Tag: edward snowden

Cyberwars: Is Putin Going to Cut Off Russia’s Internet?

Russia ButtonFew politicians today elicit the same level of controversy as Vladimir Putin. Adored by many Russians at home and abroad, he is also reviled by many for his near-absolute grip on power, intimidation of political opponents, political repression, and military aggression against neighboring states. But in this latest coup de grace, Putin may be seeking the kind of power that few modern states enjoy – the ability to shut down his country’s access to the internet.

According to the Russian business newspaper Vedomosti, Putin and his security council met this past Monday to discuss a way to disconnect Russia’s internet should it be deemed necessary. According to various sources, it is a tool that could be enacted in times of war, massive anti-government protests, or in order to “protect” Russians from Western countries like the United States or members of the European Union.

putin-sanctions-west-response.si_Citing an intelligence officer as their source, Vedomosti claims that this is the result of the Ministry of Communications conducting exercises to test vulnerabilities in Russia’s internet and can now successfully disable IP addresses outside of Russia. All of this is being done in order to see if the Runet (Russia’s internet) can operate on its own without Western web access, with the hope that it will be functional next year.

It is not hard to imagine the Kremlin justifying such a clamp-down by whipping up fears that it’s the West that wants to disconnect Russia from the web, said industry experts. In Russia’s current political environment, anti-western propaganda has been used effectively to create the impression of a siege mentality, used largely to justify their current economic woes and the ongoing Ukrainian Crisis.

RunetAnalysts say similar measures have been introduced by countries such as Iran and Cuba, which developed national Internet limits to curb the spread of Western culture and ideas. Prior to the meeting, Putin’s spokesman Dmitry Peskov confirmed that the Security Council meeting on Internet security would be taking place, but he declined to discuss details of the agenda.

In addition, he denied that Russian authorities have plans to disconnect the Internet, instead insisting this is a question for other countries to answer. He also added that Russia needs a way to protect itself from the West. Peskov cited the “unpredictability” of the European Union and the United States before implying that these countries would in fact disconnect Russia from the Internet and not the reverse.

russia-internet-putin-670-1In a statement to Russia Today – a government-run website launched in 2005 by Putin as a “PR campaign to improve [Russia’s] image in the eyes of the world.”- Russia’s communications minister, Nikolay Nikiforov, said:

Russia is being addressed in a language of unilateral sanctions: first, our credit cards are being cut off; then the European Parliament says that they’ll disconnect us from SWIFT*. In these circumstances, we are working on a scenario where our esteemed partners would suddenly decide to disconnect us from the internet.

*Society for Worldwide Interbank Financial Telecommunication

The “unilateral sanctions” he refers to are the ones that were placed upon Russia by the US and the EU in response to its seizure of the Crimea, which have since escalated thanks to Russia’s ongoing involvement in the eastern portions of Ukraine where rebels – whom many claim have been supplied with Russian-made weapons and are now being supported by Russian troops – continue to fight against the new Kiev government.

Ukraine_crisisInterestingly enough, whether it is the West that disconnects Russia from the Internet or if it is Putin that does so, both possibilities highlight the world’s dependence on Western internet. In fact, many countries, including Brazil and Germany, have been complaining about this since Edward Snowden’s revelations last year. Putin himself has expressed concern over the NSA spying on him via the web and the security of the internet in his country in the past.

Nevertheless, the question remains as to whether or not it could be done. According to Andrei Soldatov, a Russian spy expert who recently spoke to the Guardian on the subject, claims that it is technically possible given how few internet exchange points Russia has. However, it seems unlikely at this point that Putin would do this given the repercussions for Russian businesses that rely on the Western internet to function.

russia_protestsAlready, Russia has been feeling the pinch because of Western sanctions, particularly sanctions targeting its oil industry that have been leading to a drop in prices. At this rate, several economists and even Russian ministers are predicting a recession in the near future. This in turn could present Putin with a scenario whereby he would have to disconnect the internet, in order to block mass protests sites in the event of people protesting the economic downturn.

Similar measures have been taken in the past by countries like Egypt, Iran, Syria, China, the UK, and Thailand, who chose to block Facebook at various points because protesters were using it to organize. Venezuela also blocked Twitter this year during times of political unrest to prevent people from sharing information and real-time updates. But a total disconnect has yet to be seen, or even seriously contemplated.

russia-censorshipWhether or not Putin and Russia’s ruling party is the first to do so remains to be seen. But it is not entirely unfeasible that he wouldn’t, even if economic consequences were entailed. For as the saying goes, people will “cut off their nose to spite their face”, and Putin has already shown a willingness to challenge his country’s economic interdependence with the world in order to ensure control over neighboring territories.

One can only hope that he won’t feel the need to snip his country’s connection to the rest of the world. In addition to ensuring its ec0nomic isolation – which would have dire consequences and reduce the country to the status of a developing nation – it will also resurrect the specter of the Cold War years where Russians were effectively cut off from the outside world and entirely dependent on state-controlled media.

We’ve simply come too far to go back to an age where two superpowers are constantly aiming nuclear warheads at each other and entire blocs of nations are forbidden to trade or interact with each other because of political rivalries. History does not respect regression, and the only way to make progress is to keep moving forward. So let’s keep the internet open and focus on building connections instead of walls!

Source: motherboard.com, news.discovery.com, ibtimes.com

Cyberwars: Latest Snowden Leaks

FRANCE-US-EU-SURVEILLANCE-SNOWDENThe case against the NSA’s program of cyberwarfare and espionage has become somewhat like an onion. With every new revelation, the matter becomes more stinking and fetid. Certainly, the first release of classified NSA documents – which dealt with the US’s ongoing cyberwarfare against China and other nations – was damaging to the agency’s image. But it has been the subsequent publication of documents that deal with domestic surveillance that have been the most damning.

According to Snowden, he was motivated to leak this information because of the troubling case of hypocrisy inherent in the NSA programs. And in the lastest leak, Snowden has now confirmed that at least five Muslim-Americans – including prominent lawyers, a civil rights leader and academics – were the subject of years’ worth of surveillance by both the FBI and the National Security Agency.

under_surveillance_full_v2Among the targets were Nihad Awad, the executive director of the Council on American-Islamic Relations – the top Muslim-American civil rights organization in the United States – and Faisal Galil, a longtime Republican operative and former Bush Administration official who worked for the Department of Homeland Security and held a top-secret security clearance during the time he was under surveillance.

