Sunday, 9 November 2014

British Spies Are Free to Target Lawyers and Journalists

Featured photo - British Spies Are Free to Target Lawyers and Journalists
British spies have been granted the authority to secretly eavesdrop on legally privileged attorney-client communications, according to newly released documents.
On Thursday, a series of previously classified policies confirmed for the first time that the U.K.’s top surveillance agency Government Communications Headquarters (pictured above) has advised its employees: “You may in principle target the communications of lawyers.”
The U.K.’s other major security and intelligence agencies—MI5 and MI6—have adopted similar policies, the documents show. The guidelines also appear to permit surveillance of journalists and others deemed to work in “sensitive professions” handling confidential information.
The documents were made public as a result of a legal case brought against the British government by Libyan families who allege that they were subjected to extraordinary rendition and torture in a joint British-American operation that took place in 2004. After revelations about mass surveillance from National Security Agency whistleblower Edward Snowden last year, the families launched another case alleging that their communications with lawyers at human rights group Reprieve may have been spied on by the government, hindering their ability to receive a fair trial.
In a statement on Thursday, Reprieve’s legal director Cori Crider said that the new disclosures raised “troubling implications for the whole British justice system” and questioned how frequently the government had used its spy powers for unfair advantage in court.
“It’s now clear the intelligence agencies have been eavesdropping on lawyer-client conversations for years,” Crider said. “Today’s question is not whether, but how much, they have rigged the game in their favor in the ongoing court case over torture.”
Rachel Logan, a legal adviser at rights group Amnesty International, said that spying on lawyers affords the U.K. government an “unfair advantage akin to playing poker in a hall of mirrors.”
“It could mean, amazingly, that the government uses information they have got from snooping on you, against you, in a case you have brought,” Logan said. “This clearly violates an age-old principle of English law set down in the 16th century—that the correspondence between a person and their lawyer is confidential.”
In the U.S., the NSA has also been caught spying on lawyers. Earlier this year, the agency was forced to reassure attorneys that it “will continue to afford appropriate protection to privileged attorney-client communications acquired during its lawful foreign intelligence mission in accordance with privacy procedures required by Congress, approved by the Attorney General, and, as appropriate, reviewed by the Foreign Intelligence Surveillance Court.”
In the U.K., the oversight of intelligence agencies is undoubtedly far more lax.
According to the documents released Thursday, in at least one case legally privileged material that was covertly intercepted by a British agency may have been used to the government’s advantage in legal cases. One passage notes that security service MI5 identified an instance in which there was potential for “tainting” a legal case after secretly intercepted privileged material apparently ended up in the hands of its lawyers.
The policies state that the targeting of lawyers “must give careful consideration to necessity and proportionality,” but the GCHQ policy document adds that each individual analyst working at the agency is “responsible for the legality” of their targeting, suggesting that a large degree of personal judgement is involved in the process. Notably, there is no judicial oversight of eavesdropping conducted by GCHQ or other British security agencies; their surveillance operations are signed off by a senior politician in government, usually the Foreign or Home Secretary.
The categories that allow the agencies to spy on lawyers or others working with “confidential” material, such as journalists, are extremely broad. One policy document from GCHQ notes:
If you wish the target the communications of a lawyer or other legal professional or other communications that are likely to result in the interception of confidential information you must:
Have reasonable grounds to believe that they are participating in or planning activity that is against the interests of national security, the economic well-being of the UK or which in itself constitutes a serious crime.
In practice, this could mean that any lawyer or an investigative journalist working on a case or story involving state secrets could be targeted on the basis that they are perceived to be working against the vaguely defined national security interests of the government. Any journalists or lawyers working on the Snowden leaks, for instance, are a prime example of potential targets under this rationale. The U.K. government has already accused anyone working to publish stories based on the Snowden documents of being engaged in terrorism—and could feasibly use this as justification to spy on their correspondence.
GCHQ declined to comment for this post, referring a request from The Intercept to the government’s Home Office. A Home Office spokesperson said: “We do not comment on ongoing legal proceedings.”

