[ECP] Educational CyberPlayground Nethappenings News

Happy Reading
Guardian launches SecureDrop system for whistleblowers to share files
SecureDrop platform allows sources to submit documents and data while avoiding most common forms of online tracking
Access the Guardian’s SecureDrop system here
Details of Britain’s covert surveillance programme – including the location of a clandestine British base tapping undersea cables in the Middle East
The secret British spy base is part of a programme codenamed “CIRCUIT” and also referred to as Overseas Processing Centre 1 (OPC-1). It is located at Seeb, on the northern coast of Oman, where it taps in to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf. Seeb is one of a three site GCHQ network in Oman, at locations codenamed “TIMPANI”, “GUITAR” and “CLARINET”. TIMPANI, near the Strait of Hormuz, can monitor Iraqi communications. CLARINET, in the south of Oman, is strategically close to Yemen.  British national telco BT, referred to within GCHQ and the American NSA under the ultra-classified codename “REMEDY”, and Vodafone Cable (which owns the former Cable & Wireless company, aka “GERONTIC”) are the two top earners of secret GCHQ payments running into tens of millions of pounds annually.
Chester Nez, last of the World War II Navajo ‘code talkers, ‘ passes away quietly at 93
A Day at the Miami Beach Cyberarms Fair
Still reeling from Heartbleed, OpenSSL suffers from crypto bypass flaw
There’s a Security Gap at the Capitol. And It’s as Troublesome as the One at Navy Yard.
Fun fact of the week on the  State of the World
South Africa ranks number 1 out of 148 countries in strength of auditing and reporting standards, according to the Global Competitiveness Report 2013/2014. Our banks rank 3rd behind Canada and New Zealand, the Swiss banks rank 28th.
“JOHANNESBURG – South Africa is at risk of a credit ratings downgrade in the  immediate future, as poor economic data provides little hope for improvement  in its dual current account and fiscal deficits, Standard Bank warned on  Thursday.”
Sleep’s memory role discovered
US Secret Service seeks Twitter sarcasm detector
Google’s Larry Page slates ‘risk averse’ education system
An open letter from the Google letter slates the iterative approach of the tech industry and says education should encourage risk takers and ‘big thinkers’
How activity trackers remove our rights to our most intimate data
Are we happy to allow companies to gather details of every heartbeat and minute of sleep, then deny us access to that data?
Internet users cannot be sued for browsing the web, ECJ rules
After a five-year case, the European court of justice has ruled that copies of web pages made in the course of browsing the internet do not infringe copyright law
Flaw Lets Hackers Control Electronic Highway Billboards
CCSW 2014: The ACM Cloud Computing Security Workshop
November 7, 2014, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA.
BT and Vodafone among telecoms companies passing details to GCHQ
Fears of customer backlash over breach of privacy as firms give GCHQ unlimited access to their undersea cables
Vodafone reveals existence of secret wires that allow state surveillance
Wires allow agencies to listen to or record live conversations, in what privacy campaigners are calling a ‘nightmare scenario’
Vodafone feels Edward Snowden effect with surveillance revelations Documents released by Vodafone show the level of collaboration between telecom companies and the surveillance agencies.
Transparency on the part of Vodafone only goes so far. It has not yet clarified or even confirmed its participation in Tempora, GCHQ’s tapping of the network of cables which carry the world’s phone calls and internet traffic.
Without Snowden, it is hard to believe that one of the world’s biggest telecom companies would be publishing details about warrant requests, calling for increased transparency and urging legislative reform to bring surveillance into line with the internet age.
NSA reform bill finds few allies before Senate intelligence committee
Reform advocates, tech leaders and NSA defenders criticise bill as neither adequately defending privacy rights nor national security
2nd Circ. Backs Softer FTAIA Limits In Foxconn Win
Complete Corruption!
Appeals court tells judge to stop weighing in on Citigroup mortgage case
An appeals court overruled a judge who questioned a settlement, giving the regulators and banks power to cooperate
