NSA has given their staff “talking points” to assist their staff, when challenged over spying. It’s a great read.
NSA “you can trust us”:
NSA does not target the US (ie 2% of the planet)
NSA is lawful, for a secret court:
NSA does not select the topic
NSA is the best Secret Santa
NSA SANTA – Sigint at its best
NSA are loyal Americans
NSA Loyal Americans – watching you in your beds…
NSA are transparent
NSA Committed to transparency…
In conclusion, the NSA plan to “talk you to death”. They have a script. So we know what they’re going to say.
Get your jokes in first…
Tell them that you’re supporting a new presidential campaign.
VOTE SNOWDEN for PRESIDENT.
Government you can trust.
Cartoons courtesy of Newsday:
Malware communicates at a distance of 65 feet using built-in mics and speakers.
Computer scientists have developed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection.
The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an “air gap” between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals.
The researchers, from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently disclosed their findings in a paper published in the Journal of Communications. It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps. The new research neither confirms nor disproves Dragos Ruiu’s claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today’s malware.
“In our article, we describe how the complete concept of air gaps can be considered obsolete as commonly available laptops can communicate over their internal speakers and microphones and even form a covert acoustical mesh network,” one of the authors, Michael Hanspach, wrote in an e-mail. “Over this covert network, information can travel over multiple hops of infected nodes, connecting completely isolated computing systems and networks (e.g. the internet) to each other. We also propose some countermeasures against participation in a covert network.”
The researchers developed several ways to use inaudible sounds to transmit data between two Lenovo T400 laptops using only their built-in microphones and speakers. The most effective technique relied on software originally developed to acoustically transmit data under water. Created by the Research Department for Underwater Acoustics and Geophysics in Germany, the so-called adaptive communication system (ACS) modem was able to transmit data between laptops as much as 19.7 meters (64.6 feet) apart. By chaining additional devices that pick up the signal and repeat it to other nearby devices, the mesh network can overcome much greater distances.
The ACS modem provided better reliability than other techniques that were also able to use only the laptops’ speakers and microphones to communicate. Still, it came with one significant drawback—a transmission rate of about 20 bits per second, a tiny fraction of standard network connections. The paltry bandwidth forecloses the ability of transmitting video or any other kinds of data with large file sizes. The researchers said attackers could overcome that shortcoming by equipping the trojan with functions that transmit only certain types of data, such as login credentials captured from a keylogger or a memory dumper.
“This small bandwidth might actually be enough to transfer critical information (such as keystrokes),” Hanspach wrote. “You don’t even have to think about all keystrokes. If you have a keylogger that is able to recognize authentication materials, it may only occasionally forward these detected passwords over the network, leading to a very stealthy state of the network. And you could forward any small-sized information such as private encryption keys or maybe malicious commands to an infected piece of construction.”
The research paper suggests several countermeasures that potential targets can adopt. One approach is simply switching off audio input and output devices, although few hardware designs available today make this most obvious countermeasure easy. A second approach is to employ audio filtering that blocks high-frequency ranges used to covertly transmit data. Devices running Linux can do this by using the advanced Linux Sound Architecture in combination with the Linux Audio Developer’s Simple Plugin API.
The GCC Compiler runs on Windows 7, this is how to install it.
Step 1 – Download GCC Compiler
Step 2 – Run Installer
Right click the install.exe and “Run as Administrator”
Select 32 or 64 bit Architecture (defaults is 32 bit)
Allow some time to download > Next
That’s it – GCC is now installed.
Step 3 – Download Notepad++
Download it here:
Save your programs as *filename.c
(.c is for c programs).
Step 4 – Write a Buffer Overflow in Notepad++
Copy this program into Notepad++ to test out your GCC compiler.
When you run the buffer.c program – it will crash.
Code – for buffer overflow
int main (int argc, char* argv) //start of main
char smallbuff; //8 chars in buffer
}//end of main
Step 5 – Launch the GCC Compiler
Start > All Programs
MinGw > x64-4.8.1 > Run Terminal
I created c: test directory to store all notepad programs. Note c:\test\buffer.c
cd c:\test (to get to our test directory)
Now we compile and generate buffer.exe – which we run.
gcc buffer.c -o buffer.exe
Don’t forget buffer.exe to run your program.
Did the program crash?
