spy & security
Please notice how the Director of the NSA, unlike the vociferous FBI director, has been relatively silent. With a budget on the order of $10 billion at its disposal the NSA almost certainly has something equivalent to what the courts have asked Apple to create. The NSA probably doesn’t want to give its bypass tool to the FBI and blow its operational advantage.
{ Counterpunch | Continue reading }
spy & security, technology | February 22nd, 2016 1:59 pm
We investigate the role of networks of alliances in preventing (multilateral) interstate wars. We first show that, in the absence of international trade, no network of alliances is peaceful and stable. We then show that international trade induces peaceful and stable networks: Trade increases the density of alliances so that countries are less vulnerable to attack and also reduces countries’ incentives to attack an ally.
We present historical data on wars and trade showing that the dramatic drop in interstate wars since 1950 is paralleled by a densification and stabilization of trading relationships and alliances.
Based on the model we also examine some specific relationships, finding that countries with high levels of trade with their allies are less likely to be involved in wars with any other countries (including allies and nonallies), and that an increase in trade between two countries correlates with a lower chance that they will go to war with each other.
{ Proceedings of the National Academy of Sciences | Continue reading }
photo { Mark Cohen, Girl Holding Blackberries, 1975 }
economics, fights, spy & security | February 15th, 2016 12:40 pm
…the immaculate ultrawhite behind the French doors of a new GE Café Series refrigerator […] the white hood of a 50th anniversary Ford Mustang GT […] the white used to brighten the pages of new Bibles, the hulls of super yachts, the snowy filling inside Oreo cookies […]
All this whiteness is the product of a compound known as titanium dioxide, or TiO2. A naturally occurring oxide, TiO2 is generally extracted from ilmenite ore and was first used as a pigment in the 19th century. In the 1940s chemists at DuPont refined the process until they hit on what’s widely considered a superior form of “titanium white,” which has been used in cosmetics and plastics and to whiten the chalked lines on tennis courts. DuPont has built its titanium dioxide into a $2.6 billion business, which it spun off as part of chemicals company Chemours, in Wilmington, Del., last fall.
A handful of other companies produce TiO2, including Kronos Worldwide in Dallas and Tronox of Stamford, Conn. Chemours and these others will churn out more than 5 million tons of TiO2 powder in 2016. China also produces large amounts of the pigment, and its industries consume about a quarter of the world’s supply. Most of China’s TiO2 plants, however, use a less efficient and more hazardous process than the one developed at DuPont. Starting in the 1990s, if not earlier, China’s government and Chinese state-run businesses began seeking ways to adopt DuPont’s methods. Only they didn’t approach the company to make a formal deal. According to U.S. law enforcement officials, they set out to rip off DuPont.
“At first, you’re like: Why are they stealing the color white?” says Dean Chappell, acting section chief of counterespionage for the FBI.
{ Bloomberg | Continue reading }
oil on wood { Ellsworth Kelly, White Plaque: Bridge Arch and Reflection, 1951-55 }
U.S., asia, colors, economics, spy & security | February 8th, 2016 6:58 am
The NSA’s inspector general last year detailed 12 cases of “intentional misuse” of intelligence authorities from 2003 to 2013 […] Those cases included a member of a U.S. military intelligence unit who violated policy by obtaining the communications of his wife, who was stationed in another country. After a military proceeding, the violator was punished by a reduction in rank, 45 days of extra duty and forfeiture of half of his pay for two months, according to the letter. In a 2003 case, a civilian employee ordered intelligence collection “of the telephone number of his foreign-national girlfriend without an authorized purpose for approximately one month” to determine whether she was being faithful to him, according to the letter. The employee retired before an investigation could be completed.
{ Bloomberg | Continue reading }
photo { Olivia Locher, Lucifer Rising, 2014 }
relationships, spy & security, technology | December 27th, 2014 6:15 pm
This report describes the details and type of operations carried out by an organized criminal group that focuses on financial industry, such as banks and payment providers, retail industry and news, media and PR companies. […] The organized criminal group backbone are citizens of both Russian and Ukrainian origin. […]
The average sum of theft in the Russian territory and in the post-Soviet space is $2 million per incident. […] To date the total amount of theft is over 1 billion rubles (about 25 million dollars), most of it has been stolen in the second half of 2014. […]
The key is that fraud occurs within the corporate network using internal payment gateways and internal banking systems. Thus money is stolen from the banks and payment systems, and not from their customers. While this is their main and most lucra- tive activity, the gang has also ventured into other areas including the compromise of media groups and other organizations for industrial espionage and likely a trading advantage on the stock market. […]
The average time from the moment of penetration into the financial institutions internal network till successful theft is 42 days.
As a result of access to internal bank networks the attackers also managed to gain access to ATM management infrastructure and infect those systems with their own malicious software that further allows theft from the banks ATM systems on the attackers command. […]
The main steps of the attack progression are the following ones:
1. Primary infection of an ordinary employee computer.
2. Getting a password of a user with administra- tive rights on some computers. For example, a password of a technical support engineer.
