As Nepal steps up efforts to hold polls to local government bodies on May 14 in the face of opposition from the Madhesi Morcha, China has become the first country to offer assistance for the elections.India, which has been pushing for all stakeholders to join the electoral process, is still silent on offering any kind of assistance despite several requests from the Nepalese side.
Besides monetary support of nine million Yuan announced during Prime Minister Pushpa Kamal Dahal’s recent visit to China, a tranche of election-related materials arrived in Kathmandu from Beijing on Monday.
Chinese ambassador Yu Hong handed over election-related materials, including pens, stamp pads, rubber stamps, calculators, scales, punching machines and table watches, during a function in Kathmandu.
Nepal has also purchased 30,000 ballot boxes from China that are set to arrive in Kathmandu in a day or two, the Election Commission of Nepal said.
The Election Commission said it requires 67 types of election-related materials to conduct the polls. It identified India, China and the UNDP as major sources for these items.
“Nepal had requested for around 1,000 vehicles of various types from India but we are not sure whether we are getting them or not,” said a senior Nepal government official who did not want to be named.
According to officials, the election commission had requested India to provide vehicles and the special ink used to mark the fingers of voters after they cast their ballots. It had sought 11 cars, 35 double cabin pick-up vans, a mini bus, a micro bus, 30 motorcycles and seven scooters.
Officials of the election commission and the home ministry said there had been no confirmation from India on whether it would provide the assistance sought by Nepal.
During the second Constituent Assembly elections in 2013, India had provided 750 vehicles and other election-related materials.
Spanish police have arrested a Russian programmer following US allegations of large-scale hacking.
Pyotr Levashov was held in Barcelona on Friday and is remanded in custody.
Spanish police said Mr Levashov controlled a botnet called Kelihos, hacking information and installing malicious software in hundreds of thousands of computers.
The arrest was part of a “complex inquiry carried out in collaboration with the FBI”, police said.
Mr Levashov is subject to a US international arrest warrant and a Spanish court will hear whether he can be extradited.
Much of his alleged activity involved ransomware – blocking a computer’s access to certain information and demanding a ransom for its release.
Mr Levashov’s wife Maria told Russian broadcaster RT that the arrest had been made in connection with allegations that Russians had hacked the US presidential election.
She said Spanish police had told her the arrest was in connection with “a virus which appears to have been created by my husband and is linked to [Donald] Trump’s victory”.
However, Agence France-Presse news agency quoted a source close to the matter in Washington as saying that Mr Levashov’s detention was “not tied to anything involving allegations of Russian interference with the US election”.
A US intelligence report released in January alleged that Vladimir Putin had tried to help Mr Trump to victory, allegations strongly denied the Russian president.
Mr Trump later commented that the outcome of the election had not been affected.
The U.S. Securities and Exchange Commission on Tuesday denied for the second time this month a request to bring to market a first-of-its-kind product tracking bitcoin, the digital currency.
The SEC announced in a filing its decision denying Intercontinental Exchange Inc’s NYSE Arca exchange the ability to list and trade the SolidX Bitcoin Trust, an exchange-traded product (ETP) that would trade like a stock and track the digital asset’s price. Previously, the regulatory agency said it had concerns with a similar proposal by investors Cameron Winklevoss and Tyler Winklevoss.
“The Commission believes that the significant markets for bitcoin are unregulated,” the SEC said in its filing, echoing language from its decision earlier this month on the application by CBOE Holdings Inc’s Bats exchange to list The Bitcoin ETF proposed by the Winklevoss brothers. On Friday, Bats asked the SEC to review its decision not to allow that fund to trade.
“We are reviewing the SEC’s order and evaluating our next steps,” said Daniel H. Gallancy, chief executive officer of SolidX Partners Inc, a U.S. technology company that provides blockchain services. NYSE did not immediately respond to a request for comment.
Bitcoin had scaled to a record of more than $1,300 this month, higher than the price of an ounce of gold, as investors speculated that an ETF holding the digital currency could woo more people into buying the asset.
But after denial of the Winklevoss-proposed ETF, the digital currency’s price plunged as much as 18 percent. It has rebounded partially since then and was at $1,041 on Tuesday, roughly unchanged from the previous day.
Bitcoin is a virtual currency that can be used to move money around the world quickly and with relative anonymity, without the need for a central authority, such as a bank or government.
Yet bitcoin presents a new set of risks to investors given its limited adoption, a number of massive cybersecurity breaches affecting bitcoin owners and the lack of consistent treatment of the assets by governments.
There is one remaining bitcoin ETP proposal awaiting a verdict from the SEC. Grayscale Investments LLC’s Bitcoin Investment Trust, backed by early bitcoin advocate Barry Silbert and his Digital Currency Group, filed an application last year.
(Reporting by Trevor Hunnicutt; Additional reporting by Gertrude Chavez-Dreyfuss; Editing by David Gregorio and Cynthia Osterman)
The U.S. government has not figured out how to deter the Russians from meddling in democratic processes, and stopping their interference in elections, both here and in Europe, is a pressing problem, the top civilian leader of the National Security Agency said.The NSA was among the intelligence agencies that concluded that Russian President Vladimir Putin ordered a cyber-enabled influence campaign in 2016 aimed at undermining confidence in the election, harming Democratic nominee Hillary Clinton and helping elect GOP nominee Donald Trump.“This is a challenge to the foundations of our democracy,” said NSA Deputy Director Richard Ledgett, 58, who is retiring at the end of April, in an interview at Fort Meade, Md., the agency’s headquarters. “It’s the sanctity of our process, of evaluating and looking at candidates, and having accurate information about the candidates. So the idea that another nation-state is [interfering with that] is a pretty big deal and something we need to figure out. How do we counter that? How do we identify that it’s happening — in real-time as opposed to after the fact? And what do we do as a nation to make it stop?”The lack of answers, he said, “as an American citizen . . . gives me a lot of heartburn.”
Ledgett, known as a straight-shooting, unflappable intelligence professional, began his NSA career in 1988 teaching cryptanalysis — how to crack codes — and rose to become the agency’s top civilian leader . The NSA, with 35,000 civilian and military employees, gathers intelligence on foreign targets overseas through wiretaps and increasingly by cyberhacking. Its other mission is to secure the government computers that handle classified information and other data critical to military and intelligence activities.
Asked whether the NSA had any inkling that the Kremlin was going to orchestrate the release of hacked Democratic National Committee emails last July, he demurred. “I actually don’t want to talk about that.”
At the same time, he said, what Moscow did was “no strategic surprise.” Rather, “what may have been a tactical surprise was that they would do it the way they did.”
Campaigns of propaganda and disinformation, dating back to the Soviet Union, have long been a staple of the Kremlin’s foreign policy. Now, however, it is making effective use of its hacking prowess to weaponize information and combine it with its influence operations, or what intelligence officials call “active measures.”
“In general, if you’re responding to nation-state actions like that, you have to find out what are the levers that will move the nation-state actors and are you able and willing to pull those levers?” said Ledgett when asked how the United States should respond.
The Obama administration slapped economic sanctions on two Russian spy agencies involved in hacking the DNC, three companies believed to have provided support for government cyber operations, and four Russian cyber officials. The administration also ordered 35 Russian operatives to leave the United States and shut down Russian-owned facilities on Maryland’s Eastern Shore and on Long Island believed to have been used for intelligence purposes.
Yet, intelligence officials including NSA Director Michael S. Rogers and FBI Director James B. Comey said on Monday that they believe Moscow will strike again — in 2020, if not in 2018.
So should the government mull other options, such as hacking Russian officials’ emails or financial records and releasing them in a bid to embarrass or show corruption? “I think every element of national power is something we should consider,” he said. “That would probably fall under something like a covert action. But if that’s the right answer, that’s the right answer.”
Ledgett is probably most well-known for leading the agency task force that handled the fallout from the leaks of classified information by former NSA contractor Edward Snowden in 2013. The disclosures prompted a national and global debate about the proper scope of government surveillance and led Congress to pass some reforms, including the outlawing of bulk collection of Americans’ phone metadata.
But the disclosures also caused great upheaval in NSA’s collection efforts, hurt morale, and damaged relations with allies and with tech firms that enable court-ordered surveillance, Ledgett said. “It was a terrible time for the agency,” he said.
He oversaw the probe of the internal breach; relations with Congress, the White House, foreign governments and the press; and the effort to prevent a recurrence. “There was a bit of a narrative on the outside about this evil agency that hoovered up all the communications in the world and rooted through them for things that were interesting, and that wasn’t actually true.”
The operational hit was significant, he said. More than 1,000 foreign targets — whether a person or a group or an organization — altered or attempted to alter their means of communications as a result of the disclosures, he said. They “tried with varying degrees of success to remove themselves from our ability to see what they were doing,” he said.
The agency, which has some 200 stations worldwide, reworked capabilities including virtually all of its hacking tools. “In some cases, we had to do things very differently” to gather the same foreign intelligence as before.
Military, defense and security at home and abroad.
Raj De, a former NSA general counsel, said Ledgett was relied on heavily by both Rogers and Rogers’s predecessor, Keith B. Alexander. “He has really been a source of steadiness for the agency,” said De, now head of the Cybersecurity & Data Privacy practice at Mayer Brown, a global law firm. “What is particularly notable about Rick is his willingness to engage with all types of people, to keep an open mind.”
In December 2013, Alexander, when he was the NSA director, said that Snowden should be given no amnesty. But Ledgett told CBS’s “60 Minutes” then that “my personal view is yes, it’s worth having a conversation about.”
In his interview earlier this week, however, he said what he meant was that by engaging Snowden in conversation, the agency might have been able to learn what material had not been released and where it was.
Today, he said, there is no longer any need to talk to Snowden. “He’s past his usefulness to us.” Snowden, who is living in Moscow under a grant of asylum, has been charged with violating the Espionage Act, and Ledgett said he should not be pardoned. “I’ve always been of the idea that ‘Hey, I think he needs to face the music for what he did.’ ”
President Donald Trump has had a lot on his plate in recent weeks — defending his administration from news of a criminal investigation by the FBI for alleged Russia collusion, rallying support for a controversial health care bill.
Somehow amid all that, the president, or his lawyers acting on their own, decided to go after a teenage girl from San Francisco, the Hollywood Reporter said.
Apparently, America’s commander in chief took issue with the girl’s website Kittenfeed.com. Originally called Trumpscratch.com, the site allows users to punch an animated image of Trump’s face with tiny kitten paws. It comes with the tagline: “Trump seems very tough at first but he gets weaker with every scratch.”
The girl, identified as “Lucy,” told the Observer that she developed the site, with its #Trumpcat hashtag, for fun while applying for web developer jobs. Little did she know that her site, which only drew 1700 visitors after its launch in February, had attracted the notice of the most important political leader on earth.
On March 1, she said she received a cease and desist letter from The Trump Organization. The letter claims her site infringed on the “internationally known and famous” Trump trademark.
After Lucy changed the domain name, she received another letter from the Trump Organization because her site linked to an anti-Trump shirt that is available for purchase on Amazon. Lucy told the Hollywood Reporter that she removed the link, and hasn’t heard anything from the campaign since.
Lucy is not alone in thinking that the president should have better things to with his time than to ask his lawyers to go after a teenager for creating a silly website.
“I really just want people to be aware that this is a president who’s clearly more concerned about what people think of him than doing things of substance,” she told the Hollywood Reporter.
However, she said she’s not surprised he might be so easily provoked by her site, given that he wages Twitter feuds with former California Gov. Arnold Schwarzenegger over ratings for his former reality TV show “Celebrity Apprentice.”
“Literally all my site is, is punching him with kitten paws,” she said. “A president should not have the time or care to hire people to shut sites like mine down. He should be running the country, not tweeting about TV ratings or anything else like that.”
Not surprisingly, the moves by Trump’s lawyers have had the opposite effect of their intention. After the Observer originally published its report on Tuesday, the site’s visitors surged from 3,000 to 50,000.
However, the site was down on Wednesday, possibly from so many users trying to access it.
The lesson here is that Trump may talk a tough game as president, but he and his tough, high-priced attorneys are no match for animated kittens.
This afternoon in London England there was another ‘terrorist incident’, this time just outside the entrance to their Parliament Building. The last I heard before I started this commentary there are four dead and about 20 wounded. One of the dead is the attacker, another is a Police Officer. The other two dead people were killed by being driven over by the attacker. What a typical example of ones hate being forced upon others lives. Folks, when a person chooses to murder someone, do you think they are doing this because they are ‘happy’ with the one they decide to kill? I tend to think, no, how about you? Killing other people, outside of contract obligations such as when you are in your Nation’s Military, or in the case of self-defence, murder is usually done through or because of hate. So, today the actions of one man ended the lives of three others and harmed and scarred many others. One man’s actions caused a lot of chain reactions not just in heroic goodness of some, but in the actions of the Press there in London informing we the people of the events, step by step. Yes they did a rather good job of informing me of the steps that (England’s) has in place that security protocol is designed to function within. In this case a person filled with hate could best figure out where to form a multi-tiered attack. Think of the pure hate concept of bringing an ambulance to a bomb or mass shooting location, filled with C-4 just so you can kill as many First Responders as you possibly can. Folks, this is not the way of a rational mind, nor of a God! It is not a mind filled with any form of morality, it is a mind filled with Evil, hate. When we humans decide to degrade other human beings to a ‘less than’ human status it becomes easier and easier to degrade, hurt or even kill them.
Friends this type of hate that we witnessed this afternoon in London is not just a hiccup in human history that we are living in, this is the reality for humans for ever more. Europe is being forced to deal with this hatred toward their own people and toward their own cultures. Here in the U.S. we have suffered several examples of hatred also toward our people and our chosen ways of life. Yet Europe and her people are a tender underbelly to a region full of hatred, for you and your way of life. I believe that the U.S. and all of the ‘America’s’ are just starting to see the damage caused by hatred. The olden days (our version of the good old days), they’re gone, they are not going to return, but why not? The answer is hatred folks. Hatred has a great helpmate which also causes so much heartache and that is ignorance. No one on this planet will ever have a totally unmonitored lifestyle again, nor will we ever be free of people hating you/us. Welcome to the new world everyone, the one filled with unending security measures brought on because of threats that are real or imagined. You see, fear caused by hatred can easily be duplicated in the one who fears as a way to grow into another hate filled, ignorant, Satan serving beast. A person who is hate filled creates and early grave for themselves and those around them, and a footstool in Hell.
American Citizens: U.S. Border Agents Can Search Your Cellphone
byCYNTHIA MCFADDEN, E.D. CAUCHI, WILLIAM M. ARKINandKEVIN MONAHAN
When Buffalo, New York couple Akram Shibly and Kelly McCormick returned to the U.S. from a trip to Toronto on Jan. 1, 2017, U.S. Customs & Border Protection officers held them for two hours, took their cellphones and demanded their passwords.
“It just felt like a gross violation of our rights,” said Shibly, a 23-year-old filmmaker born and raised in New York. But he and McCormick complied, and their phones were searched.
Three days later, they returned from another trip to Canada and were stopped again by CBP.
“One of the officers calls out to me and says, ‘Hey, give me your phone,'” recalled Shibly. “And I said, ‘No, because I already went through this.'”