Wow. How can I thank you guys?
A Quarter of a Million views in 2013.
And, looking like over a Third of a Million, in 2014.
I’m so humbled. Thank you all so, so much for your support.
There are so many countries and flags.. that it spans several pages.
Viewers are from Iraq, Syria, Iran to China and the Palestinian Occupied Territories.
A giant thank- you.
From Wales – we have a baby dragon on our flag. You can’t miss us.
A great TED talk from Mikko Hypponen about the recent NSA leaks. Well worth 20 minutes of your time. Mikko Hermanni Hyppönen is a computer security expert and columnist.
“And if we look back about the forecasts on surveillance by George Orwell, well, it turns out, that George Orwell was an optimist.” — “Mikko Hypponen
Blair government let US spy on Britons
Between 2004 and 2007 the Labour government gave the US National Security Agency permission to use information on innocent British people collected in the process of spying on actual targets.
According to a top secret memo I have seen, from within the NSA and dated June 2007, Britain agreed the Americans could “unminimise” British landline numbers as early as 2004. That means they were not obliged to delete them, and could now use their systems to analyse them.
We approached Jack Straw, foreign secretary until 2006, and Margaret Beckett, who was in charge when the 2007 agreement was signed. We also approached the NSA and GCHQ. They declined to comment.
For transparency, we can reveal we have notified the DA notice committee of our intention to publish these documents.
Both US and UK officials have previously denied the signatories to the 1946 agreement spy on each other’s citizens. But earlier Snowden revelations showed how, by targeting each other’s citizens, Britain and the USA could get around legal strictures on targeting their own.
Then, in the dying days of the Blair administration, it allowed US spies to work with mobile, email, fax and internet data in the same way.
By 2004 the Americans had clear reasons to be concerned about UK citizens and terror. Shoe bomber Richard Reid was in a US jail; there were nine Brits in Guantanamo.
But a second document, a draft memo written by a senior officer in the NSA in 2005, shows the extent the Americans were prepared to go to in order to spy on British citizens without UK government agreement.
This memo contains separate paragraphs with distinct and different circulation lists. The paragraph the UK intelligence partners got to see says America is going to target British citizens “with the full knowledge and co-operation of GCHQ”.
These two documents are the first proof in black and white that an agreement exists between Britain and the USA on the targeting of each other’s citizens (on the assumption, not confirmed, that Britain gained the reciprocal right to use data collected on Americans in the 2007 agreement).
What does it all mean? Well many people have greeted the Snowden revelations with a shrug: “What’s the problem if you’re doing nothing wrong?” has been the response to evidence of widespread surveillance outside the law.
These documents show that, as late as 2007, the British government did object to its citizens’ data being scraped and analysed by US spies. And they show that in 2005 the USA was preparing to spy on Britain “unilaterally” and without its knowledge.
Something changed during the Blair government – but no account of it has been given in public by those who took the decisions, nor is it clear what the politicians knew.
Not for British eyes
But the paragraph above, marked “NOFORN” – meaning not even for British eyes – says the Americans are also prepared to spy on UK citizens “unilaterally” and if they did so the UK would not be told.
Together with the Guardian we approached both the US and British authorities to clarify what Britain got in return for the 2004 and 2007 agreements, and to ask what happened to the 2005 draft memo. They declined to comment.
**Congratulations to Channel 4 News for joining the Guardian in the biggest story of our era.
The phone, internet and email records of UK citizens not suspected of any wrongdoing have been analysed and stored by America’s National Security Agency under a secret deal that was approved by British intelligence officials, according to documents from the whistleblower Edward Snowden.
In the first explicit confirmation that UK citizens have been caught up in US mass surveillance programs, an NSA memo describes how in 2007 an agreement was reached that allowed the agency to “unmask” and hold on to personal data about Britons that had previously been off limits.
The memo, published in a joint investigation by the Guardian and Britain’s Channel 4 News, says the material is being put in databases where it can be made available to other members of the US intelligence and military community.
Britain and the US are the main two partners in the ‘Five-Eyes’ intelligence-sharing alliance, which also includes Australia, New Zealand and Canada. Until now, it had been generally understood that the citizens of each country were protected from surveillance by any of the others.