Also among the American targets was Asim Ghafoor, an attorney for the al-Haramain Islamic Foundation who who has represented clients in terrorism-related cases . He is also the man who famously discovered in 2004 that he and his clients were under surveillance after the Treasury Department mistakenly released to him a document listing calls he’d made to his clients.

wire_tappingOther targets include Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University and Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights. All of the targets appear to have been singled out because of their Muslim backgrounds and their activities either defending Muslim clients or on behalf of various causes.

The individuals appear on an NSA spreadsheet in the Snowden archives called “FISA recap”—short for the Foreign Intelligence Surveillance Act. Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to suspect of an American of being engaged in or abetting terrorism, espionage, or sabotage against the US.

FILE PHOTO NSA Compiles Massive Database Of Private Phone CallsThe authorizations must be regularly renewed by the court for the surveillance to remain in effect, usually every 90 days for U.S. citizens. In none of these cases were the individuals singled out for surveillance because they were suspected of committing or planning a crime. And six years after the period the document covers, none of them has been charged with any crime related to the surveillance.

Greenwald says the revelations offer a more detailed look at who the government is targeting. Although there are some Americans on the list who have been accused of terrorism, the five highlighted in The Intercept piece have all led what appear to be law-abiding lives. As Greenwald explained:

This is the first time that there’s a human face on who the targets are of their most intrusive type of surveillance. [H]ere you really get to see who these people are who are the people worthy of their most invasive scrutiny. I think it’s important for people to judge—are these really terrorists or are these people who seem to be targeted for their political dissidence and their political activism?

 

faisal_gillAll of these five individuals identified in the article has gone on record to vehemently deny any involvement in terrorism or espionage. Outside of their ancestry, there appears to be no justification whatsoever for the surveillance. Faisal Gill, whose AOL and Yahoo! email accounts were monitored while he was a Republican candidate for the Virginia House of Delegates, had this to say when interview by The Intercept:

I just don’t know why. I’ve done everything in my life to be patriotic. I served in the Navy, served in the government, was active in my community—I’ve done everything that a good citizen, in my opinion, should do.

Ghafoor was also of the opinion that profiling had everything to do with him being targeted for electronic surveillance. When told that no non-Muslim attorneys who defended terror suspects had been identified on the list, he replied:

I believe that they tapped me because my name is Asim Abdur Rahman Ghafoor, my parents are from India. I travelled to Saudi Arabia as a young man, and I do the pilgrimage. Yes, absolutely I believe that had something to do with it.

https://i0.wp.com/media.nj.com/ledgerupdates_impact/photo/2012/06/muslim-lawsuitjpg-88e364e9b8e195f4.jpgCivil liberties groups have expressed anger that the five appear to have been targeted largely for having Muslim backgrounds. One such group is the Muslim Advocates, which released the following statement shortly after the story was published:

This report confirms the worst fears of American Muslims: the federal government has targeted Americans, even those who have served their country in the military and government, simply because of their faith or religious heritage. Muslim Advocates calls on the President and Congress to take steps immediately to reform the NSA surveillance program to uphold basic privacy rights and civil liberties that the Constitution guarantees to every American, regardless of faith.

The new revelations confirm for the first time that the government targeted U.S. attorneys, sometimes without warrants. Crucially, the revelations also give targets of the domestic surveillance legal standing to sue. Snowden indicated to Greenwald last year that he included the target list in the cache of leaked documents because he wanted people who had been under such surveillance to have evidence to challenge the spying in court.

An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone in BerlinIn the past, journalists and attorneys have tried to challenge the constitutionality of the government’s surveillance activities in court. But since the defendants did not have proof that they in particular had been targeted, the courts were forced to rule that they did not have standing. The spreadsheet, however, provides evidence of targeted surveillance for those who have now been identified.

In short, this latest revelation has provided Americans, and not just those of Muslim descent, with the means to hold the NSA and the FBI accountable for the first time. Since the historic episode known as the “war on terror” began, revelations have led to challenges and promises for reform. But in all cases, the crucial issue of whether or not these programs would be allowed to continue has been carefully sidestepped.

cyber_security2Whether it was the failure of FISA reform to reign in domestic wiretapping and data mining, or the Obama administrations endorsement of “transparent” surveillance, it seems obvious clear that an administrative solution was not in the works. But opening the way for successive lawsuits for wrongful surveillance might just prove to be more effective.

What is certain, though, is that the battle between civil liberties and surveillance in the “Digital Age” is nowhere close to being resolved. As the daily volume of data sent around the world continues to grow – from terabytes to petabytes to exabytes – there will continually be a need for monitors to watch for sinister things. And as long as they are willing to push the boundaries in the name of security, there will continue to be challenges.

Sources: wired.com, firstlook.org

Cyberwars: ACLU and NSA ex-Director to Debate Tomorrow!

keith-alexander-nsa-flickrIn what is sure to be a barn-burner of a debate, the former head of the National Security Agency – General Keith Alexander – will be participating tomorrow in a with ACLU Executive Director Anthony Romero. The televised, surveillance-themed debate, will take place tomorrow –  June 30th, 10:30am Eastern Time – on MSNBC. The subject: whether or not the NSA’s vast surveillance and data mining programs are making American’s safer.

While many would prefer that the current head of the NSA be involved in the debate, General Alexander is a far better spokesperson for the controversial programs that have been the subject of so much controversy. After all, “Emperor Alexander” – as his subordinates called him – is the man most directly responsible for the current disposition of the  NSA’s cyber surveillance and warfare program.Who better to debate their merit with the head of the ACLU – an organization dedicated to the preservation of personal freedom?

Edward-Snowden-660x367And according to classified documents leaked by Edward Snowden, General Alexander’s influence and power within the halls of government knew no bounds during his tenure. A four-star Army general with active units under his command, he was also the head of the National Security Agency, chief of the Central Security Service, and the commander of the US Cyber Command. It is this last position and the power it wields that has raised the greatest consternation amongst civil-libertarians and privacy advocates.