The officer asked a second time.
Watch Cynthia McFadden on Nightly News for More
Within seconds, he was surrounded: one man held his legs, another squeezed his throat from behind. A third reached into his pocket, pulling out his phone. McCormick watched her boyfriend’s face turn red as the officer’s chokehold tightened.
Then they asked McCormick for her phone.
“I was not about to get tackled,” she said. She handed it over.
Shibly and McCormick’s experience is not unique. In 25 cases examined by NBC News, American citizens said that CBP officers at airports and border crossings demanded that they hand over their phones and their passwords, or unlock them.
The travelers came from across the nation, naturalized citizens and people born and raised on American soil. They traveled by plane and by car at different times through different states. Businessmen, couples, senior citizens, and families with young kids, questioned, searched, and detained for hours when they tried to enter or leave the U.S. None were on terror watchlists. One had a speeding ticket. Some were asked about their religion and their ethnic origins, and had the validity of their U.S. citizenship questioned
What most of them have in common — 23 of the 25 — is that they are Muslim, like Shibly, whose parents are from Syria.
Data provided by the Department of Homeland Security shows that searches of cellphones by border agents has exploded, growing fivefold in just one year, from fewer than 5,000 in 2015 to nearly 25,000 in 2016.
According to DHS officials, 2017 will be a blockbuster year. Five-thousand devices were searched in February alone, more than in all of 2015.
“That’s shocking,” said Mary Ellen Callahan, former chief privacy officer at the Department of Homeland Security. She wrote the rules and restrictions on how CBP should conduct electronic searches back in 2009. “That [increase] was clearly a conscious strategy, that’s not happenstance.”
“This really puts at risk both the security and liberty of the American people,” said Senator Ron Wyden, D-Oregon. “Law abiding Americans are being caught up in this digital dragnet.”
“This is just going to grow and grow and grow,” said Senator Wyden. “There’s tremendous potential for abuse here.”
What CBP agents call “detaining” cellphones didn’t start after Donald Trump’s election. The practice began a decade ago, late in the George W. Bush administration, but was highly focused on specific individuals.
The more aggressive tactics of the past two years, two senior intelligence officials told NBC News, were sparked by a string of domestic incidents in 2015 and 2016 in which the watch list system and the FBI failed to stop American citizens from conducting attacks. The searches also reflect new abilities to extract contact lists, travel patterns and other data from phones very quickly.
But the officials caution that rhetoric about a Muslim registry and ban during the presidential campaign also seems to have emboldened federal agents to act more forcefully.
“The shackles are off,” said Hugh Handeyside, a staff attorney with the ACLU’s National Security Project. “We see individual officers and perhaps supervisors as well pushing those limits, exceeding their authority and violating people’s rights.”
And multiple sources told NBC News that law enforcement and the Intelligence Community are exploiting a loophole to collect intelligence.
Under the Fourth Amendment, law enforcement needs at least reasonable suspicion if they want to search people or their possessions within the United States. But not at border crossings, and not at airport terminals.
“The Fourth Amendment, even for U.S. citizens, doesn’t apply at the border,” said Callahan. “That’s under case law that goes back 150 years.”
Customs and Border officers can search travelers without any level of suspicion. They have the legal authority to go through any object crossing the border within 100 miles, including smartphones and laptops. They have the right to take devices away from travelers for five days without providing justification. In the absence of probable cause, however, they have to give the devices back.
CBP also searches people on behalf of other federal law enforcement agencies, sending its findings back to partners in the DEA, FBI, Treasury and the National Counterterrorism Center, among others.
Callahan thinks that CBP’s spike in searches means it is exploiting the loophole “in order to get information they otherwise might hot have been able to.”
On January 31, an engineer from NASA’s Jet Propulsion Laboratory was pulled into additional screening upon his return to the U.S. after a two-week vacation in Chile. Despite being cleared by the Global Entry program, Sidd Bikkannavar received an “X” on his customs form. He is not Muslim, and he is not from any of the seven countries named in President Trump’s original “travel ban” executive order. Half his family comes from India but he was born and raised in California.
Bikkannavar was brought into a closed room and told to hand over his phone and passcode. He paid particular notice to the form CBP handed him which explained it had the right to copy the contents of the phone, and that the penalty for refusal was “detention.”
“I didn’t know if that meant detention of the phone or me and I didn’t want to find out,” said Bikkannavar. He tried to refuse but the officer repeatedly demanded the PIN. Eventually he acquiesced.
“Once they had that, they had everything,” Bikkannavar said. That access allowed CBP officers to review the backend of his social media accounts, work emails, call and text history, photos and other apps. He had expected security might physically search any travelers for potential weapons but accessing his digital data felt different. “Your whole digital life is on your phone.”
The officers disappeared with his phone and PIN. They returned 30 minutes later and let him go home.Sidd Bikkannavar poses for a portrait in 2014. Takashi Akaishi
CBP also regularly searches people leaving the country.
On February 9, Haisam Elsharkawi was stopped by security while trying to board his flight out of Los Angeles International Airport. He said that six Customs officers told him he was randomly selected. They demanded access to his phone and when he refused, Elsharkawi said they handcuffed him, locked him in the airport’s lower level and asked questions including how he became a citizen. Elsharkawi thought he knew his rights and demanded access to legal counsel.
