11/6/12

Dutch government to give law enforcement authorities the power to hack into computers. This also means hidden servers on tor

gAtO ThInK - It’s time to fight back and tighten the security!

The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations.

In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the government’s plan to draft a bill in upcoming months that would provide law enforcement authorities with new investigative powers on the Internet.

According to the letter, the new legislation would allow cybercrime investigators to remotely infiltrate computers in order to install monitoring software or to search them for evidence. Investigators would also be allowed to destroy illegal content, like child pornography, found during such searches.

These investigative powers would not only cover computers located in the Netherlands, but also computers located in other countries, if the location of those computers cannot be determined.

However, if the investigators can establish that a computer of interest is located in a foreign country, they will have to ask for assistance from the authorities in that country.

In his proposal, Opstelten used a case in which investigators from the Dutch National Police infiltrated “hidden” Tor websites that hosted child pornography, as an example of a situation in which the geographical location of the computers couldn’t be determined.

The Tor network allows its users to set up so-called “hidden services” that are only accessible from within the network using special addresses. When accessing such a service, a user’s connection is routed through several random Tor nodes, which prevents him from determining the real Internet Protocol (IP) address of the server hosting the service.

The Dutch police investigation referenced by Opstelten in his letter took place in August 2011 and two of the infiltrated Tor websites were hosted on servers located in the U.S.

The new legislation will provide strict safeguards for the proposed investigative powers, Opstelten said. Law enforcement authorities will only be able to exercise such powers when investigating offenses that carry a maximum prison sentence of four years or more and only after obtaining authorization from a judge, he said. Furthermore, all such actions will be automatically logged and the logs will be accessible for later review.

Cybercrime is a serious problem that needs to be tackled, but the proposed measures are not the right ones and they pose a serious risk to cybersecurity, Ot van Daalen, the director of Dutch digital rights organization Bits of Freedom, said Friday.

First of all, allowing police investigators to hack computers in other countries might encourage other governments to introduce similar legislation, but not necessarily with the same limitations, van Daalen said. “This could escalate into a digital arms race.”

The proposed legislation would create an incentive for governments to keep software vulnerabilities secret because they would need to exploit those vulnerabilities to attack systems used by cybercriminals, van Daalen said.

There are already security companies and independent researchers that sell zero-day exploits — exploits for unpatched vulnerabilities — to governments instead of reporting the vulnerabilities to vendors. In addition, some governments have openly admitted to developing military cyberoffensive capabilities.

Van Daalen believes that expanding the potential use of such exploits by law enforcement agencies will help the zero-day exploit market grow, which in turn will result in fewer vulnerabilities being reported and patched.

Governments could also pressure vendors to delay fixing vulnerabilities, van Daalen said. An example of this was when the Dutch government convinced Microsoft to delay the blacklisting of the DigiNotar digital certificates on Windows computers in the Netherlands for a few days in order to allow the government to take measures, despite the fact that the issue represented a security risk for all Windows users in the country, he said.

“There’s no doubt that there’s already a growing (and disquieting) market in the for-fee disclosure and exploitation of vulnerabilities, and this proposal could certainly further legitimize it: the possible advantages in terms of action against criminals (leaving aside ethical objections) have to be balanced against the likely, deleterious effects on the community of Internet users as a whole,” said David Harley, a senior research fellow at antivirus vendor ESET, via email on Friday.

Harley agrees with van Daalen that the proposed legislation could have a global impact. “It’s not possible to guarantee that the effects of these measures will be restricted to criminal elements: if the proposal succeeds in its present form, collateral damage in terms of the application of monitoring and attack technologies could be worldwide,” he said.

“Is it really feasible to take this approach effectively without breaching the sovereignty of other states? Even if agreement could be reached with other states on international legislation, does this proposal take into account the quid pro quo of giving foreign agencies such sweeping rights of access to the systems of its own citizens?,” Harley asked. “It seems to me that there’s a parallel here with the fact that many in the U.S. seem quite happy with alleged cyberespionage and sabotage against Iran yet show surprise and discontent that those claims have been used as justification for similar action by other nations.” - gATO OuT

10/31/12

Happy Satoshi Nakamoto -Bitcoin- Day Nov 1

gAtO wAs- thinking about one of my heroes SATOSHI NAKAMOTO only 4 years ago November 1, 2008 he posted the research paper describing a new digital currency called BITCOIN. He cracked the problem that had stumped cryptographers for decades a DIGITAL CURRENCY convenient and untraceable with no over site from any government or bank.

STOP RIGHT HERE -money $$ with – NO GOVERNMENT – NO BANKS

gAtO’s –> gAtOmAlO sAy – I am Satoshi Nakamoto

Ecash was the first as early as 1990’s but they failed because they relied on governments, banks and credit card companies. Banks and governments own us, the bank owns your house that your paying off, You pay tax’s on your property while the bank owns it. We all pay interest and the bankers live only for interest.