Keith Alexander is responsible for building this place up between 2005 and 2013, insisting that the US’s inherent vulnerability to digital attacks required that he and those like him assume more authority over the data zipping around the globe. According to Alexander, this threat is so paramount that it only makes sense that all power to control the flow of information should be concentrated in as few hands as possible, namely his.

NSA_fort_meadeIn a recent security conference held in Canada before the Canadian Security Intelligence Service (CSIS), Alexander expressed the threat in the following, cryptic way:

What we see is an increasing level of activity on the networks. I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in.

If this alone were not reason enough to put people on edge, there are also voices within the NSA who view Alexander as a quintessential larger-than-life personality. One former senior CIA official who agreed to speak on condition of anonymity, claimed:

We jokingly referred to him as Emperor Alexander—with good cause, because whatever Keith wants, Keith gets. We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else.

And it is because of such freedom to monitor people’s daily activities that movements like the February 11th “The Day We Fight Back” movement – an international cause that embraced 360 organizations in 70 countries that were dedicated to ending mass surveillance – have been mounted, demanding reform.

us_supremecourtIn addition, a series of recent ruling from the US Supreme Court have begun to put the kibosh on the surveillance programs that Alexander spent eight years building up. With everything from cell phone tracking to cell phone taps, a precedent is being set that is likely to outlaw all of the NSA domestic surveillance. But no matter what, the role of Snowden’s testimony in securing this landmark event cannot be underestimated.

In fact, in a recent interview, the ACLU’s Anthony Romero acknowledged a great debt to Snowden and claimed that the debate would not be happening without him. As he put it:

I think Edward Snowden has done this country a service… regardless of whether or not what he did was legal or illegal, whether or not we think the sedition laws or the espionage laws that are being used to possibly prosecute Snowden are too broad, the fact is that he has kick-started a debate that we did not have. This debate was anemic. Everyone was asleep at the switch.

One can only imagine what outcome this debate will have. But we can rest assured that some of the more predictable talking points will include the necessities emerging out of the War on Terror, the rise of the information revolution, and the dangers of Big Brother Government, as well as the NSA’s failure to prevent such attacks as the Boston Marathon Bombing, the Benghazi Embassy bombing, and a slew of other terrorist incidents that took place during Alexander’s tenure.

Do I sound biased? Well perhaps that’s because I am. Go ACLU, stick to Emperor Alexander!

Sources: engadget.com, democracynow.org

Little Brother is Watching Back: The NSA Under Fire

11thCCAEarlier this month, the Eleventh Circuit Court of Appeals finished deliberations with the case of United States v. Davis. And the ruling made there is sure to has long-reaching implications for the future of domestic surveillance. In short, the court determined that the NSA’s practice of tracking people’s movements using data from their cell phone without a warrant was unconstitutional. This decision was important for two reasons.

Not only does it provides substantive and procedural protections against abuse of an increasingly common and highly invasive surveillance method, it also also likely to provide support for other cases where security needs trumping privacy is concerned. The Davis decision, in effect, suggests that the U.S. government’s collection of all kinds of business records and transactional data – aka. “metadata” – for law enforcement and national security purposes may also be unconstitutional.

nsa_aerialThe Davis case brought this issue to the fore because the tracking was used to make an arrest. Basically, mobile phones send signals to the nearest cell towers so that the communications network system knows where to route a call should one come in. Many providers collect and store the location of towers a customer connects to at the beginning and end of the call for billing purposes. In this case, FBI agentsobtained these records without a search warrant and used them to place the defendant, Quartavious Davis, near the scene of a number of robberies.

The prosecution argued that cell tracking without a warrant is constitutional per the 1979 case Smith v. Maryland, where the Supreme Court said that phone users have no “reasonable expectation of privacy” in the phone numbers they dial, and therefore they aren’t protected under the Fourth Amendment. Key to the Smith case was the Court’s view that the suspect had knowingly disclosed the phone numbers to the phone company and therefore had no protection with regard to them.

government-surveillanceAdditionally, Smith built on the 1976 case of United States v. Miller, which held that a person does not have Fourth Amendment rights in their bank records because they are the bank’s business records and not the customer’s private data. Together the cases are known as the “third-party doctrine,” which says that you have no Fourth Amendment interest in a third party’s business records because you have voluntarily disclosed information to the business and assumed the risk of that information being further disclosed to the government.

This third-party doctrine is what the NSA has been using up until now to justify its practice of collecting bulk information on phone-call records as well as its past collection of internet activities and financial information. The details of this warrantless metadata collection was revealed in the documents leaked by Edward Snowden, which led to the current round of legal challenges. As we speak, the ones dealing with the phone records bulk-collection program are currently wending their way through the federal courts.

metadataLast December, a District of Columbia judge held that the bulk collection of phone records violates the Fourth Amendment – regardless of Smith – and called the program “almost Orwellian.” Shortly thereafter, a different district court judge relied on Smith to give the program his stamp of approval. This month, a third federal judge was obligated to allow the warrantless collection of records to continue, but opined that the Supreme Court should overturn Smith v. Maryland. 

Relying on the Jones concurrences, the Eleventh Circuit concluded that under the “reasonable expectation of privacy” test, cell phone location data is also protected under the Fourth Amendment, since this data can reveal a range of private matters. The appellate judges also dismissed the argument used in Smith that people lose their right to data submitted to businesses, rejecting the idea that people know in any meaningful way that in using their cell phone they are sending their location information to a provider.

wire_tappingThe appellate judges in Davis, by refusing to apply Smith and Miller to a case involving stored records, have taken a giant step toward undermining the legal justification propping up many of the government’s metadata collection practices. The information that the NSA currently collects include far more detailed data than the simple information at issue in Smith and are far more revealing of private conduct, social networks, and thought processes.

This is especially true because the records are collected in bulk. In Jones, Justice Sotomayor opined that it may be time to rethink the third-party doctrine. The Eleventh Circuit has taken a step in that direction, writing an appellate-level opinion that rejects the extension of those 1970s-era cases to modern communication networks and data. Given the sheer amount of information that is now shared, transferred and processed today, compared to thirty-five years ago, this should come as no surprise.