ekoParty Security Conference

The ten year anniversary edition of the Electronic KnockOut Party, held annually in Buenos Aires, Argentina, was certainly special! Over the years, ekoParty has become a standard for other conferences in Latin America, bringing together researchers from all over the world for nearly a full week packed with trainings, workshops, and ground breaking talks about different aspects of the field of information security.
Ten year anniversary, epic uptime!
This year, the conference changed venues from the previously known 'Ciudad Cultural Konex' in favor of a much bigger space near the airport, the 'Aeroparque Jorge Newbery'. The loud engines from passing planes could not stop the speakers from sharing their knowledge with the audience. Organizers were prepared for this and outfitted the main stage with airport-themed decorations. Even the badges resembled boarding passes, making the most of the new venue's quirks and leaving nothing to chance.
What differentiates ekoParty from other conferences is the passion exhibited by everyone in attendance. Thanks in part to the Latin American way of doing things, ekoParty is proud of not taking itself too serious and encourages its attendees to behave the same way. A loud siren blares when it's time for the speaker to take a drink and loosen up a bit mid-talk. Rushing forward with a shot of vodka, the conference staff is alert and engaging, making sure that both speaker and audience are having fun.
The main stage, where speakers from all around the world shared their latest research.
During the first day, we were welcomed by an interesting discussion panel and a wide array of workshops to choose from. In addition, several corporate sponsors gave away free trainings to showcase some of their latest tools and also administered challenges for the duration of the conference. With tempting cash prizes and fancy gadgets on the line, some participants chose to forego the talks altogether in order to test their skills in areas such as reverse engineering, penetration testing, and networking.
By the time the talks began on the second day, the tone of the conference was set by Cesar Cerrudo who presented on how to hack traffic control systems. Using 'Live Free or Die Hard' references to engage the audience proved successful and Hollywood-worthy research was presented in a compelling and understandable way. As the day went on, attendees could choose to participate in one of the workshops (as I did with Juliano Rizzo's bitcoin security training) or keep attending assorted talks. Among the topics covered were "Exploring the Jolla Phone", "Cooking an APT the paranoid way" or even browser exploitation techniques with Alex Rad's presentation "Pointer Subterfuge in the Browser Address Space".
There were just too many topics and talks to cover all in detail but a common thread emerges. Speakers not only share their knowledge but also ask the community to join them in their research to create something useful for all parties involved. This was the case with Anibal Sacco's "IDA Synergy – Collaborative Reverse Engineering", which showed a combination of IDAPython Plugin and control version system that resulted in a new reverse engineering collaborative add-on for IDA Pro.
Though a lot of talks focused on exploiting different technologies (as in the case of Luis Colunga's presentation on Software Defined Radio), other presentations could be easily mistaken for university courses. This was the case with Alfredo Ortega's "Deep-submicron backdoors" which led the audience from concepts like Fourier transformations to CPU low-level backdoors. With a touch of 3D modeling and some lines of code in the right place, Ortega demonstrated that building a backdoored ARM CPU isn't as hard as it might seem.
The final day of the conference started early with discussions about the current state of privacy and a historical perspective on the many state-backed surveillance programs of recent years.  Just before lunch we had a great presentation by Marcio Almeida Macedo on 'Hacking RFID Billing Schemes for fun and free rides', mentioning our recent blogpost on the topic, specifically referring to vulnerabilities in the Chilean transportation system. All researchers went above and beyond to show the hardware and principles involved in their investigations, always enticing the audience to follow in their footsteps.
Malware made its appearance with Thiago Bordini who shared techniques for 'Monitoring Malicious Domains on the Internet in real time for forensic purposes'. Brazilians presenters were, of course, forced to withstand chanting and taunting from Argentinians in the crowd pleased by World Cup results. That's to be expected. The day ended with bells and whistles as Rahul Sasi presented his sequel presentation on hacking TV networks, an investigation that stemmed from a penetration testing job that ended with him finding ways to inject video signals in TV networks and even shutting down the receiver's box remotely.
A nice attendance for this edition of ekoParty Security Conference.
An emotive award's ceremony brought the event to a close by recognizing local talent and remembering Barnaby Jack's appearance years ago. The ekoParty left everyone wanting more and eager to attend the following year. ekoParty is one of those conferences were attendees get back what they put in -they can choose to just enjoy the talks or instead get involved in the many challenges, workshops, and networking activities offered. Until next year, I encourage you to check out the content covered during the conference and hope to see you there!

Facebook Allows Tor Access To Site

Facebook started out blocking users of the Tor network in 2013, but have recently had a change of mind and now Facebook allows Tor access to the site even providing a special .onion address for users of the network to directly connect to Facebook infrastructure.
Facebook Allows Tor Access To Site
It’s an interesting decision as many of the Facebook ‘security controls’ will fail due to a Tor users appearing to come from many different geographical locations during one browsing session.
Facebook has changed its stance on Tor traffic and will now provide users with a way to connect to its free content ad network using the anonymizing service.
The company said that it will now offer a special URL – https://facebookcorewwwi.onion – that will allow users running Tor-enabled browsers to access the service.
Facebook had previously blocked Tor access, citing security concerns and the possibility that Tor could be used to conduct attacks on its servers.
The social network said back in 2013 that it would work with Tor on a possible solution. Now, more than a year later, it seems one is at hand. Even as it launched of the Tor access address, however, Facebook acknowledged that the Tor network poses some risks.
“Tor challenges some assumptions of Facebook’s security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada,” Facebook senior engineer Alec Muffett said in announcing the move.
You can view the Facebook post about this here: Making Connections to Facebook more Secure
There’s still a major issue with this though, as you can see in the comments, Facebook still only has a front end based around JavaScript (the mobile interface doesn’t work via the Onion address) – which is a big no-no for the privacy paranoid Tor users.
“In other contexts such behavior might suggest that a hacked account is being accessed through a ‘botnet’, but for Tor this is normal.”
The company said the service would also use SSL atop Tor with a certificate that cites the unique Tor address. This, the company said, will allow Tor to maintain a secure connection and prevent users from being redirected to fake sites.
“The idea is that the Facebook onion address connects you to Facebook’s Core WWW Infrastructure – check the URL again, you’ll see what we did there – and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre,” Muffett said.
Those who are privacy conscious may still want to note, however, that measures such as Facebook’s controversial “Real Name” policy remain in effect.
The fact it’s running over SSL is a good move too as a Tor user, it means your connection is direct and encrypted right into the Facebook datacenter. Although what you are doing on Facebook that’s so critically important and needs protecting – I really don’t know.
Either way, it’s a cool move from Facebook and we’ll be watching to see what else they come out with.

Microsoft warns of super-sized Patch Tuesday this week

It's getting close to security update time in Redmond yet again, and Microsoft has given notice that Windows and Office users can expect another nice, big pile of fixes on November's Patch Tuesday.
The software giant gave advance notice of no less than 16 security bulletins to be addressed on November 11, five of which have been flagged as "critical." Nine more are marked as "important" and the remaining two are considered "moderate" risks.
"This is the highest bulletin count we have seen from Microsoft this year," Chris Goettel, product manager for IT management firm Shavlik, told El Reg via email. May and August's Patch Tuesdays each featured nine bulletins.
One of November's critical bulletins pertains to all supported versions of Internet Explorer, ranging from IE11 all the way back to IE6 running on Windows Server 2003 SP2. IE patches have become a staple of Patch Tuesday, and if past months are any indication, this bulletin is likely to address multiple vulnerabilities.
The other critical bulletins address bugs in Windows itself, although just how severe the flaws are depends on which version of the OS you're running. No version is completely safe, however – even the Windows 10 Technical Preview will need to be patched.
Four of the five critical bugs are said to allow remote code execution, while the last could allow an attacker to gain administrative privilege on a vulnerable machine. Several of the less-severe flaws allow privilege elevation, as well, while others allow attackers to bypass OS security features.
Some of this month's bulletins are narrowly focused. Bulletin 6 pertains to Microsoft Office 2007 exclusively, for example, while Bulletin 10 affects some components of SharePoint Foundation 2010 SP2 and Bulletin 12 affects Exchange Server 2007, 2010 and 2013.
As usual, the fixes will all be made available via Windows Update, which means they will be applied automatically for most users. Microsoft is encouraging those who have disabled automatic updates to apply them promptly.
In past months, Adobe has also timed an update to its Flash plugin to coincide with Microsoft's patch dump. There's been no word of any such update for this month so far, but if Adobe has fixes up its sleeve, you should plan to apply those on Tuesday, as well.