As anyone can see it’s in the ~~best interest of all banks and governments~~ that all world wide digital currency fail, unless they control it. It’s NOT only numbers, math and cryptology that makes these bankers shake in fear. But losing control of peoples moneys. Who Wins? It’s the people immune to printing press happy -Federal Reserve bankers having all the control. The bankers cannot control this new digital currency control by people that have Nose rings -/ so they vilify these people -/cyberpunks that spread the word of their guilt. They make Bitcoins evil- Wikileaks is evil -the scum in the black market like Silk Road- and Black MArket Reload use it so it’s evil –with your logic all Bitcoin is evil,

So congressman, senator when you paid that hooker on our tax dollar, when you pay the young man to have sex with you from Ohio – the swing state –/ the US money you use is as EVIL as Bitcoin because it was used in a evil crime…. Evil is evil, money is money. simple to gATO sorry I rage—-

Political pressure has been payed by the banker to People like Senator Schumer which I used to like SCREAMED at the DEA to SHUT DOWN Silk Road which he called “the most brazen attempt to peddle drugs online that we have ever seen” – Yeah Silk Road is still ONLINE last I check. I guess the DEA can’t mess with cryptology and math. It’s science guy’s it basic and simple and elegant and it works. Tor onion network uses math and cryptology and it works so why can’t a digital currency like Bitcoin work.

BITCOIN CANNOT WORK – it’s beta software boy and girl – SATOSHI told us before he disappeared (2010) as he appeared ” in mystery” . SATOSHI is a cult hero “invisivle and anonymous”- he warned us when he saw Wikileaks use Bitcoins as a donation tool -(this was the introduction of BITCOINS to the whole wide world -/- that it was still to early -/Bitcoin was only 2 years old at the time/ – SATOSHI final words were “Bitcoin is pocket change (21 Million max Bitcoins) the heat you bring (from the exposure to the gov’s and banks and the world) would likely destroy us at this stage”.

SATOSHI was trying to warn us that the Software Bitcoin is only the beginning of digital currency. As gAtO see’s it in his loco-world mind view —/ If the people control their own money, next people will want to govern themselves and THEY have seen the effects of the Arab Spring and other cases were “the people” took back their country back from currupt politicians. Follow the -DIGITAL currency – gAtO oUt

http://uscyberlabs.com/blog/wp-content/uploads/2012/03/gato_01-148x150.jpg

10/30/12

What is Digital Currency:

What is fiat currency: — Fiat money is money that derives its value from government regulation or law. —

What is Currency: — In economics, currency is a generally accepted medium of exchange. –

What is Digital Currency: –

gAtO cOnFuSeD - with the above definition currency and fiat currency it’s a bit confusing were does Digital currency fit in. I think it’s how you look at it – Today we have Internet banks – that would be digital currency because it’s only in digital form – We also have PayPal one of the leaders in digital currency but both are tied to fiat currency- a government.

Now when you add E-gold, Liberty Reserves, Pencunix or WebMoney these are a mix of traditional fiat and plain old fashion currency – But when you add BitCoin well that throws a shoe into the jet engine. You see unlike e-gold Bitcoin is not tied to real gold. Bitcoin is defined as a currency but not fiat and that’s the part that really hurts governments and bankers.

I know gAtO is lOcO but it seems that every time a digital currency like e-gold get’s close even when they try to do it right – the good guy’s (governments) come in and stomp on it till it’s a puddle of mud in the ground, next digital currency come on in– get in line, next… Ok e-gold made it too easy to get an account and the bad guy’s got hip to it and ruined it for everyone but the FBI was out to get e-gold from the start. We just can’t have joe-blow in a basement with a e-gold account and the IRS, TAX people not wanting a piece of that action.

Bitcoins are being blamed as EVIL – but Swiss Banks account, Bermuda Shell Games, Luxemboug Shelter, The Cayman Cash or IRA tax-free, tax-exempt, lower Tax rates- tax-free trust – there are all kinds of tricks for the bankers to shelter their money. To hide it they know all the tax codes, all the regulations…and they are very happy.

If we go to Bitcoin or a version of a digital currency that has no -governments, no bankers, and no printing press to go Bitcoin printing making Happy—/ every ounce of pressure will be put on every new digital currencies that do not tie to the BANKS…. they will not allow it.. Who are THEY…you know??? -next Digital Money Laundry -gAtO oUt

Get your FREE Bitcoins Here —- http://sourceforge.net/projects/bitcoin/?source=directory

http://uscyberlabs.com/blog/wp-content/uploads/2012/06/aa_bitcoin_big-150x150.jpg