This is great privacy news for anyone who uses a cell phone. But as a legal precedent, it may also be indicative of what’s coming. In the coming months and years, when the appellate courts finally get hold of the NSA’s bulk metadata collection programs, these programs may very well be knocked down. And if so, one of the last vestiges of the so-called “War on Terror” – a historical episode filled with tragedies, vagaries and abuses of power – may finally be over.

Sources: wired.com

Cyberwars: The Heartbleed Bug and Web Security

heartbleed-iconA little over two years ago, a tiny piece of code was introduced to the internet that contained a bug. This bug was known as Heartbleed, and in the two years it has taken for the world to recognize its existence, it has caused quite a few headaches. In addition to allowing cybercriminals to steal passwords and usernames from Yahoo, it has also allowed people to steal from online bank accounts, infiltrate governments institutions (such as Revenue Canada), and generally undermine confidence in the internet.

What’s more, in an age of cyberwarfare and domestic surveillance, its appearance would give conspiracy theorists a field day. And since it was first disclosed a month to the day ago, some rather interesting theories as to how the NSA and China have been exploiting this to spy on people have surfaced. But more on that later. First off, some explanation as to what Heartbleed is, where it came from, and how people can protect themselves from it, seems in order.

cyber_securityFirst off, Heartbleed is not a virus or a type of malware in the traditional sense, though it can be exploited by malware and cybercriminals to achieve similar results. Basically, it is a security bug or programming error in popular versions of OpenSSL, a software code that encrypts and protects the privacy of your password, banking information and any other sensitive data you provide in the course of checking your email or doing a little online banking.

Though it was only made public a month ago, the origins of the bug go back just over two years – to New Year’s Eve 2011, to be exact. It was at this time that Stephen Henson, one of the collaborators on the OpenSSL Project, received the code from Robin Seggelmann – a respected academic who’s an expert in internet protocols. Henson reviewed the code – an update for the OpenSSL internet security protocol — and by the time he and his colleagues were ringing in the New Year, he had added it to a software repository used by sites across the web.

Hackers-With-An-AgendaWhat’s interesting about the bug, which is named for the “heartbeat” part of the code that it affects, is that it is not a virus or piece of malware in the traditional sense. What it does is allow people the ability to read the memory of systems that are protected by the bug-affected code, which accounts for two-thirds of the internet. That way, cybercriminals can get the keys they need to decode and read the encrypted data they want.

The bug was independently discovered recently by Codenomicon – a Finnish web security firm – and Google Security researcher Neel Mehta. Since information about its discovery was disclosed on April 7th, 2014, The official name for the vulnerability is CVE-2014-0160.it is estimated that some 17 percent (around half a million) of the Internet’s secure web servers that were certified by trusted authorities have been made vulnerable.

cyberwarfare1Several institutions have also come forward in that time to declare that they were subject to attack. For instance, The Canada Revenue Agency that they were accessed through the exploit of the bug during a 6-hour period on April 8th and reported the theft of Social Insurance Numbers belonging to 900 taxpayers. When the attack was discovered, the agency shut down its web site and extended the taxpayer filing deadline from April 30 to May 5.

The agency also said it would provide anyone affected with credit protection services at no cost, and it appears that the guilty parties were apprehended. This was announced on April 16, when the RCMP claimed that they had charged an engineering student in relation to the theft with “unauthorized use of a computer” and “mischief in relation to data”. In another incident, the UK parenting site Mumsnet had several user accounts hijacked, and its CEO was impersonated.

nsa_aerialAnother consequence of the bug is the impetus it has given to conspiracy theorists who believe it may be part of a government-sanctioned ploy. Given recent revelations about the NSA’s extensive efforts to eavesdrop on internet activity and engage in cyberwarfare, this is hardly a surprise. Nor would it be the first time, as anyone who recalls the case made for the NIST SP800-90 Dual Ec Prng program – a pseudorandom number generator is used extensively in cryptography – acting as a “backdoor” for the NSA to exploit.

In that, and this latest bout of speculation, it is believed that the vulnerability in the encryption itself may have been intentionally created to allow spy agencies to steal the private keys that vulnerable web sites use to encrypt your traffic to them. And cracking SSL to decrypt internet traffic has long been on the NSA’s wish list. Last September, the Guardian reported that the NSA and Britain’s GCHQ had “successfully cracked” much of the online encryption we rely on to secure email and other sensitive transactions and data.

Edward-Snowden-660x367According to documents the paper obtained from Snowden, GCHQ had specifically been working to develop ways into the encrypted traffic of Google, Yahoo, Facebook, and Hotmail to decrypt traffic in near-real time; and in 2010, there was documentation that suggested that they might have succeeded. Although this was two years before the Heartbleed vulnerability existed, it does serve to highlight the agency’s efforts to get at encrypted traffic.

For some time now, security experts have speculated about whether the NSA cracked SSL communications; and if so, how the agency might have accomplished the feat. But now, the existence of Heartbleed raises the possibility that in some cases, the NSA might not have needed to crack SSL at all. Instead, it’s possible the agency simply used the vulnerability to obtain the private keys of web-based companies to decrypt their traffic.

hackers_securityThough security vulnerabilities come and go, this one is deemed catastrophic because it’s at the core of SSL, the encryption protocol trusted by so many to protect their data. And beyond abuse by government sources, the bug is also worrisome because it could possibly be used by hackers to steal usernames and passwords for sensitive services like banking, ecommerce, and email. In short, it empowers individual troublemakers everywhere by ensuring that the locks on our information can be exploited by anyone who knows how to do it.

Matt Blaze, a cryptographer and computer security professor at the University of Pennsylvania, claims that “It really is the worst and most widespread vulnerability in SSL that has come out.” The Electronic Frontier Foundation, Ars Technica, and Bruce Schneier all deemed the Heartbleed bug “catastrophic”, and Forbes cybersecurity columnist Joseph Steinberg event went as far as to say that:

Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet.

opensslRegardless, Heartbleed does point to a much larger problem with the design of the internet. Some of its most important pieces are controlled by just a handful of people, many of whom aren’t paid well — or aren’t paid at all. In short, Heartbleed has shown that more oversight is needed to protect the internet’s underlying infrastructure. And the sad truth is that open source software — which underpins vast swathes of the net — has a serious sustainability problem.