“They said if I need a lawyer, then I must be guilty of something,” said Elsharkawi, and Egyptian-born Muslim and naturalized U.S. citizen. After four hours of questioning in detention, he unlocked his smartphone and, after a search, was eventually released. Elsharkawi said he intends to sue the Department of Homeland Security.
The current policy has not been updated since 2009. Jayson Ahern, who served in CBP under both Bush and Obama, signed off on the current policy. He said the electronic searches are supposed to be based on specific, articulable facts that raise security concerns. They are not meant to be random or routine or applied liberally to border crossers. “That’s reckless and that’s how you would lose the authority, never mind the policy.”
The Customs & Border Patrol policy manual says that electronic devices fall under the same extended search doctrine that allows them to scan bags in the typical security line.
“As the threat landscape changes, so does CBP,” a spokesperson told NBC News.
Since the policy was written in 2009, legal advocates argue, several court cases have set new precedents that could make some CBP electronic searches illegal.
Several former DHS officials pointed to a 2014 Supreme Court ruling in Riley v California that determined law enforcement needed a warrant to search electronic devices when a person is being arrested. The court ruled unanimously, and Chief Justice John Roberts wrote the opinion.
“Modern cellphones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans ‘the privacies of life,'” wrote Roberts. “The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought.”
Because that case happened outside of the border context, however, CBP lawyers have repeatedly asserted in court that the ruling does not apply to border searches.
For now a Department of Justice internal bulletin has instructed that, unless border officers have a search warrant, they need to take protective measures to limit intrusions, and make sure their searches do not access travelers’ digital cloud data. The ‘cloud’ is all content not directly stored on a device, which includes anything requiring internet to access, like email and social media.
Former DHS officials who helped design and implement the search policy said they agreed with that guidance.
Wyden Pushes to Change the Policy
On February 20, Sen. Wyden wrote to DHS Secretary John Kelly demanding details on electronic search-practices used on U.S. citizens, and referred to the extent of electronic searches as government “overreach”. As of publication, he had yet to receive an answer.
Now Sen. Wyden says that as early as next week he plans to propose a bill that would require CBP to at least obtain a warrant to search electronics of U.S. citizens, and explicitly prevent officers from demanding passwords.
“The old rules … seem to be on the way to being tossed in the garbage can,” said Senator Wyden. “I think it is time to update the law.”
Asked about the Shibly case, a CBP spokesperson declined to comment, but said the Homeland Security Inspector General is investigating. The spokesperson said the agency can’t comment on open investigations or particular travelers, but that it “firmly denies any accusations of racially profiling travelers based on nationality, race, sex, religion, faith, or spiritual beliefs.”
Explaining the sharp increase in electronic searches, a department spokesperson told NBC News: “CBP has adapted and adjusted to align with current threat information, which is based on intelligence.” A spokesman also noted that searches of citizens leaving the U.S. protect against the theft of American industrial and national security secrets.
After repeated communications, the Department of Homeland Security never responded to NBC News’ requests for comments. Nonetheless, the Homeland Security Inspector General is currently auditing CBP’s electronic search practices.
The Council on American-Islamic Relations (CAIR) also has filed two dozen complaints against CBP this year for issues profiling Muslim Americans. CAIR and the Electronic Frontier Foundation are considering legal action against the government for what they consider to be unconstitutional searches at the border.
The rule has never changed: Every phenomenon or positive change has a tax to be paid, whether we like it or not.This rule also applies to the enormous technological progress we are witnessing and its unlimited positive outcomes on our lives, businesses and communities. Here, the tax users pay is represented by forbidden acts and taboos becoming accepted and incorporated into our lives.
People might not sense this gradual transformation but they eventually accept it in return for using technology. Speaking of attempts to maintain some privacy has become impossible – privacy has been violated with a knockdown.
A group of scientists from Harvard University has developed a mosquito-sized robot that can steal samples of your DNA without you feeling it. Professor of Computer Science Margo Seltzer said that the privacy we used to know before no more exists, adding that current techniques such as credit cards, internet networks, highway radars, cameras in streets, social media and emails can all leave a digital print of us by which we can be followed.
In 2013, more than five billion data records were lost or stolen, according to the Breach Level Index (BLI). This reveals that perhaps only those distant from the world of internet were not subject to violation of privacy– and they did not avoid it for fear or cautiousness but because they weren’t capable of affording such technology – yet, they are certainly on their way there.
Half the world’s population is constantly connected to the Internet while the other half is on its way. According to Gartner, Inc. there will be 25 billion smartphones by 2020. At that time, no one will be safe regardless if he uses a smartphone or not. Saudi Arabia, for example, has a population of 30 million people, having 24 million internet users and 48 million subscribers of mobile telecommunication services.
Violations taking place every second with data and information divulged have become manifest for anyone connected to the internet. And it is impossible to stop or block them.
Take what has been published by founder of WikiLeaks Julian Assange in 2013 as an example – he published a huge archive of correspondences for former US Secretary of State Henry Kissinger since 1973 till 1976. These correspondences were classified as top secret and totaled 1.7 million, five-fold what has been previously published in WikiLeaks.
