Re: DarkMatter cyber mercenaries
Speaking of Citizen Lab, here are some infiltrations... https://citizenlab.ca/2019/01/statement-from-citizen-lab-director-on-attempted-operations-against-researchers/ https://lists.openstreetmap.org/pipermail/osmf-talk/2019-January/005856.html https://en.wikipedia.org/wiki/2004_Israel%E2%80%93New_Zealand_passport_scandal
Re: Decentralized Storage Comparison
On 01/30/2019 09:55 AM, Punk wrote: > On Tue, 29 Jan 2019 14:39:07 -0500 > grarpamp wrote: > > >> https://i.redd.it/li4f40slbcd21.jpg > > > so freenet is not listed there, and instead there are a bunch of > shitcoins/scams like maidsafe - which has been in 'development' since forever. Yeah, good point. Say what you want about Freenet, that rabbit just keeps going. Content gets split into blocks. Blocks are automatically encrypted in transit, and routed among nodes in a ~random way. Users can also encrypt local storage and temp files. And those are all key features of the best distributed storage systems. What distinguishes them is mainly usability as a filesystem. Such as FUSE, which Freenet just doesn't do. It's basically ftp. Also, Freenet in opennet mode is such a fucking deadfall for the clueless. It's not uncommon for people to install it, come across extreme child porn, and then freak. And the community seems generally hostile to the idea of obscuring IP addresses. However, all of these distributed storage systems are similarly vulnerable, more or less. You are potentially screwed if an adversary can 1) peer directly with you, and get your IP address; and 2) send you file fragments that are (even though encrypted) identifiable by hash or whatever. If you didn't encrypt locally, they may find bad stuff (even if only as temp files). And if you did encrypt locally, they may jail you for contempt unless you reveal the passphrase(s). So anyway, if you use any of these distributed storage systems, make sure that you peer only with people you trust, and make sure that you encrypt everything, locally and in transit. And if you must peer promiscuously, make sure that you obscure your IP address. Use a VPN, at least. And better, use a VPN plus Tor or I2P.
Re: Decentralized Storage Comparison
On 1/30/19, jim bell wrote: > Okay, sounds like the same idea, more or less. But I have an excuse for > being 15 years too late: I was, uh, occupied at the time. A similar xor scheme here... http://monolith.sourceforge.net/ Shame they probably do not let people read, even by teletype. People usually better contributors to change when outside anyways.
Re: Decentralized Storage Comparison
Okay, sounds like the same idea, more or less. But I have an excuse for being 15 years too late: I was, uh, occupied at the time. Jim Bell On Wednesday, January 30, 2019, 9:11:31 AM PST, grarpamp wrote: On 1/29/19, jim bell wrote: > https://en.wikipedia.org/wiki/Gilbert_Vernam What if a challengable > document, call it "A", is essentially split up into two: Take random (or > pseudorandom) string, the length of document "A", call it "B", is XOR'd > (exclusive-or'd) with "A", and the result we will call "C", of the same > length as "A" and "B". Then, instead of having document "A" stored, store > both "B" and "C", but maybe not on the same storage nodes. Basically, an > implementation of a one-time pad. Or, instead of merely two strings, this > could be expanded, in principle, to any number. > The purpose of this is not to conceal the ultimate information, but to split > up that information so that no one operator of a storage node contains > enough information that arguably violates the law in the jurisdiction he > happens to be at. WIll this work? Laws can be changed, but it would be > difficult for a law to prohibit someone from possessing data that could > conceivably be combined with some other information, somewhere, in order to > regenerate some banned document "A". There was something called OFFSystem ... https://en.wikipedia.org/wiki/OFFSystem http://offsystem.sourceforge.net/ https://sourceforge.net/projects/offsystem/
Re: APNewsBreak: Undercover agents target cybersecurity watchdog
‐‐‐ Original Message ‐‐‐ On Saturday, January 26, 2019 9:46 PM, Steve Kinney wrote: > > ... > https://www.apnews.com/9f31fa2aa72946c694555a5074fc9f42 > > I was happy to see that Israeli malware vendor NSO has "zero competence" > in the field of human intelligence, and that their efforts to penetrate > Citizen Labs harmed no one's interests but their own. Another update: https://www.nytimes.com/2019/01/28/world/black-cube-nso-citizen-lab-intelligence.html """ “Michel Lambert” is a pseudonym and the Paris company he claimed to represent does not exist. The New York Times, in collaboration with Uvda, an investigative television show on Israel’s Channel 12, has confirmed that the mysterious visitor was Aharon Almog-Assoulin, a retired Israeli security official who until recently served on the town council in a suburb of Tel Aviv. ... The phenomenon of private spies drew widespread attention in 2017, when Black Cube, an Israeli private intelligence firm, was found to have used undercover agents to approach women who had accused Harvey Weinstein, the Hollywood producer, of sexual misconduct. Black Cube later was identified as having sent agents, again under false cover, to investigate Obama administration officials who had worked on the Iran nuclear deal. Black Cube denied that it had played any role in approaching Citizen Lab employees, but the same undercover agent turned up in an earlier case in Canada with a Black Cube connection. """ best regards,