But the Snowden material reveals that:
• In 2007, the rules were changed to allow the NSA to analyse and retain any British citizens’ mobile phone and fax numbers, emails and IP addresses swept up by its dragnet. Previously, this data had been stripped out of NSA databases – “minimized”, in intelligence agency parlance – under rules agreed between the two countries.
• These communications were “incidentally collected” by the NSA, meaning the individuals were not the initial targets of surveillance operations and therefore were not suspected of wrongdoing.
• The NSA has been using the UK data to conduct so-called “pattern of life” or “contact-chaining” analyses, under which the agency can look up to three “hops” away from a target of interest – examining the communications of a friend of a friend of a friend. Guardian analysis suggests three hops for a typical Facebook user could pull the data of more than 5 million people into the dragnet.
• A separate draft memo, marked top-secret and dated from 2005, reveals a proposed NSA procedure for spying on the citizens of the UK and other Five-Eyes nations, even where the partner government has explicitly denied the US permission to do so. The memo makes clear that partner countries must not be informed about this surveillance, or even the procedure itself.
The 2007 briefing was sent out to all analysts in the NSA‘s Signals Intelligence Directorate (SID), which is responsible for collecting, processing, and sharing information gleaned from US surveillance programs.
Up to this point, the Americans had only been allowed to retain the details of British landline phone numbers that had been collected incidentally in any of their trawls.
But the memo explains there was a fundamental change in policy that allowed the US to look at and store vast amounts of personal data that would previously have been discarded.
It states: “Sigint [signals intelligence] policy … and the UK Liaison Office here at NSAW [NSA Washington] worked together to come up with a new policy that expands the use of incidentally collected unminimized UK data in Sigint analysis.
“The new policy expands the previous memo issued in 2004 that only allowed the unminimizing of incidentally collected UK phone numbers for use in analysis.
“Now SID analysts can unminimize all incidentally collected UK contact identifiers, including IP and email addresses, fax and cell phone numbers, for use in analysis.”
The memo also set out in more detail what the NSA could and could not do.
The agency was, for example, still barred from making any UK citizen a target of surveillance programs that would look at the content of their communications without getting a warrant. However, they now:
• “Are authorized to unmask UK contact identifiers resulting from incidental collection.”
• “May utilize the UK contact identifiers in Sigint development contact chaining analysis.”
• “May retain unminimized UK contact identifiers incidentally collected under this authority within content and metadata stores and provided to follow-on USSS (US Sigint System) applications.”
The document does not say whether the UK Liaison Office, which is operated by GCHQ, discussed this rule change with government ministers in London before granting approval, nor who within the intelligence agencies would have been responsible for the decision.
The Guardian contacted GCHQ and the Cabinet Office on Thursday November 7 to ask for clarification, but despite repeated requests since then, neither has been prepared to comment.
Since the signing in 1946 of the UKUSA Signals Intelligence Agreement, which first established the Five-Eyes partnership, it has been a convention that the allied intelligence agencies do not monitor one another’s citizens without permission – an agreement often referred to publicly by officials across the Five-Eyes nations.
However, a draft 2005 directive in the name of the NSA‘s director of signals intelligence reveals the NSA prepared policies enabling its staff to spy on Five-Eyes citizens, even where the partner country has refused permission to do so.
The document, titled ‘Collection, Processing and Dissemination of Allied Communications’, has separate classifications from paragraph to paragraph. Some are cleared to be shared with America’s allies, while others – marked “NF”, for No Foreign – are to be kept strictly within the agency. The NSA refers to its Five-Eyes partners as “second party” countries.
The memo states that the Five-Eyes agreement “has evolved to include a common understanding that both governments will not target each other’s citizens/persons”.
But the next sentence – classified as not to be shared with foreign partners – states that governments “reserved the right” to conduct intelligence operations against each other’s citizens “when it is in the best interests of each nation”.
“Therefore,” the draft memo continues, “under certain circumstances, it may be advisable and allowable to target second party persons and second party communications systems unilaterally, when it is in the best interests of the US and necessary for US national security.”
The draft directive states who can approve the surveillance, and stresses the need for secrecy.
“When sharing the planned targeting information with a second party would be contrary to US interests, or when the second party declines a collaboration proposal, the proposed targeting must be presented to the signals intelligence director for approval with justification for the criticality of the proposed collection.
“If approved, any collection, processing and dissemination of the second party information must be maintained in NoForn channels.”
The document does not reveal whether such operations had been authorized in the past, nor whether the NSA believes its Five-Eyes partners conduct operations against US citizens.
The other sections of the document, cleared for sharing with the UK and other partners, strike a different tone, emphasising that spying on each other’s citizens is a collaborative affair that is most commonly achieved “when the proposed target is associated with a global problem such as weapons proliferation, terrorism, drug trafficking or organised crime activities.”
It states, for example: “There are circumstances when targeting of second party persons and communications systems, with the full knowledge and co-operation of one or more second parties, is allowed when it is in the best interests of both nations.”
The memo says the circumstances might include “targeting a UK citizen located in London using a British telephone system”; “targeting a UK person located in London using an internet service provider (ISP) in France; or “targeting a Pakistani person located in the UK using a UK ISP.”
A spokeswoman for the NSA declined to answer questions from the Guardian on whether the draft directive had been implemented and, if so, when. The NSA and the White House also refused to comment on the agency’s 2007 agreement with the UK to store and analyze data on British citizens.
LG Smart Ad analyses users favourite programs, online behaviour, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances to women.Furthermore, LG Smart Ad offers useful and various advertising performance reports. That live broadcasting ads cannot. To accurately identify actual advertising effectiveness.
In fact, there is an option in the system settings called “Collection of watching info:” which is set ON by default. This setting requires the user to scroll down to see it and, unlike most other settings, contains no “balloon help” to describe what it does.
At this point, I decided to do some traffic analysis to see what was being sent. It turns out that viewing information appears to be being sent regardless of whether this option is set to On or Off.
Here you can clearly see that a unique device ID is transmitted, along with the Channel name “BBC NEWS” and a unique device ID.
Here is another example of a viewing info packet.
GB.smartshare.lgtvsdp.com POST /ibs/v2.2/service/watchInformation.xml HTTP/1.1
X-Authentication:YMu3V1dv8m8JD0ghrsmEToxONDI= cookie:JSESSIONID=3BB87277C55EED9489B6E6B2DEA7C9FD.node_sdpibis10; Path=/
It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG’s servers and that these filenames were ones stored on my external USB hard drive. To demonstrate this, I created a mock avi file and copied it to a USB stick.
This file didn’t really contain “midget porn” at all, I renamed it to make sure it had a unique filename that I could spot easily in the data and one that was unlikely to come from a broadcast source.
And sure enough, there is was…
Sometimes the names of the contents of an entire folder was posted, other times nothing was sent. I couldn’t determine what rules controlled this.
I think it’s important to point out that the URL that the data is being POSTed to doesn’t in fact exist, you can see this from the HTTP 404 response in the next response from LG’s server after the ACK.
However, despite being missing at the moment, this collection URL could be implemented by LG on their server tomorrow, enabling them to start transparently collecting detailed information on what media files you have stored.
It would easily be possible to infer the presence of adult content or files that had been downloaded from file sharing sites. My wife was shocked to see our children’s names being transmitted in the name of a Christmas video file that we had watched from USB.
So what does LG have to say about this? I approached them and asked them to comment on data collection, profiling of their customers, collection of usage information and mandatory embedded advertising on products that their customers had paid for. Their response to this was as follows:
Good MorningThank you for your e-mail.Further to our previous email to yourself, we have escalated the issues you reported to LG’s UK Head Office.The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. We understand you feel you should have been made aware of these T’s and C’s at the point of sale, and for obvious reasons LG are unable to pass comment on their actions.We apologise for any inconvenience this may cause you. If you have any further questions please do not hesitate to contact us again.Kind RegardsTomLG Electronics UK Helpdesk
Tel: 0844 847 5454
Fax: 01480 274 000
Email: firstname.lastname@example.orgUK: [premium rate number removed] Ireland: 0818 27 6954
Mon-Fri 9am to 8pm Sat 9am-6pmSunday 11am – 5pm
I haven’t asked them about leaking of USB filenames due to the “deal with it” nature of the above response but I have no real expectation that their response would be any different.
The WHOAMI command enumerates SIDs, Groups and privileges. For a hacker, it can enumerate groups and privileges from the command line of the current user.
Step1 – run the command prompt with admin rights
Start > all programs > accessories > cmd (black tv icon)
Right click on CMD > run as admin
Step 2 – whoami
On it’s own the workgroup or domain will be displayed.