10/25/12

The deep Dark Web -Book Release

gATO hApPy -

AVAILABLE @ AMAZON - http://www.amazon.com/dp/B009VN40DU

AVAILABLE @SmashWords website @http://www.smashwords.com/books/view/247146

I learned that I hate WORD: – but it’s the general format for publishing - text boxes- get imbedded and you can’t format to EPUB or .mobi or anything – solution after going lOcO gAtO - was copy and paste into txt editor – save as RTF then copy paste back into a new WORD document and then reformat everything from scratch – and copy over the pictures – as you can tell I had fun-..-ugh mEoW F-F-F-F as much fun as a hairball but if it get’s the message out “FREEDOM OF SPEECH IN CYBERSPACE” then we done our job, anyway I hope you read it - Thank you Pierluigi a best friend a security gAtO ever had - gATO oUt

This Book covers the main aspects of the fabulous and dangerous world of -“The Deep Dark Web” . We are just two cyber specialists Pierluigi Paganini & Richard -gAtO- Amores, with one passion and two souls we wanted to explain the inner working of the deep dark web. We have had a long collaboration in this efforts to document our findings we made infiltrations into the dark places inaccessible to many to give a you the reader a clear vision on the major mystery of the dark hidden web that exist today in the Tor Onion network..

The Web, the Internet, mobile cell devices and social networking has become commonly used words that identify technological components of daily Internet user’s experience in the cyberspace. But how much do we really know about cyberspace? Very, very little, Google / Yahoo / Bing only show us 20% of the Internet the other 80% is hidden to the average user unless you know were to look.

The other 80% of the Internet is what this book is about the “Deep Dark Web”, three words with millions of interpretations, mysterious place on the web, the representation of the hell in the cyberspace but also the last opportunity to preserve freedom of expression from censorship. Authorities and corporation try to discourage the use of this untapped space because they don’t control it. We the people of the free world control this network of Tor -Onion Routers by volunteer around the world.

The Deep Dark Web seems to be full of crooks and cyber criminals, it is the hacker’s paradise, where there are no rule, no law, no identity in what is considered the reign of anonymity, but this is also the reason why many persecuted find refuge and have the opportunity to shout to the world their inconvenient truths.

The Deep Dark Web is a crowded space with no references but in reality it is a mine of information unimaginable, a labyrinth of knowledge in the book we will try to take you by the hand to avoid the traps and pitfalls hopefully illuminating your path in the dark.

Cybercrime, hacktivism, intelligence, cyber warfare are all pieces of this complex puzzle in which we will try to make order, don’t forget that the Deep Dark Web has unbelievable opportunity for business and governments, it represents the largest on-line market where it is possible to sell and acquire everything, and dear reader where there is $money$ you will find also banking, financial speculators and many other sharks.

Do you believe that making money in Deep Web is just a criminal prerogative? Wrong, the authors show you how things works in the hidden economy and which are the future perspectives of is digital currency, the Bitcoin.

This manuscript proposes both faces of the subject, it illustrates the risks but also legitimate use of anonymizing networks such as TOR adopted by journalist to send file reports before governments agents censored his work .

Here are some question we may answers to:

How many person know about the cyber criminals and their ecosystem in the deep web?

How many have provided information on the financial systems behind the “dirty affairs”?

How the law enforcement and governments use Dark Web?

Let’s hold your breath and start the trip in the abyss of knowledge to find answers to the above questions. We hope that with this book you can learn something new about – The Deep Dark Web.

http://uscyberlabs.com/blog/wp-content/uploads/2012/10/cover_thumb.jpg

07/11/12

CyberPeace -not- CyberWar

gAtO sEe - In the last couple of days Gen. Keith Alexander has been pushing the Cyber War agenda. -The issues around warfare are very different in cyberspace than in the physical world, and the United States is looking into “alternative strategies,” said Alexander, while not offering further details. In another place he was telling us that the CIA will not use the new cyber laws to spy on our email. Ok so you gonna be a sheep and follow the word of the government. We won’t spy on you.

Alexander said “civil liberties and privacy can work harmoniously with cybersecurity”. Come on General your a nice guy, gAtO met you —/ you have a passion but every time you bring out —/ Oops there went the Power Grid, Oops.. there went the financial sector, scare me, scare me. I know it’s your job to secure our country to protect our nation cyber infrastructure. Don’t trample on our cyber right any more please.

Hay here is a solution for you use a Tor-.onion network-(any anonymized network) to tie your power grid, and/or your financial services. If you can’t close down Silk Road in onion-land your C&C for your power grid and financial services should be invisible to everyone except on a need to know. gAtO just save you 14 trillion in R&D…//

gAtO has not heard one word about Cyber Peace from any responsible government in the world. Everyone is looking for their own cyber posture, their own cyber weapons/ budget/ programs/ money// , but not one has said let’s work together to make it better for peace, guess there is no money in Cyber Peace. Espionage, spying is the job of governments why would they destroy their own tools, weapons and just tweak our cyber-rights a wee bit, for our cyber freedoms and safety, to protect our government and you -lol.