– Dogged journalism from The American Lawyer recently confirmed that the SEC was indeed working closely with banks to limit their securities fraud exposure – sweeping dozens of deals into settlements that looked like they were covering only one or two. That usually meant the banks could pay less in fines.   Rakoff, the district court judge assigned to approve the SEC-Citi consent decree, apparently smelled a rat.   He denied the Citigroup settlement, arguing that the fine was “pocket change” for a bank of Citi’s size and saying that he had not been provided with the relevant facts to “exercise even a modest degree of independent judgment”.
Using a standard that enables judges to reject consent decrees if they are not “fair, reasonable, adequate and in the public interest”, Rakoff rebelled against rubber-stamping the deal. He refused to, in his words, “become a mere handmaiden to a settlement privately negotiated on the basis of unknown facts”.
The Justice Department risks losing big fish of financial crime by chasing whales
The SEC and FBI lack the resources to pursue every insider trading case, and should pick their battles before pursuing a giant
Los Angeles sues big banks for predatory mortgages but unlikely to win
Minority communities have long been targets for predatory lenders. Los Angeles is suing JP Morgan, Wells Fargo, Citigroup and Bank of America, but the city isn’t trying to help homeowners
U.S. Marshals Seize Local Cops’ Cell Phone Tracking Files in Extraordinary Attempt to Keep Information From Public
U.S. Marshals Seize Cops’ Spying Records to Keep Them From the ACLU
A routine request in Florida for public records regarding the use of a surveillance tool known as stingray took an extraordinary turn recently when federal authorities seized the documents before police could release them.  The surprise move by the U.S. Marshals Service stunned the American Civil Liberties Union, which earlier this year filed the public records request with the Sarasota, Florida, police department for information detailing its use of the controversial surveillance tool.
Why Are the US Marshals at the Center of All These Pen Registers?
Then, the ACLU revealed that, just before an appointment to view Sarasota, Florida’s requests under the Pen Register authority to use Stingray IMSI catchers to identify cell locations, the US Marshals declared control over the records, claiming they had deputized the local cop who had made the requests.
Here’s The Simple Reason Congress Hasn’t Fixed The VA
Veterans didn’t have the cash to pay lobbyists so they don’t get lawmakers’ attention!!!!!!
Money molds not just the agenda but the shape of Congress itself. Think of it as a host-parasite relationship in which the host, Congress, adjusts to interact most effectively with the parasite, money.
Pelosi Confronted By Teen Reporter On NSA
Finally, a reporter asks House Minority Leader Nancy Pelosi (D-CA) some tough questions. Unfortunately, this reporter is a teenager from the YouTube “TeenTake” and not someone from the Capitol Hill press corps.
When Andrew Demeter asked Pelosi, “Why do you support the NSA’s illegal and ubiquitous data collection?” she had a bit of a “deer in the headlights” look on her face.   “Well I, I do not, I have questions about the metadata collection that they were, uh, collecting,”
Pelosi stammered in response.  Demeter, unlike his professional counterparts in the mainstream media, actually challenged Pelosi with a follow-up: “You did vote for a bill to continue funding for the NSA, though.”
Pelosi responded, “Yeah, of course.” Demeter pressed the issue calling NSA data gathering a “clear violation of the Fourth Amendment.”
Sprint, T-Mobile Said Near Accord on Price, Termination Fee
Catholic Nun Killers and flesh traffickers caught
Of course the church is against abortion cause that cuts into the baby selling business profits.
Mass septic tank grave ‘containing the skeletons of 800 babies’ at site of Irish home for unmarried mothers. A source close to the investigation said: ‘No one knows the total number of babies in the grave.  There are 796 death records but they are only the ones we know of. The existence of the grave was uncovered by local woman Catherine Corless, who compiled the records of 796 babies who died at the home. She has established a group called the Children’s Home Graveyard Committee to erect a memorial.
 