Global Web Crackdown Arrests 17, Seizes Hundreds Of Dark Net Domains

Photo: Josh Valcarcel/WIRED
When “Operation Onymous” first came to light yesterday, it looked like a targeted strike against a few high value targets in the Dark Web drug trade. Now the full scope of that international law enforcement crackdown has been revealed, and it’s a scorched-earth purge of the Internet underground.
On Friday, the European police agency Europol along with the FBI and the Department of Homeland Security announced that the operation has now arrested 17 people in as many countries and seized hundreds of Dark Web domains associated with well over a dozen black market websites. In addition to the takedowns of drug markets Silk Road 2, Cloud 9 and Hydra revealed Thursday, it’s also busted contraband markets like Pandora, Blue Sky, Topix, Flugsvamp, Cannabis Road, and Black Market. Other takedown targets included money laundering sites like Cash Machine, Cash Flow, Golden Nugget and Fast Cash. And agents have taken from criminal suspects more than $1 million in bitcoin, $250,000 in cash, as well as an assortment of computers, drugs, gold, silver and weapons that they had yet to fully catalogue.
In all, the agency says it’s seized 414 “.onion” domains, the web addresses used by the anonymity software Tor that hides the physical location of those sites’ servers. When WIRED spoke Thursday night with Troels Oerting, head of the European Cybercrime Center, he said his staff hadn’t even had time to assemble the full list of sites it’s pulled down in the sprawling operation.
“One of the primary targets was the Silk Road guy,” said Oerting, referring to Blake Benthall, the 26-year old coder arrested in San Francisco Wednesday and accused of managing the popular Silk Road 2 drug site. “But we also decided to see if we could identify more of the administrators of these sites and remove their infrastructure as well…Some moved before we could act, but we’ve taken most of our targets down.”
Europol didn’t immediately share the details of the 17 arrests related to the operation. But aside from Benthall, it revealed earlier on Thursday that two individuals had been arrested in Dublin in a large Dark Web-related drug bust.
Just how law enforcement agents were able to locate the Dark Web sites despite their use of the Tor anonymity software remains a looming mystery. In its criminal complaint against Benthall, for instance, FBI agent Vincent D’Agostini writes merely that in May of 2014 the FBI “identified a server located in a foreign country believed to be hosting the Silk Road 2.0 website at the time,” without explaining how it bypassed Tor’s protections. The sheer number of Tor-hosted sites affected by the takedown raises questions about whether law enforcement officials may have found new vulnerabilities in Tor’s well-tested anonymity shield.
Asked how Operation Onymous located the sites, Europol’s Oerting was unapologetically secretive. “This is something we want to keep for ourselves,” he said. “The way we do this, we can’t share with the whole world, because we want to do it again and again and again.”
The organization that created and maintains Tor, the non-profit Tor project, said it didn’t have any more information on Operation Onymous’ techniques. But it downplayed the threat of a vulnerability in Tor’s safeguards for the tough-to-trace sites it protects known as Tor hidden services. “It sounds like old-fashioned police work continues to be effective,” said Andrew Lewman. “It could be [that law enforcement targeted] common people or organizations running these hidden services, or a hosting company, or something more mundane than a hidden service exploit.”
The sheer number of Tor-hosted sites affected by the takedown raises questions about whether law enforcement officials may have found new vulnerabilities in Tor’s well-tested anonymity shield.
Despite whatever tricks Europol and its American counterparts used to unmask the sites, several of the most popular Dark Web drug markets have nonetheless eluded them. A study by the non-profit Digital Citizens Alliance in September found that the six most popular Tor-based markets by total product listings were Silk Road 2, Agora, Evolution, Pandora, Andromeda, and BlueSky. Operation Onymous captured fully half of those top sites. But Agora, Evolution and Andromeda remain online and will likely absorb many of the refugee buyers and sellers from the law enforcement busts. In fact, Agora had already passed the Silk Road in total product listings with more than 16,000 mostly-illegal offerings, and the fast-growing marketplace Evolution was already on pace to soon take the second place spot in the underground economy.
Operation Onymous comes just over a year after the takedown of the original Silk Road drug site and the arrest of its alleged creator Ross Ulbricht, whose trial is scheduled for January. In an open letter to Attorney General Eric Holder just last week, New York Senator Charles Schumer called for a renewed crackdown on the flourishing Dark Web sites that have filled the void left by the original Silk Road. He pointed to statistics that show that more than twice as many drugs are now being sold on the Dark Web compared to when the original Silk Road was online.
Though Operation Onymous left many of that underground economy’s major players intact, Europol’s Oerting said he was more confident than ever that the remaining sites can be tracked down and pulled off the Internet.
“This is just the beginning of our work. We will hunt these sites down all the time now,” he said, praising the cooperation of all the international law enforcement agencies involved.  “We’ve proven we can work together now, and we’re a well-oiled machine. It won’t be risk-free to run services like this anymore.”