DarkMatter cyber mercenaries
https://www.reuters.com/article/us-usa-spying-raven-specialreport/special-report-inside-the-uaes-secret-hacking-team-of-us-mercenaries-idUSKCN1PO19O January 30, 2019 / 11:23 AM / Updated 4 hours ago Special Report: Inside the UAE’s secret hacking team of U.S. mercenaries [Christopher Bing](https://www.reuters.com/journalists/christopher-bing), [Joel Schectman](https://www.reuters.com/journalists/joel-schectman) WASHINGTON (Reuters) - Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy. She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy. Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learned from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies. Stroud had been recruited by a Maryland cyber security contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cyber security firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance. “I am working for a foreign intelligence agency who is targeting U.S. persons,” she told Reuters. “I am officially the bad kind of spy.” The story of Project Raven reveals how former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals. Interviews with nine former Raven operatives, along with a review of thousands of pages of project documents and emails, show that surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents. The sources interviewed by Reuters were not Emirati citizens. The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists. Details of the Karma hack were described in a separate Reuters article today. An NSA spokesman declined to comment on Raven. An Apple spokeswoman declined to comment. A spokeswoman for UAE’s Ministry of Foreign Affairs declined to comment. The UAE’s Embassy in Washington and a spokesman for its National Media Council did not respond to requests for comment. The UAE has said it faces a real threat from violent extremist groups and that it is cooperating with the United States on counter-terrorism efforts. Former Raven operatives say the project helped NESA break up an ISIS network within the Emirates. When an ISIS-inspired militant stabbed to death a teacher in Abu Dhabi in 2014, the operatives say, Raven spearheaded the UAE effort to assess if other attacks were imminent. Various reports have highlighted the ongoing cyber arms race in the Middle East, as the Emirates and other nations attempt to sweep up hacking weapons and personnel faster than their rivals. The Reuters investigation is the first to reveal the existence of Project Raven, providing a rare inside account of state hacking operations usually shrouded in secrecy and denials. The Raven story also provides new insight into the role former American cyberspies play in foreign hacking operations. Within the U.S. intelligence community, leaving to work as an operative for another country is seen by some as a betrayal. “There’s a moral obligation if you’re a former intelligence officer from becoming effectively a mercenary for a foreign government,” said Bob Anderson, who served as executive assistant director of the Federal Bureau of Investigation until 2015. While this activity raises ethical dilemmas, U.S. national security lawyers say the laws guiding what American intelligence contractors can do abroad are murky. Though it’s illegal to share classified information, there is no specific law that bars contractors from sharing more general spycraft knowhow, such as how to bait a target with a virus-laden email. The rules, however, are clear on hacking U.S. networks or stealing the communications of Americans. “It would be very illegal,” said Rhea Siers, former NSA deputy assistant director for policy. The hacking of Americans was a tightly held secret even within Raven, with those operations led by Emiratis instead. Stroud’s account of the targeting of Americans was confirmed by four other former operatives and in emails reviewed by Reuters. The FBI is now investigating whether Rav
Re: Decentralized Storage Comparison
On 1/29/19, jim bell wrote: > https://en.wikipedia.org/wiki/Gilbert_VernamWhat if a challengable > document, call it "A", is essentially split up into two: Take random (or > pseudorandom) string, the length of document "A", call it "B", is XOR'd > (exclusive-or'd) with "A", and the result we will call "C", of the same > length as "A" and "B". Then, instead of having document "A" stored, store > both "B" and "C", but maybe not on the same storage nodes. Basically, an > implementation of a one-time pad. Or, instead of merely two strings, this > could be expanded, in principle, to any number. > The purpose of this is not to conceal the ultimate information, but to split > up that information so that no one operator of a storage node contains > enough information that arguably violates the law in the jurisdiction he > happens to be at. WIll this work? Laws can be changed, but it would be > difficult for a law to prohibit someone from possessing data that could > conceivably be combined with some other information, somewhere, in order to > regenerate some banned document "A". There was something called OFFSystem ... https://en.wikipedia.org/wiki/OFFSystem http://offsystem.sourceforge.net/ https://sourceforge.net/projects/offsystem/