Another problem is money, in that important projects just aren’t getting enough of it. Whereas well-known projects such as Linux, Mozilla, and the Apache web server enjoy hundreds of millions of dollars in annual funding, projects like the OpenSSL Software Foundation – which are forced to raise money for the project’s software development – have never raised more than $1 million in a year. To top it all off, there are issues when it comes to the open source ecosystem itself.

Cyber-WarTypically, projects start when developers need to fix a particular problem; and when they open source their solution, it’s instantly available to everyone. If the problem they address is common, the software can become wildly popular overnight. As a result, some projects never get the full attention from developers they deserve. Steve Marquess, one of the OpenSSL foundation’s partners, believes that part of the problem is that whereas people can see and touch their web browsers and Linux, they are out of touch with the cryptographic library.

In the end, the only real solutions is in informing the public. Since internet security affects us all, and the processes by which we secure our information is entrusted to too few hands, then the immediate solution is to widen the scope of inquiry and involvement. It also wouldn’t hurt to commit additional resources to the process of monitoring and securing the web, thereby ensuring that spy agencies and private individuals are not exercising too much or control over it, or able to do clandestine things with it.

In the meantime, the researchers from Codenomicon have set up a website with more detailed information. Click here to access it and see what you can do to protect yourself.

Sources: cbc.ca, wired.com, (2), heartbleed.com

News in Bionics: Restoring Sensation and Mobility!

TED_adrianne1It seems like I’ve writing endlessly about bionic prosthetics lately, thanks to the many breakthroughs that have been happening almost back to back. But I would be remiss if I didn’t share these latest two. In addition to showcasing some of the latest technological innovations, these stories are inspiring and show the immense potential bionic prosthetics have to change lives and help people recover from terrible tragedies.

For instance, on the TED stage this week in Vancouver, which included presentations from astronaut Chris Hadfield, NSA whistle blower Edward Snowden, and anti-corruption activist Charmiah Gooch, there was one presentation that really stole the stage. It Adrianne Haslet-Davis, a former dance instructor and a survivor of the Boston Marathon bombing, dancing again for the first time. And it was all thanks to a bionic limb developed by noted bionics researcher Hugh Herr. 

TED_hugh_herrAs the director of the Biomechatronics Group at the MIT Media Lab, Herr is known for his work on high-tech bionic limbs and for demonstrating new prosthetic technologies on himself. At 17, he lost both his legs in a climbing accident. After discussing the science of bionic limbs, Herr brought out Adrianne, who for the first time since her leg amputation, performed a short ballroom dancing routine.

This was made possible thanks to the help of a special kind of bionic limb that designed by Herr and his colleagues at MIT specifically for dancing. The design process took over 200 days, where the researchers studied dance, brought in dancers with biological limbs, studied how they moved, and examined the forces they applied on the dance floor. What resulted was a “dance limb” with 12 sensors, a synthetic motor system that can move the joint, and microprocessors that run the limb’s controllers.

TED_adrianne2The system is programmed so that the motor moves the limb in a way that’s appropriate for dance. As Herr explained in a briefing after his talk:

It was so new. We had never looked at something like dance. I understand her dream and emotionally related to her dream to return to dance. It’s similar to what I went through.” Herr says he’s now able to climb at a more advanced level than when he had biological legs.

Haslet-Davis’s new limb is only intended for dancing; she switches to a different bionic limb for regular walking. And while this might seem like a limitation, it in fact represents a major step in the direction of bionics that can emulate a much wider range of human motion. Eventually, Herr envisions a day when bionic limbs can switch modes for different activities, allowing a person to perform a range of different tasks – walking, running, dancing, athletic activity – without having to change prosthetics.

TED_adrianneIn the past, Herr’s work has been criticized by advocates who argue that bionic limbs are a waste of time when many people don’t even have access to basic wheelchairs. He argues, however, that bionic limbs–which can cost as much as a nice car–ultimately reduce health care costs. For starters, they allow people to return to their jobs quickly, Herr said, thus avoiding workers’ compensation costs.

They can also prevent injuries resulting from prosthetics that don’t emulate normal function as effectively as high-tech limbs. And given the fact that the technology is becoming more widespread and additive manufacturing is leading to lower production costs, there may yet come a day when a bionic prosthetic is not beyond the means of the average person. Needless to say, both Adrianne and the crowd were moved to tears by the moving and inspiring display!

bionic_hand_MIT1Next, there’s the inspiring story of Igor Spectic, a man who lost his right arm three years ago in a workplace accident. Like most people forced to live with the loss of a limb, he quickly came to understand the limitations of prosthetics. While they do restore some degree of ability, the fact that they cannot convey sensation means that the wearers are often unaware when they have dropped or crushed something.

Now, Spectic is one of several people taking part in early trials at Cleveland Veterans Affairs Medical Center, where researchers from Case Western Reserve University are working on prosthetics that offer sensation as well as ability. In a basement lab, the trials consist of connecting his limb to a prosthetic hand, one that is rigged with force sensors that are plugged into 20 wires protruding from his upper right arm.

bionic_hand_MITThese wires lead to three surgically implanted interfaces, seven millimeters long, with as many as eight electrodes apiece encased in a polymer, that surround three major nerves in Spetic’s forearm. Meanwhile, a nondescript white box of custom electronics does the job of translating information from the sensors on Spetic’s prosthesis into a series of electrical pulses that the interfaces can translate into sensations.

According to the trial’s leader, Dustin Tyler – a professor of biomedical engineering at Case Western Reserve University and an expert in neural interfaces – this technology is “20 years in the making”. As of this past February, the implants had been in place and performing well in tests for more than a year and a half. Tyler’s group, drawing on years of neuroscience research on the signaling mechanisms that underlie sensation, has developed a library of patterns of electrical pulses to send to the arm nerves, varied in strength and timing.

bionic_hand_MIT2Spetic says that these different stimulus patterns produce distinct and realistic feelings in 20 spots on his prosthetic hand and fingers. The sensations include pressing on a ball bearing, pressing on the tip of a pen, brushing against a cotton ball, and touching sandpaper. During the first day of tests, Spetic noticed a surprising side effect: his phantom fist felt open, and after several months the phantom pain was “95 percent gone”.

To test the hand’s ability to provide sensory feedback, and hence aid the user in performing complex tasks, Spetic and other trial candidates were tasked with picking up small blocks that were attached to a table with magnets, as well as handling and removing the stems from a bowl of cherries. With sensation restored, he was able to pick up cherries and remove stems 93 percent of the time without crushing them, even blindfolded.

bionic_hand_MIT_demoWhile impressive, Tyler estimates that completing the pilot study, refining stimulation methods, and launching full clinical trials is likely to take 10 years. He is also finishing development of an implantable electronic device to deliver stimuli so that the technology can make it beyond the lab and into a household setting. Last, he is working with manufacturers of prostheses to integrate force sensors and force processing technology directly into future versions of the devices.

As for Spetic, he has drawn quite a bit of inspiration from the trials and claims that they have left him thinking wistfully about what the future might bring. As he put it, he feels:

…blessed to know these people and be a part of this. It would be nice to know I can pick up an object without having to look at it, or I can hold my wife’s hand and walk down the street, knowing I have a hold of her. Maybe all of this will help the next person.

bionic-handThis represents merely one of several successful attempts to merge the technology of nerve stimulation in with nerve control, leading to bionic limbs that not only obey user’s commands, but provide sensory feedback at the same time. Given a few more decades of testing and development, we will most certainly be looking at an age where bionic limbs that are virtually indistiguishable from the real thing exist and are readily available.

And in the meantime, enjoy this news story of Adrianne Haslet-Davis performing her ballroom dance routine at TED. I’m sure you’ll find it inspiring!


Sources: fastcoexist.com, technologyreview.com, blog.ted.com

February 11th – The Day We Fight Back

government-surveillanceGood morning all! For those who are unaware, as I was until very recently, this February 11th marks a special day, one which may become a regular thing for people in this day and age. It’s known as “The Day We Fight Back”, an international movement that embraces 360 organizations in 70 countries that are dedicated to ending mass surveillance, like that conducted by the NSA.

At the heart of this cause is the Thirteen Principles, a series of human rights obligations designed to compel all states to stop the mass spying, be it through direct observation with cameras and drones, to digital surveillance involving metadata-mining algorithms. The Principles are already being used in national campaigns and international pressure to reign in organizations like the NSA.

nsasecurity_primary-100041064-largeThese principles include:

1. Legality: In the absence of legislation, no violation of privacy should be considered permissible and this legislative process must meet a standard of clarity and precision that is sufficient to ensure that individuals have advance notice of and can foresee its application. Also, these laws should be subject to period review.

2. Legitimate Aim: No security measures or surveillance should be conducted on the basis of race, color, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.

3. Necessity: Laws which permit surveillance should be limited to that which can be shown to be permissible by, and consistent with, a legitimate security aim. It should also only be permitted when no other means exist.

4. Adequacy: Any instance of communications surveillance authorized by law must be appropriate to fulfill the specific legitimate aim identified.

gavel5. Proportionality: Decisions about communications surveillance must be made by weighing the benefit of that surveillance against the potential for harm that would be caused to the individual’s or others rights, and then demonstrating the benefit-cost ratio is favorable and justifiable.

6. Competent Judicial Authority: Decisions relating to the authorization of communication surveillance must be made by an independent and impartial judicial authority.

7. Due Process: The State must ensure that lawful procedures that govern any interference with human rights are properly enumerated in law. This means that, except in cases of emergency, every individual is entitled to legislative process by an independent judiciary.

8. User Notification: With few exceptions, individuals should be notified of a decision authorizing communications surveillance with enough time and information to enable them to appeal the decision, and should have access to the materials presented in support of the application for authorization.

9. Transparency: Where applied, the State – and those service providers involved – should provide individuals with sufficient information to enable them to fully comprehend the scope, nature and application of the laws permitting communications surveillance.

cyber_security10. Public Oversight: States should establish independent oversight mechanisms to ensure transparency and accountability and these mechanisms should have the authority to access all potentially relevant information about actions taken in order to assess their legitimacy.

11. Integrity of communications and systems: States should not compel service providers, hardware or software vendors to build surveillance or monitoring capability into their systems, or to collect or retain particular information purely for State surveillance purposes.

12. Safeguards for international cooperation: The mutual legal assistance treaties (MLATs) and other agreements entered into by states should ensure that, where the laws of more than one state could apply to communications surveillance, the available standard with the higher level of protection for individual rights is applied.

13. Safeguards against illegitimate access: States should enact legislation that provides significant civil and criminal penalties for public and private organizations that conduct illegal communications surveillance, as well as legal protection for whistle blowers, and avenues for redress by affected individuals.

hackers_securityAll of these principles speak directly to the recent revelations made about domestic and online surveillance by the NSA and other security agencies in the past decade or so. They also embrace numerous suggestions that have been made since the issue first broke in the mid 2000’s about way it could be redressed. These have only become more relevant since, thanks to the expansions that have taken place.

Already, many of them are being seriously considered by the Obama administration as a means of making PRISM and other NSA surveillance programs acceptable. By spelling them out to this degree, the public has the opportunity to make it clear that any surveillance is conditional, and until such time as these conditions are met, the issue will not be closed. I have signed on, and hope that others will as well.

If there’s one thing I have learned in the course of Snowden’s revelations about NSA surveillance, and the nature of what Keith Alexander and his minions do over at Fort Meade, it is that cyber surveillance is this age is an evolving thing. If the law is expected to evolve with it, and we are to avoid passive acceptance of these intrusions in our lives, then we must play an active role in how that law is written and implemented.

Click on the image below to find out more about this campaign, or to sign on:

TDWFB2

Cyberwars: NSA Building Quantum Computer

D-Wave's 128-qubit quantum processorAs documents that illustrate the NSA’s clandestine behavior continue to be leaked, the extents to which the agency has been going to gain supremacy over cyberspace are becoming ever more clear. Thanks to a new series of documents released by Snowden, it now seems that these efforts included two programs who’s purpose was to create a ““useful quantum computer” that would be capable of breaking all known forms of classical encryption.

