Wikileaks Releases German Spyware That Governments Used To Hack Journalists And Dissidents

Posted 12 hours ago by  

As part of its ongoing Spyfiles series of posts, Wikileaks has released the back and front-end systems used by multiple governments to spy on journalists, dissidents, and others. The files appear to be weaponized Windows malware although the software, called FinFisher, also works on OS X.

From the post:

FinFisher (formerly part of the UK based Gamma Group International until late 2013) is a German company that produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices. FinFisher first came to public attention in December 2011 when WikiLeaks published documents detailing their products and business in the first SpyFiles release.

Three back-end programs route and manage traffic which is sent to FinSpy Master, a collection program. The system can steal keystrokes, Skype conversations, and even watch you via your webcam.

While there is no definitive proof that any one organization is using the software, a list ofFinFisher customers leaked as well shows us that Pakistan, Estonia, and Italy (among others) have bought the service.

Wikileaks’ Julian Assange hopes the malware will allow researchers to pinpoint and destroy the command and control structure in the wild and help prevent the software from infecting new users.

Shill of the week!  Watch this idiot here: then watch the proof here:

Shill of the week!  Watch this idiot here: then watch the proof here:

FBI launches national facial recognition system

Posted: Sep 15, 2014 8:12 AM PDT
Updated: Sep 15, 2014 8:13 AM PDT

The Federal Bureau of Investigation has fully rolled out a new biometric identification system that includes facial recognition technology.

The FBI, working with the Criminal Justice Information Services Division, says the Next Generation Identification System is now fully operational.

The system is designed to expand biometric identification capabilities across the country and eventually replace the FBI’s current fingerprint system.

The system includes two new databases.

One, called Rap Back, enables FBI authorized entities the ability to receive ongoing status notifications of any criminal history reported on specific individuals. The bureau says that it will help law enforcement agencies, probation and parole offices, and others greatly improve their effectiveness by being advised of subsequent criminal activity of persons under investigation or supervision.

The second is called the Interstate Photo System. IPS facial recognition service will provide law enforcement agencies across the country an image-searching capability of photographs associated with criminal identities. The Feds say it is a significant step forward for the criminal justice community in utilizing biometrics as an investigative tool.

This latest phase ois only one portion of the FBI’s NGI System. Since phase one was deployed in February 2011, the NGI system has introduced enhanced automated fingerprint and latent search capabilities, mobile fingerprint identification, and electronic image storage.

More than 18,000 law enforcement agencies and other authorized criminal justice partners across the country will have access to the system 24 hours a day, 365 days a year.

Ecuador To Adopt Digital Currency

Car Hack: Key-less vehicles theft on rise in London

Rogue ‘Cell Towers’ Can Intercept Your Data; At Least One Found In Chicago

Here are locations of reported cell phone interceptor devices as reported to EDS America.

By John Dodge

CHICAGO (CBS) — So-called rogue cell phone towers, the type that can intercept your mobile calls and data, are cropping up all over the United States, including here in Chicago, according to a company that specializes in developing highly secure mobile phones.

More cell phone users, who fear their information could be at risk, are turning to high-end secure mobile devices. As a result, it is become easier for them to detect the presence of these interceptor devices.

A user gets an alert that a "cell tower" nearby may be a threat. (Credit: ESD)

A user gets an alert that a “cell tower” nearby may be a threat. (Credit: ESD)

The origin of these devices that disguise themselves as cell phone towers is not known.

CBS 2 security analyst Ross Rice, a former FBI agent, said it’s likely being used illegally.

“I doubt that they are installed by law enforcement as they require a warrant to intercept conversations or data and since the cell providers are ordered by the court to cooperate with the intercept, there really would be no need for this,” Rice said.

“Most likely, they are installed and operated by hackers, trying to steal personal identification and passwords.”

Les Goldsmith, the CEO of ESD America, which makes secure cell phones, said law enforcement, with a warrant, can use interceptor devices if they need information in real time, or if they don’t want a cellular network to know what they are tracking.

These devices don’t look like a tower, but are rather electronic boxes and laptops that trick a regular phone that it’s part of an actual cellular network.

How did ESD customers discover these interceptor devices?

