Tag: Facebook

Facebook, Malware, the NSA and You

Snowden Docs Expose How the NSA “Infects” Millions of Computers, Impersonates Facebook Server

New disclosures from Edward Snowden show the NSA is massively expanding its computer hacking worldwide. Software that automatically hacks into computers – known as malware “implants” – had previously been kept to just a few hundred targets. But the news website The Intercept reports that the NSA is spreading the software to millions of computers under an automated system codenamed “Turbine.” The Intercept has also revealed the NSA has masqueraded as a fake Facebook server to infect a target’s computer and exfiltrate files from a hard drive. We are joined by The Intercept reporter Ryan Gallagher.

How the NSA Plans to Infect ‘Millions’ of Computers with Malware

By Ryan Gallagher and Glenn Greenwald, The Intercept

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

Mark Zuckerberg calls Obama after NSA report

By Alex Byers, Politico

Facebook CEO Mark Zuckerberg called President Barack Obama Wednesday night to complain about U.S. government actions that are undermining trust in the Internet, after a report that described how the National Security Agency posed as a Facebook server to inject malicious software into targets’ computers.

“When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government,” Zuckerberg wrote in a Facebook post Thursday. “The U.S. government should be the champion for the internet, not a threat. They need to be much more transparent about what they’re doing, or otherwise people will believe the worst.” [..]

Zuckerberg did not make direct reference to the report in The Intercept. But he said he expressed frustration to the president about the “damage the government is creating for all of our future.” He added, “Unfortunately, it seems like it will take a very long time for true full reform.”

The NSA has denied doing any of this which flies in the face facts revealed in it’s own secret documents. Ryan Gallagher discusses those documents

A particular short excerpt from one of the classified documents, however, has taken on new significance due to the NSA’s statement. The excerpt is worth drawing attention to here because of the clarity of the language it uses about the Facebook tactic and the light it shines on the NSA’s denial. Referencing the NSA’s Quantum malware initiative, the document, dated April 2011, explains how the NSA “pretends” to be Facebook servers to deploy its surveillance “implants” on target’s computers:

 photo bdfff3e7-59be-46c9-9b11-8f6e896cc7b1_zps2834372e.png

It is difficult to square the NSA secretly saying that it “pretends to be the Facebook server” while publicly claiming that it “does not use its technical capabilities to impersonate U.S. company websites.” Is the agency making a devious and unstated distinction in its denial between “websites” and “servers”? Was it deliberate that the agency used the present tense “does not” in its denial as opposed to the past tense “did not”? Has the Facebook QUANTUMHAND technique been shut down since our report? Either way, the language used in the NSA’s public statement seems highly misleading – which is why several tech writers have rightly treated it with skepticism.

The same is true of the NSA’s denial that it has not “infected millions of computers around the world with malware” as part of its hacking efforts. Our report never actually accused the NSA of having achieved that milestone. Again, we reported exactly what the NSA’s own documents say: that the NSA is working to “aggressively scale” its computer hacking missions and has built a system called TURBINE that it explicitly states will “allow the current implant network to scale to large size (millions of implants).”

JP Morgan: Oops, They Did It Again

Yes they did it again, JP Morgan profited from the Facebook loss by betting against it. Casino Royale:

The concerns center on Morgan Stanley, Goldman Sachs and other banks involved in the I.P.O. that shared a negative outlook about Facebook with a select group of clients, rather than broadly with all investors.

In the days leading up to Facebook’s debut, analysts at several banks ratcheted down their growth estimates for the social network. The move came after the company told them that quarterly and annual revenue would be on the softer side, said people briefed on the matter who spoke on the condition of anonymity because they were not authorized to discuss the issue publicly.

As is typical in the I.P.O. process, research analysts at Morgan Stanley, Goldman Sachs and other firms contacted certain clients to discuss their revised expectations, while other big investors called on the banks to get their new take. But ordinary mom-and-pop investors did not have the same access to the valuable information.

Meanwhile, Massachusetts has issued a subpoena over the discussions that analysts had with certain investors over those “revised expectations”:

The analyst’s revisions came after Facebook revised its prospectus on May 9, which the firm forwarded to all of its retail and institutional clients, according to the statement. [..]

As of Monday afternoon, some customers of Fidelity Investments, Morgan Stanley and Charles Schwab were still waiting to see if their trades for Facebook shares were completed on Friday.

Then Reuters reported late Monday that the consumer Internet analyst at lead underwriter Morgan Stanley cut his revenue forecasts for Facebook in the days before the offering, information that may not have reached many investors before the stock was listed.

Cenk Uygur cuts to the chase:

As Cenk noted and Matt Stoller at naked capital reported, over 99% of these investigations are resolved without an admission of guilt:

In a hearing last week titled “Examining the Settlement Practices of U.S. Financial Regulators”, various regulators tried to justify their practice of settling with financial firms and not requiring them to admit wrongdoing. In that hearing, Federal Reserve General Counsel Scott Alvarez, stated that only seven of the roughly one thousand enforcement actions taken in the last decade were resolved without consent.

   The vast majority of the Federa Reserve’s formal enforcement actions are resolved upon consent, which is fully consistent with the goal of resolving supervisory concerns with bank management quickly and firmly. In crafting enforcement actions that are entered by consent, the Federal Reserve typically sets out summary recitations of the relevant facts in “Whereas” clause provisions; however, like our fellow banking regulators, it has not been our practice to require formal admissions to the misconduct addressed in our enforcement orders given the remedial nature of our enforcement program. Requiring admission of fact and legal conclusions as a condition of entering into a consent action is likely to have a deleterious effect on our supervisory efforts by causing more institutions and individuals to challenge the requested relief in contested administrative proceedings, which typically takes years to reach final resolution, and which could delay implemenattion of necessary corrective action.

