Blog Archives

Accessing your internet browsing history is now the FBI’s top legislative priority

Tech firms and privacy groups are fighting back against an amendment proposed by the Obama administration that would give the FBI a top-level view of your “electronic communicational records” (ECTRs) without the need for a warrant.

ECTRs include everything from the web sites you’ve visited to the duration of your browsing on a particular page. It’s all up for grabs as part of a proposal being considered this week by the Senate Judiciary Committee, and legislation is already moving forward to allow national security agents to apply for an administrative subpoena called a “national security letter,” or NSL, that would let agents bypass a judge’s approval to view such information in terrorism and spy cases.

According to FBI Director James Comey, the amendment is a correction to a typo in the Electronic Communications Privacy Act that has hindered the bureau’s ability to work in “a very, very big and practical way.” As such, amending the existing surveillance laws has become the FBI’s “top priority” in 2016.

Source: Accessing your internet browsing history is now the FBI’s top legislative priority – CNET


Microsoft sues U.S. over secret demands for customer data

SAN FRANCISCO – In the latest clash over privacy rights in the digital age, Microsoft (MSFT) is suing the U.S. government over a federal law that allows authorities to examine customer emails or online files without the individual’s knowledge.

The lawsuit comes as the technology industry butts heads with U.S. officials over the privacy rights of customers.

Microsoft says the U.S. is abusing a decades-old law that allows a court to order the company to turn over email or other customer files that are stored on its servers, while prohibiting Microsoft from notifying the customer. The company says that violates constitutional rights of free speech and protection against unreasonable searches.

“Microsoft brings this case because its customers have a right to know when the government obtains a warrant to read their emails, and because Microsoft has a right to tell them,” states the company’s lawsuit, which was filed Thursday in federal court in Seattle. “Yet the Electronic Communications Privacy Act… allows courts to order Microsoft to keep its customers in the dark when the government seeks their email content or other private information, based solely on a ‘reason to believe’ that disclosure might hinder an investigation.”

Source: Microsoft sues U.S. over secret demands for customer data – CBS News

Edward Snowden Says NSA Can Hack Smartphones with 1 Text and can listen in on room activities, even with phone off!

Edward Snowden, the famous whistle blower of WikiLeaks, has made another revelation in an interview with the Panorama program that is featured on the BBC. Snowden, who has been living in Russia since 2013 on a temporary asylum, has claimed that the Government Communications Headquarters agency of Britain has been using a method to gain complete access of the phones of unassuming phone users.

The tool uses a simple text message which can be sent on the phones of the users. Although the message will not be displayed on their phones, it allows the agency to control those phones. The agency is then able to switch on the phone’s microphone and camera, allowing it to spy on the people using the phones. It also allows GCHQ access to the data on the phone.

The application used by the agency is called “Smurf Suite”, which is named after the famous cartoon characters. The applications were named “Nosey Smurf”, “Tracker Smurf” and “Dreamy Smurf”. Through WikiLeaks, Snowden has revealed several past secrets that involve government agencies spying on people. This revelation about the British agency, is just one of many such measures used by the government to control the lives of its own citizens.

The text messages sent by the British agency is an unauthorised method to infringe upon the lives of British citizens. The exploit allows GCHQ to remotely switch the phones on and off without the permission of the owners. Such instances are concerning. Governments across the world have cited that such measures are for the safety of the people. However, the reality is such exploits do not enhance the security of the citizens. To put it simply, governments primarily indulge in such activities in order to gain more power.

Source: Edward Snowden Says One Text Can Hack Smartphones AnonHQ

What’s in a Boarding Pass Barcode? A Lot — Krebs on Security

The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.

Earlier this year, I heard from a longtime KrebsOnSecurity reader named Cory who said he began to get curious about the data stored inside a boarding pass barcode after a friend put a picture of his boarding pass up on Facebook. Cory took a screen shot of the boarding pass, enlarged it, and quickly found a site online that could read the data.

“I found a website that could decode the data and instantly had lots of info about his trip,” Cory said, showing this author step-by-step exactly how he was able to find this information. ‘

“Besides his name, frequent flyer number and other [personally identifiable information], I was able to get his record locator (a.k.a. “record key” for the Lufthansa flight he was taking that day,” Cory said. “I then proceeded to Lufthansa’s website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see ANY future flights that were booked to his frequent flyer number from the Star Alliance.”

Source: What’s in a Boarding Pass Barcode? A Lot — Krebs on Security

Windows 10 spying and sharing your personal info whether you like it or not

Microsoft just can’t seem to shake the image that Windows 10 is spying on you. And Microsoft’s lack of transparency about Windows 10’s privacy isn’t doing much to dispel the notion.

In the nearly three weeks following Windows 10’s release, there have been numerous reports about how much personal information Microsoft collects, and the hurdles to stopping it.

1) Shares your personal information with Microsoft by default

By default, Windows 10 shares a lot of information about you with Microsoft. According to the company’s privacy policy, Windows sends Microsoft everything you say to Cortana, Windows 10’s Siri-like virtual assistant. It also collects your name and nickname, your recent calendar events, the names of the people in your appointments, and information about your contacts — including their names and nicknames……

Source: Is Windows 10 really a privacy nightmare? – Aug. 17, 2015

Congress rushing to vote on the CISA Surveillance Bill, letting Facebook & Google provide User Data to NSA

We’re all familiar with the all seeing eye of our governments watching over our shoulder. Now the news gets better – not. If you haven’t heard about CISA already, you’re about to discover a frightening new world constructing our private online lives into a new systematic order that consists of heavier monitoring.