ESD America’s cellphones protect users data, phone calls and text. The phone looks like a typical Android phone, but the inside includes encryption algorithms developed by a German company, GSMK, that protects the phone from intercepts.

ESD has asked them to report when their devices detect a threat.

As a result, the company recently published a map showing 19 such eavesdropping devices across the country, including at least one in Chicago.

ESD says it is able to verify each customer’s report.

ESD says on its Facebook page that there are likely many, many more so-called “phony towers.”

“The more phones we have out there, the more we will see,” said Goldsmith.

The company’s top of the line GSMK Cryptophone, the CP500, has a firewall that constantly monitors all activity on the phone.

The ESD Cryptophone 500. (Credit: ESD America)

The ESD Cryptophone 500. (Credit: ESD America)

When a user gets an alert that a cell tower has no neighboring towers–legitimate towers from phone companies form a network–it indicates the “cell tower” is potentially a danger to the user’s security.

(Credit: ESD America)

(Credit: ESD America)

ESD can only rely on location information of the reported interceptors based on the user’s report. In the case of the Chicago interceptor, the user simply reported it as near the airport, but didn’t specify whether it was Midway or O’Hare.

The top of the line ESD phone costs around $3,500. Goldsmith said they do a lot of business with governments, but are selling more privately, including about 200 units today alone.

Obama administration says the world’s servers are ours

US says global reach needed to gut “fraudsters,” “hackers,” and “drug dealers.”

by  - July 14 2014, 11:12am PDTby  - July 14 2014, 11:12am PDT

Microsoft, Sandyford, Co. Dublin

Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland.

In essence, President Barack Obama’s administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It’s a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border.

A magistrate judge has already sided with the government’s position, ruling in April that “the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.” Microsoft appealed to a federal judge, and the case is set to be heard on July 31.

In its briefs filed last week, the US government said that content stored online doesn’t enjoy the same type of Fourth Amendment protections as data stored in the physical world. The governmentcited (PDF) the Stored Communications Act (SCA), a President Ronald Reagan-era regulation:

Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production. The disclosure of records under such circumstances has never been considered tantamount to a physical search under Fourth Amendment principles, and Microsoft is mistaken to argue that the SCA provides for an overseas search here. As there is no overseas search or seizure, Microsoft’s reliance on principles of extra-territoriality and comity falls wide of the mark.

Microsoft said the decision has wide-ranging, global implications. “Congress has not authorized the issuance of warrants that reach outside US territory,” Microsoft’s attorneys wrote. “The government cannot seek and a court cannot issue a warrant allowing federal agents to break down the doors of Microsoft’s Dublin facility.”

The Redmond, Washington-based company said its consumer trust is low in the wake of the Edward Snowden revelations. It told the US judge presiding over the case that “[t]he government’s position in this case further erodes that trust and will ultimately erode the leadership of US technologies in the global market.”

Companies like Apple, AT&T, Cisco, and Verizon agree. Verizon said (PDF) that a decision favoring the US would produce “dramatic conflict with foreign data protection laws.” Apple and Ciscosaid (PDF) that the tech sector is put “at risk” of being sanctioned by foreign governments and that the US should seek cooperation with foreign nations via treaties, a position the US said is not practical.

The Justice Department said global jurisdiction is necessary in an age when “electronic communications are used extensively by criminals of all types in the United States and abroad, from fraudsters to hackers to drug dealers, in furtherance of violations of US law.”

The e-mail the US authorities are seeking from Microsoft concerns a drug-trafficking investigation. Microsoft often stores e-mail on servers closest to the account holder.

The senior counsel for the Irish Supreme Court wrote in a recent filing that a US-Ireland “Mutual Legal Assistance Treaty” was the "efficient" avenue (PDF) for the US government to obtain the e-mail held on Microsoft’s external servers.

Orin Kerr, a Fourth Amendment expert at George Washington University, said, “The scope of the privacy laws around the world is now a very important question, and this is the beginning of what may be a lot of litigation on the question. So it’s a big case to watch.”

Is James Holmes aka “The Batman Shooter” lawyer/family rep.. also happen to be on the Sandy Hook school board?  Hmm.. inquiring minds want to know!

Is James Holmes aka “The Batman Shooter” lawyer/family rep.. also happen to be on the Sandy Hook school board?  Hmm.. inquiring minds want to know!

Android-based Pwn Phone is prepared to do evil for your network’s own good

Hands on: Pwnie Express takes Ars through its new Android phone for white hat hackers.

The Pwn Phone, with its external Wi-Fi adaptor case jacked into its USB port, is prepared to do evil for your network’s own good.

Mobile technology has made it possible for people to do an amazing amount with tablets and smartphones within the workplace—including hacking the living daylights out of the corporate network and other people’s devices. Pwnie Express is preparing to release a tool that will do just that. Its Pwn Phone aims to help IT departments and security professionals quickly get a handle on how vulnerable their networks are in an instant. All someone needs to do is walk around the office with a smartphone.

Pwnie Express’ Kevin Reilly gave Ars a personal walk-through of the latest Pwn Phone, the second generation of the company’s mobile penetration testing platform. While the 2012 first-generation Pwn Phone was based on the Nokia N900 and its Maemo 5 Linux-based operating system, the new phone is based on LG Nexus 5 phone hardware. However, it doesn’t exactly use Google’s vanilla Android.

“What we’ve done is taken Android 4.4 Kit Kat and recompiled the kernel,” said Reilly. “On the backend, it runs our own derivative of Kali Linux, called Pwnix. Essentially it’s running a full-blown Debian OS on the back-end of Android.“

One of the benefits of the recompiled Android kernel is that the Pwn Phone can act as a USB host, just as PCs do. That makes it possible for the Pwn Phone to use external USB adaptors for Wi-Fi, Bluetooth, and Ethernet in addition to its built-in Wi-Fi and Bluetooth adapters. The external adapters for Wi-Fi and Bluetooth extend the Pwn Phone’s attack range and capabilities, and the Ethernet adaptor allows the device to jack straight into a facility’s local wired network for additional attacks.

The result is that the Pwn Phone can handle most of the functions of bulkier, less easily concealed security testing tools at a fraction of the weight—and with even less of the potential suspicion. This new generation of the Pwn Phone (and its larger cousin, the Pwn Pad) also makes it a whole lot easier for people without a great deal of penetration testing experience to quickly get up to speed and dig into potential vulnerabilities. Using the new Pwn devices can quickly convince you that it’s important to turn Wi-Fi off on your phone when you’re in a public place.

The Pwn Phone comes with a total of 103 network monitoring and attack tools loaded, 26 of which have been configured for launch by touch from the device’s home screen. While all the tools run in a terminal window and have a character-based interface upon launch, some of the 26 touch-optimized tools require just one touch to execute. Others have been given menu-driven interfaces to reduce the amount of thumb-typing required to launch them effectively.

One of those “one-touch” penetration testing tools is EvilAP, a tool for creating a “malicious” Wi-Fi access point that can detect and respond to the Wi-Fi probe requests sent by devices as they look for previously used wireless access points. EvilAP can use the phone’s wireless broadband connection or another network to then pass through network requests while the phone’s user launches other attacks on the traffic. (These can include SSL Strip “man-in-the-middle” attacks against secure Web sessions.)

Enlarge / SSL Strip running on the Pwn Phone.

Other tools in the touch collection include: the network mapping tool Nmap; Strings Watch (a tool that watches for text within packets); the Tshark and Tcpdump packet analysis tools; the Metasploit and dSploit penetration testing toolkits; and the Kismet and Airodump wireless network monitoring tools.

Of course, if you’d rather not do any thumb typing at all while wandering around a targeted area for stealth purposes, a good portion of Pwn Phone’s functionality can be controlled remotely. Just as with Pwnie Express’ other penetration hardware, the Pwn Phone can be configured using Web-based administration tools over one of the six covert channels provided in the phone’s toolset to connect through the network being tested or through its wireless broadband connection. And a remote terminal session to the phone can be opened via a reverse-SSH connection back to a PC. That means security surveys can be done without the Pwn Phone-carrying foot soldier ever pulling the phone out of his or her pocket. A remote security pro can even handle the whole show without leaving home.

