You are browsing the archive for Security.

Internet Privacy or (In)Security..a lesson in paranoia

7:41 pm in Uncategorized by cmaukonen

Secure Cloud Computing – FutUndBeidl / flickr creative commons

V.I. Kydor Kropotkin: Wel my phone isn’t tapped and I know yours isn’t tapped…

Don Masters, CEA Agent: But this phone booth was.

V.I. Kydor Kropotkin: Are you trying to tell me every phone in the country is tapped?

Don Masters, CEA Agent: That’s what’s in my head.

V.I. Kydor Kropotkin: Don, this is America, not Russia! – The President’s Analyst

Well it didn’t use to be. And according to this, nobody can expect any privacy over the Internet any more.

“Environmental advocates have the right to speak anonymously and travel without their every move and association being exposed to Chevron,” said Marcia Hofmann, Senior Staff Attorney with the Electronic Frontier Foundation, who—along with environmental rights group EarthRights International (ERI)—had filed a motion last fall to “quash” the subpoenas.

“These sweeping subpoenas create a chilling effect among those who have spoken out against the oil giant’s activities in Ecuador,” she added at the time.

According to ERI, the subpoena demands the personal information about each account holder as well as the IP addresses associated with every login to each account over a nine-year period. “This could allow Chevron to determine the countries, states, cities or even buildings where the account-holders were checking their email,” they write, “so as to ‘infer the movements of the users over the relevant period and might permit Chevron to makes inferences about some of the user’s professional and personal relationships.’”

First some background, so please excuse me as I get rather techy and geeky.

Right now we have the following four major operating systems to run on your PC, desktop or server machine:

Windows – Microsoft – the least secure.

OS X – Apple – more secure

Linux – the most secure for desktop use

BSD – the most secure of all but primarily for server applications.

BSD – (which stands for Berkeley Software Development) was originally developed at the University of California  Berkeley from work they did to expand the usefulness of ATT Unix. Now supported by the BSD Community. There are two main flavors. NET-BSD and Free-BSD.

Linux was developed by Linus Torvalds and contains all free software from the Free Software Foundation. It’s generally known as GNU/Linux.

OS X is built upon a BSD core using a MACK Kernel, but since the user interface IE windowing system is Apple Proprietary, there is no knowing what it may or may not have in it or how secure it actually is.

Windows is totally proprietary, though there has been pressure on Microsoft to release the source, or at least part of it.

Linux comes in a number of flavors.

RedHat – now know mostly as Fedora.

openSUSE – a distribution that was developed so that it could run on particular IBM Mainframe machines under their VM operating system but will also run on Intel and others.

Ubuntu – a distribution of the Debian/GNU flavor of Linux. There are various flavors of this as well, depending on the Window manager you happen to like. I use Xubuntu which uses the XFCE window manager. But all Ubuntus can run programs from the Ubuntu software library which is now very large. There are a very large number of Linux distributions as one can see from this list. And going into the differences of each would take a large book. The nice thing is that nearly all applications that will run on one version of Linux will run on the others. These days just about about anything one would want, from photo manipulation to web browsing to office products to audio and mp3 and videos, is available for Linux and even for BSD.

And with Wine, nearly all Windows apps will run on Linux. I am currently running a few myself. So there really is little reason not to switch these days.

So why am I going into all of this ? Because it should be evident to all that anything you type in the clear will be seen by the US Stasi. Count on it. And you can count on the fact that Microsoft and Apple will cooperate fully with them as well.

So first of all one needs to ditch the corporate software completely. Yes, it will take some getting used to. However the Widowing systems now available for Linux can give you the look and feel of Windows or OS X or even IBM’s OS2 – yech.

Use Firefox for browsing and an anonymous plugin for anything serious. Use Thunderbird for your mail app and a pgp encryption for your serious mail.  There are a number of plugins for both. DO NOT USE Gmail, Yahoomail or any of those free mailers for ANYTHING SERIOUS.  Use a secure mail service such as riseup or hushmail which will not divulge who you are.

Do NOT use Twitter or clear chat. Risup is starting a secure chat service.

But the biggest problem is how the government acquires and uses metadata.  From an email I received from Risup:

Metadata, i.e. all the information about who you communicate with, how
frequently, for how long, and from where, can be used to create a social
map. One way this social map can be used to determine who the bridge
people are within social movements and campaigns, i.e., which people are
the connectors.

Say that there is some really excellent, effective anti-coal organizing
going on — effective enough that the powers that be want to stop it.
Using the metadata to make a social map shows them who the handful of
people are that connect the green anarchists with the labor activists and
the climate change organizers. Even in really large campaigns, there are
often only a handful of people who are the connectors, and without them
communication, coalition, coordination, and solidarity will break down.
It’s not that it might break down, but it will. Corporations and
governments even know how many of these bridge people they need to take
out in order to disrupt a campaign. There are algorithms and academic
papers written about it. What they haven’t always known is who the heck
these bridge people are.

Enter the metadata’s social map, and they can easily and to an exacting
degree see who the bridge people are they need to target. Who to follow
and intimidate to stop their organizing. Who to have watched and legally
prosecuted via any small legal infraction. Who to illegally entrap. Who to
kidnap, torture, and kill. And let’s not be naive and imagine that hasn’t
happened before and will not happen again. The collection of this metadata
makes it all the easier.

Sound paranoid? Or are we at a point where nothing sounds paranoid anymore.

So, what can we do about it? For starters, get everyone you know to start
using an email provider that uses StartTLS. For email, this is the only
thing that can protect against the surveillance of our social networks.

What about phone calls, internet chat, and social networking sites? Riseup
birds don’t have all the answers, but we are working on it. One thing we
know, privacy and security are not solved by personal solutions. If we
want security, it will take a collective response and a collective
commitment to building alternative communication infrastructure.

In other words, just knowing who you are communicating with is important to the government these days. So to my mind what is necessary is this:

Someone is going to have come up with a secure communications scheme – probably cloud based – where you would not even know who was communicating with who, unless you had the key. And each person/communicator would have their own unique key to identify them.

Nothing – not even who you want to communicate with – would be in the clear. Everything encrypted so that when some kind of coordinated action is planned, at least knowing who is planning what with whom would be very difficult to discover.  We have entered the era of the American Stasi and KGB, people, and everything you say, email, tweet and chat will be used against you.

It’s My Party And I’ll Believe What I Want To

6:13 pm in Uncategorized by cmaukonen

We have all heard and asked this question. A million times or more. “How can these people still belive this stuff when all the facts prove otherwise ?” The left asks this of the right and the religious of the atheists and so on and so forth. Well there just might be a perfectly logical reason for this.  What David McRaney calls The backfire Effect.

The Misconception: When your beliefs are challenged with facts, you alter your opinions and incorporate the new information into your thinking.

The Truth: When your deepest convictions are challenged by contradictory evidence, your beliefs get stronger.

Wired, The New York Times, Backyard Poultry Magazine – they all do it. Sometimes, they screw up and get the facts wrong. In ink or in electrons, a reputable news source takes the time to say “my bad.”

If you are in the news business and want to maintain your reputation for accuracy, you publish corrections. For most topics this works just fine, but what most news organizations don’t realize is a correction can further push readers away from the facts if the issue at hand is close to the heart. In fact, those pithy blurbs hidden on a deep page in every newspaper point to one of the most powerful forces shaping the way you think, feel and decide – a behavior keeping you from accepting the truth.

In 2006, Brendan Nyhan and Jason Reifler at The University of Michigan and Georgia State University created fake newspaper articles about polarizing political issues. The articles were written in a way which would confirm a widespread misconception about certain ideas in American politics. As soon as a person read a fake article, researchers then handed over a true article which corrected the first. For instance, one article suggested the United States found weapons of mass destruction in Iraq. The next said the U.S. never found them, which was the truth. Those opposed to the war or who had strong liberal leanings tended to disagree with the original article and accept the second. Those who supported the war and leaned more toward the conservative camp tended to agree with the first article and strongly disagree with the second. These reactions shouldn’t surprise you. What should give you pause though is how conservatives felt about the correction. After reading that there were no WMDs, they reported being even more certain than before there actually were WMDs and their original beliefs were correct.

