Any sysadmin worth his salt with an unknown MAC address is going to throw it at Wireshark or a similar database, so "Look for a Mac with this MAC" is quite expected.
How it worked is they saw their victim visit LinkedIn or Slashdot, identified them based on their account, and then shot an exploit at them using packet injection. So there was no "fake" slashdot page, just an injected exploit packet.
Not only are these two hawking snake-oil, but their "Whitenoise" stream cypher thats the center of their snake-oil (calling it a "One Time Pad" is a lie) is actually already known-broken!
The real frustrating thing is this is exactly who the NSA is supposed to be spying on. Foreign leadership is specifically in-scope.
The problem I have is the methods: if its anything like how Belgicom was hacked (using "QUANTUM", namely, packet injection to exploit a tech's computer and then using the 'lawfull' intercept capability built into the phone switches), this would be something that the US would clearly call a criminal act, and possibly call an act-of-war.
If France, say, hacked AT&T using these techniques to monitor cellphones in Washington DC, "ballistic" wouldn't even begin to describe the US response.
I doubt the fake ID bust was parallel construction. If they were on to DPR, they would have handled the fake IDs far differently, since this could easily have caused DPR to panic and flee the country.
The interesting question not answered in the complaint is how they discovered Silk Road's server to get an image of it in July.
The private company surveillance is out of control. Facebook and Google record almost every web page you visit (Yes, Facebook LIKEs your taste in porn) thanks to those ubiquitous trackers and advertisers. Data brokers collect information, resell it, repackage it, data mine it, and do all sorts of other skivvy things with it.
The private spying is ALMOST as out of control as what the NSA is doing, and also needs to stop.
Except for that whole "reputational damage" thing...
Having the companies modify their infrastructure for the benefit of the NSA means although it may be "legal" to tap foreign communications, it means that the US companies are now complicit in attacking their own customers (just not the US customers).
The reputational and economic damage that the NSA is causing dwarfs the few million dollars the companies are gaining. US/UK technology companies now must be considered to be hostile if you are outside of the US/UK.
Web hosting is generally public, providing public facing information. The data of real note is email, internal documents, and other such critical systems. It is that data which should flee the cloud.
And where should the data run? Why inhouse: businesses which need confidentiality (Law firms, and any business with significant international competition) should forget about outsourcing to the cloud at all.
The problems with cloud computing security can be summed up in four words: "Lawyers, Guns, and Money" (with apologies to Warren Zevon, my short talk with that title).
And remember, rule #1 of Cloud Computing Operational Security if you actually have confidential information you need to protect: don't use cloud computing.
The strange thing is, DES was NOT weakened by the NSA!
A strange coda to the story however. DES was NOT weakened by the NSA. The design's subtle tweaks by the NSA ended up being used to counter differential cryptanalysis, and although the key length was somewhat short, it was still uncrackable at the time of development (now its crackable in a day or less).
Because to someone like me, DROPMIRE sounds like a lifecycle attack: building in a backdoor into the commercial product itself at the factory.
If the NSA is using lifecycle attacks, or even if there are just credible rumors of the NSA using lifecycle attacks, US network hardware and security companies are now in the same position that Huawei is in.
The US government has no notion of "its already out there": If a document is classified Top Secret, having it discovered on an unclassified computer is bad, VERY BAD. The easiest cleanup procedure usually is "wipe the whole computer".
It doesn't matter if copies of the document are on the front page of every newspaper in the country, scattered across a hundred flyers, and sent a thousand times to every general, colonel, and corporal in the army, its still classified.
The NSA defines "collection" as when they actually use the data and get some result from it, with the probable unstated admission that it is only "collected" if they use the data, get some result, and ADMIT that they used the data and got the result.
Its the same linguistic BS that allows Obama to say with a straight face that he only launches robot flying assassins against Americans who are an "imminent" threat, with "imminent" being defined in his lexicon as "well, perhaps, kinda sorta, and its too much of a pain to try to capture or do anything like that so lets just send in the robot flying assassins and be done with it"
I'd suspect also that it was 50% AFTER "expenses" which Prenda padded mercilessly. If Mike can get in touch with Mr Pilcher, it might be worth asking about that, since with all the other difficulties, I wouldn't put hollywood-level accounting past the Prendarists.
It is a crime to DISPLAY any quantity of Marijuana, but it is NOT a misdemeanor in NYC to possess very small quantities, just a infraction.
But once they frisk the victim, and remove the pot from the pocket (EVEN THOUGH its clearly too small to be a weapon) it becomes a misdemeanor because now the victim is displaying the pot!
So for most of the 26,000 arrested for pot, their only arrestable crime was a direct result of BEING FRISKED!
On the post: FBI Agent: Connection Logs Show Suspect's MAC Address, So Look For Apple Hardware
Also...
On the post: FBI Agent: Connection Logs Show Suspect's MAC Address, So Look For Apple Hardware
Actually, a MAC can indicate a Mac...
http://anonsvn.wireshark.org/wireshark/trunk/manuf
is Wireshark's list.