Operation Fax Big Brother

The dirty deals between Google and the NSA are only just the tip, as the U.S. government ramps up their surveillance action in an effort to introduce unlimited, all-encompassing monitoring of its citizens through the cooperation of corporations and large organziations. CISA, or the Cybersecurity Information Sharing Act of 2015, is heading for a vote in the U.S. Senate very soon. It’s an irrational hysteria that we’ve skimmed over in literary works such as 1984, but even Orwell never quite fathomed the extent of which surveillance would become.

CISA, the surveillance bill masquerading under the “cybersecurity” banner, has been pushed back three times by public outcry, but now they’re attempting to rush it through, arguing that it is necessary in order to protect our freedom, and to stop hackers.

If the CISA 2015 is passed, Google, Facebook and other similar corporations will be protected and grantedimmunity if they monitor and share their users, passing on information to government agencies if they consider it to contain “cyber threat indicators.” The information that can be shared is only limited to your imagination; from email content, IP addresses, personal information, passwords, and anything else they deem to be a threat. If this isn’t bad enough, from the sharing of this information, a further exploitation in the surveillance laws that are current, will permit the government to “upstream” domestic content direct from the cables that make up the internet.

From this step, anything is possible. CISA could pass this information to law enforcement agencies to further investigations; backdoor search capabilities will be expanded; and any attempt to fight or challenge the system will prove difficult – the bill specifically exempts this collection of information from disclosure under the Freedom of Information Act on all local, state, and federal law.

Screenshot (99)

The Age of Digital Fascism is here: the CISA Surveillance Bill AnonHQ.

FBI Admits They Haven’t Stopped ANY Terrorism With Patriot Act Spying Power

The FBI just came out and admitted that they haven’t solved a single terrorism case using the spying powers granted by the Patriot Act.

The Justice Department’s inspector general acknowledged this in a report that was released last Thursday. Inspector General Michael E. Horowitz explained that in the years spanning from 2004 to 2009, the FBI increased their spying under Section 215 of the Patriot Act by three times.

This included forcing businesses to turn over records and documents, and spying on Americans with no clear ties to any official terrorist organizations or terrorism investigations.

But in spite of all that added spying, they couldn’t point to one single case that was solved, or one single terrorist act that was thwarted through the use of these Patriot Act provisions. Anything that they solved or prevented was done using traditional techniques and tactics for solving crime, without relying on Patriot Act dirty tricks.

“The agents we interviewed did not identify any major case developments that resulted from use of the records obtained in response to Section 215 orders,” the inspector general said.

He nevertheless said that he wants Section 215 to remain, and that he views the information they gather through it as “valuable” even though it wasn’t actually solving any crimes. He added that the powers under Section 215 should be expanded, to provide even more information like that which they have been gathering – which admittedly has not solved any crimes, or prevented any terrorist attacks.

“While the expanded scope of these requests can be important uses of Section 215 authority, we believe these expanded uses require continued significant oversight,” Horowitz concluded.

FBI Admits They Haven’t Stopped ANY Terrorism With Patriot Act Spying Power.

Russian researchers expose breakthrough U.S. spying program, embedding Spyware in factory Hard Drives

NSA Spying Center in Utah

NSA Spying Center in Utah

(Reuters) – The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers, according to cyber researchers and former operatives.

That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan,Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. (

Russian researchers expose breakthrough U.S. spying program | Reuters.

Anonymous releases Chicago police radio transmissions revealing warrantless wiretapping by NSA Operation AURORAGOLD

The hacktivist collective, Anonymous today released a video to confirm The Intercept report about Operation AURORAGOLD being undertaken by NSA by wiretapping the carriers without any warrant, to listen in to calls of private citizens of United States.

Anonymous released the video, which testifies the warrantless wiretapping by the law enforcement agencies, in Chicago during a #blacklivesmatter protest through a moving vehicle.

Just a few days earlier The Intercept had released a massive report about the warrantless wiretapping that NSA undertakes without any authorisation or warrants by hacking into the GSM carriers signals worldwide. The videos released by the Anonymous merely confirm The Intercept report which can be read here.

Anonymous releases Chicago police radio transmissions revealing warrantless wiretapping.

Someone is tapping cellphones in Las Vegas, other U.S. cities – Fake Cell Towers

Fake Cell Tower

If you talk on your cellphone near the South Point, there’s a chance someone is secretly listening to your conversation.

A Las Vegas man recently discovered a listening device hidden somewhere near the hotel-casino on Las Vegas Boulevard — one of nearly 20 found, so far, in cities across the country.

Their purpose? To break into your most private affairs and mine them for valuable information.

Known in the tech community as “IMSI catchers,” these devices can be bought from online retailers or home-built by criminals for as little as $1,800. The devices, which can impersonate a cellphone tower and intercept a signal, are being detected at a time when people are becoming aware that electronic communication is anything but private.

Stingray Tracking Device

A monitor with an IMSI catcher can locate and identify nearby phones by adding specific phone numbers to a “catch list.” Someone wanting to get at the secrets of a high-level casino executive, for example, enters the phone numbers of the executive’s assistants, secretaries, business partners and friends — and waits for that phone to come into the tower’s range.

While often described as fake cell towers, IMSI catchers don’t necessarily take that form.

“It could be somebody sitting in a coffee shop with a backpack,” said Les Goldsmith, CEO of Las Vegas-based ESD America, who is credited with discovering the IMSI catchers.

A technology provider for the national defense industry and law enforcement, ESD America is a go-to source for high-level executives and military personnel seeking to protect their digital communications. The company recently released the super-secure CryptoPhone 500, which, unlike your cellphone, is equipped with strong firewall that keeps tabs on any attempt to break into the phone or capture its signal. It also alerts the user to the attack.

Someone is tapping cellphones in Las Vegas, other U.S. cities | Las Vegas Review-Journal.

%d bloggers like this: