P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 26-06-13, 07:43 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - June 29th, '13

Since 2002


































"Anybody who wants to accuse me or anyone at the Guardian of aiding and abetting Snowden has the obligation to point to any specific evidence to support that accusation. Otherwise they’re just spouting reckless innuendo." – Glenn Greenwald






































June 29th, 2013




Court OKs $675k Fine For Ex-BU Student’s File-Sharing
AP

A federal appeals court has upheld a jury $675,000 award against a former Boston University student for illegally downloading and sharing songs on the Internet.

The jury ordered Joel Tenenbaum of Providence, R.I., to pay $22,500 for each of 30 songs, after the Recording Industry Association of America sued him on behalf of four record labels.

Tenenbaum argued that the $675,000 award violates his due process rights because it is not tied to the actual injury he caused. He estimated that to be no more than $450, or the cost of 30 albums.

On Tuesday, the 1st U.S. Circuit Court of Appeals found that Tenenbaum’s conduct was “egregious” because he illegally shared songs for years, despite numerous warnings.

The U.S. Supreme Court last year declined to hear Tenenbaum’s appeal.

Tenenbaum said he could not immediately comment on the ruling.
http://www.wbur.org/2013/06/25/bu-music-sharing-fine





Anti-Piracy Group Fact Forces Closure of Large Usenet Filesharing Index
Ian Steadman

UK anti-piracy group Fact has succeeded in forcing the closure of a large Usenet file indexing site called NZBsRus after threatening its administrator and some of its staff members with cease-and-desist letters.

The site, which according to TorrentFreak had as many as 180,000 members, has been in the crosshairs of the film industry for a while. Founded in 2004, it went down briefly in 2011 in the wake of the court ruling that said British ISPs must block filesharing search engine Newzbin2. However, pressure on the site over the last few days appears to have been too much for it to handle.

Fact, the Federation Against Copyright Theft -- the UK's main trade organisation for protecting intellectual property rights -- apparently sent representatives to the home of a former admin of the site, who in turn passed on its threats to the current site staff.

The choice was to either close the site down now to bring an end to the issue, or to carry on and accept the legal consequences. They chose the former.

In a statement, the site admin by the name of "r3b00t" said: "In the past when Fact notices were given to us they only specifically named the owner of the site, this time it included several staff members. After consulting with our lawyers we felt that it was time to close the site to avoid any legal action."

"It was a hard decision to make but the intrusion & impact further legal action would have on the owners families & those staff that have only ever been voluntary would not be fair."

The site accepted money from its users in Bitcoins, which it says it will be returning to those who paid.
http://www.wired.co.uk/news/archive/...bsrus-shutdown





MPAA Kicks KickassTorrents Off Google With ‘Precision’ Takedown
Ernesto

A little over a month ago the MPAA started submitting DMCA requests to Google on behalf of the major movie studios but unlike most other copyright holders the movie group is not going for automated high-volume notices. Instead the MPAA appears to be hand-picking torrent sites and streaming portals in an effort to have their homepages de-listed from Google. The new KickassTorrents domain Kickass.to is one of the first casualties of this strategy.

Every week copyright holders send millions of DMCA takedown notices to Google, hoping to make pirated movies and music harder to find.

The RIAA is one of the most active senders and has asked Google to remove over 23 million links to copyrighted content.

Perhaps inspired by its musical counterpart the MPAA also joined in last month, but clearly with a different strategy. The RIAA submits over half a million URLs per week but the MPAA is currently averaging a measly 163.

However, looking more closely at the MPAA’s takedown notices we see an interesting pattern. Where other copyright holders use dragnet scripts to take down everything that links to infringing copies, the MPAA specifically targets homepages of websites.

One of the targets taken out this week is the new KickassTorrents domain Kickass.to. Just four days after the torrent site switched to a new domain following legal troubles in the Philippines, the MPAA sent the following notice.

As a result of this notice the Kickass.to homepage no longer appears in Google search results but this is no isolated incident.

As can be seen here, most of MPAA’s takedown notices only contain a few URLs, often homepages of download portals or streaming sites. In many cases the infringing work listed in the takedown request no longer appears on the homepage, and the MPAA often fails to list the internal page it’s supposed to link to.

Overall this strategy is producing varying results as Google takes “no action” in response to many of the MPAA’s notices. In some instances this is because the movie group added a space to the URL, producing a 404 error. However, Google also appears to dislike the submissions of URLs that indirectly link to infringing content.

The question that remains is why the movie group chooses to specifically target homepages while leaving many infringing links online. One likely answer is that it’s trying to reduce traffic to the sites by making them harder to find through generic search terms such as “download free movies.”

TorrentFreak asked the MPAA to comment on their strategy a few days ago, but we have yet to receive a response.
http://torrentfreak.com/mpaa-kicks-k...kedown-130623/





AT&T Gets Patent to Monitor and Track File-Sharing Traffic
Ernesto

Internet provider AT&T has patented a new technology that allows the company to accurately track content being shared via BitTorrent and other P2P networks. The company explains that the technology can be utilized to detect pirated downloads and combat congestion on its network. Whether the company is already using the system to track infringing content, or has plans to do so, is unknown.

In the U.S. alone, BitTorrent transfers account for one-third of all upstream traffic during peak hours.

This massive network use has received plenty of interest from Internet providers over the years, but AT&T is planning to take it to the next level.

A new patent awarded to the Intellectual Property division of the Texas-based company describes a system that can accurately measure the flow of both legitimate and infringing file-sharing traffic.

Titled “Method and apparatus for automated end to end content tracking in peer-to-peer environments,” the patent covers an advanced monitoring system that can detect how often a certain title is downloaded. AT&T says this information can then be used to address network congestion or counter piracy.

The system described by AT&T focuses specifically on torrents, which are gathered from search engines and other websites through RSS feeds. Discovered content is collected in a database and the system then downloads the torrent and records information on the people who are downloading.

In the patent AT&T notes that peer-to-peer traffic accounts for a large percentage of traffic generated on the Internet, some of which results in a loss of revenue for copyright holders.

“For example, some content may be legitimately purchased and downloaded by users via P2P. However, some content may be pirated and illegally copied and distributed P2P violating copyright laws and reducing revenue for the content producers and distributors,” the company explains.

AT&T’s system will be able to detect what is most downloaded on P2P-networks, suggesting that this information can be used to track and counter piracy.

“The present disclosure automatically tracks content that is downloaded in a peer-to-peer environment. In doing so, the present disclosure automatically identifies the most popular content titles to monitor and tracks and identifies a number of unique peers for each of the content titles.”

In addition, there is a content analysis component that will verify whether the downloaded files are indeed what the title suggests. This will be useful to filter out spam files and viruses that are mislabeled as popular videos or music.

“Based upon the verification, the list may be modified if the content titles actually being downloaded do not match the content titles in the list. For example, the content titles in the list may be looking for a recently released movie; however, the actually downloaded content titles may be a television show that had an identical title or may be a peer attempting to disseminate a virus under a disguise of the content title and so forth.”

The patent doesn’t go into detail on the intended purpose of the tracking, but AT&T specifically mentions that it can be used to track infringing downloads and address network congestion.

“The present disclosure may be used to determine which content titles are being illegally distributed and by whom. In another example, the present disclosure may be used to determine which content title downloads are creating the most network congestion. This information may in turn be used for capacity planning and the like,” the patent reads.

While there are many outfits that track BitTorrent and other file-sharing traffic, until now we are not aware of any ISPs that have shown interest in this type of monitoring. AT&T is certainly the first company to be granted a patent for such a specific P2P monitoring system.

It’s worth noting that AT&T participates in the six-strikes copyright alert system where P2P users are also monitored. The main difference is that under that program the monitoring is carried out by a the third-party company which only tracks a list of titles supplied by the MPAA and RIAA.

Whether the provider has intentions to actively scan for and throttle pirated content being shared using BitTorrent is unknown. With the patented system it could certainly do so, and if it targets infringing traffic only it does not violate FCC’s net neutrality rules.
http://torrentfreak.com/att-gets-pat...raffic-130628/





End of an Era: Stephen Conroy Quits as Comms Minister
Renai LeMay

Communications Minister Stephen Conroy has reportedly resigned his post in the wake of Kevin Rudd’s successful challenge for the leadership of the Federal Labor Party, after declaring earlier this week that he would not serve in a new Rudd Cabinet.

Earlier this week, Conroy, a long-time supporter of Prime Minister Julia Gillard and a fellow key figure in the Victorian arm of the Labor Party, told Sky News’ Australian Agenda program that he continued to support Gillard and added that he did not believe he would be in a position to be in a front bench — Cabinet Minister — position.

This evening, following Rudd’s victory in a leadership ballot called by Gillard earlier this afternoon, a number of media outlets have reported that Conroy has followed through on his promise and has signalled to the Labor caucus that he would resign his post as Communications Minister.

“[Treasurer Wayne Swan] has resigned as deputy prime minister and the government’s senate leader Stephen Conroy, who is Communications Minister, has also quit, meaning that three out of four of the leadership group has gone,” wrote Michelle Grattan, a journalist for The Conversation. “Swan and Conroy have quit,” confirmed Sky News chief political reporter Kieran Gilbert in a separate Twitter post.

“Wayne Swan, Stephen Conroy, Joe Ludwig and Craig Emerson have all quit Cabinet,” added ABC News 24 on Twitter. Conroy has not yet issued a formal statement on his resignation. Any statement issued by Conroy will be added to this article.

The news marks the end of an era for Australia’s telecommunications and technology industries. Conroy has held the Communications Minister role since Rudd took power in November 2007, after several years in opposition holding the Shadow Communications Minister role against then-Coalition Communications Minister Helen Coonan.

Conroy’s time in the portfolio was dogged in the early years by controversy over Labor’s mandatory Internet filter scheme, which Labor had only briefly disclosed during the 2007 election, but which became a major issue for the Government after it was overwhelmingly opposed by the Australian public and eventually most other sides of politics.

However, Senator Conroy was able to largely neutralise the filter policy as an issue from July 2010, changing the policy into a more palatable system which would be voluntary for Australian ISPs and which would only see a list of ‘worst of the worst’ child pornography blocked.

Conroy’s legacy in the portfolio will largely be seen to be Labor’s successful National Broadband Network policy, the current iteration of which has been in place since April 2009. Although the rollout of the NBN has been much slower than expected, much of the underlying framework for the network to be rolled out, in terms of contracts with suppliers and equipment suppliers and the National Broadband Network Company itself, is now in place and is expected to continue under either side of politics.

The popular nature of the NBN policy, and the way that it deals with long-term issues in the telecommunications industry such as the vertically integrated nature of Telstra, has meant that the Coalition has been stimulated to come up with its own rival NBN policy, which shares much of its vision with Labor’s own vision, including the use of satellite and wireless technologies to support rural and regional areas and the extensive use of fibre to replace parts of Telstra’s existing copper network. The Coalition is expected to maintain much of the structure of Labor’s NBN policy and project if it wins the upcoming Federal Election.

One other legacy which Conroy will be remember for is the historic switch of Australia’s television infrastructure to digital television and away from legacy analogue technology, freeing up wireless spectrum to be used for other purposes such as the deploying of 4G mobile broadband infrastructure.

It is not clear who Conroy’s replacement would be likely to be, with most other likely candidates with experience in the technology portfolio — such as Senator Kate Lundy and Finance Minister Penny Wong (who is the second shareholder Minister overseeing the National Broadband Network Company) being strongly associated with Gillard.

One potential candidate would be Rudd supporter and Labor backbencher Ed Husic, who has previously served as the National President of the Communications, Electrical and Plumbing Union of Australia and who has a strong history inside Parliament of agitating on issues in the telecommunications sector; for example spearleading the parliamentary inquiry into IT price hikes in Australia. However, Husic is regarded as relatively junior in the Parliament, having only taken office as August 2010. The Communications portfolio was historically not regarded as a senior Cabinet post, but the importance of the NBN issue has elevated it to a senior position, with Conroy holding an additional post directly advising the Prime Minister on broadband issues.
http://delimiter.com.au/2013/06/26/e...omms-minister/





Kiwi ISP Slingshot Lets Users Bypass Copyright Geo-Blocking to Access Services Like Netflix

New Zealand ISP Slingshot is letting customers hide their location so they can access overseas online services that would normally be restricted to specific markets.

Slingshot markets the “Global Mode” service as one that allows visitors to New Zealand to access the same online services that they would at home.

But there’s nothing to prevent local Kiwi customers using the service to bypass so called “geo-coding” that is used to prevent customers in certain countries having access to services based on their IP address.

Overseas services blocked to Australian users include online movie service Netflix and video service Hulu, both based in the US.

Other companies, such as Microsoft, Apple and Amazon, charge different prices for services like music downloads based on a customer’s location.

Video-based services such as Netflix and Hulu are often restricted to US audiences due to copyright demands imposed by the owners of TV shows and movies.

But with users in other countries often forced to wait weeks or months to watch US shows without resorting to illegal downloads, services such as Slingshot’s could catch on in other markets.

Chief of the Telecommunications Users Association of NZ, Paul Brislen, told The Wall Street Journal that moves such as Slingshot’s helped put New Zealand on an equal footing with other markets.

“It’s the World Wide Web in name only,” The WSJ reported him as saying,

“It’s really the US-wide web and then a whole bunch of other places, and unfortunately we are the other places and they don’t see the need to provide us with the same content.”

Australian consumer advocate Choice reported in May that Australians pay an average of 50 per cent more for PC games, 34 per cent more for software and 52 per cent more for music bought from Apple’s iTunes than American customers are charged.

Choice says that the legal status of bypassing geo-blocking measures is unclear. While unlikely to be illegal, bypassing restrictions may breach the terms and conditions of the service being offered, which may result in accounts being closed, credit forfeited or other sanctions.

Kiwis have a history of chafing at copyright rules in the online world. Founder of file sharing site Megaupload, Kim Dotcom, is fighting extradition to the US on copyright and money laundering charges after his site was shut down in early 2012.

Police raided his home in January. Dotcom has accused New Zealand Prime Minister John Key of collaborating with Hollywood movie studios in the extradition case.

But Dotcom has not been put off offering online services similar to Megaupload, with his new service Mega offering encrypted file sharing.
http://www.brw.com.au/p/tech-gadgets...puJDiVDmw85XWI





U.S. Court to Hear Oral Arguments in Net Neutrality Case on September 9

The federal appeals court in Washington on Tuesday set September 9 as the date for oral arguments in the so-called net neutrality case that could be seminal for federal regulation of Internet traffic.

The highly anticipated hearings, originally expected to take place this past spring, will pit Verizon Communications Inc against the Federal Communications Commission as the biggest U.S. wireless provider challenges the FCC's order that guides how Internet service providers manage their networks.

The ruling of the U.S. Court of Appeals for the District of Columbia Circuit will have major implications for the increasingly partisan debate over the degree of regulatory power possessed by the federal communications agency.

Net neutrality is the principle that Internet users should be able to access any Web content and use any applications they choose, without restrictions or varying charges imposed by the Internet service provider or the government.

Judges Judith Rogers, Laurence Silberman and David Tatel will hear the arguments in the case, according to the order issued on Tuesday.

The FCC's 2011 open Internet rules require Internet providers to treat all Web traffic equally and give consumers equal access to all lawful content, even if, for instance, it comes from a competitor or disagrees with their political views.

Verizon and other critics argue that the FCC's rules are an unwarranted government intrusion into regulating the Internet, including which content consumers may access and which companies may provide that content, and should be thrown out.

Public interest groups have criticized the rules as too weak, saying the FCC was swayed by big industry players. Democrats on Capitol Hill have said they would push against the court's decision if it sides with Verizon.

The FCC's position in the case received a boost from the Supreme Court in May, when in a separate case it ruled in favor of giving regulatory agencies deference in interpreting the extent of their own regulatory authority.

The case is Verizon v. FCC, U.S. District Court for the District of Columbia, case No. 11-1355 (and consolidated cases).

(Reporting by Alina Selyukh; editing by Matthew Lewis)
http://www.reuters.com/article/2013/...95O1HD20130625





Dish Withdraws Bid for Clearwire Following Sprint's Latest Offer
Dante D'Orazio

The Sprint, Dish, Clearwire, and SoftBank acquisition saga may be close to over. Dish has withdrawn its offer to purchase Clearwire, according to a press release pushed across the wire this afternoon. The satellite television company last bid $4.40 per share, but Sprint's latest offer of $5 per share — enough to earn the backing of Clearwire's board — has apparently convinced Dish to give up on this particular opportunity. Sprint, meanwhile, is in the middle of being acquired by Japan's SoftBank after Dish's own discussions to purchase the Kansas-based carrier fell through earlier this month.

It's unclear if today's news marks an end of Dish's wireless ambitions, or if the company will merely look for another acquisition to move it into the mobile space. It's rumored that Dish had discussions with T-Mobile in the past regarding a takeover, and Dish CEO Charlie Ergen has been steadfast in his belief that wireless is the way for the company to grow in the future.
http://www.theverge.com/2013/6/26/44...-for-clearwire





Fad-Loving Japan May Derail a Sony Smartphone
Hiroko Tabuchi

Sony’s Xperia Z smartphone, which went on sale in February, has already sold almost a million units by some estimates. But NTT DoCoMo, Japan’s largest mobile carrier, will soon stop selling it.

Sony’s Xperia A. Japanese cellphone carriers crave smartphone model updates every three or four months.

The Xperia Z has not even hit the United States market yet: T-Mobile says the model will make its debut on its network in the coming weeks.

But it is already a has-been in Japan. DoCoMo has turned its attention to a new phone, the Sony Xperia A — a model with fewer features that has not won the stellar praise showered on the Z.

“It’s time for a new model,” said Mai Kariya, a DoCoMo representative in Tokyo. “We’re finished with the Xperia Z, and now focusing on the Xperia A.”

As Sony banks on smartphones to turn around its struggling electronics business, it faces an increasingly bothersome obstacle at home: the demands of Japan’s powerful cellphone carriers, which remain obsessed with constant model updates.

For years, Japan’s three largest mobile network companies have pressed phone makers here to update their handsets every three or four months, providing Japanese consumers a dazzling array of newfangled phones and features each season. Phones with digital TV broadcast receivers were once all the rage; a phone without it was never going to sell. Then it was thumbprint scans; you’d be hard pressed to find those on many phones today. The same is true of swiveling screens, and to a lesser extent, electronic wallets.

The fast-paced cycle is commonplace in Japanese marketing. Manufacturers deliver short runs of seasonal products to create buzz, analysts say. Pepsi Japan, for example, brings out limited-edition drinks each year: Salty Watermelon Pepsi or Pepsi Ice Cucumber. Nestle’s KitKat candy bar has cycled through an eye-popping array of limited editions in Japan: green tea, pumpkin, strawberry cheesecake, wasabi and soybean to name only a few.

Even Japan’s best-selling pop group, AKB48, rotates through a cast of 67 members and on New Year’s Day released 16 versions of new and repackaged records.

“This is the worst of Japanese companies’ excessive obsession with the new,” said Yuichi Kogure, an associate professor in information technology policy at Aomori Public University and the author of several books on Japan’s cellphone industry. “But now the mobile phone makers are exhausted.”

Sony’s Xperia Z got caught in this marketing buzz saw. DoCoMo started selling the Xperia Z in Japan on Feb. 9 as part of the carrier’s spring 2013 collection, replacing the Xperia AX of the winter 2012 collection. A month later, on March 15, DoCoMo announced its summer collection of 11 new phones, with the Xperia Z replaced by the Xperia A, which went on sale last month.

The constant feature roulette has helped carriers lure customers away from rival networks. But it taxes the research and development resources of Japan’s phone makers, who must meet the constant demands from carriers for new high-end features and frequent handset renewals.

Phone manufacturers here have found it impossible to achieve the economies of scale that would justify the high development costs and the slim profit margins. Because separate teams of designers at each handset maker race to build handsets from the ground up for each separate carrier, few phone makers have been able to develop a coherent global product strategy, analysts say.

The unique pace of the Japanese cellphone market largely cuts it off from the rest of the world, making it difficult for one manufacturer to make and market phones for both the Japanese and global markets, said Kenji E. Kushida, an expert on Japan’s information and communications technologies at Stanford.

“The Japanese market became somewhat like the Galįpagos Islands. It had great biodiversity, but was so weak to outside species,” Mr. Kushida said.

He points to Vodafone, which moved into the Japanese cellphone market in the early 2000s. The British network operator tried to synchronize its Japanese product lineup to match its “global standard” handsets sold in other markets. But Japanese consumers were unimpressed by what struck them then as overly simple handsets that appeared to take a step back in functionality.

Vodafone’s Japanese market share started to slide, and in 2006, it sold its operations to SoftBank.

Not every maker succumbs to this whirligig and, not surprisingly, those that don’t aren’t Japanese. Apple has announced a new iPhone model roughly once a year. Its iPhone 5 came out in September, and the company is not expected to introduce a new model until the fall. Samsung Electronics is focusing its resources on its sleek Galaxy S4 smartphone, which went on sale in April, a full year after its predecessor the Galaxy S3.

The scattershot efforts by Japanese handset designers could not compete with a single blockbuster product like Apple’s iPhone, Mr. Kushida said. It turned out that Japanese consumers didn’t want a new phone each season after all, he said, but a well-designed one.

Since its release in 2008, the iPhone has been a best seller in Japan, becoming the most popular handset here. In 2012, the iPhone led all handsets with an overall 15 percent market share, ahead of former market leaders Sharp and Fujitsu, according to data provider IDC Japan.

Looking at smartphones only, Apple’s dominance in Japan is even stronger: for the first three months of 2013, Apple’s mobile platform market share came to 49.2 percent, compared with Android’s 45.8 percent, according to Kantar WorldPanel, which tracks mobile phone sales.

Sony’s Xperia Z, which runs on the Android operating system, was shaping up to be Japan’s greatest challenger to the iPhone as well as to another global blockbuster, Samsung’s Galaxy series. The Xperia Z won rave reviews for its sleek aluminum case, sharp five-inch display, fast-capture camera and high-definition video.

The Xperia Z has topped sales charts, selling at least 630,000 units in Japan in its first 10 weeks, according to the data provider, GfK Japan. DoCoMo had said that it aimed to sell about a million units in Japan, and analysts agree that sales here are now approaching that number. Sony’s chief executive, Kazuo Hirai, has repeatedly promoted the Xperia Z’s strong sales in Japan as one of the few bright spots in its money-losing electronics sector.

Still, production of the Xperia Z has ceased for the Japanese market, and the model will no longer be available in Japan once stock runs out at retail stores across the country, both Sony and NTT DoCoMo said. “The Japanese market operates on a far quicker life cycle than markets overseas,” said Yu Tominaga, a Sony spokesman in Tokyo. “Demand changes fast here, but we are set up to respond to that,” he said.

The big question is whether Sony can develop a coherent global smartphone strategy without being distracted by the ever-changing needs of its home market. A lot rides on Sony’s gaining on its archrivals, Apple and Samsung, in the smartphone market with the new Xperia A, which has been topping sales charts here since mid-May.

Sony is starting to shift its focus beyond Japan’s shores. On Tuesday in China it announced the Xperia Z Ultra, which Sony bills as the slimmest large-screen handset on the market. The company said it wasn’t sure when that model might sell in Japan.

If Sony can score more successes overseas and gain market share there, it could start shifting the lopsided power dynamics between Japan’s carriers and handset makers, analysts say. A wave of consolidation has shrunk the number of Japanese cellphone manufacturers to five, from 11 five years ago, bolstering the influence of the survivors. For its latest summer season, NTT DoCoMo gave top billing to smartphones from Sony and Samsung, breaking its tendency to give all manufacturers equal play to keep them competing.

Despite DoCoMo’s many demands, solid support from a carrier with more than 60 million subscribers in a nation of 127 million people can be a boon. DoCoMo has been offering steep discounts on the Xperia A, and is advertising the model heavily in Japan’s subways and on television. That blitz has helped Sony more than double its share to 36 percent in the four weeks to early June, according to BCN, beating Samsung at 13 percent, and even Apple, whose share for that period dropped to 25 percent.

Still, Sony remains far behind Samsung in the global smartphone market. Sony shipped 30 million smartphones last year, compared with Samsung’s 218 million, according to data compiled by Bloomberg. Apple shipped about 137 million iPhones.

“I think more people here are starting to realize that the way its mobile phone industry works is unsustainable,” Mr. Kogure said. “And manufacturers like Sony have long realized that they can’t remain beholden to the whims of the Japanese market.”
https://www.nytimes.com/2013/06/27/t...ambitions.html





Leef's Bridge USB Flash Drive Lets You Share Files Between Your Smartphone and Computer
Mariella Moon

Sharing files between devices using the cloud is fine, but California firm Leef Technology believes it has a more direct approach: a USB key. Aptly named Bridge, the flash drive lets you copy files from any Android 4.0 or higher device with a micro-USB connector, then transfer them to your Mac or PC by popping out the larger end. It's similar to the micro-USB OTG dongles we've seen at Computex earlier this year, despite the difference in design. You can nab the double-ended peripheral in either 16GB ($18) or 32GB ($28) from Amazon or Leef's website (at the source), and a 64GB GB version will be out in July. Who knows -- maybe that'll finally put an end to the cat video and selfie clutter on your cloud service.
http://www.engadget.com/2013/06/27/l...id-pc-mac-usb/





New Firefox 22 Enables Browser-Based File-Sharing

The default support for WebRTC in new Mozilla Firefox 22 means that users can share files directly using only their browsers. A service called ShareFest lets you do it by dragging and dropping.
Peter Butler

Today's stable release of Mozilla Firefox 22 (Windows, Mac, Linux, Android) includes a variety of back-end technical updates and relatively minor tweaks (to be honest, the word-wrapping of plain-text files is the most relevant to me).

The most notable news is Firefox's new default support for WebRTC (the RTC stands for real-time communication), a set of API components that allows developers to create browser-to-browser applications without plug-ins. WebRTC was developed by Google for Chrome and open-sourced back in 2011, so Google Chrome (Windows, Mac, Android) of course supports it as well.

In real terms, WebRTC enables features such as videochat, VoIP calling, and peer-to-peer (P2P) file-sharing, all within the browser. (Seth Rosenblatt has more info about Firefox and WebRTC in a news article from today.) One such service that already exists, powered by WebRTC, is a P2P Web client called Sharefest. Located at http://www.sharefest.me/, the service lets you drag and drop files onto your (WebRTC-compliant) Web browser to create links that can be shared with friends or the entire world.

As long as your computer is running and the file exists, anyone with the link can download the file from the sharing computer using a "mesh network similar to BitTorrent," according to the official Peer5 project page on GitHub. Sure, you could use Dropbox, YouSendIt, or even BitTorrent sync to do the same thing, but with Sharefest there's no extra software to install; no account registration; there's no centrally located server on which file delivery depends. And once other users download the file, they can expand the network as well, providing additional peer-sharing power.

To test out the receiving end of Sharefest, try this link: http://www.sharefest.me/9934032a. That should direct you to download the Download App installer file (titled "DownloadApp_1_1_0_112_Setup.exe"), serving directly from my Windows 7 work machine in San Francisco. Let's see if the file stays available when my computer is sleeping ...
http://download.cnet.com/8301-2007_4...-file-sharing/





Senators: NSA Must Correct Inaccurate Claims Over Privacy Protections

Ron Wyden and Mark Udall write to head of NSA to correct portrayals of surveillance restrictions on website factsheet
Spencer Ackerman

Two senators on the intelligence committee on Monday accused the National Security Agency of publicly presenting "inaccurate" information about the privacy protections on its surveillance on millions of internet communications.

However, in a demonstration of the intense secrecy surrounding NSA surveillance even after Edward Snowden's revelations, the senators claimed they could not publicly identify the allegedly misleading section or sections of a factsheet without compromising classified information.

Senators Ron Wyden (Democrat, Oregon) and Mark Udall (Democrat, Colorado) wrote to General Keith Alexander, the director of the NSA, to correct "inaccurate" portrayals about restrictions on surveillance published in a factsheet available on the NSA's homepage. The factsheet, concerning NSA's powers under Section 702 of the 2008 Fisa Amendments Act, was also supplied to members of Congress.

"We were disappointed to see that this factsheet contains an inaccurate statement about how the section 702 authority has been interpreted by the US government," Wyden and Udall wrote to Alexander, in a letter dated 24 June and acquired by the Guardian.

"In our judgment, this inaccuracy is significant, as it portrays protections for Americans' privacy as being significantly stronger than they actually are," the senators write. Yet they specified the "inaccurate" statement only in "the classified attachment to this letter", which the Guardian did not acquire.

Tom Caiazza, a spokesman for Wyden, said: "Unfortunately, we can't describe the inaccuracy in detail without divulging information that is currently classified. For now we can say that there is an inaccurate statement in the fact sheet publicly released and posted on the NSA website that portrays protections for Americans' privacy as being stronger than they are."

Many, if not most, of the items on the NSA factsheet list privacy protections for Americans' internet communications, as section 702 – the stated legal basis for the internet-based surveillance program PRISM – is supposed to concern surveillance on non-Americans outside the United States.

"This authority allows only the targeting, for foreign intelligence purposes, of communications of foreign persons who are located abroad," the factsheet reads. "The government may not target any US person anywhere in the world under this authority, nor may it target a person outside of the US if the purpose is to acquire information from a particular, known person inside the US."

It continues: "Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorized purpose or evidence of a crime." Targeting is "immediately terminated," the NSA states, if a foreigner enters the US or the NSA comes to believe it had mistaken a foreigner for an American – unless "that information meets specific, limited criteria approved by the Foreign Intelligence Surveillance Court", which the factsheet does not detail.

Wyden and Udall singled out that section of the factsheet for a slightly different criticism. They told Alexander they consider it "somewhat misleading", as it implies that the NSA "has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans".

"In fact," the senators continued, "the US intelligence community has told us repeatedly that it is 'not reasonably possible to identify the number of people located inside the United States whose communications may have been reviewed under the authority' of the Fisa Amendments Act."

The Guardian has reported that the NSA operates a datamining program, codenamed Boundless Informant, that collates collected communications data by country of origin. The repeated assertion by US intelligence that the NSA lacks any such capability is what occasioned a March back-and-forth in the Senate between Wyden and James Clapper, the US director of national intelligence, that Clapper later conceded was the "least untruthful" he could have publicly provided.

Vanee Vines, an NSA spokeswoman, declined to comment on Monday on the Wyden-Udall letter.

Wyden and Udall are backing legislative efforts to disclose more information about how the government interprets its surveillance authorities, and also to restrict the surveillance on Americans' phone records, which depends on a different legal rationale than section 702 of the Fisa Amendments Act. Both senators have warned for years that the government secretly claimed broader surveillance powers than a plain reading of the laws permitted, but said they were barred from elaborating because of laws protecting classified information. They have also questioned the efficacy of the NSA's database of millions of Americans' phone records.

"We believe the US government should have broad authorities to investigate terrorism and espionage, and that it is possible to aggressively pursue terrorists without compromising the constitutional rights of ordinary Americans," Wyden and Udall wrote to Alexander.

"Achieving this goal depends on not just secret courts and secret congressional hearings, but on informed public debate as well."
http://www.guardian.co.uk/world/2013...mation-privacy





NSA Collected US Email Records in Bulk for More than Two Years Under Obama

• Secret program launched by Bush continued 'until 2011'
• Fisa court renewed collection order every 90 days
• Current NSA programs still mine US internet metadata

Glenn Greenwald and Spencer Ackerman

The Obama administration for more than two years permitted the National Security Agency to continue collecting vast amounts of records detailing the email and internet usage of Americans, according to secret documents obtained by the Guardian.

The documents indicate that under the program, launched in 2001, a federal judge sitting on the secret surveillance panel called the Fisa court would approve a bulk collection order for internet metadata "every 90 days". A senior administration official confirmed the program, stating that it ended in 2011.

The collection of these records began under the Bush administration's wide-ranging warrantless surveillance program, collectively known by the NSA codename Stellar Wind.

According to a top-secret draft report by the NSA's inspector general – published for the first time today by the Guardian – the agency began "collection of bulk internet metadata" involving "communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States".

Eventually, the NSA gained authority to "analyze communications metadata associated with United States persons and persons believed to be in the United States", according to a 2007 Justice Department memo, which is marked secret.

The Guardian revealed earlier this month that the NSA was collecting the call records of millions of US Verizon customers under a Fisa court order that, it later emerged, is renewed every 90 days. Similar orders are in place for other phone carriers.

The internet metadata of the sort NSA collected for at least a decade details the accounts to which Americans sent emails and from which they received emails. It also details the internet protocol addresses (IP) used by people inside the United States when sending emails – information which can reflect their physical location. It did not include the content of emails.

"The internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted," Shawn Turner, the Obama administration's director of communications for National Intelligence, said in a statement to the Guardian.

"The program was discontinued by the executive branch as the result of an interagency review," Turner continued. He would not elaborate further.

But while that specific program has ended, additional secret NSA documents seen by the Guardian show that some collection of Americans' online records continues today. In December 2012, for example, the NSA launched one new program allowing it to analyze communications with one end inside the US, leading to a doubling of the amount of data passing through its filters.

What your email metadata reveals

The Obama administration argues that its internal checks on NSA surveillance programs, as well as review by the Fisa court, protect Americans' privacy. Deputy attorney general James Cole defended the bulk collection of Americans' phone records as outside the scope of the fourth amendment's protections against unreasonable searches and seizures.

"Toll records, phone records like this, that don't include any content, are not covered by the fourth amendment because people don't have a reasonable expectation of privacy in who they called and when they called," Cole testified to the House intelligence committee on June 18. "That's something you show to the phone company. That's something you show to many, many people within the phone company on a regular basis."

But email metadata is different. Customers' data bills do not itemize online activity by detailing the addresses a customer emailed or the IP addresses from which customer devices accessed the internet.

Internal government documents describe how revealing these email records are. One 2008 document, signed by the US defense secretary and attorney general, states that the collection and subsequent analysis included "the information appearing on the 'to,' 'from' or 'bcc' lines of a standard email or other electronic communication" from Americans.

In reality, it is hard to distinguish email metadata from email content. Distinctions that might make sense for telephone conversations and data about those conversations do not always hold for online communications.

"The calls you make can reveal a lot, but now that so much of our lives are mediated by the internet, your IP [internet protocol] logs are really a real-time map of your brain: what are you reading about, what are you curious about, what personal ad are you responding to (with a dedicated email linked to that specific ad), what online discussions are you participating in, and how often?" said Julian Sanchez of the Cato Institute.

"Seeing your IP logs – and especially feeding them through sophisticated analytic tools – is a way of getting inside your head that's in many ways on par with reading your diary," Sanchez added.

The purpose of this internet metadata collection program is detailed in the full classified March 2009 draft report prepared by the NSA's inspector general (IG).

One function of this internet record collection is what is commonly referred to as "data mining", and which the NSA calls "contact chaining". The agency "analyzed networks with two degrees of separation (two hops) from the target", the report says. In other words, the NSA studied the online records of people who communicated with people who communicated with targeted individuals.

Contact chaining was considered off-limits inside the NSA before 9/11. In the 1990s, according to the draft IG report, the idea was nixed when the Justice Department "told NSA that the proposal fell within one of the Fisa definitions of electronic surveillance and, therefore, was not permissible when applied to metadata associated with presumed US persons".

How the US government came to collect Americans' email records

The collection of email metadata on Americans began in late 2001, under a top-secret NSA program started shortly after 9/11, according to the documents. Known as Stellar Wind, the program initially did not rely on the authority of any court – and initially restricted the NSA from analyzing records of emails between communicants wholly inside the US.

"NSA was authorized to acquire telephony and internet metadata for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States," the draft report states.

George W Bush briefly "discontinued" that bulk internet metadata collection, involving Americans, after a dramatic rebellion in March 2004 by senior figures at the Justice Department and FBI, as the Washington Post first reported. One of the leaders of that rebellion was deputy attorney general James Comey, whom Barack Obama nominated last week to run the FBI.

But Comey's act of defiance did not end the IP metadata collection, the documents reveal. It simply brought it under a newly created legal framework.

As soon as the NSA lost the blessing under the president's directive for collecting bulk internet metadata, the NSA IG report reads, "DoJ [the Department of Justice] and NSA immediately began efforts to recreate this authority."

The DoJ quickly convinced the Fisa court to authorize ongoing bulk collection of email metadata records. On 14 July 2004, barely two months after Bush stopped the collection, Fisa court chief judge Collen Kollar-Kotelly legally blessed it under a new order – the first time the surveillance court exercised its authority over a two-and-a-half-year-old surveillance program.

Kollar-Kotelly's order "essentially gave NSA the same authority to collect bulk internet metadata that it had under the PSP [Bush's program], except that it specified the datalinks from which NSA could collect, and it limited the number of people that could access the data".

How NSA gained more power to study Americans' online habits

The Bush email metadata program had restrictions on the scope of the bulk email records the NSA could analyze. Those restrictions are detailed in a legal memorandum written in a 27 November 2007, by assistant attorney general Kenneth Wainstein to his new boss, attorney general Michael Mukasey, who had taken office just a few weeks earlier.

The purpose of that memorandum was to advise Mukasey of the Pentagon's view that these restrictions were excessive, and to obtain permission for the NSA to expand its "contact chains" deeper into Americans' email records. The agency, the memo noted, already had "in its databases a large amount of communications metadata associated with persons in the United States".

But, Wainstein continued, "NSA's present practice is to 'stop' when a chain hits a telephone number or [internet] address believed to be used by a United States person."

Wainstein told Mukasey that giving NSA broader leeway to study Americans' online habits would give the surveillance agency, ironically, greater visibility into the online habits of foreigners – NSA's original mandate.

"NSA believes that it is over-identifying numbers and addresses that belong to United States persons and that modifying its practice to chain through all telephone numbers and addresses, including those reasonably believed to be used by a United States person," Wainstein wrote, "will yield valuable foreign intelligence information primarily concerning non-United States persons outside the United States."

The procedures "would clarify that the National Security Agency (NSA) may analyze communications metadata associated with United States persons and persons believed to be in the United States", Wainstein wrote.

In October 2007, Robert Gates, the secretary of defense, signed a set of "Supplemental Procedures" on internet metadata, including what it could do with Americans' data linked in its contact chains. Mukasey affixed his signature to the document in January 2008.

"NSA will continue to disseminate the results of its contact chaining and other analysis of communications metadata in accordance with current procedures governing the dissemination of information concerning US persons," the document states, without detailing the "current procedures".

It was this program that continued for more than two years into the Obama administration.

Turner, the director of national intelligence spokesman, did not respond to the Guardian's request for additional details of the metadata program or the reasons why it was stopped.

A senior administration official queried by the Washington Post denied that the Obama administration was "using this program" to "collect internet metadata in bulk", but added: "I'm not going to say we're not collecting any internet metadata."
http://www.guardian.co.uk/world/2013...thorised-obama





Surveillance 'Partnership' Between NSA and Telcos Points to AT&T, Verizon

Newly disclosed classified document suggests firms allowed spy agency to access e-mail and phone call data by tapping into their "fiber-optic cables, gateway switches, and data networks."
Declan McCullagh

The National Security Agency entered into "collection partnerships" with a pair of telecommunications companies that permitted tapping their fiber links. Evidence suggests it's AT&T and Verizon.

The National Security Agency entered into "collection partnerships" with a pair of telecommunications companies that permitted tapping their fiber links. Evidence suggests it's AT&T and Verizon.

Want to play a game of "guess who?"

A newly disclosed top secret document lauds the National Security Agency's "productive" and long-standing surveillance "partnership" with a pair of telecommunications providers -- that permitted tapping into their fiber links -- but without naming names.

This is where things get interesting for clue sleuths.

Even in the top-secret document published by the Guardian today, the firms are described only as "Company A" and "Company B." But the NSA's inspector general did disclose that, at the time the program was being formed in the wake of the September 11 attacks, the agency entered into the partnerships because Company A had access to 39 percent of international phone calls, and Company B had access to 28 percent.

Those figures closely correspond with Federal Communications Commission data. The most recent figures publicly available in late 2001, when the carrier "partnerships" were being expanded, reveal that AT&T carried 38.2 percent of international minutes billed to U.S. carriers. MCI, now part of Verizon, carried 29.1 percent.

Verizon spokesman Ed McFadden would not confirm or deny his employer's identity as company B, and told CNET today that the company "always requires appropriate legal process" when responding to requests from any government agency. AT&T did not respond to questions.

"Collection partnerships" with these two firms have allowed the spy agency to vacuum up e-mail and phone call content by tapping into their "fiber-optic cables, gateway switches, and data networks," says the 2009 report. That's consistent with previous reports that AT&T permitted the NSA to tap into its telecommunications facilities.

The disclosures, part of a 2009 report prepared by the NSA's Office of the Inspector General, emphasize how crucial -- and sensitive -- the agency's relationships with U.S. telecommunications companies have become.

These relationships also allowed the NSA to take advantage of the United States' role as an international Internet hub, which meant that an outsize share of worldwide traffic flows through the networks of AT&T, Verizon, and other U.S. providers. Even e-mail messages between Latin American and African countries, for instance, are typically routed through U.S. switches because of the lower cost.

NSA Director Keith Alexander believed, according to the inspector general's report, "if the relationships with these companies were ever terminated," the agency's eavesdropping ability would be "irrevocably damaged, because NSA would have sacrificed America's home field advantage as the primary hub for worldwide telecommunications."

Many of these relationships predated the September 11 attacks that dramatically increased the NSA's authority in a warrantless surveillance program secretly authorized by President Bush. A 1981 presidential executive order, for instance, authorized the collection of "signals intelligence information" for foreign intelligence purposes, which the NSA views as authorizing the interception of phone calls "transiting" the United States.

Soon after the 2001 attacks, according to the report, representatives of both Company A and Company B "contacted NSA and asked 'What can we do to help?'" Both had previously been "providing telephony content to NSA before 2001" under the 1981 executive order and the Foreign Intelligence Surveillance Act.

Initially, under the Bush-era program, the NSA was temporarily authorized to intercept "communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States." Then, in 2007, the Justice Department secretly authorized the agency to "analyze communications metadata associated with United States persons and persons believed to be in the United States."

Metadata is defined, according to the inspector general's report, as encompassing phone call records and "Internet Protocol" communications, which would include a person's IP address and what company or service they're communicating with. (Verizon turns over metadata of all customer calls to the NSA, meaning the logs of who called whom, every day.)

The Guardian's report today also cited a December 2012 document prepared by the NSA's Special Source Operations (SSO) directorate discussing classified programs codenamed EvilOlive and ShellTrumpet, which had "processed its one-trillionth metadata record" at the time. The newspaper, which did not make the SSO document public, summarized it as:

With this new system, the NSA is able to direct more than half of the internet traffic it intercepts from its collection points into its own repositories. One end of the communications collected are inside the United States. The NSA called it the "One-End Foreign (1EF) solution". It intended the program, codenamed EvilOlive, for "broadening the scope" of what it is able to collect....This new system, SSO stated in December, enables vastly increased collection by the NSA of Internet traffic. "The 1EF solution is allowing more than 75% of the traffic to pass through the filter," the SSO December document reads. "This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories."

One interpretation of EvilOlive is that the NSA is acquiring the majority of Americans' confidential Internet and phone communications -- or at least the majority flowing through the networks of its partner telecommunications companies -- and archiving them for years. Any subsequent restrictions on access by intelligence analysts would be policy-based, not technology-based, and could be modified in the future to be more permissive.

The Obama administration has declined to discuss the NSA's vast collection apparatus in any detail. A statement last week from James Clapper, the director of national intelligence, said an analyst cannot "can eavesdrop on domestic communications without proper legal authorization" -- but, pointedly, did not say what "proper legal authorization" meant.

In an online chat earlier this month, Snowden said there were few practical restrictions on analysts' ability to target American citizens:

NSA likes to use "domestic" as a weasel word here for a number of reasons....The reality is that due to [a 2008 federal law known as FAA 702], Americans' communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant. They excuse this as "incidental" collection, but at the end of the day, someone at NSA still has the content of your communications....If I target for example an email address, for example under FAA 702, and that email address sent something to you, Joe America, the analyst gets it. All of it. IPs, raw data, content, headers, attachments, everything. And it gets saved for a very long time -- and can be extended further with waivers rather than warrants."

A document previously leaked by Snowden, the former NSA contractor believed to be staying in the transit area of Moscow's Sheremetyevo Airport, described "upstream" data collection from "fiber cables and infrastructure as data flows past."

Documents that came to light in 2006 in a lawsuit brought by the Electronic Frontier Foundation offer insight into the spy agency's relationship with AT&T and other Tier 1 providers. Mark Klein, who worked as an AT&T technician for over 22 years, disclosed that he witnessed domestic voice and Internet traffic being surreptitiously "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. The room was accessible only to NSA-cleared technicians.

"This is a complete vindication," Klein, now retired and living in the San Francisco bay area, told Wired today. "They are collecting everything on everybody."

During a hearing earlier this month, Alexander, the NSA director, said his agency's surveillance programs were valuable intelligence gathering techniques that have helped to keep Americans safe:

Virtually all countries have lawful intercept programs under which they compel communications providers to share data about individuals they believe represent a threat to their societies. Communications providers are required to comply with those programs in the countries in which they operate. The United States is not unique in this capability. The U.S., however, operates its program under the strict oversight and compliance regime that was noted above, with careful oversights by the courts, Congress and the administration....We have created and implemented and continued to monitor a comprehensive mission compliance program inside NSA.

Alexander said that an analyst who wants to "target the content of a U.S. person anywhere in the world" must get a specific court warrant."

Today's disclosures about the NSA's so-called EvilOlive and other programs highlight the lack of strong encryption that would armor the communications of Internet users against warrantless surveillance.

A CNET article last week reported that, with the exception of Google, few large e-mail providers use encryption to protect their customers' privacy. And few, another article yesterday reported, use strong encryption that would shield their customers' Web browsing from government snoops.
http://news.cnet.com/8301-13578_3-57...-at-t-verizon/





Perfect Forward Secrecy Can Block the NSA from Secure Web Pages, But No One Uses It
Michael Horowitz

Suppose, for the sake of argument, that you wanted to spy on people using Microsoft's outlook.com website. First, you would need to capture requests to the site along with the returned web pages. But those pages are encrypted (sent via HTTPS rather than HTTP), so you would also have to break the encryption. Firefox tells us this is "very difficult" and "very unlikely".

But every lock has a key and outlook.com has a HUGE MASTER KEY. Anyone in possession of this master key can read the encrypted HTTPS pages. All of them. Every single encrypted web page that has ever been transmitted by outlook.com to millions of former Hotmail users can be decrypted with a single master key.

Of course, to read them all, you have to collect them all. This may not be a problem for the NSA.

It doesn't have to be this way. There is a server option called Perfect Forward Secrecy that eliminates the single master decryption key.

But Microsoft doesn't use Perfect Forward Secrecy on the outlook.com servers. They are not alone. The vast majority of sites offering encrypted web pages, including all the big financial institutions except one (detailed below), fail to employ Perfect Forward Secrecy.

Here I will explain how Perfect Forward Secrecy works, why most websites fail to employ it, how to detect when it is being used and point out two websites (one brutally popular) that do use it. Take a guess. What two companies do you think have their technical act together sufficiently to use such an obscure security feature?

It's a lot to cover, this blog is long and, at times, somewhat technical.

WIRETAPS

Multiple reports claim that the NSA taps directly into the communication backbone of the Internet. Edward Snowden, the NSA leaker, recently said "We hack network backbones – like huge Internet routers, basically – that give us access to the communications of hundreds of thousands of computers without having to hack every single one."

Back in 2006, a former AT&T employee alleged that the NSA was tapping into the AT&T Worldnet service (see here and here and here). CNET speculated back then whether it was even necessary for the major telecommunication companies to co-operate with the NSA for them to install wiretaps.

As an analogy, think of this as if the NSA had cameras on the median of a highway, recording images of every vehicle as it passes.

One of the PowerPoint slides that Snowden leaked showed that major Internet companies (Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, Apple) were assimilated into the PRISM system over the space of a few years.

Even for the NSA collecting all the data traveling across the Internet on US soil is probably too big a job (at least until their new data center in Utah comes online).

Steve Gibson recently devoted an entire episode of his Security Now podcast to this. He surmised, going back to the analogy, that the NSA was only monitoring some exits and entrances to the highway that is the Internet.

By its very definition, the Internet is a network of networks. Gibson's theory is that when the NSA wanted to spy on data coming and going from a particular company they put wiretaps at the junction point where that company's data centers are connected to the outside world (highway entrances and exits in the analogy).

The beauty of this scheme (from the point of view of the NSA) is that the spied upon company is out of the loop, they would have no idea anything had happened.

Much of the data traveling over the Internet is un-encrypted leaving it easily accessible to a wiretapper.

But what about secure web pages, those transmitted via HTTPS rather than HTTP? HTTPS is purposely designed to foil just this sort of wiretapping.

Going back to the highway analogy, encrypted HTTPS web pages are the equivalent of a car with dark tinted windows. The NSA cameras on the median of the highway can't see into the car, but they know that someone is purposely hiding in there. Most likely, that's where the good stuff is.

It is said that the encryption used for HTTPS (provided by either the SSL or TLS protocols) is unbreakable, by and large. There have been some coding errors over the years, of course, and there were some weak encryption choices, but it has mostly held up to outside scrutiny.

Even if the NSA can't see past the tinted windows at the time of the recording, they would certainly keep the video in case a future technical breakthrough (i.e. quantum computing) would provide access. But there is no need to break through a wall, if the you have the key to the front door.

How can one piece of data decrypt every web page outlook.com has ever sent? Especially if the encryption is as good as experts claim. The explanation is a bit techie.

SHARED KEY EXCHANGE

Encrypted HTTPS connections (note that I have given up on the word "secure" here) start out with a dialog between your computing device and the web server computer hosting the site you want to visit securely. Below is a terribly inaccurate example of the handshaking conversation that sets up the connection initially.

• My computer: hello www.joeswebsite.com I would like to have an encrypted conversation.
• Server: OK, here is my digital certificate and public key
• My computer: Nice certificate. Lets pick an encryption scheme, I support schemes 4, 9 and 12
• Server: Lets use encryption scheme 9 please
• My computer: OK, 9 it is. We need a shared encryption key (password) for this session. Since I'm in Boston, how about "LetsGoRedSawx"
• Server: Baseball is boring, but from now on, I agree to use "LetsGoRedSawx" as our shared password

The important point here is that the end result of the setup conversation is a shared encryption key (think of it as a password). The technical term for this is symmetric encryption. If outlook.com sends you 99 web pages, each one was encrypted with the same key/password.

This is not, however, the problem since each computer uses a different shared encryption key/password when talking to joeswebsite.com. The problem has to do with the way my computer sends "LetGoRedSawx" (the shared encryption key) to the server. It does so encrypted with the servers public key, which lets the server decrypt it using its private key.

An explanation of public and private keys would make this long blog even longer. Suffice it to say the private key is something that only the web server running joeswebsite.com is supposed to know - hence the term "private". This private key is also what I was referring to in the beginning as the HUGE MASTER KEY.

Even though every computer picks a different shared encryption key, they are all sent to the webserver such that whoever knows the private key can decrypt not only the current session between my computer and joeswebsite.com, but every session between every computer and joeswebsite.com.

Suppose, for example, the NSA was recording all HTTPS encrypted traffic to/from joeswebsite.com in January. Then, in February, they learned the private key for joeswebsite.com. Almost always, that lets them decrypt everything from January, February, March and beyond.

It is as if every HTTPS session to joeswebsite.com were encrypted with the exact same password. That's not actually what happens, but in terms of spying on joeswebsite.com, it might as well be.

One key can unlock quite a gold mine of data.

PERFECT FORWARD SECRECY

The more secure way of handling things, as noted earlier, is called Perfect Forward Secrecy. It uses a variation of the initial setup conversation where the server chooses a temporary encryption key. The point of this, as described by Vincent Bernat is to keep "todays information ... secret even if the private key is compromised in the future."

With Perfect Forward Secrecy, anyone possessing the private key and a wiretap of Internet activity can decrypt nothing.

The standard bearer for Perfect Forward Secrecy is Google, which converted to it late in 2011. It was announced in a blog by Adam Langley

Most major sites supporting HTTPS operate in a non-forward secret fashion, which runs the risk of retrospective decryption. In other words, an encrypted, unreadable email could be recorded while being delivered to your computer today. In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today’s email traffic ... An adversary that breaks a single key will no longer be able to decrypt months’ worth of connections; in fact, not even the server operator will be able to retroactively decrypt HTTPS sessions.

Langley points out that Google's Chrome browser can be used to verify that Perfect Forward Secrecy is in place. For Chrome on Android 4.1 and iOS 6, click on the green padlock icon, then look for the key exchange mechanism. For Chrome on Windows and OS X, after clicking on the green padlock, you need to click on the Connection tab before you can see the type of key exchange.

A shared key exchange using ECDHE_RSA is good (forward secret), one using RSA is bad.

Frankly, this is way over my head. That said, ECDHE_RSA stands for elliptic curve, ephemeral Diffie-Hellman, signed by an RSA key. Say that three times fast.

The critical letter is the second "E" for ephemeral, which in turn, means that a temporary encryption key was used.

The only other good key exchange is the DHE_RSA employed at bloomberg.com (again, the "E" is for ephemeral).

Perfect Forward Secrecy and ephemeral Diffie-Hellman key exchanges are fairly obscure stuff. Until a few days ago, I had never heard of either. It's so obscure that, except for Chrome, web browsers don't externalize it. On Windows 7, I checked Firefox 21, Internet Explorer 9, Internet Explorer 10 and Opera 12.15. None said anything about the key exchange. Even the SSL server test from SSL Labs doesn't spell it out clearly.

This ends the hard part.

PERFECT FORWARD SECRECY IN THE WILD

Most websites run without Perfect Forward Secrecy.

When you login to Amazon.com, for example, it's not used. Same for yahoo.com, americanexpress.com, chase.com, wellsfargo.com, citibank.com, bankofamerica.com, capitalone.com, bnymellon.com, citizensbankonline.com, fidelity.com, vanguard.com, oppenheimerfunds.com, etrade.com, scottrade.com, schwab.com, jpmorgan.com, macys.com, llbean.com, bloomingdales.com, nordstrom.com, walmart.com, target.com, homedepot.com, newegg.com, apple.com, lenovo.com, dell.com, hp.com and paypal.com.

But, when you login to gmail.com there is forward secrecy, at least with Google's Chrome and other modern* web browsers.

If Perfect Forward Secrecy offers extra security, why do so few websites use it?

Perhaps some website operators aren't aware of it. I doubt, however, that applies to Paypal, American Express and the banks for whom security is critical. Conspiracy theorists might suspect that some organizations were compelled not to use it. Nikos Mavrogiannopoulos, a mathematician with a PhD in cryptography, said that most servers prohibit the use of Perfect Forward Secrecy.

Chances are, that the answer is simply because it takes more computing horsepower.

Mavrogiannopoulos measured the overhead of Perfect Forward Secrecy. Without it, his test computer could perform 460 transactions per second (the higher the number the better the performance). Using the ECDHE-RSA that Google employs, he got 352 transactions/second, a 23% reduction. With the DHE-RSA used by Bloomberg, he got only 98 transactions/second.

Vincent Bernat found the overhead to be between 15% and 27% using ECDHE-RSA. However, that was for "full" TLS handshakes. Apparently the handshakes can also be resumed, something that's beyond my understanding.

WHO HOLDS THE KEYS?

Trivially easy, global spying on encrypted (what others call "secure") web pages is only possible if the NSA can get the private keys of the companies they want to spy on.

Can they?

At the most basic level a private key is just a file and files can be copied without a trace. So, it's not hard to imagine a number of possible scenarios by which the private key might leak out.

For one, the computer running the website could be hacked either remotely, or if some breaking and entering is involved, locally. Then too, computers are administered by people and if the right person is made an offer they can't refuse ...

If nothing else, the recent Edward Snowden revelations remind us that the government has compelled companies to turn over information while forbidding them from saying anything publicly.

So, the next time someone near you enters sensitive information into a web page ask if the site employs Perfect Forward Secrecy. Tell them that without it, a single piece of data is all that prevents the NSA from passively spying on every user of that website in a totally undetectable way. If you read this far, you deserve to gloat.

Finally, a thank you to Google and Bloomberg for making your customers safer even though none of them know about it.
http://blogs.computerworld.com/encry...pages-maybe-so





NSA Controversy Boosts Interest in ‘Private’ Internet Search Engines
Agence France-Presse

Internet users are taking a fresh look at “privacy” search engines that do not store data or track online activity, in light of the flap over US government surveillance.

While Google’s market share has not seen a noticeable dent, privacy search engines like US-based DuckDuckGo and European-based Ixquick have seen jumps in traffic from users seeking to limit their online tracks.

“I think people are seeking out privacy alternatives,” said Gabriel Weinberg, founder of DuckDuckGo, an engine created in 2007, which does not store IP addresses or create profiles of users.

The stored data has become a concern following revelations of a massive surveillance program run by the secretive National Security Agency, with access to data from Google, Yahoo! and other Internet firms.

US officials say the information gathered is vital in the fight against global terrorism.

The same data and profiles can be used by the search engine to deliver ads and sold to outside marketers as well.

“What people type in their search engines is their most personal things,” Weinberg said. “It’s a little creepy that a search engine can know so much about you.”

DuckDuckGo had been growing slowly in recent years, but its traffic charts showed a surge after the first news broke June 6 of the government’s PRISM surveillance program. By June 20, traffic had hit nearly three million queries, double the level of a year earlier.

More than half of DuckDuckGo traffic comes from outside the United States, Weinberg said.

“This NSA story played into the trend of people’s fears” about online tracking, said Weinberg.

Weinberg said another factor is that Google results are being gamed by search engine spammers and other companies trying to rank their results higher.”

Dutch-based Ixquick, which also uses the name StartPage, said it too has seen a dramatic jump in usage after news of the PRISM data sharing program.

Last week, the two meta-search engines — which use the results of Google and other search sites and strip out identifying information — served as many as 3.6 million queries.

“This growth has been sustained, it shows no signs of slowing down,” said spokeswoman Katherine Albrecht.

The revelations about PRISM “really have woken people up,” she said.

“People had heard the message of privacy but hadn’t been able to nail it down to how it relates to them.”

The company proclaims it “has never turned over user data to any government entity anywhere on earth” and is “not directly subject to US jurisdiction.”

Another search engine, California-based Blekko, allows users to select privacy settings and keeps no data if the user selects “do not track.”

“Even if you are not a criminal, you probably make searches that you don’t want your minister, boss, or spouse to know about,” said Blekko’s Greg Lindahl.

Weinberg said DuckDuckGo’s model allows it to make money through “keyword” advertising, without stored profiles. So if someone is searching for a “mortgage,” they might see ads for banks.

This differs from search engines that track the pages people visit and then deliver related ads, a practice known as “retargeting.”

“Retargeting is effective only for a small amount of people, the rest are just annoyed by it,” he said.

Danny Sullivan, editor in chief at the specialized website Search Engine Land, said these kinds of search engines were “interesting” but unlikely to have a major market impact.

“It’s extremely unlikely in the next three to five years that any player will come along and take a sizeable share away from Google,” he said.

A survey of the US market by the research firm comScore showed Google with a 66.5 percent market share, with 13.3 billion search queries in a month, followed by Microsoft (17.3 percent, 3.5 billion) and Yahoo! (12 percent, 2.4 billion).

Sullivan said the news over NSA surveillance “so far doesn’t seem to be spooking” the public.

He said Google does not force people to create a profile that can be used to connect with its other services.

“You can go to Google, and you can do a search without being logged in, and you still get very good results,” Sullivan said.

“If you do log in and connect to these services, Google blows DuckDuckGo out of the water. When it has access to your calendar and search history, Google can predict your answers before you even ask them.”
http://www.rawstory.com/rs/2013/06/2...earch-engines/





Subject: [IP] From the principal architect -- Skype / NSA permalink
From: Dave Farber (da...@farber.net)
Date: Jun 23, 2013 6:08:19 am
List: com.listbox.v2.ip

---------- Forwarded message ---------- From: *Matthew Kaufman* Date: Saturday, June 22, 2013 Subject: Skype / NSA To: da...@farber.net

Dave, for IP:

I'm a long-time IP list reader and also Principal Architect for Skype, and I'd like to address a few of the things below...

*Ridgely Evers* wrote:

John,

That's a fine distinction; the fact is that the management of Skype -- even when they were owned by eBay -- told the US Government to stick it, and got away with it.

I'm obviously not in a position to comment on what Skype can and cannot log or intercept, nor how and when that data (if any) is passed on to third parties. Microsoft has made statements about this aspect already.

The very architecture of Skype made that relatively easy to do. From its inception all communications were strongly encrypted. In addition, it was peer-to-peer, making it nearly impossible to wiretap.

As a consequence, people who were concerned about privacy -- including many of us in the security industry -- used Skype for secure communications.

Both eBay and Silverlake maintained this architecture, as well as the Luxembourg HQ.

Since being acquired by Microsoft, however, the service has been re-architected to run through MSFT-owned servers, rendering encryption functionally meaningless and making it just as easy as POTS to monitor.

None of this -- neither the $7.5B acquisition itself, nor the decision to move to a datacenter model -- make strategic or business sense for Microsoft as far as I can tell.

It's not the first really dumb thing they've done, but it makes me suspicious, especially in light of recent news.

Ok, so I take issue with it being "really dumb", and I'd like to explain why:

First is actually a more subtle issue... the Skype peer-to-peer network architecture elected certain nodes to be "supernodes", to help maintain the index of peers as well as handle parts of the NAT/firewall traversal for other peers. This election algorithm chose only machines with open Internet connectivity, substantial uptime, and which were running the latest version of our peer-to-peer code. The last bit unfortunately meant that most of the time, the election winners were a monoculture of Windows desktop machines running the latest Windows Skype client. This proved to be a problem when not once, but twice a global Skype network outage was caused by a crashing bug in that client... bootstrapping the network back into existence afterwards was painful and lengthy, and that is in part why Skype has switched to server-based "dedicated supernodes"... nodes that we control, can handle orders of magnitudes more clients per host, are in protected data centers and up all the time, and running code that is less complex that the entire client code base. (And this conversion started well before the Microsoft acquisition was even announced, during the Silverlake era.)

The second is really what is driving Skype to move not just the supernodes but actually many other parts of our calling and messaging infrastructure "to the cloud", and that is the amazing growth of mobile and tablet computing. The Skype peer-to-peer network, and many of its functions (such as instant messaging) was built for a world where almost every machine is powered by a wall socket, plugged into broadband Internet, and on for many hours a day.

Over the past few years, the number of Skype users who are using Skype from iOS-based phones and tablets, Android-based phones and tablets, Windows Phone-based phones, and Windows RT tablet devices has gone from a tiny percentage to a significant fraction of our user base. And these devices are a lot different: they're running on battery, sometimes on WiFi but often on expensive (both in money and battery) 2G or 3G data networks, and essentially "off" most of the time. On iOS devices, applications are killed and evicted from memory when they attempt to do too much background processing or use too much memory. On Windows RT and Windows 8 Modern applications, when the application is not in the foreground we only get a few seconds of CPU execution time every 15 minutes and again, strict memory limitations if we want to stay loaded. And when the Skype application is unloaded, it can no longer receive incoming calls or IMs, rendering it a lot less useful.

If you've tried to use Skype on a mobile device, especially if you have a lot of contacts or a lot of IM conversations, you'll discover that it rapidly becomes a battery-powered hand warmer, and drains the battery faster that probably any other well-known application out there. And this is because it, until recently, was participating as a full node on our peer-to-peer network... exchanging packets regularly (over your 3G radio, most likely) with every single one of your contacts to keep presence status updated, exchanging packets with everyone in every IM conversation to keep those conversations synchronized, etc.

And you probably also have started to notice things like missed IM delivery, as the peer-to-peer delivery algorithm requires that both the sender and the receiver be running at the same time in order to deliver a message... not a problem with two broadband-attached always-on PCs, but rare if you're both on Windows Phone or Windows RT tablets that only run that algorithm when the application is in the foreground or for 3-5 seconds after it is backgrounded.

How do we solve that for our users? Servers. Lots of them, and more and more often in the Windows Azure cloud infrastructure. In the case of instant messaging, we have merged the Skype and Windows Messenger message delivery backend services, and this now gets you delivery of messages even when the recipient is offline, and other nice features like spam filtering and malicious URL removal. For calling, we have the dedicated supernodes already, and additional services to help calls succeed when the receiving client is asleep and needs a push notification to wake up. And over time you will see more and more services move to the Skype cloud, offloading memory and CPU requirements from the mobile devices everyone wants to enjoy to their fullest and with maximum battery life.

Making this transition has been difficult and taken the hard work of hundreds of developers, especially to make it as seamless as possible for users who don't particularly care how we get it done or that we are changing it... but I would say that it makes strategic and business sense to be doing, otherwise we wouldn't bother, and I hope the above at least partially explains why I think that.

Matthew Kaufman

http://markmail.org/message/exc3srjkx3uu66bz?q=android





EMERGENCY - AMATEUR RADIO NEEDS YOUR HELP NOW!

Please forward this message to other hams. The most current version of this message is at http://hams.com/encryption/ Please use that version.

FCC is currently processing a request for rule-making, RM-11699 (pdf), that would allow the use of Amateur frequencies in the U.S. for private, digitally-encrypted messages.

Encryption is a potential disaster for us because it defeats the self-policing nature of ham radio. If hams can't decode messages, we can't identify if the communication is appropriate for ham radio or not. A potentially worse problem is that encryption destroys the harmless nature of Amateur radio. For governments around the world to continue to allow Amateur Radio, it must be percieved as harmless. There's no reason for anyone to believe that encrypted communications are harmless. Foreign governments, and maybe even our own, will start to see hams as more of a threat. This is likely to have a chilling effect upon DXpeditions, which are already often viewed suspiciously by the host nations, and perhaps will even lead some countries to take Amateur Radio off of the air or limit our privileges in some way.

The last day for you to submit a comment opposing this is JULY 7, so it's important for you to act now! Please make a short comment in opposition to the proposal at this link, or use this link to upload longer documents.

We have no way of telling if the content of encrypted messages are appropriate for ham radio. While their senders will identify them as emergency communications drills, they could be used for crime, operating a business, downloading pornography, etc. WiFi-like cards are already available for Amateur frequencies, and while hams can build legitimate networks with them, none of their vendors check for a license before selling them to anyone. Legalizing encryption on the air will make abuse of Amateur frequencies provable only after difficult and potentially illegal code-breaking.

A small group has almost succeeded in sneaking this change past the entire ham community. As I write this, they are almost unopposed, with only one comment against their proposal submitted to FCC. We have less than two weeks to turn that around!

Unfortunately, ARRL isn't helping. On March 9, the ARRL board of directors moved to explore whether they should ask for rule-changes authorizing encryption, see their meeting minutes at paragraph 4.1.3. Before ARRL was scheduled to consider a report on the issue, an individual ham filed a request for rule-making with FCC. ARRL obviously tracks FCC rule-making and the notices of it in the Federal Register, and yet waited until two weeks before the end of the commenting period to announce on their web site that this was going on.

What could be a plausible excuse for using encryption on the Amateur bands? It's HIPAA, a 1996 law that requires that doctors, hospitals and other medical services providers keep patient data secret. And thus, hospitals have become reluctant to use ham communications in emergencies. We effectively broadcast all of the information we communicate, and they're afraid that we'll get them sued by doing so.

Emergency communications are a critical component of the mission of Amateur Radio, and are one of only four purposes that FCC uses to justify the existence of the Amateur Service. It may be that encryption does become critical to support Amateur emergency services. But that time has not yet come. If we are to allow encryption on the air, that should come only after the entire ham community has discussed it throughly and explored all of the options. And yet, nobody's brought this issue before you, before attempting to change the rules behind your back.

The folks who support the encryption proposal are, as far as I can tell, well-meaning. Many of them are involved in emergency communications. But their methods are inappropriate. If they want this change, they must discuss the issue throughly at ham conferences and in our publications. They must allow hams to become educated about the alternatives before we decide as a community if a rule change is necessary.

What are the alternatives? One is changing HIPAA to remove liability from the doctors and hospitals for disclosure of information in an amateur emergency transmission. Changing laws is not impossible for Amateurs. Through lobbying congress, we have recently been able to cause changes in ITAR 121, a Department of Defense restriction that made it difficult for us to collaborate with other nations in building microsats. That's changing now as a result of lobbying by ham organizations. If hams can get that done, we can reform HIPAA as well.

Another alternative is to leave the rules as they are today. Many emergency organizations have been able to operate without encryption despite any reservations by the served organizations regarding HIPAA, which has existed since 1996. And many services other than Amateur Radio, including MARS, Land Mobile, and Part 15 can provide encryption without a rule-change, and might be more appropriate venues for this traffic.

If we end up deciding to have encryption on the Amateur bands, we must do so only after developing a system of controls that prevent its abuse. There is no anti-abuse method sugested in the current request for rule making, but I propose this one: Encryption would only be allowed in tests and drills that would be authorized and publicly announced by accredited ARES or RACES organizations, and or actual emergency communications for a served agency that is subject to patient privacy regulations such as HIPAA. Logging of encrypted transmissions, including the encryption key, would be mandatory. Stations would be required to disclose their keys to amateur volunteers who would check recorded transmissions for rule-violation, but those volunteers would be required to keep any HIPAA-protected patient data within the transmission private. Stations that repeatedly failed to cooperate in allowing their messages to be decrypted and checked by third parties would be subject to penalties.

But we haven't decided any of this yet. And we shouldn't without your participation. Thus, please comment now in opposition of the proposal.

Again, the last day for you to submit a comment opposing this is JULY 7, so it's important for you to act now! Please make a short comment in opposition to the proposal at this link, or use this link to upload longer documents.

About the Author: Bruce Perens K6BP is one of the founders of the Open Source movement in software. He is also the founder of No-Code International, the organization that successfully lobbied for the global elimination of code testing. More recently, Perens has been a pioneer of digital communications over Ham Radio. He started and evangelized the Codec2 (http://codec2.org/) project, which has developed a fully open and patent-free digital voice codec for Radio Amateurs. That codec is now in use in FreeDV (http://freedv.org/), which provides clear digital voice communications on HF in half the bandwidth of SSB. You can reach Bruce Perens K6BP at +1 510-4PERENS (US Pacific time), or email to bruce at perens dot com.

Please forward this message to other hams. The most current version is at http://hams.com/encryption/ Please use that version.
http://hams.com/encryption/





'Meet the Press' Pundit With Financial Ties to NSA Misleadingly Slams Snowden
Lee Fang

On Meet the Press yesterday, shortly after host host David Gregory stunned many by suggesting that The Guardian’s Glenn Greenwald should face prosecution, a roundtable of pundits discussed the unfolding Edward Snowden story. Mike Murphy, one of the Meet the Press pundits, mocked Snowden’s attempt to seek asylum, calling him a “so-called whistleblower,” and charging that “it’s never been easier in human history to be a whistleblower” through official means.

There are problems here with both the messenger and the message.

First, the message. In fact, the Obama administration has one of the worst records of any president’s in terms of prosecuting leaks and whistleblowers. Moreover, Snowden had virtually no legal protections as a member of an intelligence agency contractor (Booz Allen Hamilton). In These Times reported that “as part of last year’s Whistleblower’s Protection Enhancement Act, rights for whistleblowers were enhanced for many categories of federal employees, but intelligence employees were excluded from coverage under the act. Likewise, intelligence workers—both federal and contract employees—were excluded from whistle blower protections offered to military contract employees under the most recent National Defense Authorization Act (NDAA).”

But Murphy himself has a stake in this debate that arguably ought to have been disclosed. Though Murphy was introduced only as a “Republican strategist,” he is also the founding partner of Navigators Global, a lobbying firm that represents one of the NSA’s largest contractors. Disclosures show that Navigators Global represents Computer Sciences Corp. (CSC) on issues before Congress. For at least a decade, CSC has won major contracts from the National Security Agency (NSA). Murphy’s firm has lobbied on behalf of CSC for bills that would expand the NSA’s reach, including the Cyber Intelligence Sharing and Protection Act or CISPA, which passed the House of Representatives earlier this year. As the Center for Democracy and Technology noted, the “legislation is being billed as an expansion of a collaboration between the National Security Agency (NSA) and major ISPs dubbed the Defense Industrial Base Pilot.”

As Americans continue to debate the revelations raised by Snowden, few lawmakers have raised the potential for abuse when powerful spy technology is outsourced to private contractors. Rather than focusing on the issue of the sprawling surveillance state or its legions of private contractors, many in the media seem intent on only discussing the personality or motives of Edward Snowden. While Murphy’s misleading assertion about whistleblower protections was challenged briefly by NBC’s Chuck Todd, his claim obscures the facts of the story.

Though Meet the Press has a strong reputation for confronting politicians with tough questions, often the show has trouble with disclosure, particularly in terms of revealing the private sector ties of their guests. For instance, Harold Ford, a regular Meet the Press pundit and a frequent voice for corporate-friendly policies, has served in various roles in the finance industry, with Bank of America and now with Morgan Stanley. He has used his perch on the show to criticize the Occupy movement and, more recently, to warn the Obama campaign against attacking Mitt Romney’s private equity record. Yet transcripts show that Ford is almost always introduced not as a Wall Street executive but as a “former Congressman.” Similarly, Murphy is almost always introduced as a “Republican strategist” without mention of his lobbying firm or its clients.
http://www.thenation.com/blog/174962...#ixzz2XAs29bA3





Glenn Greenwald Pushes Back Hard On Latest Edward Snowden “Revelations”
Greg Sargent

Much is being made today of the news that Edward Snowden told the South China Morning Post that he’d taken the job at Booz Allen — the firm contracted by the NSA — for the explicit purpose of getting access to classified documents that prove widespread surveillance. Some are even using the news to raise questions about the motives behind Glenn Greenwald’s reliance on documents leaked by Snowden.

But in an interview this afternoon, Greenwald dismissed the significance of the new revelations, saying they fit in logically with the chronology that’s already publicly known about Snowden — and he challenged critics to show proof of any wrongdoing on his part.

“Anybody who wants to accuse me or anyone at the Guardian of aiding and abetting Snowden has the obligation to point to any specific evidence to support that accusation,” Greenwald told me. “Otherwise they’re just spouting reckless innuendo.”

Snowden told the South China Morning Post: ”My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked. That is why I accepted that position about three months ago.”

Some on have already highlighted a Tweet Greenwald posted in early June in which he said he’d been working with Snowden since February, and it’s likely that those enraged by Greenwald’s and Snowden’s revelations will continue amplifying this angle.

But Greenwald told me that when Snowden had initially contacted him, Snowden hadn’t even shared his name or where he worked — he’d simply said he had explosive documents that Greenwald (whose reporting on leak investigations and civil liberties abuses was already widely known) would want to see. At that stage, Greenwald said, their conversations only concerned how to set up an encryption system that Snowden wanted in order to facilitate private communication of documents with him. The system was not set up until several months later, Greenwald said.

It was only in May — and not before — that Snowden told him who he was, who he worked for (at that point he identified himself as affiliated with the NSA) and what sort of documents he had to share, Greenwald says. It wasn’t until June — when Greenwald visited Snowden in Hong Kong — that Snowden told him he worked specifically for Booz Allen, Greenwald adds.

“We had early conversations about setting up encryption, so we worked early on to set that up,” Greenwald says. “We didn’t work on any documents. I didn’t even know Edward Snowden’s name or where he worked until after he was in Hong Kong with the documents. Anyone who is claiming that somehow I worked with him to get those documents or helped him is just lying.”

Asked if he saw any significance in Snowden’s latest comments, Greenwald argued that they fit in with the chronology of what is already known. Greenwald noted that Snowden had been working at the NSA since 2009 and that his public statements show he’d already concluded serious wrongdoing was going on, so he may well have gotten the job at Booz Allen in order to get documents he needed to make that case.

“I don’t see the significance of this at all,” Greenwald said. “He had said he had seen serious wrongdoing that he wanted to inform Americans about. He apparently wanted this last set of documents to present a complete picture.”

Indeed, if Snowden’s act of getting the job at Booz Allen in order to leak these documents constitutes a deliberate effort to undermine the United States, the premise of this idea is that the leaking of the documents itself constitutes that. This point, of course, is in dispute. In other words, it’s unclear what Snowden’s latest comments really tell us.

“This whole theory of aiding and abetting is nothing more than a diversionary tactic,” Greenwald said. “Every single journalist works cooperatively with sources in order to obtain evidence.”

Greenwald concludes of his and Snowden’s critics: “They are trying to shift attention away from what the U.S. government has done onto what the people who have reported it have done.”
http://www.washingtonpost.com/blogs/...s/?tid=rssfeed





Assange, Back in News, Never Left U.S. Radar
David Carr and Ravi Somaiya

In June 2011, Ogmundur Jonasson, Iceland’s minister of the interior at the time, received an urgent message from the authorities in the United States. It said that “there was an imminent attack on Icelandic government databases” by hackers, and that the F.B.I. would send agents to investigate, Mr. Jonasson said in a telephone interview.

But when “eight or nine” F.B.I. agents arrived in August, Mr. Jonasson said, he found that they were not investigating an imminent attack, but gathering material on WikiLeaks, the activist group that has been responsible for publishing millions of confidential documents over the past three years, and that has many operatives in Iceland.

Mr. Jonasson asked the agents to leave, he said, because they had misrepresented the purpose of their visit.

The operation in Iceland was part of a wide-ranging investigation into WikiLeaks and its founder, Julian Assange, for their roles in the release of American military and diplomatic documents in 2010. The investigation has been quietly gathering material since at least October 2010, six months after the arrest of Pfc. Bradley Manning, the army enlistee who is accused of providing the bulk of the leaks.

Until he re-emerged this week as an ally for Edward J. Snowden, the former computer contractor who leaked details of National Security Agency surveillance, Mr. Assange looked like a forgotten man. WikiLeaks had not had a major release of information in several years, its funds had dwindled and several senior architects of its systems left, citing internal disputes. Mr. Assange himself is holed up in the Ecuadorean Embassy in London, where he fled to avoid extradition to Sweden for questioning on allegations of sexual abuse.

But the United States government had not forgotten about him. Interviews with government agents, prosecutors and others familiar with the WikiLeaks investigation, as well as an examination of court documents, suggest that Mr. Assange and WikiLeaks are being investigated by several government agencies, along with a grand jury that has subpoenaed witnesses.

Tens of thousands of pages of evidence have been gathered. And at least four other former members of WikiLeaks have had contact with the United States authorities seeking information on Mr. Assange, the former members said, speaking on the condition of anonymity to discuss a matter they were informed was confidential.

In response to recent questions from The New York Times and others, a Justice Department spokesman confirmed that it “has an investigation into matters involving WikiLeaks, and that investigation remains ongoing,” but he declined to offer any details.

The prosecution of WikiLeaks would put the administration into tricky legal territory. WikiLeaks is an international organization, and, unlike Private Manning and Mr. Snowden, Mr. Assange and the other members did not work for the United States government or its contractors and could not be charged with espionage.

WikiLeaks maintains it was functioning as a publisher by enabling the release of information in the public interest, and it has frequently been a partner with traditional news organizations, including The New York Times and The Guardian. If the government charged WikiLeaks and Mr. Assange as co-conspirators, it would be arguing that, unlike their partners, they are not journalists.

“Given the government’s aggression in the Snowden case, I would expect that the government will continue to move forward with the Assange case on a conspiracy theory, even though WikiLeaks would seem eligible for First Amendment protections,” said James C. Goodale, a First Amendment lawyer who previously worked for The Times and is the author of “Fighting for the Press.”

He added that no reporter had ever been successfully prosecuted on a conspiracy charge but that recent actions, like the investigation of a Fox News reporter, James Rosen, was evidence that the government was “moving toward criminalizing the reporting process.”

The Times has never been contacted as part of a WikiLeaks investigation said David E. McCraw, its assistant general counsel. “But I would note that the proposed shield law,” he said, describing new legislation that the administration says is an effort to shield journalists from prosecution, “tries to define Wiki-like publishers out of the definition of news organizations.”

Mr. Assange declined to be interviewed, but said in a statement to The Times that the Justice Department “and its accompanying F.B.I. investigation are blinded by their zeal to get rid of publishers who speak truth to power.

“They believe U.S. agencies can flout laws, coerce people into becoming informants, steal our property and detain our alleged sources without trial,” the statement added.

The investigation has largely been carried out in secret, as most are, but a few clues have emerged. In December 2010, the United States attorney for the Eastern District of Virginia requested Twitter account information for Private Manning, Mr. Assange and Birgitta Jonsdottir, a former WikiLeaks activist and now a member of Iceland’s Parliament, among others.

A redacted version of the subpoena served on Ms. Jonsdottir cited a specific conspiracy provision that may have been aimed at those thought to have assisted Private Manning.

Other court orders have been disclosed. Last week, Herbert Snorrason, a former WikiLeaks member once close to Mr. Assange, wrote on his Web site that he had been provided orders, unsealed on May 2, including a search warrant served on Google for “all e-mail associated with my GMail account, every shred of information they had on my identity, and anything I’d uploaded to a Google service.”

Though no reason was given for the broad seizure of information, he said, he believes it is “because I had a conversation or a few with a white-haired Australian guy,” a reference to Mr. Assange. Mr. Snorrason said at least one other person in WikiLeaks’ extended circle of collaborators had received a similar disclosure at the same time. “These kinds of orders have been served on more of the people I know than I really care to think about,” he said.

The pretrial hearings in Private Manning’s case have also provided some hints. According to testimony in Private Manning’s hearings in 2011 and 2012, as transcribed by Alexa O’Brien, an activist who was present in court, Maj. Ashden Fein, on behalf of the prosecution, told the judge that an F.B.I. file that contained information on Private Manning “is much broader” than just his case and contained secret grand jury testimony. He said the file contained 3,475 documents and ran to 42,135 pages.

The F.B.I.’s activities in Iceland provide perhaps the clearest view of the government’s interest in Mr. Assange. A young online activist, Sigurdur Ingi Thordarson (known as Siggi), told a closed session of Iceland’s Parliament this year that he had been cooperating with United States agents investigating WikiLeaks at the time of the F.B.I.’s visit in 2011.

“He was at the time going back and forwards going to meet Julian” at Ellingham Hall, a rural mansion in England where Mr. Assange was under house arrest, and “they were trying to get him to go there wearing a wire,” Ms. Jonsdottir said in an interview. Mr. Thordarson could not immediately be reached at numbers and e-mail addresses listed for him in Iceland.

It was not clear to what extent he had cooperated, Ms. Jonsdottir said. Some activists there believed he had been used as a double agent by Mr. Assange, gathering information about the investigation while he appeared to be cooperating.

The F.B.I. efforts left WikiLeaks supporters in Iceland shaken. “The paranoia,” Ms. Jonsdottir said, “is going to kill us all.”

Mr. Assange has alleged that there is a link between the accusations in Sweden and the American investigation, but no link has been shown. Under the terms of Mr. Assange’s arrest warrant, the United States would require Britain’s consent to extradite Mr. Assange for prosecution, even if he was to be extradited to Sweden first.

But Mr. Assange, and those around him, are convinced that, link or no, he is at risk of being extradited to the United States.

“Julian is in an incredibly unfair situation where he has not been charged with a crime in any country and the United States continues to place him in legal jeopardy by refusing to discuss the status of that investigation,” said Jennifer Robinson, a member of his legal team in London, adding. “He is in a no man’s land.”

It is not clear how much longer the investigation might take and whether it is active or open merely in case of further developments. But a former official involved in the case said any WikiLeaks investigation would probably run for “an exceptionally long time” before efforts were made to bring Mr. Assange to the United States.

The man who was at the center of the most famous press leak of all, the Pentagon Papers, thinks Mr. Assange will eventually be charged.

“There are people who say he is being paranoid or unreasonable, but that does not mean that they are not out to get him,” said Daniel Ellsberg, who was charged with releasing the Pentagon Papers, charges that were dismissed after there was evidence of illegal wiretapping by the government. “A grand jury has been convened, an investigation is under way, and I would be surprised if they did not go after him.”
https://www.nytimes.com/2013/06/25/w...-us-radar.html





WikiLeaks Volunteer Was a Paid Informant for the FBI
Kevin Poulsen

On an August workday in 2011, a cherubic 18-year-old Icelandic man named Sigurdur “Siggi” Thordarson walked through the stately doors of the U.S. embassy in Reykjavķk, his jacket pocket concealing his calling card: a crumpled photocopy of an Australian passport. The passport photo showed a man with a unruly shock of platinum blonde hair and the name Julian Paul Assange.

Thordarson was long time volunteer for WikiLeaks with direct access to Assange and a key position as an organizer in the group. With his cold war-style embassy walk-in, he became something else: the first known FBI informant inside WikiLeaks. For the next three months, Thordarson served two masters, working for the secret-spilling website and simultaneously spilling its secrets to the U.S. government in exchange, he says, for a total of about $5,000. The FBI flew him internationally four times for debriefings, including one trip to Washington D.C., and on the last meeting obtained from Thordarson eight hard drives packed with chat logs, video and other data from WikiLeaks.

The relationship provides a rare window into the U.S. law enforcement investigation into WikiLeaks, the transparency group newly thrust back into international prominence with its assistance to NSA whistleblower Edward Snowden. Thordarson’s double-life illustrates the lengths to which the government was willing to go in its pursuit of Julian Assange, approaching WikiLeaks with the tactics honed during the FBI’s work against organized crime and computer hacking — or, more darkly, the bureau’s Hoover-era infiltration of civil rights groups.

“It’s a sign that the FBI views WikiLeaks as a suspected criminal organization rather than a news organization,” says Stephen Aftergood of the Federation of American Scientists’ Project on Government Secrecy. “WikiLeaks was something new, so I think the FBI had to make a choice at some point as to how to evaluate it: Is this The New York Times, or is this something else? And they clearly decided it was something else.”

The FBI declined comment.

Thordarson was 17 years old and still in high school when he joined WikiLeaks in February 2010. He was one of a large contingent of Icelandic volunteers that flocked to Assange’s cause after WikiLeaks published internal bank documents pertaining to that country’s financial crisis.

When a staff revolt in September 2010 left the organization short-handed, Assange put Thoradson in charge of the WikiLeaks chat room, making Thordarson the first point of contact for new volunteers, journalists, potential sources, and outside groups clamoring to get in with WikiLeaks at the peak of its notoriety.

In that role, Thoradson was a middle man in the negotiations with the Bradley Manning Defense Fund that led to WikiLeaks donating $15,000 to the defense of its prime source. He greeted and handled a new volunteer who had begun downloading and organizing a vast trove of 1970s-era diplomatic cables from the National Archives and Record Administration, for what became WikiLeaks’ “Kissinger cables” collection last April. And he wrangled scores of volunteers and supporters who did everything from redesign WikiLeaks’ websites to shooting video homages to Assange.

He accumulated thousands of pages of chat logs from his time in WikiLeaks, which, he says, are now in the hands of the FBI.

Thoradson’s betrayal of WikiLeaks also was a personal betrayal of its founder, Julian Assange, who, former colleagues say, took Thoradson under his wing, and kept him around in the face of criticism and legal controversy.

“When Julian met him for the first or second time, I was there,” says Birgitta Jonsdottir, a member of Icelandic Parliament who worked with WikiLeaks on Collateral Murder, the Wikileaks release of footage of a US helicopter attack in Iraq. “And I warned Julian from day one, there’s something not right about this guy… I asked not to have him as part of the Collateral Murder team.”

In January 2011, Thoradson was implicated in a bizarre political scandal in which a mysterious “spy computer” laptop was found running unattended in an empty office in the parliament building. “If you did [it], don’t tell me,” Assange told Thoradson, according to unauthenticated chat logs provided by Thoradson.

“I will defend you against all accusations, ring [sic] and wrong, and stick by you, as I have done,” Assange told him in another chat the next month. “But I expect total loyalty in return.”

Instead, Thoradson used his proximity to Assange for his own purposes. The most consequential act came in June 2011, on his third visit to Ellingham Hall — the English mansion where Assange was then under house arrest while fighting extradition to Sweden.

For reasons that remain murky, Thoradson decided to approach members of the Lulzsec hacking gang and solicit them to hack Islandic government systems as a service to WikiLeaks. To establish his bona fides as a WikiLeaks representative, he shot and uploaded a 40-second cell phone video that opens on the IRC screen with the chat in progress, and then floats across the room to capture Asssange at work with an associate. (This exchange was first reported by Parmy Olson in her book on Anonymous).

Unfortunately for Thorsadson, the FBI had busted Lulzsec’s leader, Hector Xavier Monsegur, AKA Sabu, a week earlier, and secured his cooperation as an informant. On June 20, the FBI warned the Icelandic government. “A huge team of FBI came to Iceland and asked the Icelandic authorities to help them,” says Jonsdottir. “They thought there was an imminent Lulzsec attack on Iceland.”

The FBI may not have known at this point who Thoradson was beyond his screen names. The bureau and law enforcement agencies in the UK and Australia went on to round up alleged Lulzsec members on unrelated charges.

Having dodged that bullet, it’s not clear what prompted Thoradson to approach the FBI two months later. When I asked him directly last week, he answered, “I guess I cooperated because I didn’t want to participate in having Anonymous and Lulzsec hack for Wikileaks, since then you’re definitely breaking quite a lot of laws.”

That answer doesn’t make a lot of sense, since it was Thoradson, not Assange, who asked Lulzsec to hack Iceland. There’s no evidence of any other WikiLeaks staffer being involved. He offered a second reason that he admits is more truthful: “The second reason was the adventure.”

Thoradson’s equivocation highlights a hurdle in reporting on him: He is prone to lying. Jonsdottir calls him “pathological.” He admits he has lied to me in the past. For this story, Thoradson backed his account by providing emails that appear to be between him and his FBI handlers, flight records for some of his travels, and an FBI receipt indicating that he gave them eight hard drives. The Icelandic Ministry of the Interior has previously confirmed that the FBI flew to Iceland to interview Thoradson. Thoradson also testified to much of this account in a session of the Icelandic Parliament, with Jonsdottir in attendance.

Finally, he has given me a substantial subset of the chat logs he says he passed to the FBI, amounting to about 2,000 pages, which, at the very least, proves that he kept logs and is willing to turn them over to a reporter disliked by Julian Assange.

Thoradson’s “adventure” began on August 23, 2011, when he sent an email to the general delivery box for the U.S. embassy in Reykjavķk “Regarding an Ongoing Criminal investigation in the United States.”

“The nature of the intel that can be brought to light in that investigation will not be spoken over email conversation,” he wrote cryptically.

An embassy security officer called him the same day. “He said, ‘What investigation?’ I said the Wikileaks,” says Thoradson. “He denied there was such an investigation, so I just said we both know there is.”

Thoradson was invited to the embassy, where he presented a copy of Assange’s passport, the passport for Assange’s number two, Kristinn Hrafnsson, and a snippet of a private chat between Thoradson and Assange. The embassy official was noncommittal. He told Thoradson they might be in touch, but it would take at least a week.

It happened much faster.

FBI agents and two federal prosecutors landed in a private Gulfstream on the next day, on August 24, and Thorsadson was summoned back to the embassy.

He was met by the same embassy official who took his keys and his cell phone, then walked with him on a circuitous route through the streets of downtown Reykjavķk, ending up at the Hotel Reykjavik Centrum, Thoradson says. There, Thorsadson spent two hours in a hotel conference room talking to two FBI agents. Then they accompanied back to the embassy so he could put money in his parking meter, and back to the hotel for more debriefing.

The agents asked him about his Lulzsec interactions, but were primarily interested in what he could give them on WikiLeaks. One of them asked him if he could wear a recording device on his next visit to London and get Assange to say something incriminating, or talk about Bradley Manning.

“They asked what I use daily, have always on,” he says. “I said, my watch. So they said they could change that out for some recording watch.”

Thorsadson says he declined. “I like Assange, even considered him a friend,” he says. “I just didn’t want to go that way.”

In all, Thorsadson spent 20 hours with the agents over about five days. Then the Icelandic government ordered the FBI to pack up and go home.

It turns out the FBI had mislead the local authorities about thier purpose onthe country. According to a timeline later released by the National Commissioner of the Icelandic Police, the FBI contacted Icelandic law enforcement to report Thorsadson’s embassy walk-in, and ask for permission to fly into the country to follow up. But the bureau had presented the request as an extension of its earlier investigation into Lulzsec, and failed to mention that its real target was WikiLeaks.

WikiLeaks is well regarded in Iceland, and the incident errupted into a hot political topic when it surfaced there this year, with conservatives arguing that Iceland should have cooperated with the FBI, and liberals complaining about the agents being allowed into the country to begin with. “It became a maasive controversy,” says Jonsdottir. “And then none of them knew what sort of person Siggi is.”

Politics aside, the FBI was not done with Thorsadson.

The agents persuaded Thorsadson to fly to Copenhagen with them, he says, for another day of interviews. In October, he made a second trip to Denmark for another debriefing. Between meetings, Thorsadson kept in touch with his handlers through disposable email accounts.

In November 2011, Thorsadson was fired from WikiLeaks. The organization had discovered he had set up an online WikiLeaks tee shirt store and arranged for the proceeds to go into his own bank account. WikiLeaks has said the embezzlement amounted to about $50,000.

Thorsadson told the FBI about it in a terse email on November 8. “No longer with WikiLeaks — so not sure how I can help you more.”

“We’d still like to talk with you in person,” one of his handlers replied. “I can think of a couple of easy ways for you to help.”

“Can you guys help me with cash?” Thorsadson shot back.

For the next few months, Thorsadson begged the FBI for money, while the FBI alternately ignored him and courted him for more assistance. In the end, Thorsadson says, the FBI agreed to compensate him for the work he missed while meeting with agents (he says he worked at a bodyguard-training school), totaling about $5,000.

With the money settled, the FBI began preparing him for a trip to the U.S. “I wanted to talk to you about future things we can do,” his handler wrote in February. The FBI wanted him to reestablish contact with some of his former WikiLeaks associates. “We’ll talk about specific goals of the chats, but you can get a head start before our meet by just getting in touch and catching up with them. If you need to know who specifically, we can discuss on the phone.”

The three-day D.C. trip took place in February of last year. Thorsadson says he flew on Iceland Air flight 631 to Logan International Airport on February 22, and transferred in Boston to JetBlue flight 686 to Dulles International Aiport, where he was greeted by a U.S. Customs official “and then escorted out the Dulles terminal into the arms of the FBI.”

He stayed at a hotel in Arlington, Virginia, where the Justice Department’s investigation into WikiLeaks is centered, and met there with his two usual FBI contacts, and three or four other men in suits who did not identify themselves.

“At the last day we went to a steak house and ate, all of us,” he says. “Where they served Coca Cola in glass bottles from Mexico.”