“And the sign said, The words of the prophets are written on the subway walls & tenement halls, and echoed in the Sounds of Silence”.
END The Digital Divide:
Hiring via social networks: work for the wealthy, connected and savvy
As recruiting shifts to closed networks online, many Americans without easy access or social media skills are at a disadvantage
55 percent of Philadelphia households lack access to Internet: new early data shows rate higher than previously thought.
 
 
 

Here we go again. Camel. Nose. Tent. Broadband Greed.

Net Neutrality
Net Neutrality — Definition of Monopoly – FCC public Comment – Preventing Cable Company F^ckery.
Comcast Exempts Itself From Its Data Cap, Violates (at least the) Spirit of Net Neutrality 2012
Stagg Newman of the FCC Broadband discussion with the Educational CyberPlayground.

#Privacy #Heartbleed

Heartbleed Means HealthCare.gov Users Must Reset Passwords
http://www.nextgov.com/cybersecurity/2014/04/heartbleed-means-healthcaregov-users-must-reset-passwords/82852/
By Aliya Sternstein
Nextgov.com
April 19, 2014
Federal officials are telling Obamacare website account holders to reset
their passwords, following revelations of a bug that could allow hackers
to steal data.
Officials earlier in the month said the government’s main public sites,
including HealthCare.gov, were safe from the risks surrounding Heartbleed
— faulty code recently found in a widely-used encryption tool.
But, this weekend, the online marketplace’s homepage directs users to
change their login information.
“While there’s no indication that any personal information has ever been
at risk, we have taken steps to address Heartbleed issues and reset
consumers’ passwords out of an abundance of caution,” HealthCare.gov
states.
[…]
INFO: Google scans user’s emails
http://bit.ly/1reFUNj
Google updates terms of service to reflect its scanning of users’ emails
Google has updated its terms of service to reflect that it analyzes user
content including emails to provide users tailored advertising, customized
search results and other features.
The Internet giant’s scanning of users’ email has been controversial with
privacy groups describing it as an intrusion into user privacy.
[…]
Mission-critical satellite communications wide open to malicious hacking
By Dan Goodin
Ars Technica
April 17, 2014
Mission-critical satellite communications relied on by Western militaries
and international aeronautics and maritime systems are susceptible to
interception, tampering, or blocking by attackers who exploit easy-to-find
backdoors, software bugs, and similar high-risk vulnerabilities, a
researcher warned Thursday.
Ground-, sea-, and air-based satellite terminals from a broad spectrum of
manufacturers—including Iridium, Cobham, Hughes, Harris, and Thuraya—can
be hijacked by adversaries who send them booby-trapped SMS text messages
and use other techniques, according to a 25-page white paper published by
penetration testing firm IOActive. Once a malicious hacker has remotely
gained control of the devices, which are used to communicate with
satellites orbiting in space, the adversary can completely disrupt
mission-critical satellite communications (SATCOM). Other malicious
actions include reporting false emergencies or misleading geographic
locations of ships, planes, or ground crews; suppressing reports of actual
emergencies; or obtaining the coordinates of devices and other potentially
confidential information.
“If one of these affected devices can be compromised, the entire SATCOM
infrastructure could be at risk,” Ruben Santamarta, IOActive’s principal
security consultant, wrote. “Ships, aircraft, military personnel,
emergency services, media services, and industrial facilities (oil rigs,
gas pipelines, water treatment plants, wind turbines, substations, etc.)
could all be impacted by these vulnerabilities.”
Santamarta said that every single one of the terminals he audited
contained one or more weaknesses that hackers could exploit to gain remote
access. When he completed his review in December, he worked with the CERT
Coordination Center to alert each manufacturer to the security holes he
discovered and suggested improvements to close them. To date, Santamarta
said, the only company to respond was Iridium. To his knowledge, the
remainder have not yet addressed the weaknesses. He called on the
manufacturers to immediately remove all publicly accessible copies of
device firmware from their websites to prevent malicious hackers from
reverse engineering the code and uncovering the same vulnerabilities he
did.
[…]