Data collected by the tools—such as logs for packet captures from Tshark (the text-based version of the WireShark packet capture tool) and captured text from the Strings Watch packet monitoring tool—are stored in the phone’s 32 gigabytes of local storage. If you need to make all the data go away quickly, there’s a one-touch application that restores the phone to factory settings. It’ll wipe away any sign that the phone might have been up to no good.

These are all capabilities that Pwnie Express already offers in a slightly larger form factor: the Pwn Pad 2014, based on Google’s Nexus 7 tablet and Android 4.2 (“Jelly Bean”). The only real difference between the Pwn Phone and the Pwn Pad is form factor and price. The Pwn Phone will sell for around $1,295, while the Pwn Pad is priced at $1,095. Of course, if you’d rather piece together your own Pwn Phone on an existing Nexus 5, there will eventually be a community version of the software available for download.

Google files patent for smart contact lenses with tiny camera: What you should know

Google Smart Lense

Google is looking to continue its advances in wearable tech, with their announcement of a patent pending for contact lenses that can help the vision-impaired.
(Photo : Google)

Google is continuing to push forward on the wearable technology, announcing it has filed a patent for contact lenses that have a tiny camera on them, making Google Glass seemingly appear archaic even before its general public launch later this year. Having a camera on your eye may not be a thing of science fiction and Google believes it can take the world there.

The company says it has a patent pending for what would see contact lenses with a small camera and sensors placed into the lens that could be controlled simply by blinking. This, Google believes, would assist the blind in managing their daily lives as well as allow those who can see to take pictures by just looking at what they want to record.

Don’t get your hopes up just yet, as the patent pending is still only a hypothetical future tech, with the patent taking from the controversial Google Glass head wear and the company’s tear-scanning contact lenses.

The idea driving the future contact lenses is the blind and vision-impaired. The company hopes that the lenses can assist them in crossing roads and managing blockages in their path by sending signals to an accompanying smartphone that warns of pending problems.

Although Google had submitted the patent in 2012, the company only revealed the new technology idea on April 15 as its Glass was being given a one-day sale across the country and continues to change public perception of the glasses which have sparked attacks and isolation for those wearing them.

The proposed lenses could enable those not vision-impaired the opportunity to view the world in a completely different manner, changing focus and using a wider view of the world, all through blinking and thinking.

Like Google Glass, the new contact lenses could provide even more turmoil in the realm of privacy, with those who have attacked Glass as infringing on one’s right to privacy - Glass users can take video and images through simple voice commands - coming out in full forced against the proposed lenses. It could continue to create major schisms in the public over Google and its future-thinking technologies.

Even still, the techies across the globe are likely whetting their appetites for a new, vastly futuristic product that could continue to change the technology that we could one day be wearing on our heads, or in our eyes.

Responsive Web Design: A Quick Overview

What is Responsive Web Design?

The term, “Responsive” and “Adaptive” have been thrown around quite a bit this past year as it has become that “catch phrase” everyone uses, but very few seem to understand.  I am writing this in hopes that everyone here at BWA once and for all understand what responsive sites are, and why they are the new “Standard” in HTML web development.

You can create a flexible website that fits beautifully on any device, rather than having to create and maintain separate versions for each device.”

Within the field of Web Design/Development, we’re quickly getting to the point of being unable to keep up with the endless new resolutions and devices being offered by new consumer electronics products.  When in the past as web developers we were only responsible for developing for 1 form factor.  That being the desktop.  As time went on with the release of mobile browsers the requests for a “mobile ready” website became the standard.  During the first generation of devices, back when we were only dealing with 2-3 different mobile devices it made sense to just design a completely different site and style sheet for the mobile phone.  But over time more devices came to market, the resolutions became more varied and more complex.  Standards are set by device adaption rates.  So it took time before new standards in resolutions and display qualities to be set by the market.  Eventually with a saturation of new devices, the old way of doing a mobile site became unrealistic because you would essentially be a designing and building 5 separate sites which wouldn’t necessarily guarantee that your site would render correctly on future devices released.

in order to counter the lack of control we have with handset manufactures and standards bodies themselves it was in the best interest of the industry to develop a new way of developing mobile ready websites.  “Responsive” frameworks such as Twitter’s Bootstrap were released to the public for developers to utilize in future web development.