According to the documents, which were published by The Washington Post earlier this month, there are at least two programs that deal with quantum computers and their use in breaking classical encryption — “Penetrating Hard Targets” and “Owning the Net.” The first program is funded to the tune of $79.7 million and includes efforts to build “a cryptologically useful quantum computer” that can:

sustain and enhance research operations at NSA/CSS Washington locations, including the Laboratory for Physical Sciences facility in College Park, MD.

nsa_aerialThe second program, Owning the Net, deals with developing new methods of intercepting communications, including the use of quantum computers to break encryption. Given the fact that quanutm machinery is considered the next great leap in computer science, offering unprecedented speed and the ability to conduct operations at many times the efficiency of normal computers, this should not come as a surprise.

Such a computer would give the NSA unprecedented access to encrypted files and communications, enadling them to break any protective cypher, access anyone’s data with ease, and mount cyber attacks with impunity. But a working model would also vital for defensive purposes. Much in the same way that the Cold War involved ongoing escalation between nuclear armament production, cybersecurity wars are also subject to constant one-upmanship.

quantum-computers-The-Next-GenerationIn short, if China, Russia, or some other potentially hostile power were to obtain a quantum computer before the US, all of its encrypted information would be laid bare. Under the circumstances, and given their mandate to protect the US’s infrastructure, data and people from harm, the NSA would much rather they come into possesion of one first. Hence why so much attention is dedicated to the issue, since whoever builds the worlds first quantum computer will enjoy full-court dominance for a time.

The mathematical, cryptographical, and quantum mechanical communities have long known that quantum computing should be able to crack classical encryption very easily. To crack RSA, the world’s prevailing cryptosystem, you need to be able to factor prime numbers — a task that is very difficult with a normal, classical-physics CPU, but might be very easy for a quantum computer. But of course, the emphasis is still very much on the word might, as no one has built a fully functioning multi-qubit quantum computer yet.

quantum-entanglement1As for when that might be, no one can say for sure. But the smart money is apparently anticipating one soon, since researchers are getting to the point where coherence on a single qubit-level is becoming feasible, allowing them to move on to the trickier subject of stringing multiple fully-entangled qubits together, as well as the necessary error checking/fault tolerance measures that go along with multi-qubit setups.

But from what it’s published so far, the Laboratory for Physical Sciences – which is carrying out the NSA’s quantum computing work under contract – doesn’t seem to be leading the pack in terms of building a quantum computer. In this respect, it’s IBM with its superconducting waveguide-cavity qubits that appears to be closer to realizing a quantum computer, with other major IT firms and their own supcomputer models not far behind.

hackers_securityDespite what this recent set of leaks demonstrates then, the public should take comfort in knowing that the NSA is not ahead of the rest of the industry. In reality, something like a working quantum computer would be so hugely significant that it would be impossible for the NSA to develop it internally and keep it a secret. And by the time the NSA does have a working quantum computer to intercept all of our encrypted data, they won’t be the only ones, which would ensure they lacked dominance in this field.

So really, thess latest leaks ought to not worry people too much, and instead should put the NSAs ongoing struggle to control cyberspace in perspective. One might go so far as to say that the NSA is trying to remain relevant in an age where they are becoming increasingly outmatched. With billions of terabytes traversing the globe on any given day and trillions of devices and sensors creating a “second skin” of information over the globe, no one organization is capable of controlling or monitoring it all.

So to those in the habit of dredging up 1984 every time they hear about the latest NSA and domestic surveillance scandal, I say: Suck on it, Big Brother!

Source: wired.com

Crypto Wars: The Tech World vs. the NSA

cyber_securitySix years ago, something interesting took place at Microsoft’s Windows annual Crypto conference in Santa Barbara. In the course of the presentations, two members of the company’s security group (Dan Shumow and Niels Ferguson) gave a talk that dealt with internet security and the possibility that major systems could be hacked.

They called their presentation “On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng”. That’s a name few people outside of the techy community would recognize, as it refers to a pseudorandom number generating program that is used extensively in cryptography. And thought the presentation was only nine slides and a few minutes long, they managed to capture the attention of the crowd with some rather stark observations.

cyber_security1Basically, they laid out a case showing that the new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made one of the program’s algorithms susceptible to cracking. But the weakness they described wasn’t just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design.

At the time, no one thought much of it. But today, that’s all changed, thanks to Edward Snowden. Apparently, cryptographers and journalists are seeing a connection between the talk given by Shumow and Ferguson and the classified NSA documents Snowden leaked. Apparently, some of that information confirms that the weakness in the Dual_EC_DRBG algorithm might be indeed a backdoor.

nsa_aerialEarlier this month, an article appeared in the New York Times that implied that the backdoor was intentionally put there by the NSA as part of a $250-million, decade-long covert operation by the agency to weaken and undermine the integrity of a number of encryption systems used by millions of people around the world.

Naturally, these allegations not only stoked the fires over the NSA’s long history of spying on databases, both domestic and foreign, it has also raised questions over the integrity of the rather byzantine process that produces security standards in the first place. The National Institute of Standards and Technology (NIST) approved Dual_EC_DRBG and the standard, is now facing criticism alongside the NSA.

nist_aerialbigAnd while NIST has since been forced to re-open the program to examination and public discussion, security and crypto firms around the world are scrambling to unravel just how deeply the suspect algorithm infiltrated their code, if at all. Some even went so far as to publicly denounce it, such as corporate giant RSA Security.

But of course, a number of crypto experts have noted that the Times hasn’t released the memos that purport to prove the existence of a backdoor. What’s more, the paper’s direct quotes from the classified documents don’t mention a backdoor or efforts by the NSA to weaken it or the standard, only the efforts of the agency to push the standard through NIST’s committees for approval.

nsasecurity_primary-100041064-largeOne such person is Jon Callas, the CTO of Silent Circle – a company that offers encrypted phone communication. Having attended the Crypto conference in 2007 and heard the presentation by Shumow, he believes that the real problem may lie in the fact that the algorithm was poorly made:

If [the NSA] spent $250 million weakening the standard and this is the best that they could do, then we have nothing to fear from them. Because this was really ham-fisted. When you put on your conspiratorial hat about what the NSA would be doing, you would expect something more devious, Machiavellian … and this thing is just laughably bad. This is Boris and Natasha sort of stuff.