Here is a simple idea crowd-source our problems. The one major resource in cyber-space is number of people that can see the same message. In crowd-source we can give the facts and ask anyone to help solve city budgets, ways to harvest more vegetable/per vertical/ sq.ft. Ask people how would you protect our electric grid // you be surprised by the creative answers you get, OK some may be crazy but…//. It may not be the right solution, but the power of the minds of people collaborating is what this new technology is built for. FaceBook is about ME- Twitter is about the rest of the world- but the new winner is —/ Comments /— have become more important than the article-subject itself because the conversation within in the comments shows social communication and problem solving by the masses.

Let’s change the message to CyberPeace, everyone has a solution, but remember that all your comments are the new gold so watch what you say to that troll on huffpost— gAtO oUt

07/5/12

The Deep Dark Web -Book

gAtO sAy -mEoW you all- we have a new book coming out soon “The Deep Dark Web” and just wanted to write this as the foreword for the book, I thought it was interesting …//looking for peer review of book…write us

This book is to inform you about “The Deep Dark Web”. We hear that it’s a bad place full of crooks and hackers, but it is more a place were you have total anonymity as an online-user and yes there are ugly places in the dark web but it’s a small part of it. What it really is all about it’s freedom of expression, freedom of speech worldwide, supported by “us/we” the users of the network. It’s not controlled by any government, but blocked by a few like Syria, Iran, Ethiopia, China to name a few governments that want to deny their own people free access to information, to speak freely about their grievances and unite to tear down there walls of oppression.

Pierluigi and I (gAtO) share a passion for cyber security we write different blogs Pierluigi has http://securityaffairs.co/wordpress/ and my site is uscyberlabs.com . We also write at other blogs and print media. We did’nt know it at the time but, we were writing cyber history as the 2011- 2012 cyber explosion took off we were at ground zero writing about Stuxnet, HBGrays, the LulzPirates, Anonymous but the Arab Spring was an awaking :

The recent revolution in Egypt that ended the autocratic presidency of Hosni Mubarak was a modern example of successful nonviolent resistance. Social Media technologies provided a useful tool for the young activist to orchestrate this revolution. However the repressive Mubarak regime prosecuted many activists and censored a number of websites. This made their activities precarious, making it necessary for activists to hide their identity on the Internet. The anonymity software Tor was a tool used by some bloggers, journalists and online activists to protect their identity and to practice free speech.

Today we have lot’s of anonymity communication tools I2P, Freenet, Gnunet and Tor to name a few. Why did the TorProject.org Tor-.onion network become the facto application to get free, private, anonymized Internet access. My conclusion is it’s humble beginnings with “Naval Research Project & DARPA (Defense Advanced Research Project Agency) ” sponsored, maybe you heard of DARPA they kinda created the Internet a long time ago. The government wanted to have a communication secure media that would piggy-bak on the establish Internet. From my point of view when they saw how good this worked the government used it to allow it’s agents to quietly use the network for CIA covert operations (just to name a few alphabet soup government agencies that use it). For example a branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Journalist got a hold of this tool and they too were able to file reports before governments agents censored their interviews and film footage. The EFF (Electronic Frontier Foundation) got a hold of the Tor-networks and promoted it to maintaining civil liberties online. When the common business executive visited a foreign country (like China know to monitor foreigners Internet access) they now had a way to securely connect to their corporate HQ data-center without being monitored and giving away IP (Intellectual Properties). The Tor-Network became to good and the bad guy’s moved in to keep their illegal business safer from the law. The Internet Cyber-criminal has used the claer-web since the start so of course they went over to the Tor-.onion network because it works if you use it right and keeps you anonymous online.

With all this happening and the “Year of the Hack 2011” you can see why security geeks like Pierluigi and I became intrigued with this subject and we teamed up to write this manuscript hoping to answer some of the questions our friends, and peers were asking us about this mysterious hidden world call the deep dark web. We outlined a table of content and started to write about it in our blogs and the story unfolds from here to you. We hope to educate you on how this network works without too much geek talk (ok just a little). We cover the cyber criminals and their ecosystem we cover the financial currency (bitCoins) that is replacing fiat currencies all over the world during this unstable financial times. We tried to cover all the good , the bad and the ugly of the .onion network. We hope it will answer some of your questions but I am sure that more question will come up so feel free to come to our websites and give us a shout and ask your questions about the deep dark web…. - gAtO oUT

06/24/12

Government -vs- Bitcoin Anonymity

Recently, there has been a surge of media attention on the Silk Road market, which connects sellers and buyers of illegal drugs and uses Bitcoin as a means of payment. Naturally, part of this attention is attention from government, and the government has every incentive to try as hard as possible to bring Silk Road down. “Never before has a website so brazenly peddled illegal drugs online,” a senator intent on cracking down on Silk Road said, and it is true. Silk Road’s website looks like a legitimate, professionally done E-bay like service, and represents a move away from black markets in the shadows to blatant agorism - acting as if the government itself is illegitimate. Why is Silk Road so much more brazen than before? The simple reason is – because it can. Before, the weakest link in a drug transaction was payment – either a physical meeting (risky), a credit card or Paypal transfer (easily traced to physical identity) or a mail cash transfer (requires too much trust) was necessary, so participants in the drug economy had to rely on security through obscurity, keeping their websites and forums known to few, to avoid detection. Now, however, physical delivery is the only weak link, so although the security is not perfect the internet side of the transaction is, in theory, almost completely anonymous.

