up for credit monitoring services so they don’t becomes victims of credit or identity theft.

Businesses big and small need to make investments to protect their critical PoS infrastructure. Just like they wouldn’t keep their cash registers unlocked for someone to grab money out of them, PoS systems need proper protection.





FBI moves from policy of Law Enforcement to National Security

The FBI’s creeping advance into the world of counterterrorism is nothing new. But quietly and without notice, the agency has finally decided to make it official in one of its organizational fact sheets. Instead of declaring “law enforcement” as its “primary function,” as it has for years, the FBI fact sheet now lists “national security” as its chief mission. The changes largely reflect the FBI reforms put in place after September 11, 2001, which some have criticized for de-prioritizing law enforcement activities. Regardless, with the 9/11 attacks more than a decade in the past, the timing of the edits is baffling some FBI-watchers.

“What happened in the last year that changed?” asked Kel McClanahan, a Washington-based national security lawyer.

McClanahan noticed the change last month while reviewing a Freedom of Information Act (FOIA) request from the agency. The FBI fact sheet accompanies every FOIA response and highlights a variety of facts about the agency. After noticing the change, McClanahan reviewed his records and saw that the revised fact sheets began going out this summer. “I think they’re trying to rebrand,” he said. “So many good things happen to your agency when you tie it to national security.”

Although a spokesman with the agency declined to weigh in on the timing of the change, he said the agency is just keeping up with the times. “When our mission changed after 9/11, our fact sheet changed to reflect that,” FBI spokesman Paul Bresson told Foreign Policy. He noted that the FBI’s website has long-emphasized the agency’s national security focus. “We rank our top 10 priorities and CT [counterterrorism] is first, counterintel is second, cyber is third,” he said. “So it is certainly accurate to say our primary function is national security.” On numerous occasions, former FBI Director Robert Mueller also emphasized the FBI’s national security focus in speeches and statements.

FBI historian and Marquette University professor Athan Theoharis agreed that the changes reflect what’s really happening at the agency, but said the timing isn’t clear. “I can’t explain why FBI officials decided to change the fact sheet… unless in the current political climate that change benefits the FBI politically and undercuts criticisms,” he said. He mentioned the negative attention surrounding the FBI’s failure in April to foil the bomb plot at the Boston Marathon by Dzhokhar and Tamerlan Tsarnaev.

Whatever the reason, the agency’s increased focus on national security over the last decade has not occurred without consequence. Between 2001 and 2009, the FBI doubled the amount of agents dedicated to counterterrorism, according to a 2010 Inspector’s General report. That period coincided with a steady decline in the overall number of criminal cases investigated nationally and a steep decline in the number of white-collar crime investigations.

“Violent crime, property crime and white-collar crime: All those things had reductions in the number of people available to investigate them,” former FBI agent Brad Garrett told Foreign Policy. “Are there cases they missed? Probably.”

Last month, Robert Holley, the special agent in charge in Chicago, said the agency’s focus on terrorism and other crimes continued to affect the level of resources available to combat the violent crime plaguing the city. “If I put more resources on violent crime, I’d have to take away from other things,” he told The Chicago Tribune.

According to a 2007 Seattle Post-Intelligencer investigation, the Justice Department did not replace 2,400 agents assigned to focus on counterterrorism in the years following 9/11. The reductions in white-collar crime investigations became obvious. Back in 2000, the FBI sent prosecutors 10,000 cases. That fell to a paltry 3,500 cases by 2005.  “Had the FBI continued investigating financial crimes at the same rate as it had before the terror attacks, about 2,000 more white-collar criminals would be behind bars,” the report concluded. As a result, the agency fielded criticism for failing to crack down on financial crimes ahead of the Great Recession and losing sight of real-estate fraud ahead of the 2008 subprime mortgage crisis.

In many ways, the agency had no choice but to de-emphasize white-collar crime. Following the 9/11 attacks, the FBI picked up scores of new responsibilities related to terrorism and counterintelligence while maintaining a finite amount of resources. What’s not in question is that government agencies tend to benefit in numerous ways when considered critical to national security as opposed to law enforcement. “If you tie yourself to national security, you get funding and you get exemptions on disclosure cases,” said McClanahan. “You get all the wonderful arguments about how if you don’t get your way, buildings will blow up and the country will be less safe.”

– See more at: http://thecable.foreignpolicy.com/posts/2014/01/02/us_customs_not_sorry_for_destroying_11_rare_flutes_of_renowned_musician#sthash.dTe9DVfT.L8CLoAYR.dpuf




Inside TAO: Documents Reveal Top NSA Hacking Unit

More leaked documents reveal a secret NSA hacking operation, with techniques ranging from physical implants of malware (sometimes hardware) to infiltrating Telecom networks, and even exploiting Microsoft updates to infect the target machine.  TAO has existed since 1997, but recently interest in the program is exploding, as seen by the drastic increase in the number of TAO operation facilities, and the number of employees.

The NSA’s TAO hacking unit is considered to be the intelligence agency’s top secret weapon. It maintains its own covert network, infiltrates computers around the world and even intercepts shipping deliveries to plant back doors in electronics ordered by those it is targeting… One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft’s Windows. Every user of the operating system is familiar with the annoying window that occasionally pops up on screen when an internal problem is detected, an automatic message that prompts the user to report the bug to the manufacturer and to restart the program. These crash reports offer TAO specialists a welcome opportunity to spy on computers. The technique can literally be a race between servers, one that is described in internal intelligence agency jargon with phrases like: “Wait for client to initiate new connection,” “Shoot!” and “Hope to beat server-to-client response.” Like any competition, at times the covert network’s surveillance tools are “too slow to win”..

Read the full article here – Inside TAOs_ Documents Reveal Top NSA Hacking Unit – SPIEGEL ONLINE Considering TAO is an NSA sponsored hacking program, it wouldn’t be a stretch to see Spiegel soon hacked, so we are keeping this article here on Global Intel Hub.