Opportunities, Threats, Internet Governance and the Future of Freedom

Opportunities, Threats, Internet Governance and the Future of Freedom
Robert M. McDowell
Last Friday, the U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) announced it intended to start the process of severing its last tether to the non-profit organization that manages Internet domain names and addresses, such as dot com and dot org. These technical functions, that help people’s computers and mobile devices find what they seek on the Net, are administered through the Internet Corporation for Assigned Names and Numbers (ICANN).
If all goes according to NTIA’s plan, the U.S. government will relinquish its contractual oversight of ICANN by September 2015. In its ideal form, this evolution could help reverse a growing tide of increased state interference into the Net’s affairs. If events don’t unfold as NTIAintends, however, Internet freedom, global prosperity and international political reform will be at risk.
Due to the complexities of the Internet ecosystem, and the manner in which it has thrived, before reacting impulsively, observers should pause and thoughtfully examine the nuances that abound in the wake of this development.
A best case scenario for the NTIA plan would have existing, non-profit, private sector Internet governance groups oversee ICANN’s management of these critical technical functions, just as they have other technical aspects of the Net for decades – with a perfect track record of success.
The worst case scenario would include foreign governments, either directly or through intergovernmental bodies, snatching the soon-to-be untethered technical functions for their own purposes. Keep in mind that Vladimir Putin plainly asserted in 2011 that his goal is to have “international control of the Internet” through the International Telecommunication Union (ITU), a treaty-based arm of the U.N. Given Mr. Putin’s proclivity for expansionism, especially lately, we should regard his statement as a promise he intends to keep.
This concern is more than theoretical. Countries such as China, Russia, Saudi Arabia, Iran, and their client states, have worked for years to absorb many aspects of Internet governance into multilateral organizations such as the ITU rather than the non-profit private sector. They succeeded in gaining a toehold in the Internet’s affairs during the 2012 World Conference on International Telecommunications, a treaty negotiation in Dubai. They will be back to expand the ITU’s authority further at its plenipotentiary meeting this fall, which is another treaty negotiation as well as a “constitutional convention” for the ITU.
Context is everything with this scenario. Internet freedom has been under siege for years. Authoritarian regimes resent the free flow of information an unfettered Net brings – even if increased Net-based commerce is catapulting developing world economies to new heights. The U.S. government’s role with the contract for the technical functions operated through ICANN has been used as Talking Point Number One by those who seek to expand intergovernmental organizations’ reach into the Net’s operations to counter what these regimes contend is, essentially, American domination of the Internet.
Add to the mix the recent revelations by Edward Snowden regarding the breadth of the U.S. National Security Agency’s data gathering, and pro-international regulation forces have something stronger than mere rhetoric to make their case for their proposed power grab. The timing of NTIA’s announcement, however, comes at a crucial time and has the potential to change the trajectory of the debate, with no cost to the U.S. – unless the Administration weakens its stance.
NTIA’s Friday announcement was not a complete surprise to those who follow these esoteric but important matters. Working toward removing NTIA’s formal role in this area is consistent with the arc of actions taken by the U.S. government since the 1990s when it formalized the privatization of the Internet and its governance. In short, the Net has migrated further away from government control over the past three decades. As a result, it has become the greatest deregulatory success story of all time.
For instance, in the late 1980s, only a paltry 88,000 people – mainly government users and academics – had access to the Internet. Today, due to the government taking its hands off of the Net, more than 3 billion people across the globe have Web access through mobile devices alone. Accordingly, the Net is fundamentally and rapidly improving the human condition by boosting living standards and raising political expectations as it strengthens the sovereignty of the individual. The evidence is irrefutable that both domestic and international government policies to leave the private sector alone to innovate and invest were the direct cause of this beautiful explosion of entrepreneurial brilliance.
With Friday’s announcement, NTIA is taking its last steps down a path that was paved over two decades ago: a path intended to get the government out of the Internet governance business. In that spirit,NTIA has put forth several conditions before it would allow its contract overseeing ICANN to expire in September 2015. The most important condition is that no governmental, intergovernmental or multilateral bodies would be allowed to have a role in overseeing any technical functions. Implicitly, if foreign governments or treaty-based organizations were to insert themselves into this realm, NTIA would renew its contract with ICANN in 2015, thus keeping the status quo and ending the argument for at least few more years.
To show that it is resolute, the Administration should vehemently underscore the conditionality of its plan. It cannot soften its stance on this crucial issue, event slightly. If it does, chaos will reign unlike any other time in the Internet’s history. Internet freedom and prosperity would get caught in an international regulatory death spiral.
The best case scenario would involve sticking with what has worked in the Internet space since its inception: allowing the non-profit, non-governmental, private sector, multi-stakeholder Internet governance structure to keep doing what it has been doing so well without the “help” of governments. Diverse, loosely-knit and “bottom up” run technical groups such as the Internet Architecture Board, the Internet Engineering Task Force, the Internet Society, and regional and local engineers, academics and user groups, are the best stewards of these technical functions – not anyone’s government. These private sector groups will keep the Internet governance structure dispersed and free from bottle necks to ensure that no entity can control the Net or shut it down.
Accomplishing the complex task of modernizing the multistakeholder model of Internet governance, including the administration of critical technical functions, will be difficult and risky. U.S. policy in this space should be to keep governments out of the Net’s technical affairs. But we can’t have it both ways. The Administration must not waver, even symbolically. Internet freedom and prosperity hang in the balance. To be continued …
Who Controls The Internet?
Seven people control the system at the heart of the web: the domain name system, or DNS.

NSA's automated hacking engine offers hands-free pwning of the world

NSA’s automated hacking engine offers hands-free pwning of the world
With Turbine, no humans are required to exploit phones, PCs, routers, VPNs.
by Sean Gallagher – Mar 12 2014, 3:20pm EDT
Since 2010, the National Security Agency has kept a push-button hacking system called Turbine that allows the agency to scale up the number of networks it has access to from hundreds to potentially millions. The news comes from new Edward Snowden documents published by Ryan Gallagher and Glenn Greenwald inThe Intercept today. The leaked information details how the NSA has used Turbine to ramp up its hacking capacity to “industrial scale,” plant malware that breaks the security on virtual private networks (VPNs) and digital voice communications, and collect data and subvert targeted networks on a once-unimaginable scale.
Turbine is part of Turbulence, the collection of systems that also includes the Turmoil network surveillance system that feeds the NSA’s XKeyscore surveillance database. While it is controlled from NSA and GCHQ headquarters, it is a distributed set of attack systems equipped with packaged “exploits” that take advantage of the ability the NSA and GCHQ have to insert themselves as a “man in the middle” at Internet chokepoints. Using that position of power, Turbine can automate functions of Turbulence systems to corrupt data in transit between two Internet addresses, adding malware to webpages being viewed or otherwise attacking the communications stream.
Since Turbine went online in 2010, it has allowed the NSA to scale up from managing hundreds of hacking operations each day to handling millions of them. It does so by taking people out of the loop of managing attacks, instead using software to identify, target, and attack Internet-connected devices by installing malware referred to as “implants.” According to the documents, NSA analysts can simply specify the type of information required and let the system figure out how to get to it without having to know the details of the application being attacked.
<snip>

