Dumbo – How the NSA can destroy digital evidence

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Wikileaks: Dumbo »

Public sector IT-security

The Swedish leak where classified data and networks were outsourced outside the European Union was not an isolated incident, but a pervasive pattern where things are kept safe mostly by good luck and the occasional person who knows their stuff fixing things properly out of pure subordination.

Falkvinge: This is how absolutely headdeskingly clueless politicians are at anything IT security related «

Digital border searches, now also in New Zeeland

New Zealand airport customs agents force thousands of travelers every year to hand over the passwords for their devices, in some cases inspecting files and even copying the data for the government.

Softpedia: NZ Airport Travelers Forced to Surrender Device Passwords, Data Copied by Govt »

»All your data are belong to US«

The Justice Department on Friday petitioned the US Supreme Court to step into an international legal thicket, one that asks whether US search warrants extend to data stored on foreign servers. The US government says it has the legal right, with a valid court warrant, to reach into the world’s servers with the assistance of the tech sector, no matter where the data is stored.

Ars Technica: Does US have right to data on overseas servers? We’re about to find out »

US: Republican Party voter data base found on a publicly accessible server

Sensitive personal details relating to almost 200 million US citizens have been accidentally exposed by a marketing firm contracted by the Republican National Committee.

The 1.1 terabytes of data includes birthdates, home addresses, telephone numbers and political views of nearly 62% of the entire US population.

The data was available on a publicly accessible Amazon cloud server.

BBC: Personal details of nearly 200 million US citizens exposed »

Report: Private sector Big Brotherism

Report: How thousands of companies monitor, analyze, and influence the lives of billions. Who are the main players in today’s digital tracking? What can they infer from our purchases, phone calls, web searches, and Facebook likes? How do online platforms, tech companies, and data brokers collect, trade, and make use of personal data?

Cracked Labs: Corporate Surveillance in Everyday Life »

Sundes gloomy look at the future of the Internet

At its inception, the internet was a beautifully idealistic and equal place. But the world sucks and we’ve continuously made it more and more centralized, taking power away from users and handing it over to big companies. And the worst thing is that we can’t fix it — we can only make it slightly less awful.

That was pretty much the core of Pirate Bay’s co-founder, Peter Sunde‘s talk at tech festival Brain Bar Budapest.

TNW » Pirate Bay founder: We’ve lost the internet, it’s all about damage control now »

So, what else can Facebook do?

Facebook has presented a function for generating »heatmaps« of users at e.g. natural disasters. Techcrunch explains:

A new initiative from Facebook will provide aid organizations with location data for users in affected areas, such as where people are marking themselves safe and from where they are fleeing. It shows the immense potential of this kind of fine-grained tracking, but inescapably resurfaces questions of just what else the company could do with the data.

Naturally, it is a good thing if Facebooks collected data can be used for saving lives.

But you should remember that this sort of technology also can be used for surveillance and that similar data can be sold for commercial purposes, without your explicit consent.

Techcrunch: Facebook will share anonymized location data with disaster relief organizations »

Political micro targeting – did you consent?

Further, there is something disturbing in this apparent ubiquitous acceptance of profiling by political parties. After all, did you ever consent for the content you post online, the words you type in your messages, the “likes” you post, the website you browse, the places you go, the things you buy, and the other “data points” that companies have on you to be used to profile you for political purposes? And are you confortable for this vast array of data (often seemingly irrelevant crumbs of our personalities) to be used to pigeonhole (and predict) your political leanings?

Privacy International: Hiding in plain sight — political profiling of voters »