Step 3 – whoami /user
Notice the information is USER then SID.
A RID of 1001, tells us this is a user, not an Administrator.
A RID of 500 is the local Administrator.
A RID of 512 is Domain Admins
A RID of 518 is Schema Admins
A RID of 519 is Enterprise Domain Admins (*YAY*)
Step 4 – whoami /groups
Here groups are enumerated.
The SID is 32 – 544.
32 = BUILTIN and 544 = Administrators group.
So this is a powerful group membership.
Step 5 – whoami /priv
If we need to add privileges to the user account, we use ntrights.
ntrights -u smile +r SeSecurityPrivilege
This means that the user Smile can now control and delete security logs.
Step 6 - whoami /all
A one hit command to get all of the above information.
If the user doesn’t have the privileges you need to shutdown auditing, then assign them the privileges with ntrights. THEN shutdown auditing.
Step 7 – Eventlog codes
If you shutdown auditing it will appear as event code 517 in the event viewer. That would tell the SysAdmin, that you’ve shut down all his hard work
Event 517 is logged whenever the Security log is cleared, REGARDLESS of the status of the Audit System Events audit policy.
The Primary User Name and Client User Name fields will identify the user who cleared the log. Primary User Name will correspond to the system, and Client user name will indicate the user who cleared the log.
A second free VPN service has been launched. Here’s a visual guide to setting up OpenVPN.
1. FreeVPN.me – OpenVPN Bundle
OpenVPN is much safer than PPTP, which has known security risks. The current freevpn.me password is:
Step 2 – Install OpenVPN (it’s free)
To Install OpenVPN – takes 2 or 3 minutes to install
1) Download the OpenVPN software from http://openvpn.net/index.php/open-source/downloads.html. You need the “Windows Installer”.
2) Once the file is downloaded, right click the file to start the install process, then “Run as administrator“. Note for Vista and Win 7 users, you need to install OpenVPN as administrator.
3) Click “Next” and then agree to the Terms of Service.
4 ) You’ll see “License Agreement”
5) Have all components selected (make sure all have checkmarks) and the click “Next“.
6) Choose install path – this will be c:\ProgramFiles\OpenVPN
Now click “Install“.
In the security window that pops up select “Install“.
8) Installation Complete Screen.
9) Click “Finish“.
Step 3 – Download the freevpn.me openvpn bundle
STEP 4 – Copy the .ovpn files to c:\ProgramFiles\OpenVPN\config
Extract the files to c:\ProgramFiles\OpenVPN\config or copy them to this directory.
*.opvn = OpenVPN config file.
You can open this with NOTEPAD to read it. It will state AES 128 (not AES256) as on the freevpn.me website. Freevpn.me are in beta testing, and it’s likely they will increase security to AES 256 later on.
*.CRT = Security Certificate.
Step 5 – Connect to OpenVPN.
5) Right click on the OpenVPN icon in the system tray (lower right hand corner of your screen), and select “Connect” from the menu.
There are 2 connection options – TCP and UDP. The difference is this:
UDP = Connectionless, faster, but less reliable
TCP = Connection Orientated, slower – but very stable.
The Common web port 80 is often open, and port 443 is encrypted SSL web traffic. These 2 TCP ports will normally be open in colleges or workplaces. If your workplace has blocked TCP port 80, try port 443.
6) Enter your freevpn.me user name and password into OpenVPN.
Step 7 – To Test that you’re running on a Romanian IP – and get a pretty Romanian Flag
Click on this link: www.dnsleaktest.com
That was easy, right?
Where to find the OpenVPN icons…to launch it next time.
- Right click the desktop icon and select “Run as Administrator”.
- System tray (on the bottom, by the clock). Right click the icon, vpnbook-udp53, connect.
- Start > All Programs > OpenVPN > OpenVPN icon (2 terminals and a planet Earth icon)
- Notice the colour of the terminals. Red terminals = not logged on. Yellow terminals = awaiting passwords. Green terminals = connected and working okay.
Why is OpenVPN Recommended compared to VPN’s in Windows 7?
- * Faster VPN
- * More Secure VPN
- * Stops DNS Leaks from Windows operating System
- * Bypasses all Firewall restrictions
- * Bypasses government restrictions
- * It’s bulletproof