In order for anonymous transactions to be possible through Bitcoin, however, a mixing system must be used. There are two types of mixing systems: those secure against attack from people viewing the public transaction block, like Bitcoin Laundry and those secure against attack from the mixing system itself, like Open Transactions. The first work in something similar to the following:

Alice wants to transfer 10 BTC to Bob. Alice deposits 10 BTC into the system, and gets a 10 BTC balance within the system.
Alice gives Bob her one-time account key.
Bob withdraws 10 BTC, but the coins come not from Alice but from some other people who had deposited 10 BTC earlier. Thus, there is no chain from Alice to Bob in the public transaction log.

In BitcoinLaundry in particular, steps 2 and 3 happen internally and automatically, so Alice directly sends coins to Bob’s address without Bob participating in the process. The problem is that the mixing system knows that the key Alice got and the key Bob used are the same, or related, and thus knows that Alice transfetted money to Bob. Law enforcement agencies could potentially set up mixing systems as honeypots. The systems of the second type work in the following way:

Alice deposits 10 BTC into the system, and sends an encrypted certificate to be blind signed. Blind signatures are a way that allows the bank to sign the certificate without knowing what the message signed or even the signature itself looks like; a more detailed description can be found here.
The bank sends the blind signed certificate back to Alice. Alice decrypts the blind signed certificate and gets a normal signed certificate. She sends this to Bob.
Bob sends the certificate to the bank, the bank verifies it and withdraws 10 BTC.

The advantage here is that the bank has no way of linking Alice’s certificate to Bob’s certificate even though it can tell that the certificate is legitimate. A useful real-world analogy is the one used in the name “blind signature”: Alice creates a piece of paper with some text on it, blindfolds the bank, the bank signs the paper blindfolded, then Alice gives the paper to Bob, the bank takes off its blindfold and verifies the signature. The bank does not know who the certificate that Bob provided came from, but it can recognize the signature as its own. This is still vulnerable to statistical attacks – if Alice deposits 13500 BTC into one of these systems and Bob withdraws 13500 BTC, then it is obvious that Alice and Bob made a transaction with each other. There are further ways of masking this – one is using “clean” coins to send as a payment; a 400 BTC donation to hacker group LulzSec (press release here) was done this way and is completely untraceable; another way is splitting up the transaction, sending it to many different addresses belonging to Bob, but no matter what (unless you have freshly minted coins, which will not exist in significant quantities forever) there is still substantial information leakage, so Bitcoin’s Jeff Garzik cautions: “Attempting major illicit transactions with bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb.” Minor illicit transactions, on the other hand, are easy to hide, and the sales currently made on Silk Road are almost all below 10 BTC.

Silk Road itself uses an internal mixing system of the first type, so it does have the weakness that users must trust it. The fact that the system is internal is itself a weakness: even if one cannot tell which drug someone bought, the fact that someone bought something off of Silk Road is easier to deduce, although there is always plausible deniability, since some legal products are sold there. Silk Road promises to delete the physical address of the buyer as soon as the transaction is complete, but there is no way to prove this. Because of this trust, it is a good idea for Silk Road users to use their own anonymity protection in addition to Silk Road’s: using another bitcoin mixer, like BitcoinLaundry or using a bank as a mixer, like MyBitcoin, adds a layer of obfuscation to the transaction, and use of post boxes under fake IDs or someone else’s house is often advised on Silk Road forums.

The de facto anonymity of Bitcoin can be increased by frequent use of mixers, and it is important to note that many types of services can be used as mixers: bitcoin accounts like MyBitcoin, Bitcoin poker sites and witcoin, no matter what their purpose, can be used. A startup promising Bitcoin debit cards and Bitbillsoffer the option to buy bitcoins anonymously physically, once again removing all traces of where they came from. As services like these are integrated into the Bitcoin economy, it may ultimately become impossible for investigators to see where coins came from more than 4 or 5 transactions back.