‘Scary’ NSA will spy on you – every which way they can

the NSA gets to do something like intercepting 7 billion people all day long with no problems, and the rest of us are not even allowed to experiment for improving the security of own our lives without being put in prison or under threat of serious indictment.  This is what [Thomas] Jefferson talked about when he talked about tyranny”

– Jacob Appelbaum
http://rt.com/usa/appelbaum-30c3-nsa-snowden-986/

The NSA Can “Literally Watch Every Keystroke You Make”

Glenn Greenwald: The NSA Can “Literally Watch Every Keystroke You Make”

The German publication Der Spiegel has revealed new details about a secretive hacking unit inside the National Security Agency called the Office of Tailored Access Operations, or TAO. The unit was created in 1997 to hack into global communications traffic.

NSA revelations: the 'middle ground' everyone should be talking about

NSA revelations: the ‘middle ground’ everyone should be talking about | Matt Blaze

As if there wasn’t already enough NSA mass surveillance to worry about, last week we got a peek at the agency’s arsenal of tools for exploiting the hardware and software of its targets. They’re best described as a veritable SpyMall catalog of sophisticated concealed gadgets and surreptitious software “implants”, each sneakier than the last in its ability to compromise and extract private data from the computers and phones on which they’re installed. If you still thought there was anywhere in the electronic world to hide after you’re in their sights, this should be enough to disabuse you of that notion once and for all.
This lies atop six months of news of the myriad ways our metadata and, in some cases, our content, is being routinely collected and analyzed, cloud services and communications providers being compromised, and security standards that should be protecting us being sabotaged. The sane reaction seems to lie somewhere between paranoia and despair.
So we have to take small comforts where we can find them. And, paradoxically as it may seem, at least two of the most egregious revelations might actually hold out a glimmer of hope for privacy going forward.
First, we now have evidence, albeit indirect, that the NSA might not have the cryptologic superpowers that some feared they might. In particular, they have had to resort to outright sabotage of a range of security standards and systems that give them trouble. This suggests that a more robust (and un-sabotaged) infrastructure – secured by proper cryptography and without hidden backdoors or so-called “lawful intercept” interfaces – can make mass surveillance genuinely difficult. (And not just more difficult for the NSA. More difficult for other, perhaps less benevolent, nations’ intelligence services as well.) So perhaps we stand a chance after all, at least if we’re not being individually targeted.
Which brings us to the second encouraging bit of news, which is that if you are being individually targeted, you really don’t stand a chance. The NSA’s tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn’t if you’re a target, to be sure. But it means that there is no good reason to give in to demands that we weaken cryptography, put backdoors in communications networks, or otherwise make the infrastructure we depend on be more “wiretap friendly”. The NSA will still be able to do its job, and the sun need not set on targeted intelligence gathering.
[snip]

My 2014 resolution: stop my country from becoming a surveillance state

My 2014 resolution: stop my country from becoming a surveillance state by Dan Gillmore

Our New Year’s resolutions tend to be well-meaning and hard to keep. That’s because we resolve to change our lives in fundamental ways – get fit, etc. But inertia and habit are the enemy of change, and we usually fall back into old patterns. It’s human nature.
Despite all that, I’ve made a resolution for 2014. It is to do whatever I can to reverse my country’s trajectory toward being a surveillance state, and to push as hard as possible for a truly open internet.
I realize I can’t do much on my own, and hope many others, especially journalists, will join in. This year may be pivotal; if we don’t make progress, or worse, lose ground, it may be too late.
Thanks to whistleblowers, especially Edward Snowden, and the journalists who’ve reported on what they’ve been shown, the citizens of many countries have a far better idea than before about the extent to which security and law enforcement services have invaded their lives. We’ve learned about the stunning capabilities of the National Security Agency and others to create a real-life Panopticon, spying on and recording everything we say and do. We’ve learned that they abuse their powers – because that is also human nature – and lie incessantly, even to the people who are supposed to keep them in check. And we’ve learned that the technology industry is, if not in bed with the surveillance state, its chief arms dealer.
[snip]