Another example is former Central Intelligence Agency (CIA) Edward Snowden, currently residing in Russia, who has unveiled that the National Security Agency (NSA) in the US and the Government Communications Headquarters (GCHQ) in Britain have jointly developed a technology that permits access to many global internet activity, call logs, individuals’ emails and a huge content of other digital telecommunications.
Misuse of personal data is a growing challenge all over the world. Requests were made to governments to take charge of protecting the future of citizens’ privacy and their social prosperity. However, it seems that none is capable of that, with governments themselves failing to protect their own classified data. So, how would a normal individual be able to do that?!
Till now there are no realistic solutions that show optimism in ending the violation of our privacy. Given that we have agreed to be connected to the Internet and to use smartphones, we should admit that our privacy has been violated irreversibly, even if we try to convince ourselves otherwise.
The latest revelations about U.S. government’s powerful hacking tools potentially takes surveillance right into the homes and hip pockets of billions of users worldwide, showing how a remarkable variety of every day devices can be turned to spy on their owners.
Televisions, smartphones and Internet-connected vehicles are all vulnerable to CIA hacking, according to the Wikileaks documents released Tuesday. The capabilities described include recording the sounds, images and the private text messages of users, even when they use encrypted apps to communicate. The CIA also studied whether it could infect vehicle control systems used by modern cars and trucks, which Wikileaks said could allow “nearly undetectable assassinations.”
In the case of a tool called “Weeping Angel” for attacking Samsung SmartTVs, Wikileaks wrote, “After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on, In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.”
The documents, which The Washington Post could not independently verify and the CIA has declined to confirm, list supposed tools for cracking into such widely popular devices as Apple’s iPhone or the Android smartphones whose operating system is made by Google, but there are marked differences from the 2013 revelations by the National Security Agency’s former contractor Edward Snowden.
His documents largely described mass surveillance of Internet-based communications systems, more often than the individual devices that appear to have been the focus of the CIA. By targeting devices, the CIA could gain access to even well-encrypted communications, on such popular apps as Signal and WhatsApp, without having to crack the encryption itself. The Wikileaks reports appear to acknowledge that difference by saying the CIA “bypassed” as opposed to defeated encryption technologies.
Resignation and frustration rippled through Silicon Valley on Tuesday as technologists grappled with revelations of yet another government attempt to exploit their systems.
“The argument that there is some terrorist using a Samsung TV somewhere – as a reason to not disclose that vulnerability to the company, when it puts thousands of Americans at risk — I fundamentally disagree with it, “ said Alex Rice, chief technology officer for Hacker One, a startup that enlists hackers to report security gaps to companies and organizations in exchange for cash.
Privacy experts say the CIA may have been forced into focusing on vulnerable devices because the Internet overall has become more secure through more widespread deployment of encryption. In this new world, devices have become the most vulnerable link.
“The idea that the CIA and NSA can hack into devices is kind of old news,” said Johns Hopkins cryptography expert Matthew Green. “Anyone who thought they couldn’t was living in a fantasy world.”
Snowden’s revelations and the backlash made strong encryption a major, well-funded cause for both privacy advocates and, perhaps more importantly, technology companies that had the engineering expertise and budgets to protect data as it flowed across the world.
Google, Microsoft, Facebook, Yahoo and many other companies announced major new initiatives, in part to protect their brands against accusations by some users that they had made it too easy for the NSA to collect information from their systems. Many Web sites, meanwhile, began encrypting their data flows to users to prevent snooping. Encryption tools such as Tor were strengthened.
Encrypting apps for private messaging, such as Signal, Telegram and WhatsApp exploded in popularity, especially among users around the world who were fearful of government intrusion. In the days following the U.S. presidential election, Signal was among the most downloaded in Apple’s app store and downloads grew by more than 300 percent.
Open Whispers Systems, which developed Signal, released a statement: “The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption.” WhatsApp declined to comment, and Telegram did not respond to requests for comment. Google declined to comment, while Samsung and Apple did not immediately respond to requests for comment.
U.S. government authorities complained loudly that the new wave of encryption was undermining their ability to investigate serious crimes, such as terrorism and child pornography. The FBI sued Apple in hopes of forcing it to unlock an iPhone used by the San Bernadino killers before announcing it had other ways to crack the device amid heavy public criticism.
Against that backdrop, many privacy advocates argued that devices — often called “endpoints” for their place on chains of communications that can criss-cross continents — were the best available target left in a world with widespread online encryption. The Wikileaks documents suggests that the CIA may have reached the same conclusion.
“It would certainly be consistent with the hypothesis that we’ve made real progress in the encryption we’ve been introducing,” said Peter Eckersley, technology projects director for the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “It’s impossible to be 100 percent certain, but reading the tea leaves, it’s plausible.”
The Wikileaks revelations also will serve as a reminder that, for whatever the political backlash to revelations about digital spying, it is not going away and probably will continue to grow. The focus on hacking into individual devices — rather than the messages traveling between them — is likely to increase pressure on companies to make those devices safer because, as experts have long said, they are the most vulnerable target in a long chain of digital interactions.