The senators’ attack against Silk Road does have serious consequences for the Bitcoin economy, since the price of Bitcoin would likely fall considerably without Silk Road users’ demand for the currency, but the government’s focus seems to be on Silk Road itself, not Bitcoin. Looking at some of Charles Schumer’s comments in this article, there is a lot of anger toward the brazenness of Silk Road, but no desire to attack the Bitcoin that is behind it. Senator Charles Schumerrecognizes that Bitcoin is “an online form of money laundering used to disguise the source of money, and to disguise who’s both selling and buying the drug”, but it is not, for now, the focus. Schumer clearly does not see Bitcoin as being of prime importance in allowing internet drug users’ blatantness to reach the level that it did, although his opinion should not necessarily be taken seriously: like most government officials, Schumer is not an expert in internet technological issues, since he advocated (see last paragraph) seizing Silk Road’s domain name, even though Silk Road currently does not even use a domain name and operates only as a .onion hidden service visible on the Tor network. The DEA, upon investigating, may turn government eyes toward Bitcoin, but this will take some time. It is important to note that some parts of the government are already aware of Bitcoin: Gavin’s speech to the CIA on Bitcoin is due to take place on June 14. Given that Gavin received the invitation to speak as early as April, the CIA has known about Bitcoin for some time and is not interested in a direct attack on it, and they will not change their course of action until they review Gavin’s comments at the conference. Whatever the response against Silk Road may be, for at least a couple of weeks Bitcoin is safe.

NATO and Cyber WarFare

“The world has changed. Now we’re living in the era of cyber weapons”, said Eugene Kaspersky whose laboratory uncovered the virus, or cyber weapon, believed to have been used by the United States and Israel to attack Iran’s nuclear programme. From criminal activity, to international terrorism and inter-governmental warfare, he fears the worst and called for an international treaty to combat it at the Reuters Global Technology, Media and Telecoms summit held in London recently.

NATO Secretary General Anders Fogh Rasmussen while on a visit to Australia this week said that NATO and its partners face increasingly complex and unpredictable security challenges. He pointed to terrorism, cyber attacks and piracy as examples of the global security challenges that both NATO and Australia face. He said that a cyber attack disrupted the Parliament House website two years ago and that Australian government departments and ministerial offices are regularly subjected to similar attacks. In recent months financial institutions have been targeted as well. “I am convinced that our cooperation should also encompass maritime security and cyber security”, the Secretary General said.

NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) was formally established in May 2008 in order to enhance NATO’s cyber defence capability. Based in Tallinn, Estonia, the Centre is an international effort that currently includes Estonia, Latvia, Lithuania, Germany, Hungary, Italy, Poland, Slovakia, Spain, the Netherlands and USA as Sponsoring Nations.

23 NATO and six partner nations were involved in Cyber Coalition 2011, NATO’s main yearly cyber exercise. Assistant Secretary General for Emerging Security Challenges, Ambassador Gabor Iklodysaid:

I am delighted to see so many participants joining us for NATO’s major annual cyber coalition exercise. The number of players and observers is growing every year. This demonstrates the high importance that Allies and partners attach to achieving better protection against rapidly increasing cyber threats and also confirms NATO’s recognition as a key player in cyber defence.

In February 2012, a 58 million Euro contract was awarded to establish a NATO Cyber Incident Response Capability (NCIRC), to be fully operational by the end of 2012. A Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness. In March the NATO Consultation, Command and Control Agency (NC3A) was awarded the contract for upgrading NATO’s cyber defence capabilities. Private industrial companies will enable the NCIRC to achieve full operational capability.

On 26 April, Spiegel Online reported that ‘NATO Faced with Rising Flood of Cyberattacks’. “Each day, we are seeing up to 30 significant attacks on our digital networks or on individual computers, mostly by way of emails infected by spyware and sent to individual NATO employees,” said Lieutenant General Kurt Herrmann from NCSA, which was founded in 2004 and has been operational since 2005. A further expansion of NC3A is anticipated next year. It was two years ago, that NATO officially identified the danger of cyber attack against member states as a strategic threat.

Earlier this month, 400 experts from all over the world gathered in Tallinn for the fourth International Conference on Cyber Conflict (CyCon 2012) organised by the NATO Cooperative Cyber Defence Centre of Excellence. The conference topic was Military and Paramilitary Activities in Cyberspace, and focused on aspects of law and policy, strategy and technology.

Author of ‘Virtual War’ and University of Toronto professor Michael Ignatieff writes in the Financial Times that:

Virtual technologies make it easier for democracies to wage war because they eliminate the risk of blood sacrifice that once forced democratic peoples to be prudent…Drones and cyberwar technologies are so cheap that it will be impossible to keep them under the lock and key of the sovereign. The age of the super-empowered, and therefore super-dangerous, individual has arrived.

Our cybersystems are now under constant attack and it is in responding to these attacks that they become more secure. States will have to allow the global community of coders and engineers who built and maintain the internet the freedom to keep the malware at bay and keep the system open for the rest of us….The new technologies are so easy and cheap to produce that the best international law and state action can hope for is to generate a limited set of shared norms to prohibit their most harmful uses.

NATO Policy on Cyber Defence, ‘Defending the Networks’ is available on the alliance’s website. It states that:

The 2010 NATO Strategic Concept highlighted the need to “develop further our ability to prevent, detect, defend against and recover from cyber-attacks…”. Threats are rapidly evolving both in frequency and sophistication. Threats emanating from cyberspace – whether from states, hacktivists or criminal organisations, among many others – pose a considerable challenge to the Alliance and must be dealt with as a matter of urgency.