China builds computer network impenetrable to hackers

China will soon have the world's most secure major computer network, making communications between Beijing and Shanghai impenetrable to hackers and giving it a decisive edge in its quiet cyberwar with the United States.
In two years' time, a fibre-optic cable between the two cities will transmit quantum encryption keys that can completely secure government, financial and military information from eavesdroppers.
"We learnt after the Edward Snowden affair that we are always being hacked," said Prof Pan Jianwei, a quantum physicist at the University of Science and Technology of China (USTC) in Hefei, who is leading the project.
"Since most of the products we buy come from foreign companies, we wanted to accelerate our own programme," he added. "This is very urgent because
classical encryption was not invented in China, so we want to develop our own technology."
The £60 million cable, which is being funded by the central government and has been supported by the Central Military Commission, will initially mostly be used for money transfers by ICBC, the world's largest bank.
However, Prof Pan said eventually all communications in China, down to storing photographs on cloud servers, could feature quantum encryption.
"Ten years ago it was not so easy to get sufficient funding to support theoretical research, but since 2006 and 2007 when the economy really went well, they have been putting more money into research and then it really sped up," he said.
Half an hour's drive away from Prof Pan's office, at Quantum Communications Technology, a company spun out of the university to commercialise the technology, the importance of the project is clear. On the walls are framed photographs of visits from almost all of China's top leaders, including president Xi Jinping.
A huge video screen shows 56 terminals across the city that are already using quantum encryption. Currently, anyone wanting to send a secret message over the internet encrypts their communications so that only someone with the right code at the other end can unlock it.
But the US National Security Agency reportedly has computers powerful enough to crack encryption codes and is developing a quantum computer that will be able to run calculations so quickly that it can easily defeat encryption.
That means that, if it is able to tap fibre-optic cables and copy data travelling down the line, its hackers should be able to unlock the information.
Quantum encryption relies upon writing the encryption codes, or keys, upon single photons of light (a quantum particle). If a hacker tries to eavesdrop on the line, they will disturb the encoding of the photon and be detected. Consequently, said Prof Pan, it should provide perfect security.
"Of course, although quantum communication can in principle provide absolute security, in practice, we have to prove it thoroughly by various hacking tests. So we are inviting the finest hackers to attack our system," he said.
"The Chinese are really pushing the boundaries," said Raymond Laflamme, the head of the Institute for Quantum Computing at the University of Waterloo in Canada. "They are moving at an incredible rate. No one else around the world has plans that are this ambitious."
"China is putting itself in the position of having secure private information that other countries will not be able to tap," he added.
At least six other networks transmitting quantum encryption keys have been built around the world, including one run by the US Defence Advanced Research Projects Agency in Massachusetts. But all are on a much smaller scale.
China's progress, which will also include the launch in 2016 of a satellite dedicated to quantum communication research, is likely to trigger a global race.
"We heard Nasa is building a quantum line between Los Angeles and San Francisco," said Prof Pan. "And IBM and Google are both investing heavily."
However, Prof Pan and Prof Laflamme said the development of the quantum system still required a great deal of work. Photons can only travel for a short distance, which means the new Beijing to Shanghai line will include 20 nodes, each of which is vulnerable to hackers. And the rate of transmitting keys remains slow.
"At the moment, it is only useful for a large user, like a government,” said Prof Pan.