3. Gaining legitimate access to one server.
4. Compromising the domain administrator password from the server.
5. Gaining access to the domain controller and compromising of all active domain accounts.
6. Gaining access to e-mail and workflow servers.
7. Gaining access to server and banking system administrator workstations.
8. Installing the software to monitor activity of interesting system operators. Usually photo and video recording was used.
9. Configuring remote access to servers of inter- est including firewall configuration changes.
{ Group-IB and Fox-IT | PDF }
economics, scams and heists, spy & security, technology | December 27th, 2014 6:13 pm
The malware, called “Regin”, is probably run by a western intelligence agency and in some respects is more advanced in engineering terms than Stuxnet. […]
Symantec said it was not yet clear how Regin infected systems but it had been deployed against internet service providers and telecoms companies mainly in Russia and Saudi Arabia as well as Mexico, Ireland and Iran. […]
“Nothing else comes close to this . . . nothing else we look at compares,” said Orla Cox, director of security response at Symantec, who described Regin as one of the most “extraordinary” pieces of hacking software developed, and probably “months or years in the making”. […] “Sometimes there is virtually nothing left behind – no clues. Sometimes an infection can disappear completely almost as soon as you start looking at it, it’s gone. That shows you what you are dealing with.”
{ FT | Continue reading }
spy & security, technology | November 24th, 2014 6:34 am
In shopping malls, for instance, a firm called Euclid Analytics collects, in its own words, “the presence of the device, its signal strength, its manufacturer (Apple, Samsung, etc.), and a unique identifier known as its Media Access Control (MAC) address.” In London last year, one start-up installed a dozen recycling bins that sniffed MAC addresses from passers-by, effectively tracking people through the area via their phones. Such companies go to great lengths to explain that such information in not personally identifiable—except that repeated studies have shown that this data can indeed be used to infer a great deal about your life.
At the core of such tracking is the MAC address, a unique identification number tied to each device. Devices looking for a Wi-Fi network send out their MAC address to identify themselves. Wireless routers receive the signals—and addresses—even if a connection is never made. Companies like Euclid or its peer Turnstyle Solutions use the data to track footfall in stores, how people move about in shops, how long they linger in certain sections, and how often they return. Store-owners use the information to target shoppers with offers (paywall) or to move high-value items to highly-trafficked parts of the shop, among other things. […]
Apple’s solution, as discovered by a Swiss programmer, is for iOS 8, the new operating system for iPhones which will be out later this year, to generate a random MAC addresses while scanning for networks. That means that companies and agencies that collect such information will not necessarily know when the same device (i.e., person) visits a store twice, or that the same device pops up in stores across the country or the world, suggesting a much-travelled owner.
{ Quartz | Continue reading }
related { With the launch of a health app and data-sharing platform, Apple is betting that tracking your vital signs via smartphone is about to become a booming industry }
spy & security, technology | June 9th, 2014 9:09 am
Over the past year, I’ve spent a great deal of time trolling a variety of underground stores that sell “dumps” — street slang for stolen credit card data that buyers can use to counterfeit new cards and go shopping in big-box stores for high-dollar merchandise that can be resold quickly for cash. By way of explaining this bizarro world, this post takes the reader on a tour of a rather exclusive and professional dumps shop that caters to professional thieves, high-volume buyers and organized crime gangs. […]
Like many other dumps shops, McDumpals recently began requiring potential new customers to pay a deposit (~$100) via Bitcoin before being allowed to view the goods for sale. Also typical of most card shops, this store’s home page features the latest news about new batches of stolen cards that have just been added, as well as price reductions on older batches of cards that are less reliable as instruments of fraud. […]
People often ask if I worry about shopping online. These days, I worry more about shopping in main street stores. McDumpals is just one dumps shop, and it adds many new bases each week. There are dozens of card shops just like this one in the underground (some more exclusive than others), all selling bases [batches of cards] from unique, compromised merchants.
{ Krebs on Security | Continue reading }
economics, scams and heists, spy & security, technology | June 5th, 2014 12:39 pm
Today, credit cards are on supersale. Pageler says that means a big breach just happened.
Strangely, platinum credit cards on the site are selling for less money than gold cards. […]
The bots send out emails, and between 5 percent and 10 percent of recipients open the attachment, which lets the crooks in.
{ NPR | Continue reading }
economics, scams and heists, spy & security | February 21st, 2014 3:51 pm
He booted up a smartphone in a Moscow café and watched as unidentified attackers immediately began to cyber-assault it.
{ Slashdot | Continue reading }
spy & security, technology | February 6th, 2014 2:38 pm
{ When a shopper enters Reebok’s flagship store in New York City, a face-detection system analyzes 10 to 20 frames per second to build a profile of the potential customer. The algorithms can determine a shopper’s gender and age range as well as behavioral and emotional cues, such as interest in a given display (it tracks glances and the amount of time spent standing in one place). Reebok installed the system, called Cara, in May 2013; other companies are following suit. Tesco recently unveiled a technology in the U.K. that triggers digital ads at gas stations tailored to the viewer’s age and gender. | Popular Science | full story }
faces, spy & security, technology | January 21st, 2014 12:25 pm
People whose cellphones move at a certain clip across city parks between 5:30 and 8:30 every morning are flagged by Viasense’s algorithm as “early morning joggers.” When you give your smartphone permission to access your location, you may be sharing a lot more than you realize.