That could be especially important for U.S. tech companies, such as Google, Apple and Facebook, that have worked to rebuild their reputations as stewards of their users’ privacy in recent years.
Cybersecurity experts, meanwhile, reacted with alarm to the news of the Wikileaks release.
“This is explosive,” said Jake Williams, founder of Rendition Infosec, a cybersecurity firm. The material highlights specific antivirus products that can be defeated, going further than a release of NSA hacking tools last year, he said.
The CIA hackers, according to WikiLeaks, even “discussed what the NSA’s …hackers did wrong and how the CIA’s malware makers could avoid similar exposure.”
Hackers who worked at NSA’s Tailored Access Operations unit said the CIA’s library of tools looked comparable. The description of the implants, which are software that enable a hacker to remotely control a compromised device, and other attack tools appear to be “very, very complex” and “at least on par with the NSA,” said one former TAO hacker who spoke on condition his name not be used.
The Switch newsletter
The day’s top stories on the world of tech.
The WikiLeaks release revealed that they have sophisticated “stealth” capabilities that enable hackers not only to infiltrate systems, but evade detection, as well as abilities to “escalate privileges” or move inside a system as if they owned it.
“The only thing that separates NSA from commodity malware in the first place is their ability to remain hidden,” the former TAO hacker said. “So when you talk about the stealth components, it’s huge that you’re seeing a tangible example here of them using and researching stealth.”
Computer security experts noted that the release includes no actual tools or exploits, “so we don’t know if WikiLeaks did not get them or is just not choosing to publish them,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley. “However we should assume that whoever stole this data has access to the exploits and tools.”
He noted that the dates in the files suggest the tools were taken in February or March 2016 and that there are at least two documents marked Top Secret, “which suggests that somebody in early 2016 managed to compromise a Top Secret CIA development system and is willing to say that they did.”
One internal CIA document listed a set of Apple iPhone “exploits” — or tools that can be used to compromise the device by taking advantage of software flaws. Some of the tools are based on “zero-days,” which are software vulnerabilities that have not been shared with the manufacturer. So “some of these descriptions will allow Apple to fix the vulnerabilities,” Weaver said. “But at the same time, they’re out in the public and whoever stole this data could use them against U.S. interests.”
SAN FRANCISCO — Uber has for years engaged in a worldwide program to deceive the authorities in markets where its low-cost ride-hailing service was being resisted by law enforcement or, in some instances, had been outright banned.
The program, involving a tool called Greyball, uses data collected from the Uber app and other techniques to identify and circumvent officials. Uber used these methods to evade the authorities in cities such as Boston, Paris and Las Vegas, and in countries like Australia, China, Italy and South Korea.
Greyball was part of a broader program called VTOS, short for “violation of terms of service,” which Uber created to root out people it thought were using or targeting its service improperly. The VTOS program, including the Greyball tool, began as early as 2014 and remains in use, predominantly outside the United States. Greyball was approved by Uber’s legal team.
Greyball and the broader VTOS program were described to The New York Times by four current and former Uber employees, who also provided documents. The four spoke on the condition of anonymity because the tools and their use are confidential and because of fear of retaliation by the company.
Uber’s use of Greyball was recorded on video in late 2014, when Erich England, a code enforcement inspector in Portland, Ore., tried to hail an Uber car downtown as part of a sting operation against the company.
At the time, Uber had just started its ride-hailing service in Portland without seeking permission from the city, which later declared the service illegal. To build a case against the company, officers like Mr. England posed as riders, opening the Uber app to hail a car and watching as the miniature vehicles on the screen made their way toward the potential fares.
But unknown to Mr. England and other authorities, some of the digital cars they saw in their Uber apps were never there at all. The Uber drivers they were able to hail also quickly canceled. That was because Uber had tagged Mr. England and his colleagues — essentially Greyballing them as city officials — based on data collected from its app and through other techniques. Uber then served up a fake version of its app that was populated with ghost cars, to evade capture.
At a time when Uber is already under scrutiny for its boundary-pushing workplace culture, the Greyball tool underscores the lengths to which the company will go to win in its business. Uber has long flouted laws and regulations to gain an edge against entrenched transportation providers, a modus operandi that has helped propel the company into more than 70 countries and to a valuation close to $70 billion.
Yet using its app to identify and sidestep authorities in places where regulators said the company was breaking the law goes further in skirting ethical lines — and potentially legal ones, too. Inside Uber, some of those who knew about the VTOS program and how the Greyball tool was being used were troubled by it.
In a statement, Uber said, “This program denies ride requests to users who are violating our terms of service — whether that’s people aiming to physically harm drivers, competitors looking to disrupt our operations, or opponents who collude with officials on secret ‘stings’ meant to entrap drivers.”
Dylan Rivera, a spokesman for the Portland Bureau of Transportation, said in a statement: “We’re very concerned to hear that this practice continued at least into 2015 and affected other cities.
“We take any effort to undermine our efforts to protect the public very seriously,” Mr. Rivera said.
Uber, which lets people hail rides from a smartphone app, operates multiple kinds of services, including a luxury Black Car one in which drivers are commercially licensed. But one Uber service that many regulators have had problems with is the company’s lower-cost service, known as UberX in the United States.