Because of this engaging in online battles with people in an attempt to prove you particular point of view being the correct one, may in fact be a profound waste of time.

The last time you got into, or sat on the sidelines of, an argument online with someone who thought they knew all there was to know about health care reform, gun control, gay marriage, climate change, sex education, the drug war, Joss Whedon or whether or not 0.9999 repeated to infinity was equal to one – how did it go?

Did you teach the other party a valuable lesson? Did they thank you for edifying them on the intricacies of the issue after cursing their heretofore ignorance, doffing their virtual hat as they parted from the keyboard a better person?

No, probably not. Most online battles follow a similar pattern, each side launching attacks and pulling evidence from deep inside the web to back up their positions until, out of frustration, one party resorts to an all-out ad hominem nuclear strike. If you are lucky, the comment thread will get derailed in time for you to keep your dignity, or a neighboring commenter will help initiate a text-based dogpile on your opponent.

There may actually be a very good reason for this. That our tendency to hold onto some belief or information when challenged could be a self preservation technique.

Have you ever noticed the peculiar tendency you have to let praise pass through you, but feel crushed by criticism? A thousand positive remarks can slip by unnoticed, but one “you suck” can linger in your head for days. One hypothesis as to why this and the backfire effect happens is that you spend much more time considering information you disagree with than you do information you accept. Information which lines up with what you already believe passes through the mind like a vapor, but when you come across something which threatens your beliefs, something which conflicts with your preconceived notions of how the world works, you seize up and take notice. Some psychologists speculate there is an evolutionary explanation. Your ancestors paid more attention and spent more time thinking about negative stimuli than positive because bad things required a response. Those who failed to address negative stimuli failed to keep breathing.

In 1992, Peter Ditto and David Lopez conducted a study in which subjects dipped little strips of paper into cups filled with saliva. The paper wasn’t special, but the psychologists told half the subjects the strips would turn green if he or she had a terrible pancreatic disorder and told the other half it would turn green if they were free and clear. For both groups, they said the reaction would take about 20 seconds. The people who were told the strip would turn green if they were safe tended to wait much longer to see the results, far past the time they were told it would take. When it didn’t change colors, 52 percent retested themselves. The other group, the ones for whom a green strip would be very bad news, tended to wait the 20 seconds and move on. Only 18 percent retested.

When you read a negative comment, when someone shits on what you love, when your beliefs are challenged, you pore over the data, picking it apart, searching for weakness. The cognitive dissonance locks up the gears of your mind until you deal with it. In the process you form more neural connections, build new memories and put out effort – once you finally move on, your original convictions are stronger than ever.

This may also explain the phenomenon know as The True Believer Syndrome.  Where people will hang onto their beliefs even in the presence of conflicting data.

True-believer syndrome is an expression coined by M. Lamar Keene to describe an apparent cognitive disorder characterized by believing in the reality of paranormal or supernatural events after one has been presented overwhelming evidence that the event was fraudulently staged.

Keene is a reformed phony psychic who exposed religious racketeering-to little effect, apparently. Phony faith healers, psychics, channelers, televangelist miracle workers, etc., are as abundant as ever.

Keene believes that “the true-believer syndrome is the greatest thing phony mediums have going for them” because “no amount of logic can shatter a faith consciously based on a lie.” That those suffering from true-believer syndrome are consciously lying to themselves hardly seems likely, however.

It’s like being in a very scary situation where you are about to jump right out of your skin. If someone says “You look marvelous”  you ignore or brush it off. But if someone says “What’s that ?!” You want to jump right up and grab the ceiling. Ever since the Dot Com bubble burst, it has been just one scary thing right after another.  And it’s not just the right either. The left has it’s own version with the extreme environmentalists and health freaks all convinced that they will parish as well. All this lack of security has us all on edge. Looking for the next bad thing and something to blame it on. Me as well. I know when I am very anxious,  I will pay more attention to the negatives than the positives in my life.

So maybe when the right keeps yelling “We want out country back” what they are really saying is “We want out security back.” That Peaceful Easy Feeling they had before reality intruded.