The Concept of Responsive Web Design

"Recently, an emergent discipline called “responsive architecture” has begun asking how physical spaces can respond to the presence of people passing through them. Through a combination of embedded robotics and tensile materials, architects are experimenting with art installations and wall structures that bend, flex, and expand as crowds approach them. Motion sensors can be paired with climate control systems to adjust a room’s temperature and ambient lighting as it fills with people. Companies have already produced “smart glass technology” that can automatically become opaque when a room’s occupants reach a certain density threshold, giving them an additional layer of privacy.” -

Websites that “Bend, Flex, and expand as crowds approach them”

Unlike in the past where we created Pixel Perfect representations of a website from a photoshop compilation the new way of doing things is to keep things “Fluid”.  Rigid constraints in your designs are not advised.  We have seen this influence cascade over a lot of the new websites out there.  Sites today need to be creatively designed to bend and flex to unforeseen future devices that have yet to be released to the market, but will obviously be used in the future to render sites on.  Today in web development and design we not only have to contend with the limitations of the desktop browser, but also ensure that the site will render in a readable manner for devices that range from Television browser, mini-tablets, full-size tablets, E-Readers, Phablets, and Mobile phones.

Responsiveness Starts at the Design Stage, not the Development Stage

It’s unfair to require developers to try and adapt non-responsive designs into a responsive website.  Therefore its very important that companies start to introduce “Developer Driven Design” into their creative work flows.  A designer can no longer just get by with design, they have to understand the technology building their designs in order to correctly design for that technology.  For example, it would be unfair to ask a designer to mock up an iPhone app, and then expect a developer to turn it into a working Android app that looks the same.  This just is impossible to do if doing the process backwards.  Designers need to understand how Responsive sites work, and why they are the way they are.  That way expectations aren’t set that are unrealistic for responsive website development.

It is important that these new “Responsive Concepts” are thought of from the beginning of the creative process and carried through to the development stage.  Developers like myself expect to receive “Responsive designs” from creative.  Sure we can work our magic at times to adapt certain non-responsive designs into a responsive format, but we are limited by the capabilities of all the moving parts!  The CMS down the version of jQuery being used can regretfully have very strict requirements that prohibit the seamless adaption of non-responsive designs into responsive designs.  It is vitally important that everyone come to the same conclusions when asked to define what “Responsive” actually means, and is.  Otherwise, miscommunication will continue to plague us as we move forward.

Responsive versus Native WebApp, and Native App

Responsive Websites are defined as HTML5/CSS/Javascript built sites that are accessible through a standard HTTP browser.

Native WebApps are defined as being an HTML5/CSS/Javascript app built using a mobile application framework such as PhoneGap which compiles browser based web technologies into a native application package that can be distributed through an AppStore, but also can be accessed via browser.  More or less, you have two front-ends that are using a common API and backend.

Native Apps are defined as being mobile applications built in either Android Java or Apple’s Objective C.  These applications execute faster on mobile devices because their is a layer of abstraction taken out of the equation.

We can Mash it Up!

Responsive sits, Native WebApps, and Native Apps can all co-exist together because they can be all submitting and saving data to a common database through a common API.  However, it needs to be understood that you are literally deploying two completely different technologies when doing so.  1 being web based scripting languages like HTML/CSS/Javascript, and the other being proprietary versions of Java and Objective C.

Going Forward

There have been 200+ page books solely devoted to the concept of “Responsive Web Design” so its really impossible for me to cover every aspect of this in one email.  However, the only way to really learn this is to read, and learn it.  So I have included a couple links below that give very detailed and also not-so detailed summaries of what Responsive is.

Resources to be read and understood by all!

Smashing Magazine’s Guidelines for Responsive Web Design -

A List Apart’s Write up on Responsive Web Design

Why 2013 Is The Year of Responsive Web Design

Beginner’s Guide to Responsive Web Design

Why User Responsive Web Design? - Video

This is my brain on Technology and Politics. The two things that make our world go around!

view archive

About Us

Ask me anything