Sources at Microsoft agree. In addition to the presenters – who never mention the NSA in their presentation and went out of their way to avoid accusing NIST of any wrongdoing – a manager who spoke with WIRED on condition of anonymity believes the reporters at the Times saw the classified documents dealing with the program, read about the 2007 talk, and assumed their was a connection.

cryptographyBut Paul Kocher, president and chief scientist of Cryptography Research, says that regardless of the lack of evidence in the Times story, he discounts the “bad cryptography” explanation for the weakness, in favor of the backdoor one:

Bad cryptography happens through laziness and ignorance. But in this case, a great deal of effort went into creating this and choosing a structure that happens to be amenable to attack.

Personally, I find it interesting that the NSA would be so committed to making sure a program passed inspection. Especially one that had a fatal flaw that, when exploited properly, could be used to give someone who knew about it access to encrypted information. But of course, it’s not like the NSA has been known to invade people’s privacy, right? RIGHT?

Clearly, all there is at this point is speculation. One thing is certain though. In the coming weeks and months, the NSA is going to be the recipient of even more flak over its monitoring and cryptographic activities. Whether this effects any change in policy remains to be seen, but I doubt anyone will be holding their breaths.

Sources: wired.com, nytimes.com

Cyberwars: U.S. Lawmakers Credit NSA for Uncovering Al-Qaeda Threat

bahrain-embassy-04818864In a statement made this past Sunday, the US State Department indicated that it will be extending its embassy and consulate closures until the end of the week. Offices were reopened in Iraq, Afghanistan and Algeria just yesterday, but another 19 will remain closed until Aug. 10 – including locations in Egypt, Yemen, Libya, Saudi Arabia and Kuwait.

These closures were made in response to an unspecified Al-Qaeda threat that indicated that an attack might be coming sometime in August, particularly in the Middle East and North Africa. According to the State Department, the decision to keep the embassies and consulates closed was “not an indication of a new threat,” but simply out of concern for the lives and safety of staff.

embassy-closure-mapAnd according to another State Department source, the credit for uncovering this supposed threat goes to the NSA and the PRISM program – i.e. the extensive new data mining operation that has garnered a great deal of controversy of late. Specifically, it was the agency’s ability to monitor communications on cellphones and emails that was is credited with making the difference.

Senator Saxby Chambliss, he top Republican on the Senate Intelligence Committee, claimed in an interview that “There is an awful lot of chatter out there”. This “chatter” apparently took the form of communications among terrorism suspects about the planning of a possible attack, which he claimed was “very reminiscent of what we saw pre-9/11.”

US embassy in Tel AvivNo indication was given as to the nature of the threat or whether or not an actual attack might take place. But Chambliss was very quick to draw the connection between the NSA’s ability to gather information and the warnings his department received.

[Those programs] allow us to have the ability to gather this chatter. If we did not have these programs then we simply wouldn’t be able to listen in on the bad guys. This is the most serious threat that I’ve seen in the last several years.

This information-gathering program was one of many aspects of the NSA’s broad surveillance identified by former spy agency contractor Edward Snowden in his testimony to major media outlets. So it comes as no surprise that the State Department would be coming to its defense at a time like this.

US-embassy-closures_010And Chambliss and the State Department are hardly the only ones singing the NSA’s praises right now. This past Sunday, several prominent Republicans and Democrats expressed their support for the NSA surveillance program. One such individual was Dutch Ruppersberger, the senior Democrat on the House Intelligence Committee, who told ABC’s This Week:

The good news is that we picked up intelligence. And that’s what we do. That’s what NSA does. We’ve received information that high-level people from al Qaeda in the Arabian Peninsula are talking about a major attack.

U.S. Representative Adam Schiff, another Democrat on the House Intelligence Committee, characterized the security threat as being based on specific intelligence rather than generalized anti-U.S. threats. While on CNN’s State of the Union program, he said:

This is not the usual type of chatter. It had to be corroborated or come from very reliable sources to take this kind of action.

Mideast Bahrain US Embassy ClosingsNaturally, there are those critics who would claim that the unspecified nature of the threat and the lack of oversight where PRISM is involved means that there is no way to tell if the “chatter” story is in fact real. Citing such examples as the “Orange Alert” controversy of 2004 – when Homeland Security Secretary Tom Ridge was pressured to raise the alert status leading up to the election – such critics would remind people that the US government has a history of issuing alerts based on factors other than hard data.

At the same time, it is important to note that the threat information also came ahead of the Eid celebration at the end of the Muslim holy month of Ramadan, which will be occurring later this week and just over a month before the anniversary of Al-Qaeda’s Sept. 11, 2001, attacks on a US ambassador and the American Embassy in Benghazi, Libya. In this sense, the alert may have been motivated by legitimate concern, even if hard data was lacking,

us_embassy_closings_yemenAnd the US is hardly the only nation responding to the warning seriously. The threat also has prompted some European countries to close their embassies in Yemen, where one of the most dangerous al-Qaeda affiliates is based. Interpol, the France-based international police agency, also issued a global security alert advising member states to increase vigilance against attacks after a series of prison breaks in Iraq, Libya and Pakistan.

The advisory prompted Canada’s Foreign Affairs Department to release its own warning this past Saturday for travelers and diplomats in the Middle East and North Africa region. In addition, the Canadian high commission office in Bangladesh was closed on Sunday, since Pakistan was one of several nations outside of the Middle East and North Africa to be named in the advisory.

A few things are certain at this point though: neither the threat of terrorism nor all that’s done in response to it are even close to being resolved. In addition, the controversy surrounding the response and whether or not it constitutes an overreaction or a calculated curtailment of people’s civil rights and liberties, is not over either. Not by a long shot.

Sources: cbc.ca, (2), washingtonpost.com, theguardian.com