In other words, the Federal Reserve will only punish banks who break the rules if those banks consent to punishment.  This attitude is pervasive among all regulators.

Can you imagine of our criminal court system ran like that? Oh wait, if you have money . .

Technology for Fun, Profit and Total Control

Orwell may appear prescient when he imagined his telescreen that the government used as a means of social and political control, given that we now have the government routinely using devices like the cell phones for tracking citizens and tapping into everyone’s electronic communications to “hunt for terrorists” among us.  Recently we learned that the Department of Homeland Security monitors and analyzes social media including for online comments that “reflect adversely” on the federal government.  It seems that the government is so ambitious about collecting and analyzing information about us that the NSA is building an almost inconceivably large facility to store and mine Americans private communications.

It seems that every time a new communications technology becomes available, the government finds a compelling reason and a secret rationale to exploit it to monitor Americans.

That is why this new technology, pioneered by Google should really make you wonder how it will be used:

See what I mean?

It’s The End Of The Internet As We Know It (And Orrin Hatch Feels Fine)

Cross-posted to CandyBullets, MyLeftWing, firefly-dreaming and Docudharma

If you follow my website (CandyBullets) you’re probably well aware of the threat posed by the “IP PROTECT ACT” known more commonly as the Internet Blacklist bill. You’re may also be aware that this bill was recently halted in the Senate by the true Democrat Senator Ron Wyden (D-OR) who prevented the bill from coming up for a vote in the Senate (where it would doubtless pass) however a House version will be introduced this week with help of Representative Bob Goodlatte (R-VA) — probably tomorrow. If you’re not familiar with this bill then I suggest you become acquainted (the full text of the bill may be found here.)

It was once said about the much over analyzed movie Last Tango In Paris that it was a simple movie at heart: a movie about real estate, two people who want an apartment and will do anything to get it. In a similar vane Protect IP is also simple: it is merely the latest in a long line of slovenly hand-outs to corporations at the expense of your civil rights; it would give the Government broad, censorious new powers to shut down any site merely accused of Copyright Infringement and fuck the concept of innocent until proven guilty, yes, the PROTECT IP ACT authorizes an alleged “rights holder” who decides to claim to be the victim of the “infringement” to bring an action against the owner, registrant, or Internet site “dedicated to infringement”, whether domestic or foreign, and seek a court order against the domain name registrant, owner, or the domain name. The DOJ version however can apply against ISPs, search engines, ad providers and payment processors.

Of course corporate America, what were the founding fathers thinking? Of course you must be given permission to shut down YouTube and Facebook so that no one can potentially infringe upon your Copyrights. I recall Franklin making a remark about trading liberty for safety. This bill would criminalize YouTube, Twitter, Facebook, Myspace, Google+, Reddit, Digg, not least this site you’re reading this at. Any other site that uses user generated content. But you know, I’m glad to know that when conservative Orrin Hatch (R-UT) and nominal liberal Patrick Leahy’s (D-VT) delightfully bipartisan fascism was first shot down when they coauthored COICA (The Combating Online Infringement and Counterfeits Act) these two adorable little corporate shills decided to take our criticisms into account. This time they remembered to ban criticism. Their new “PROTECT IP ACT” retains the blacklist of websites our “Democratic” Govenrment doesn’t wanting us looking at but ads a new one that we’ll just have to take a moment to marvel at: It bans people from even being able to discuss blacklisted sites. Under the new bill, anyone “referring or linking” to a blacklisted site will be Blacklisted themselves.

Yes this “bunker-buster bluster bomb” (h/t Ron Wyden) far past simply requiring these other service providers from blocking service, this new law will require search engines to censor sites out of their index. Now please understand, “infringing websites” is in no way defined in a reasonable way — the bill is not being specific about what constitutes an infringing web sites. For example if WikiLeaks or any similar organization were merely accused of distributing copyrighted content, U.S. search engines could be served a court order to BLOCK search results pointing to Wikileaks. Requiring search engines to remove links to an entire website altogether due to an infringing page raises alarming free speech concerns regarding lawful content hosted elsewhere on the site. The fact that an injunction can be issued without notifying the allegedly, supposedly infringing website essentially destroys the entire legal “presumption of innocence”, there is no innocent until proven guilty with this bill.

TWiEC: Winds of Change in the Middle East – as Seen By Foreign and American Editorial Cartoonists

Crossposted at Daily Kos and Docudharma



Walk Like an Egyptian by Dwayne Booth, Mr. Fish, Buy this cartoon  

It’s spontaneous, yes, triggered by the explosion in Tunisia.  But contrary to some media reports, which have portrayed the upsurge in Egypt as a leaderless rebellion, a fairly well organized movement is emerging to take charge, comprising students, labor activists, lawyers, a network of intellectuals, Egypt’s Islamists, a handful of political parties and miscellaneous advocates for “change.”  And it’s possible, but not at all certain, that the nominal leadership of the revolution could fall to Mohammad ElBaradei.

— ‘Who’s Behind Egypt’s Revolt?’ by Robert Dreyfuss, The Nation

The Week in Editorial Cartoons, Part I – BP’s Soup Recipe

Crossposted at Daily Kos and Docudharma

John Sherffius

John Sherffius, Comics.com (Boulder Daily Camera)

Note: Due to a deluge of editorial cartoons over the past week or so, I’m going to, time permitting, post Part II of this weekly diary in the next few days.  In addition to some of the issues covered in this edition, I’ll include more cartoons on the floods in Pakistan, the withdrawal of combat U.S. forces in Iraq, and Rupert Murdoch’s $1 million contribution to the GOP.