On March 18, 2011, he had one more meeting with the FBI in Denmark. On this trip, he brought along eight of his personal hard drives, containing the information he’d compiled while at WikiLeaks, including his chat logs, photos and videos he shot at Ellington Hall. The FBI gave him a signed receipt for the hardware.

Then they cut him off.

Today, Thorsadson, now 20, has new problems. He’s facing criminal charges in Iceland for unrelated financial and tax crimes. In addition, WikiLeaks filed a police report for the tee-shirt shop embezzlement.

The legacy of his cooperation with the FBI is unclear. A court filing revealed last week shows that in the months following Thorsadson’s last debriefing, Justice Department officials in Arlington, Virginia, began obtaining court orders targeting two of Thorsadson’s former WikiLeaks colleagues in Iceland: Smari McCarthy and Herbert Snorrason.

Snorrason, who ran the WikiLeaks chat room in 2010, before Thorsadson took it over, had the entire contents of his Gmail account handed over to the government, under a secret search warrant issued in October 2011.

The evidence used to obtain the warrant remains under seal. “I do wonder,” says Thorsadson, “whether I’m somewhere in there.”
http://www.wired.com/threatlevel/201...ikileaks-mole/





Under Snowden Screen Name, 2009 Post Berated Leaks
Scott Shane

Just four years before Edward J. Snowden set off an international firestorm by disclosing highly classified National Security Agency documents, someone using his screen name expressed outrage at government officials who leaked information to the news media, telling a friend in an Internet chat that leakers “should be shot,” according to chat logs made public on Wednesday.

“They’re just like WikiLeaks,” Mr. Snowden — or someone identified as him from his screen name, “TheTrueHOOHA,” and other details — wrote in January 2009 about an article in The New York Times on secret exchanges between Israel and the United States about Iran’s nuclear program.

His unidentified interlocutor replied, “They’re just reporting, dude.”

But TheTrueHOOHA was not mollified. “They’re reporting classified” material, he wrote, suggesting that both the leak and the article were dangerous to national security. “Those people should be shot” in their private parts.

The chats were hosted on the server of the technology news Web site Ars Technica, which reported on them in an article. The discussion of leaks was among many comments that Ars Technica attributed to Mr. Snowden after obtaining them from other users of #arsificial, a public Internet Relay Chat channel. Other comments show a young American enjoying life in Switzerland — amazed by the high prices, remarking on what he believes is the racism and classism of some of the Swiss, reveling in his own stock market successes.

While Joe Mullin, the reporter who wrote the Ars Technica article, said there was no absolute proof that the user was Mr. Snowden, Mr. Snowden used the screen name TheTrueHOOHA on public Web forums where he posted photographs that clearly depicted him. In addition, the user’s reports from Switzerland between 2007 and 2009 appear to closely match the timing of Mr. Snowden’s service in Geneva as a C.I.A. technician under State Department cover.

“Snowden would soon move into a four-bedroom apartment covered by the agency. He’d blow off parking tickets, citing diplomatic immunity,” Ars Technica reported, summarizing many of the chats. “He’d travel the continent. He befriended an Estonian rock star (‘the funniest part is he’s a SUPER NERD’), raced motorcycles in Italy, took in the Muslim call to prayer from his Sarajevo hotel room, and formed opinions about the food and the women in Bosnia, in Romania, in Spain.”

While the #arsificial channel does not log and preserve such chats, the users had automatically recorded the chats on their own computers and volunteered to share them with the Web site, according to Mr. Mullin.

Mr. Mullin said that a number of longtime users of #arsificial sent in their chat logs, which from their formatting, time stamps and other technical details appeared to be authentic. In addition, he said, some of the logs were thousands of pages in length, and the material from TheTrueHOOHA was only a tiny fraction of that, scattered through material from other users, so it appeared highly unlikely that the material was fabricated. The other users asked to remain anonymous, and Ars Technica substituted “User” with a number for their actual screen names, Mr. Mullin said.

Mr. Snowden’s casual and profane, but apparently strongly felt, condemnation of leaks is an intriguing clue to his political evolution. He is now believed to be in a transit lounge at Moscow’s Sheremetyevo airport, hiding from American prosecutors who have charged him with espionage and theft of government property for leaking the N.S.A. material. Ecuadorean officials have provided him with refugee travel documents, since his United States passport has been revoked, and he has applied for asylum in Ecuador and other countries.

After leaving his C.I.A. job in Geneva in 2009, Mr. Snowden, 30, held a series of high-tech jobs for contractors working for the N.S.A., the huge electronic eavesdropping agency based at Fort Meade, Md. After working in Japan and in the Fort Meade area for the computer company Dell, he moved to Hawaii last year, working in N.S.A. posts first for Dell and then for Booz Allen Hamilton, where he left after three months and surfaced in Hong Kong, providing N.S.A. surveillance documents to The Guardian and The Washington Post.

The Guardian reported that Mr. Snowden said in an interview that his disenchantment with American intelligence efforts began with his work for the C.I.A. in Switzerland.

“Much of what I saw in Geneva really disillusioned me about how my government functions and what its impact is in the world,” he told the newspaper. “I realized that I was part of something that was doing far more harm than good.”

He told The Guardian that while in Switzerland, he even considered for the first time exposing government secrets. But the 2009 chat logs suggest a man who still accepted the conventional government view of leaks or was hiding his doubts.

As two unidentified users defended the Times article as legitimate journalism, the user calling himself TheTrueHOOHA criticized The Times for what he called a “history” of revealing damaging secrets.

Remarking on the article, which reported that the Bush administration had refused an Israeli request for bunker-buster bombs to use against Iran but was working on covert efforts to foil the nuclear program, TheTrueHOOHA suggested that the report would harm a very expensive program.

“I wonder how many hundreds of millions of dollars they just completely blew,” he wrote.

When another user tried to calm him down, he declared that the Times journalists “are the same people who blew the whole ‘we could listen to Osama’s cellphone’ thing — the same people who screwed us on wiretapping,” apparently a reference to a 2005 article disclosing the N.S.A.’s eavesdropping in the United States without warrants.

He wrote that the material was “classified for a reason,” and that the reason was “not because ‘oh we hope our citizens don’t find out,’ ” but to keep Iran from finding out and foiling the covert efforts.

Mr. Mullin, the technology policy editor at Ars Technica, based in San Francisco, said the chat logs suggested that Mr. Snowden “really had a change of heart” about the national security arena and the ethics of leaks. “There’s no evidence in these logs that he’s thinking about leaking something himself,” he said.

Apart from that, he said, the logs give a glimpse of Mr. Snowden’s personality. “He comes across as someone who’s extremely smart and likes to argue, who thinks he’s the smartest guy in the room,” Mr. Mullin said.

Mr. Mullin said Ars Technica published in his article the most revealing of the comments by Mr. Snowden, whose total comments might add up to dozens of pages, much of it the equivalent of barroom banter.

“We think we included the best stuff,” he said, and Ars Technica has no intention of publishing the complete chat logs.
https://www.nytimes.com/2013/06/27/w...d-be-shot.html





Edward Snowden Has Not Entered Russia - Sergei Lavrov
BBC

Russia says it has had no involvement in the travel plans of fugitive US intelligence leaker Edward Snowden.

The exact whereabouts of Mr Snowden, who flew to Moscow from Hong Kong on Sunday, are unclear.

Foreign Minister Sergei Lavrov insisted he had not crossed the Russian border.

He criticised what he termed US attempts to blame Russia for his disappearance, saying they were "groundless and unacceptable".

Correspondents say Mr Lavrov's comments suggest that Mr Snowden remained air-side after landing at Moscow's Sheremetyevo airport, and so has technically never entered Russian territory.

"We are in no way involved with either Mr Snowden, his relations with US justice, nor to his movements around the world," Mr Lavrov said.

"He chose his itinerary on his own. We learnt about it... from the media. He has not crossed the Russian border.

Russian Foreign Minister Sergei Lavrov's assertion that the fugitive American "hasn't crossed the Russian border" may well be technically correct - Edward Snowden may. for all we know, remain "in transit" at the hotel, air-side, at Moscow's Sheremetyevo airport.

But it is hard to believe that the Russians are not exploring what information they can get from Mr Snowden, if any.

He is at the very least a potential intelligence gift horse that has almost literally dropped into their laps.

Mr Lavrov was clearly irked by US pressure, saying that attempts to accuse the Russian side of flouting US laws were "unjustified and unacceptable". Moscow's annoyance is mirrored by Beijing.

As yet it is still too early to say what long-term damage this affair may do to China and Russia's relations with Washington. But the US-Russia relationship in particular could get seriously strained the longer this saga goes on.

"We consider the attempts to accuse the Russian side of violating US laws, and practically of involvement in a plot, to be absolutely groundless and unacceptable."

The 30-year-old IT expert is wanted by the US for revealing to the media details of a secret government surveillance programme, which he obtained while working as a contractor for the National Security Agency (NSA).

He is charged with theft of government property, unauthorised communication of national defence information and wilful communication of classified communications intelligence.

Mr Snowden has applied for asylum in Ecuador. The US has revoked his passport.

Reuters news agency quotes a Moscow airport source as saying that Mr Snowden arrived in Moscow from Hong Kong on Sunday afternoon and was due to depart for the Cuban capital, Havana, the following day, but did not use the ticket.

The source said he was travelling with Sarah Harrison, a British legal researcher working for the anti-secrecy group Wikileaks.

Meanwhile, China has also described US accusations that it facilitated the departure of fugitive Edward Snowden from Hong Kong as "groundless and unacceptable".

A foreign ministry spokeswoman said the Hong Kong government had handled the former US intelligence officer's case in accordance with the law.
http://www.bbc.co.uk/news/world-europe-23045790





Restricted Web Access to The Guardian is Armywide, Officials Say

Security concerns cited in blocking Guardian news
Phillip Molnar

The Army admitted Thursday to not only restricting access to The Guardian news website at the Presidio of Monterey, as reported in Thursday's Herald, but Armywide.

Presidio employees said the site had been blocked since The Guardian broke stories on data collection by the National Security Agency.

Gordon Van Vleet, an Arizona-based spokesman for the Army Network Enterprise Technology Command, or NETCOM, said in an email the Army is filtering "some access to press coverage and online content about the NSA leaks."

He wrote it is routine for the Department of Defense to take preventative "network hygiene" measures to mitigate unauthorized disclosures of classified information.

"We make every effort to balance the need to preserve information access with operational security," he wrote, "however, there are strict policies and directives in place regarding protecting and handling classified information."

In a later phone call, Van Vleet said the filter of classified information on public websites was "Armywide" and did not originate at the Presidio.

Presidio employees described how they could access the U.S. site, www.guardiannews.com, but were blocked from articles, such as those about the NSA, that redirected to the British site.

Sources at the Presidio said Jose Campos, the post's information assurance security officer, sent an email to employees early Thursday saying The Guardian's website was blocked by Army Cyber Command "in order to prevent an unauthorized disclosure of classified information."

NETCOM is a subordinate to the Army Cyber Command, based in Fort Belvoir, Va., said its website.

Campos wrote if an employee accidentally downloaded classified information, it would result in "labor intensive" work, such as the wipe or destruction of the computer's hard drive.

He wrote that an employee who downloads classified information could face disciplinary action if found to have knowingly downloaded the material on an unclassified computer.

The Guardian's website has classified documents about the NSA's program of monitoring phone records of Verizon customers, a project called Prism which gave the agency "direct access" to data held by Google, Facebook, Apple and others, and more.

The source of the leaks, 29-year-old Edward Snowden, is on the run from American authorities. He is a former contractor for the agency.

Van Vleet said the department does not determine what sites its personnel can choose to see on the DOD system, but "relies on automated filters that restrict access based on content concerns or malware threats."

He said it would not block "websites from the American public in general, and to do so would violate our highest-held principle of upholding and defending the Constitution and respecting civil liberties and privacy."

The Guardian declined to comment, but its editor-in-chief, Alan Rusbridger, sent a link to The Herald's story on Twitter.

Army Cyber Command: www.arcyber.army.mil/

The Guardian's "The NSA Files" page: www.guardian.co.uk/world/the-nsa-files.
http://www.montereyherald.com/local/...wide-officials





U.S. Troops' Details Leaked in Cyber Attacks Aimed at South Korea: Reports

Hackers say they have leaked personal details of tens of thousands of U.S. troops to websites, South Korean news reports and online security officials said on Wednesday, a day after cyber attacks disabled access to government and news sites.

The hacking attacks on Tuesday, the anniversary of the start of the Korean War in 1950, brought down the main websites of South Korea's presidential office and some local newspapers, prompting cyber security officials to raise the alert.

The identity and motives of the attackers were not immediately clear, but the reports come as cyber security and surveillance have become a global issue, with the United States seeking fugitive former security contractor Edward Snowden who leaked details about U.S. surveillance to the media.

North Korea has been blamed for previous cyber attacks on South Korean banks and government networks, although it denies responsibility and has said it has also been a victim.

The unidentified hackers said they had secured and released publicly personal details of more than two million South Korean ruling party workers and 40,000 U.S. troops, including those stationed in South Korea.

"We have seen the sites where the details were posted and clips that supposedly capture the process of hacking into web sites," an official at the South Korean online security firm NSHC said.

The legitimacy of the information could not be verified, the official who requested anonymity said.

An official at the Communications Ministry said authorities were probing the nature of the attacks and declined to comment on the reports of leaked information about U.S. troops.

The U.S. military in South Korea, where 28,500 U.S. troops are stationed, did not immediately comment.

North and South Korea remain technically at war after their 1950-53 conflict ended in a truce, not a peace treaty. The U.S. troops' presence is aimed at ensuring the truce holds.

News reports said personal details such as dates of birth and ranks of 40,000 U.S. troops including members of the 25th Infantry Division and the 3rd Marine Division were leaked to unspecified websites.

The websites of the presidential Blue House and the Prime Minister's office were down for more than six hours on Tuesday.

North Korea is believed to be running a large corps of computer experts aimed at hacking into the networks of governments and financial institutions and was blamed most notably for the 2011 shutdown of a South Korean commercial bank.

Last week it accused the United States of being at the forefront of rights abuse, pointing to Snowden's revelations of mass surveillance operations by the National Security Agency.

On Tuesday, access to some North Korean news sites was blocked after the hacker group Anonymous vowed to direct a denial-of-service attack direct at them.

(Reporting by Jack Kim; Editing by Nick Macfie)
http://www.reuters.com/article/2013/...95P08P20130626





U.S. Energy Companies Seen At Risk from Cyber Attacks: CFR Report

U.S. oil and natural gas operations are increasingly vulnerable to cyber attacks that can harm the competitiveness of energy companies or lead to costly outages at pipelines, refineries or drilling platforms, a report said on Wednesday.

The energy business, including oil and gas producers, was hit by more targeted malware attacks from April to September last year than any other industry, said the Council on Foreign Relations (CFR) report, citing data from a Houston-based security company, Alert Logic.

Cyber attacks on energy companies, which are increasing in frequency and sophistication, take two main forms, the CFR report said. The first kind, cyber espionage, is carried out by foreign intelligence and defense agencies, organized crime, or freelance hackers.

These parties covertly capture sensitive corporate data or communications with the goal of gathering commercial or national security intelligence. U.S. energy companies are subject to frequent and often successful attempts by competitors and foreign governments to access long-term strategic plans, bids tendered for new drilling acreage, talks with foreign officials and other trade secrets, the report said.

A campaign against U.S. energy companies by hackers based in China, called Night Dragon by McAfee, a leading security company that is part of Intel Corp, began in 2008 and lasted into 2011. The campaign stole gigabytes of material, including bidding data in advance of a lease auction. One unidentified energy company official believes his company lost a bid in a lease auction because of the attack, the CFR report said.

Many companies are either unaware of similar attacks or are afraid to disclose them for fear of upsetting investors, it said.

"That's too bad because it makes it harder for Washington to help them and it also makes it harder for the public to be aware of what threats are out there," said Blake Clayton, a fellow in energy and national security at CFR and a co-author of the report.

The second main cyber risk to energy companies is the disruption of critical businesses or physical operations through attacks on networks.

"This has a lower probability but potentially higher cost," said Clayton.