A NATO Concept on Cyber Defence was first drafted for Defence Ministers in March 2011, which formed the conceptual basis of the revised NATO Policy on Cyber Defence. The Policy itself was then developed and approved by the NATO Defence Ministers on 8 June.

Cyber threats transcend state borders and organisational boundaries. Their vulnerabilities and risks are shared by all. Recognising the truly global nature of cyberspace and its associated threats, NATO and Allies will work with partners, international organisations, academia and the private sector in a way that promotes complementarity and avoids duplication. NATO will tailor its international engagement based on shared values and common approaches. Cooperation in the field of cyber defence could encompass activities including awareness-raising and sharing of best practices.

NATO is in the process of drafting an international law manual which will address concerns surrounding the prospect of cyber warfare, and how member states can best cooperate to mitigate mounting threats to network security. Publication is expected by the end of 2012. Colonel Ilmar Tamm, Director of the NATO Cooperative Cyber Defence Centre of Excellence said:

“Various states have managed to agree on laws that govern borders, international sea and air space, even outer space – but now we are faced with the task of adapting or creating laws and precedents for cyberspace…”

Speaking at CyCon 2012, Major General Jaap Willemse, Assistant Chief of Staff Command, Control, Communication, Intelligence, Allied Command Transformation said that NATO is not considering launching a barrage of computer-based attacks. There are huge political, legal and diplomatic objections.”…”NATO does not have the doctrine, command and control, educational support or other factors needed to run an offensive capability.”

Reference — http://www.natowatch.org/

http://uscyberlabs.com/blog/wp-content/uploads/2012/06/NATO_cyber_logo.jpg

05/8/12

Digital Entry Through Your Back Door

A proposed expansion of surveillance authority is being pushed by the DoJ to counter what it calls its ‘Going Dark’ problem.

CYBERSPACE—A few Colombian sex workers now know what it’s like to be fucked by the Secret Service, and in more ways than one, but it may not be too long before we all know what it’s like to have federal law enforcement living inside our asses, collectively and individually. It could get messy.

As CNET’s Declan McCullagh reported Friday, “The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.”

The problem, says the Bureau, is that “the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities.”

Can’t have that! So the office of the FBI general counsel’s “has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.”

From the following reaction by an industry rep who saw the draft legislation, it sounds as if the individual is not necessarily looking forward to bending over and spreading them for the feds: “If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding,” s/he said. A second industry rep told CNET that the requirements only apply to sites or networks that exceed a certain number of users.

According to McCullagh, the proposal expands upon an existing law called the Communications Assistance for Law Enforcement Act (CALEA) that covers telecommunications but not the internet, and is being pushed hard by the Justice Department and other federal agencies in a bid to address a problematic trend identified by the FBI as “Going Dark,” which refers to the alleged inability of law enforcement to keep track of people as technology advances.

In fact, the FBI reinforced its concerns about going dark Friday, stating in a comment to CNET, “[There are] significant challenges posed to the FBI in the accomplishment of our diverse mission. These include those that result from the advent of rapidly changing technology. A growing gap exists between the statutory authority of law enforcement to intercept electronic communications pursuant to court order and our practical ability to intercept those communications. The FBI believes that if this gap continues to grow, there is a very real risk of the government ‘going dark,’ resulting in an increased risk to national security and public safety.”

But CNET reports that in addition to the DoJ, the federal Communications Department also is interested in tweaking CALEA to include “products that allow video or voice chat over the Internet—from Skype to Google Hangouts to Xbox Live.”

Neither is the effort to expand CALEA new. The FBI has been concerned about this issue since 2006 and began its efforts to get litigation passed seven years ago, reported McCullagh, who added that the only thing keeping the already-written legislation from being considered by Congress is the unwillingness of the Obama Administration to send the bill to the Hill.

“A representative for Sen. Patrick Leahy, head of the Judiciary committee and original author of CALEA, said today that ‘we have not seen any proposals from the administration,’” wrote McCullagh.

From the FBI’s perspective, nothing in the proposed law expands current wiretapping law, which will continue to require a court order. The idea, they say, is to improve their technological ability to “provide results,” meaning making access easier. Toward that end, Subsentio, a Colorado-based company that sells CALEA compliance products, told CNET that the proposed measure “provides a ‘safe harbor’ for internet companies as long as the interception techniques are ‘good enough’ solutions approved by the attorney general,” or “if companies ‘supply the government with proprietary information to decode information’ obtained through a wiretap or other type of lawful interception, rather than ‘provide a complex system for converting the information into an industry standard format.’”