UberX essentially lets people who have passed a cursory background check and vehicle inspection to become an Uber driver quickly. In the past, many cities banned the service and declared it illegal.
That’s because the ability to summon a noncommercial driver — which is how UberX drivers who use their private vehicles are typically categorized — often had no regulations around it. When Uber barreled into new markets, it capitalized on the lack of rules to quickly enlist UberX drivers, who were not commercially licensed, and put them to work before local regulators could prohibit them from doing so.
After authorities caught up, the company and officials generally clashed — Uber has run into legal hurdles with UberX in cities including Austin, Tex., Philadelphia and Tampa, Fla., as well as internationally. Eventually, the two sides came to an agreement, and regulators developed a legal framework for the low-cost service.
That approach has been costly. Law enforcement officials in some cities have impounded or ticketed UberX drivers, with Uber generally picking up those costs on behalf of the drivers. Uber has estimated thousands of dollars in lost revenue for every vehicle impounded and ticket dispensed.
This is where the VTOS program and the use of the Greyball tool came in. When Uber moved into a new city, it appointed a general manager to lead the charge. The manager would try to spot enforcement officers using a set of technologies and techniques.
Get the latest technology news and buzz from around the web.
Receive occasional updates and special offers for The New York Times’s products and services.
One method involved drawing a digital perimeter, or “geofence,” around authorities’ offices on a digital map of the city that Uber monitored. The company watched which people frequently opened and closed the app — a process internally called “eyeballing” — around that location, which signified that the user might be associated with city agencies.
Other techniques included looking at the user’s credit card information and whether that card was tied directly to an institution like a police credit union.
Enforcement officials involved in large-scale sting operations to catch Uber drivers also sometimes bought dozens of cellphones to create different accounts. To circumvent that tactic, Uber employees went to that city’s local electronics stores to look up device numbers of the cheapest mobile phones on sale, which were often the ones bought by city officials, whose budgets were not sizable.
In all, there were at least a dozen or so signifiers in the VTOS program that Uber employees could use to assess whether users were new riders or very likely city officials.
If those clues were not enough to confirm a user’s identity, Uber employees would search social media profiles and other available information online. Once a user was identified as law enforcement, Uber Greyballed him or her, tagging the user with a small piece of code that read Greyball followed by a string of numbers.
When a tagged officer called a car, Uber could scramble a set of ghost cars inside a fake version of the app for that person, or show no cars available at all. If a driver accidentally picked up an officer, Uber occasionally called the driver with instructions to end the ride.
Uber employees said the practices and tools were partly born out of safety measures for drivers in certain countries. In France, Kenya and India, for instance, taxi companies and workers targeted and attacked new Uber drivers.
In those environments, Greyballing started as a way to scramble the locations of UberX drivers to prevent competitors from finding them. Uber said it remained the primary use of the tool today.
But as Uber moved into new markets, its engineers saw that those same techniques and tools could also be used for evading law enforcement. Once the Greyball tool was put in place and tested, Uber engineers created a playbook with a list of tactics and distributed it to general managers in more than a dozen countries across five continents.
At least 50 to 60 people inside Uber knew about Greyball, and some had qualms about whether it was ethical or legal. Greyball was approved by Uber’s legal team, headed by Salle Yoo, the general counsel. Ryan Graves, an early hire who became senior vice president of global operations and a board member, was also aware of the program.
Ms. Yoo and Mr. Graves did not respond to a request for comment.
Outside scholars said they were unsure of the program’s legality. Greyball could be considered a violation of the federal Computer Fraud and Abuse Act, or possibly intentional obstruction of justice, depending on local laws and jurisdictions, said Peter Henning, a law professor at Wayne State University, who also writes for The New York Times.
“With any type of systematic thwarting of the law, you’re flirting with disaster,” Mr. Henning said. “We all take our foot off the gas when we see the police car at the intersection up ahead, and there’s nothing wrong with that. But this goes far beyond avoiding a speed trap.”
To date, Greyballing has been effective. In Portland that day in late 2014, Mr. England, the enforcement officer, did not catch an Uber, according to local reports.
And two weeks after Uber began dispatching drivers in that city, the company reached an agreement with local officials for UberX to be legally available there.
truthtroubles.wordpress.com/ Just an average man who tries to do his best at being the kind of person the Bible tells us we are all suppose to be. Not perfect, never have been, don't expect anyone else to be perfect either. Always try to be very easy going type of a person if allowed to be.
El blog de Aurora Luna. Talleres de escritura creativa en Valencia. Club de lectura. Cursos de novela, poesía, cuento y narrativa breve. Recursos para escritores y herramientas para aprender a escribir en el taller literario. Reflexiones sobre creatividad y literatura. Master class, profesores, clases presenciales y seminarios de creación literaria adscritos a "LIBRO, VUELA LIBRE". Comunidad de escritores y lectores en Valencia. Dinámicas en curso y ejercicios de escritura creativa. Palabras, concursos, vuelos y encuentros literarios.
“I hope we once again have reminded people that man is not free unless government is limited. There’s a clear cause and effect here that is as neat and predictable as a law of physics: as government expands, liberty contracts.”~ Ronald Reagan.