On the post: GCHQ Used Fake Slashdot Page To Install Malware To Hack Internet Exchange
Not FAKE slashdot, but packet injection...
How it worked is they saw their victim visit LinkedIn or Slashdot, identified them based on their account, and then shot an exploit at them using packet injection. So there was no "fake" slashdot page, just an injected exploit packet.
On the post: Former DHS/NSA Official Attacks Bruce Schneier With Bizarre, Factually Incorrect, Non-sensical Rant
As a great bonus...
http://eprint.iacr.org/2003/250
On the post: NSA Officials Livid That White House Is Pretending It Didn't Know About Spying On Foreign Leaders
The problem I have is the methods: if its anything like how Belgicom was hacked (using "QUANTUM", namely, packet injection to exploit a tech's computer and then using the 'lawfull' intercept capability built into the phone switches), this would be something that the US would clearly call a criminal act, and possibly call an act-of-war.
If France, say, hacked AT&T using these techniques to monitor cellphones in Washington DC, "ballistic" wouldn't even begin to describe the US response.
On the post: Educational Exercises Aimed At School Shootings, Drug Abuse Result In Terrorized Students And K-9 Attacks
Texas...
On the post: FBI's Case Against Silk Road Boss Is A Fascinating Read
Parallel construction...
The interesting question not answered in the complaint is how they discovered Silk Road's server to get an image of it in July.
On the post: Former NSA Boss: Mass Surveillance Is Very Important, But Perhaps NSA Should Stop Lying About It
He IS right on private surveilance...
The private spying is ALMOST as out of control as what the NSA is doing, and also needs to stop.
On the post: Yes, Of Course The NSA Pays Tech Companies For Surveillance Efforts
Except for that whole "reputational damage" thing...
The reputational and economic damage that the NSA is causing dwarfs the few million dollars the companies are gaining. US/UK technology companies now must be considered to be hostile if you are outside of the US/UK.
On the post: No, There Hasn't Been A Big Shift Away From US Datacenters... Yet
Where to go? Insource...
And where should the data run? Why inhouse: businesses which need confidentiality (Law firms, and any business with significant international competition) should forget about outsourcing to the cloud at all.
On the post: Suddenly The Terms And Conditions Of Your 'Cloud' Service Provider Matter A Lot More
Re: Cloud computing security
On the post: Suddenly The Terms And Conditions Of Your 'Cloud' Service Provider Matter A Lot More
Cloud computing security
And remember, rule #1 of Cloud Computing Operational Security if you actually have confidential information you need to protect: don't use cloud computing.
On the post: Yes, The NSA Has Always Hated Encryption
The strange thing is, DES was NOT weakened by the NSA!
On the post: Actually, Nintendo Wanted Smash Bros. Out Of EVO Tourney Entirely, Which Is Really Stupid
This from the geniuses....
Wow, times have changed.
On the post: Latest Leak Showing US Spying On EU Embassies Not That Surprising
Actually, this is a VERY big deal...
If the NSA is using lifecycle attacks, or even if there are just credible rumors of the NSA using lifecycle attacks, US network hardware and security companies are now in the same position that Huawei is in.
On the post: Defense Department Blocks All Web Access To The Guardian In Response To NSA Leaks
Its necessary for them to do...
It doesn't matter if copies of the document are on the front page of every newspaper in the country, scattered across a hundred flyers, and sent a thousand times to every general, colonel, and corporal in the army, its still classified.
On the post: Clapper: I Gave 'The Least Untruthful Answer' To Wyden's 'Beating Your Wife' Question On Data Surveillance
Remeber, the NSA uses a different definition...
Its the same linguistic BS that allows Obama to say with a straight face that he only launches robot flying assassins against Americans who are an "imminent" threat, with "imminent" being defined in his lexicon as "well, perhaps, kinda sorta, and its too much of a pain to try to capture or do anything like that so lets just send in the robot flying assassins and be done with it"
On the post: Prenda's Former Porn Client Comes Forward About His Fears Of Working With Prenda
I suspect its 50% AFTER "expenses"
On the post: Stop & Frisk Accomplishments: Barely Any Illegal Weapons Recovered, But Tons Of Weed Smokers Jailed
Worse, the pot busts are largely SYNTHETIC!
But once they frisk the victim, and remove the pot from the pocket (EVEN THOUGH its clearly too small to be a weapon) it becomes a misdemeanor because now the victim is displaying the pot!
So for most of the 26,000 arrested for pot, their only arrestable crime was a direct result of BEING FRISKED!
More details at the New York Times.
On the post: Aaron Swartz's Last Project: Open Source System To Securely & Anonymously Submit Documents To The Press
Far easier ways...
E.g. http://www.wired.com/opinion/2013/05/listen-up-future-deep-throats-this-is-how-to-leak-to-the-press- today/
is my discussion of the problem.
Next >>