 

 

 

 

 

They Know What You Did Last Summer (and Fall and Winter And…)

6:38 pm in Uncategorized by cmaukonen

It would seem that our privacy and that of others around the world has been even more compromised that many had thought. The hacktivist team Anonymous acquired 70,000 emails from HBGary Federal concerning a government/private spying operation know as Romas/COIN and its replacement called Odyssey. Mostly targeting Arab countries but also citizens in this country.

The former self-appointed spokesman for the collective of hacktivists known as “Anonymous” revealed Tuesday what he called a massive U.S spying program against the Arab world.

In an email to about a dozen journalists, Barrett Brown said his Project PM had uncovered the nature of the U.S. spying operation known as Romas/COIN and its replacement called Odyssey.

“For at least two years, the U.S. has been conducting a secretive and immensely sophisticated campaign of mass surveillance and data mining against the Arab world, allowing the intelligence community to monitor the habits, conversations, and activity of millions of individuals at once,” Brown wrote.

Brown’s team made the discovery by analyzing 70,000 emails from data intelligence firm HBGary Federal. Anonymous stole the emails after HBGary CEO Aaron Barr told the Financial Times that his company had identified “core leaders” of the hacktivist group.

“The new revelation provides for a disturbing picture, particularly when viewed in a wider context,” Brown wrote Tuesday. “Unprecedented surveillance capabilities are being produced by an industry that works in secret on applications that are nonetheless funded by the American public – and which in some cases are used against that very same public. Their products are developed on demand for an intelligence community that is not subject to Congressional oversight and which has been repeatedly shown to have misused its existing powers in ways that violate U.S. law as well as American ideals.”

Although military contractor Northrop Grumman held the contract for Romas/COIN, HBGary had been asked to present officials with a plan for significantly expanding the program.

“I met with [Mantech CEO] Bob Frisbie the other day to catch up,” Barr wrote in an email to TASC CEO Al Pisani. “He is looking to expand a capability in IO [information operations] related to the COIN re-compete but more for DoD.”

This article from the Guardian says the plan was also to put this intelligence into the hands of private institutions as well.

The significance of this programme to the public is not limited to its potential for abuse by facets of the US intelligence community, which has long been proverbial for misusing other of its capabilities. Perhaps the most astonishing aspect is the fact that the partnership of contracting firms and other corporate entities that worked to obtain the contract was put into motion in large part by Aaron Barr, the disgraced former CEO of HBGary Federal who was at the centre of Team Themis’s conspiracy to put high-end intelligence capabilities at the disposal of private institutions. As I explain further in the linked report, this fact alone should prompt increased investigation into the manner in which this industry operates and the threats it represents to democratic institutions.

According to this piece in NetworkWorld it involved Apple and Google and a number of others and also focused on social networking sites as well.

Apple and Google were active team partners, and AT&T may have been as well. The latter is known to have provided the NSA free reign over customer communications (and was in turn protected by a bill granting them retroactive immunity from lawsuits). Google itself is the only company to have received a “Hostile to Privacy” rating from Privacy International. Apple is currently being investigated by Congress after the iPhone was revealed to compile user location data in a way that differs from other mobile phones; the company has claimed this to have been a “bug.”

-          The program makes use of several providers of “linguistic services.” At one point, the team discusses hiring a military-trained Arabic linguist. Elsewhere, Barr writes: “I feel confident I can get you a ringer for Farsi if they are still interested in Farsi (we need to find that out). These linguists are not only going to be developing new content but also meeting with folks, so they have to have native or near native proficiency and have to have the cultural relevance as well.”

-          Alterion and SocialEyez are listed as “businesses to contact.” The former specializes in “social media monitoring tools.” The latter uses “sophisticated natural language processing methodology” in order to “process tens of millions of multi-lingual conversations daily” while also employing “researchers and media analysts on the ground;” its website also notes that “Millions of people around the globe are now networked as never before – exchanging information and ideas, forming opinions, and speaking their minds about everything from politics to products.”

If this doesn’t make you want to check you back every few seconds, I don’t know what will.