The Stuxnet virus, said to have been created by the United States and Israel to attack Iran's nuclear program, is an example of a campaign that ended up escaping from its intended target at the risk of causing harm to a U.S. company. Chevron Corp said late last year it had been infected by Stuxnet, but said without elaborating the virus was quickly controlled.

An attack dubbed Shamoon last year on Saudi Aramco, Riyadh's state oil company, ultimately disabled some 30,000 computers. The company said the attack was aimed at stopping oil and gas output at the biggest OPEC crude exporter.

Oil production was apparently unaffected, but damage could have been more severe had the attack penetrated further into the network, the report said.

Hackers from a group called "Cutting Sword of Justice," suspected to be insiders, claimed responsibility for the attack, which was believed to have been delivered using a USB drive.

(Reporting by Timothy Gardner; Editing by Matt Driskill)
http://www.reuters.com/article/2013/...95P06120130626





Opera Software Hit by 'Infrastructure Attack'; Malware Signed with Stolen Cert
Ryan Naraine

Norwegian browser maker Opera Software has confirmed that a targeted internal network infrastructure attack led to the theft of a code signing certificate that was used to sign malware.

The company did not provide specifics of the breach or provide any details on the subsequent malware attacks that took advantage of Opera’s update service.

“The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser,” Opera warned in a brief advisory.

The breach, which was discovered on June 19, 2013, was described as a targeted attack with limited impact.

“Our systems have been cleaned and there is no evidence of any user data being compromised. We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments,” Opera said.

However, Opera warned that it was possible that thousands of Windows users who were using the browser between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software.

Opera plans to roll out a new version of its flagship browser which will use a new code signing certificate. There was no immediate word on when the new version will be released.

Falguni Bhuta, Sr. Communications Manager from Opera Software, told SecurityWeek that due to the ongoing investigation, they cannot talk about the incident in more detail.

"At the moment, we cannot go into details, as the matter has been reported to the authorities and is under investigation," Bhuta said in an email to SecurityWeek. "This seems to be the result of a significant, targeted attack from sophisticated hackers, similar to the attacks towards other big web companies over the last year."

The Opera breach signals a growing shift by organized hacking groups to target the internal infrastructure network at big companies that provide client side software to millions of end users.

It closely resembles the September 2012 attack at Adobe where a build server with access to the Adobe code signing infrastructure was compromised by what was described as “sophisticated threat actors.”

Stolen digital certificates are typically used in targeted attacks to sign malicious files for privilege escalation and lateral movement within an environment following an initial machine compromise.

In a recent SecurityWeek podcast, Brad Arkin, who was recently named as Adobe’s first Chief Security Officer (CSO), discussed a recent trend where attackers have shifted to targeting company infrastructure and operations, such as code-signing infrastructure, rather than attacking the software itself.

“We’ve gotten to the point where its hard enough to attack our software, that it’s now more attractive for bad guys to attack the engineering infrastructure that we use to build and operate our services and our code than it is to attack the services directly,” Arkin said.
https://www.securityweek.com/opera-s...ed-stolen-cert





C.I.A. Report Finds Concerns With Ties to New York Police
Charlie Savage

Four Central Intelligence Agency officers were embedded with the New York Police Department in the decade after Sept. 11, 2001, including one official who helped conduct surveillance operations in the United States, according to a newly disclosed C.I.A. inspector general’s report.

That officer believed there were “no limitations” on his activities, the report said, because he was on an unpaid leave of absence, and thus exempt from the prohibition against domestic spying by members of the C.I.A.

Another embedded C.I.A. analyst — who was on its payroll — said he was given “unfiltered” police reports that included information unrelated to foreign intelligence, the C.I.A. report said.

The once-classified review, completed by the C.I.A. inspector general in December 2011, found that the four agency analysts — more than had previously been known — were assigned at various times to “provide direct assistance” to the local police. The report also raised a series of concerns about the relationship between the two organizations.

The C.I.A. inspector general, David B. Buckley, found that the collaboration was fraught with “irregular personnel practices,” that it lacked “formal documentation in some important instances,” and that “there was inadequate direction and control” by agency supervisors.

“While negative public perception is to be expected from the revelation of the agency’s close and direct collaboration with any local domestic police department, a perception that the agency has exceeded its authorities diminishes the trust placed in the organization,” Mr. Buckley wrote in a cover memo to David H. Petraeus, then the C.I.A. director.

The declassification of the executive summary, in response to a Freedom of Information Act suit, comes at a time of intense interest in domestic spying after leaks by a former contractor for the National Security Agency.

It also comes amid lawsuits against the Police Department alleging unconstitutional surveillance of Muslim communities and mosques in New Jersey and New York. And a group of plaintiffs from a 1971 lawsuit over harassment of political groups by the Police Department’s so-called Red Squad has asked a judge to tighten guidelines stemming from that case on police investigations involving political or religious activity.

Paul J. Browne, a police spokesman, said that the lawsuits were without merit. He also said that the inspector general had found nothing illegal and that the last embedded C.I.A. official left the police in 2012.

“We’re proud of our relationship with C.I.A. and its training,” he said, saying it was partly responsible for the absence of casualties from a terror attack in New York in the years since Sept. 11 and the anthrax attacks. He added that the terrorists “keep coming and we keep pushing back.”

The C.I.A.-Police Department partnership dates from 2002, when David Cohen, a former C.I.A. officer who became deputy commissioner for intelligence at the Police Department after the Sept. 11 attacks, reached out to his former agency in building up its counterterrorism abilities.

The inspector general’s office began the investigation in August 2011 after The Associated Press published an article about the C.I.A.’s relationship with the Police Department’s intelligence division. It was part of a series about New York police surveillance of Muslims that was later awarded a Pulitzer Prize for investigative reporting.

When the classified report was completed in 2011, spokesmen for the C.I.A. and the Police Department said it had concluded that the C.I.A. had not violated a law and an executive order that prohibited it from domestic spying or performance of law-enforcement powers. But the document shows that that conclusion was not the whole story. The inspector general warned in his cover letter that the collaboration raised “considerable and multifaceted” risks for the agency.

This week, it released an executive summary and cover memo in response to a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center, a nonprofit civil-liberties group, which provided it to The New York Times.

“The C.I.A. is not permitted to engage in domestic surveillance,” said Ginger McCall, the director of the group’s Open Government Project. “Despite the assurances of the C.I.A.’s press office, the activities documented in this report cross the line and highlight the need for more oversight.”

Dean Boyd, a C.I.A. spokesman, said the inspector general found no legal violations or evidence that the agency’s support to the Police Department constituted “domestic spying.”

“It should come as no surprise that, after 9/11, the C.I.A. stepped up its cooperation with law enforcement on counterterrorism issues or that some of that increased cooperation was in New York,” he said in an e-mail. “The agency’s operational focus, however, is overseas, and none of the support we have provided to N.Y.P.D. can rightly be characterized as ‘domestic spying’ by the C.I.A. Any suggestion along those lines is simply wrong.”

The report shows that the first of the four embedded agency officers began as an adviser in 2002 and went on an unpaid leave from the agency from 2004 to 2009. During that latter period, it said, he participated in — and directed — “N.Y.P.D. investigations, operations, and surveillance activities directed at U.S. persons and non-U.S. persons.”

The official received a Police Department paycheck. He told the inspector general that he “did not consider himself an agency officer and believed he had ‘no limitations’ as far as what he could or could not do.” C.I.A. lawyers said that officials on unpaid leave who are “acting in a personal capacity and not subject to C.I.A. direction” are not constrained by the law barring the agency from domestic security functions, the report said.

Another C.I.A. analyst was detailed to the Police Department in early 2008 and remained on the agency’s payroll. From about February to April 2008, he told the inspector general he had received daily files, including the police intelligence division’s investigative reports “that he believed were unfiltered.”

That meant they had not been prescreened to remove information unrelated to foreign intelligence information, like evidence of domestic criminal activity. Later, the report says, the system was changed and police analysts gave him printouts of only those reports deemed to have potential foreign-intelligence information — about 10 to 12 a day.

Still, a former Police Department intelligence analyst who now works for the C.I.A.’s National Clandestine Service maintained that the embedded C.I.A. official had not had “unrestricted or unfiltered access” to the reports. The inspector general did not clear up the discrepancy.

Meanwhile, the Police Department sent a detective to the C.I.A. from October 2008 to November 2009 to “receive agency operational training to enhance the capability” of its intelligence division’s counterterrorism efforts in the metropolitan area.

Two other agency officials also worked for a period at the Police Department. One “spent considerable time and effort trying to help N.Y.P.D. improve its volatile relationship with the local F.B.I.,” and the report said senior agency officials expressed concern that the arrangement had “placed the agency in the middle of a contentious relationship.”

“The revelation of these issues,” Mr. Buckley wrote, “leads me to conclude that the risks associated with the Agency’s relationship with the N.Y.P.D. were not fully considered and that there was inadequate direction and control by the agency managers responsible for the relationship.”
https://www.nytimes.com/2013/06/27/n...rk-police.html





Counterfeit Food More Widespread Than Suspected
Stephen Castle and Doreen Carvajal

Invisible from the roadway, hidden deep in the lush English countryside, Moscow Farm is an unlikely base for an international organized crime gang churning out a dangerous brew of fake vodka.

Investigators estimated the fraud cost the British government $2.3 million in tax revenue.

But a quarter of a mile off a one-lane road here, tens of thousands of liters of counterfeit spirits were distilled, pumped into genuine vodka bottles, with near-perfect counterfeit labels and duty stamps, and sold in corner shops across Britain. The fake Glen’s vodka looked real. But analysis revealed that it was spiked with bleach to lighten its color, and contained high levels of methanol, which in large doses can cause blindness.

No one knows the harm done to those who drank it — or whether they connected any illness with their bargain vodka — but cases of poisoning have been reported throughout Europe, including in the Czech Republic, where more than 20 people died last year after drinking counterfeit liquor.

The Europe-wide scandal surrounding the substitution of cheaper horse meat in what had been labeled beef products caught the most attention from consumers, regulators and investigators this year. But in terms of food fraud, regulators and investigators say, that is just a hint of what has been happening as the economic crisis persists.

Investigators have uncovered thousands of frauds, raising fresh questions about regulatory oversight as criminals offer bargain-hunting shoppers cheap versions of everyday products, including counterfeit chocolate and adulterated olive oil, Jacob’s Creek wine and even Bollinger Champagne. As the horse meat scandal showed, even legitimate companies can be overtaken by the murky world of food fraud.

“Around the world, food fraud is an epidemic — in every single country where food is produced or grown, food fraud is occurring,” said Mitchell Weinberg, president and chief executive of Inscatech, a company that advises on food security. “Just about every single ingredient that has even a moderate economic value is potentially vulnerable to fraud.”

Speaking at a recent conference organized by the consulting firm FoodChain Europe, Mr. Weinberg added that many processed products contain ingredients like sugar, vanilla, paprika, honey, olive oil or cocoa products that are tainted.

Increasingly, those frauds are the work of organized international criminal networks lured by the potential for big profits in an illicit trade in which most forgers are never caught. The vodka gang boss, Kevin Eddishaw, was — but not before he had counterfeited liquor on an industrial scale, generating profits to match, according to investigators, who estimated that his distillery produced at least 165,000 bottles costing the British government £1.5 million, or $2.3 million, in lost tax revenue.

“He was living a very nice lifestyle,” said Roddy Mackinnon, criminal investigation officer for Her Majesty’s Revenue and Customs, “a couple of properties, nice cars: a Range Rover, a Mercedes.”

Here at Moscow Farm, the gang used the production techniques of a modern-day factory equipped with at least £50,000, or $77,200, in equipment (while ignoring safety rules). Gang members bought bottles from the supplier of the real makers of Glen’s vodka, saying they were destined for Poland. When forged label prototypes printed in Britain were deemed unpersuasive, higher-quality ones were brought from Poland. The gang faked duty stamps on boxes.

“They tried to do as much as they could to replicate the real thing,” Mr. Mackinnon said. “They were very professional, there was attention to detail.”

So well was the secret plant hidden that it was detected only when someone suspected in another case led investigators there in 2009.

Though Mr. Eddishaw worked through intermediaries and used pay-as-you-go cellphone numbers, investigators tracked his calls, proving from the location where they were made that the phone belonged to him and linking him to a fraud that brought him a seven-year prison term.

The plot fits a pattern, identified by Europol, the European Union’s law enforcement agency, which says organized crime groups have capitalized on the economic downturn.

“In response to reduced consumer spending power, counterfeiters have expanded their range of products,” a recent Europol report said. In addition to the traditional counterfeit luxury product, organized crime groups “now also counterfeit daily consumer goods such as detergents, foodstuffs, cosmetic products and pharmaceuticals.”

Shaun Kennedy, associate professor at the University of Minnesota, estimated that 10 percent of food that consumers buy in the developed world was adulterated. Because the profit margins for foodstuffs are often within single digits, “if you dilute by 2 percent, that’s a big deal.” He cited a report from the United States’ Grocery Manufacturers Association saying that economic adulteration and counterfeiting of global food and consumer products was expected to cost the industry $10 billion to $15 billion a year.

“Mostly the perpetrators are not intending to cause anyone harm — that would be bad for repeat business — but often they don’t understand the potential impact,” Mr. Kennedy added.

Investigators say a huge array of deceptions exist. Simple ones involve presenting cheap products as branded or top-quality ones, like selling catfish as sea bream, labeling farmed salmon as wild or marketing battery-produced eggs as organic or free range. In February, the German authorities began investigating around 160 farms suspected of breaking rules on organic and free-range egg production, for example.

In other cases, cheaper ingredients are added to genuine products to increase profit margins. Sometimes vegetable oil goes into chocolate bars, or pomegranate juice, wine, coffee, honey or olive oil is adulterated with water, sweeteners or cheaper substitutes.

Whenever there is tampering, there are potential risks to health. Indian restaurants in Britain have been prosecuted for adding ground peanuts to almond powder, which poses a risk to allergy sufferers. Food experts say that engine oil is among the substances found in olive oil.

In a weeklong food fraud crackdown last year, the French authorities seized 100 tons of fish, seafood and frogs legs whose origin was incorrectly labeled; 1.2 tons of fake truffle shavings; 500 kilograms, or 1,100 pounds, of inedible pastries; false Parmesan cheese from America and Egypt; and liquor from a Dutch company marketed as tequila. They also found fraudulent Web sites claiming to sell caviar.

Illegally fished and contaminated shellfish often finds its way to fish markets. And even the fish that is safe to eat may not be what consumers think it is; the owner of a fish and chip shop in Plymouth, England, was fined last year for selling a cheaper Asian river fish called panga as cod.

Another fraud is to fake the packaging of well-known brands with writing in a foreign language so consumers believe they have a genuine product that was diverted abroad at a bargain price.

Even religious communities are not immune. In Britain, the Food Standards Agency has warned against drinking Zam Zam water, which is sacred to Muslims and comes from Saudi Arabia. Bottles sold in Britain “may contain high levels of arsenic or nitrates,” the agency said.

In a depot in South London, trading standards officers display fake foods including about 300 bottles of counterfeit red and white wine, labeled Jacob’s Creek. One small detail gives away these otherwise convincing forgeries: the counterfeiters misspelled the name of the country where the real wine is produced — Australia — missing its middle “a.”

Russell Bignell, trading standards officer at Wandsworth Council, said bottles normally contained cheaper wine but added, “the fact is we don’t know what’s in it.”

Other items here include two boxes of fake Durex condoms, in convincing packaging, and a bottle of counterfeit Bollinger Champagne.

Christopher Roe, the council’s chief trading standards officer, said that the problem affects sales of goods online but that much conventionally sold counterfeit produce turns up in markets or small independent corner stores.

“Whether or not they know it’s counterfeit is a moot point,” Mr. Roe said, adding that there are just not enough resources to combat the problem. With counterfeit products, he added, “the more you look, the more you know you will find.”
https://www.nytimes.com/2013/06/27/b...suspected.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

June 22nd, June 15th, June 8th, June 1st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 07:10 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)