{ WSJ | Continue reading }
We show that easily accessible digital records of behavior, Facebook Likes, can be used to automatically and accurately predict a range of highly sensitive personal attributes including: sexual orientation, ethnicity, religious and political views, personality traits, intelligence, happiness, use of addictive substances, parental separation, age, and gender. […]
Table S1 presents a sample of highly predictive Likes related to each of the attributes. For example, the best predictors of high intelligence include “Thunderstorms,” “The Colbert Report,” “Science,” and “Curly Fries,” whereas low intelligence was indicated by “Sephora,” “I Love Being A Mom,” “Harley Davidson,” and “Lady Antebellum.” Good predictors of male homosexuality included “No H8 Campaign,” “Mac Cosmetics,” and “Wicked The Musical,” whereas strong predictors of male heterosexuality included “Wu-Tang Clan,” “Shaq,” and “Being Confused After Waking Up From Naps.” Although some of the Likes clearly relate to their predicted attribute, as in the case of No H8 Campaign and homosexuality, other pairs are more elusive; there is no obvious connection between Curly Fries and high intelligence.
Moreover, note that few users were associated with Likes explicitly revealing their attributes. For example, less than 5% of users labeled as gay were connected with explicitly gay groups, such as No H8 Campaign, “Being Gay,” “Gay Marriage,” “I love Being Gay,” “We Didn’t Choose To Be Gay We Were Chosen.” […]
Predicting users’ individual attributes and preferences can be used to improve numerous products and services. For instance, digital systems and devices (such as online stores or cars) could be designed to adjust their behavior to best fit each user’s inferred profile. Also, the relevance of marketing and product recommendations could be improved by adding psychological dimensions to current user models. For example, online insurance advertisements might emphasize security when facing emotionally unstable (neurotic) users but stress potential threats when dealing with emotionally stable ones.
{ PNAS | PDF }
related { PhD candidate in sociology explains his experiences working for Facebook }
photo { Albert Moldvay, A woman shops for a fur coat at Bergdorf Goodman in New York City, 1964 }
marketing, psychology, social networks, spy & security | January 16th, 2014 9:04 am
American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life… […] The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players. […]
By the end of 2008, according to one document, the British spy agency, known as GCHQ, had set up its “first operational deployment into Second Life” and had helped the police in London in cracking down on a crime ring that had moved into virtual worlds to sell stolen credit card information. […]
Even before the American government began spying in virtual worlds, the Pentagon had identified the potential intelligence value of video games. The Pentagon’s Special Operations Command in 2006 and 2007 worked with several foreign companies — including an obscure digital media business based in Prague — to build games that could be downloaded to mobile phones, according to people involved in the effort. They said the games, which were not identified as creations of the Pentagon, were then used as vehicles for intelligence agencies to collect information about the users.
{ ProPublica | Continue reading }
related { A Single Exposure to the American Flag Shifts Support Toward Republicanism up to 8 Months Later }
U.S., leisure, social networks, spy & security | December 10th, 2013 2:20 pm
spy & security, technology | December 8th, 2013 8:05 am
spy & security, technology | June 27th, 2013 5:55 am
The first thing I did after I heard about the highly classified NSA PRISM program two years ago was set up a proxy server in Peshawar to email me passages from Joyce’s Finnegans Wake.
{ John Sifton/Warscapes | Continue reading | Thanks Aaron }
James Joyce, haha, spy & security | June 15th, 2013 10:57 pm
After checking your bank account, remember to log out, close your web browser, and throw your computer into the ocean.
[…]
For those of you using a smartphone or tablet, the process for securely closing your banking session is very similar, except that you should find the nearest canyon and throw your device into that canyon. We then recommend simply scaling down the cliff face, locating the shattered remnants of your device, and spending the next few weeks traversing the country burying each individual piece in separate holes of varying depths several hundred miles apart.
{ The Onion | Continue reading | Thanks Tim }
related { As digital data expands, anonymity may become a mathematical impossibility. }
haha, spy & security | May 7th, 2013 7:22 am
Are all telephone calls recorded and accessible to the US government? A former FBI counterterrorism agent claims that this is the case.
{ Guardian | Continue reading }
images { 1. Dave Willardson, Rolling Stone, 1976) | 2. Bug, 1975 }
U.S., spy & security | May 6th, 2013 6:16 am
Hijacking airplanes with an Android phone
By taking advantage of two new technologies for the discovery, information gathering and exploitation phases of the attack, and by creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes’ Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircrafts by making virtual planes “dance to his tune.”
{ Net Security | Continue reading }
art { Cy Twombly, Untitled, 1971 }
airports and planes, spy & security, technology | April 11th, 2013 5:51 am