Either way, the FBI is angling to have the presumably anonymous ability to keep tabs on virtually every form of person-to-person communications available, which is something that makes a lot of people uncomfortable. In addition to several critics of the law mentioned in the CNET article, including EFF, the Computer and Communications Industry Association and TechAmerica, a trade association that includes representatives of HP, eBay, IBM, Qualcomm, and other tech companies on its board of directors, Salon.com contributor Glenn Greenwald published a blistering denunciation of the effort Sunday in a piece called, “Surveillance State democracy.”

“The procedure being used here by the FBI to obtain these powers is just as significant to me as the substance of the policy it wants,” warns Greenwald. ”Notice how the FBI—in order to obtain these new powers—does not believe it needs to persuade the American citizenry to accept it. Instead, they’re meeting with the people who actually hold power over our laws—industry executives—in order to plead with them not to oppose this. FBI officials even planned a pilgrimage to Silicon Valley ‘to meet with Internet companies’ CEOs and top lawyers’ in the hope of obtaining their permission to proceed with this new scheme.”

From secret surveillance by government of P2P communications to secret surveillance by ISPs of the content you are downloading, it would appear that the brave new world imagined by the internet could yet become a maze for rats.

The good news, according to Greenwald, is that it is still “possible for citizens to meaningfully oppose this relentless expansion of the Surveillance State.” In light of his claim that “those who continue to expand the National Security and Surveillance State appear to have little fear of any meaningful citizen backlash,” however, Greenwald is also saying that the time to “mobilize meaningful citizen opposition to growing government surveillance powers” is now.

05/7/12

Will .China Mobile. Spy on U.S?

gAtO wAs- reading Stan Abrams a lawyer and professor in Beijing, China article about “Will China Mobile Get It’s U.S. License Approved? – http://www.businessinsider.com/will-china-mobile-get-its-us-license-approved-2012-5” the FCC “Team Telecom” has all the power in this deal. This is simple when a foreign ownership wants to come into our telecom world we want the DHS, DOJ, FBI DoD to investigate them for backdoor into the infrastructure that no virus scan can detect- in the hardware and firmware….

This is a big deal, we gave the OK a few years ago to China Telecom and China Unicom similar licenses in 2002-03. Why the big deal now. Well the last few years China has increased it’s attacks on U.S companies sucking in their IP (-Intellectual Properties). To top things off Huawei just got turned down down-under in Australia to allow it to come into their Telecom network. Once again when you give access to our telecom network we are giving them the key to all our information. Now keep in mind that we still have over 60-70% of our government C&C (Command and Control) running on our public Internet pipelines. Back a few years ago China re-routed over 15% of all the Internet traffic thru their routers. While we developed a kill switch to isolate us from the rest of the world and do a reset. Anyway the FCC has a lot of power that no one knows about check out there liaison activities list below it quite interesting.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Okay, reality check time. I doubt that China Mobile would want the type of scrutiny that a court case would mandate, so I don’t expect a formal challenge to a rejection from “Team Telecom.” Certainly Beijing doesn’t want China Mobile to disclose to anyone what it is required by Chinese law to do with data on its networks (hint: government monitoring). Moreover, the U.S. national security apparatus certainly wouldn’t want to disclose what it knows to the “other side” (i.e. China). And at the end of the day, neither side wishes to disclose any of this to the general public.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

If they turn China Mobile down and it’s contested it would be good to see what evidence the U.S. Government has to say “we believe this company is spying on us with these backdoors they put in”. Yeah in an election year it’s going to get hot with China if they play a bad boy I think Obama may have to show them what we can really do in cyber space -gAtO oUt

Reference:

FCC Homeland Security – Liaison Activities http://transition.fcc.gov/pshs/docs/liaison.pdf

CodeName Tempest http://en.wikipedia.org/wiki/TEMPEST

http://uscyberlabs.com/blog/wp-content/uploads/2012/05/china-computer-hac_1963116c-150x150.jpg

contraseña vIeJa

Weaponize the Tor Network:

Mapping Tor Relays

Cyber Illuminate – Prism

Government use of Cyber Weaponized Exploits

Stopping Pedophile websites in Tor

Tor friendly ISP

Tor Websites over 1/3 TANGO DOWN

Do You Want To Play a Cyber War Game China?

Tor OR-relay map of Italy

Finding Tor Websites –geo-location

Tor – Unix Commands

Tor Tells It’s Secrets

Tor is NOT the ONLY Anonymous Network

China Hackers found in Tor

Finding the Bad Guy’s in Tor -triangulated irregular network

Tor Website 36% are Criminals Sites

Mapping Tor Websites

Currency of the Cyber Economy

Cyber Women and Hollywood

China Cyber Attack -AGAIN

@gAtOmAlO2 tweets
Loading tweets ...
Follow @gatomalo2 on twitter.

-0-1-0-1-0-1-0-1-0-1-0-1-
.onion network Anonymous Banks BitCoins Black Hats China Attacks china cyber china espionage China Hack China security Chinese Goverment cyber-spies cyber-thieves Cyber Criminals Cyber Dissident Cyber Espionage Cyber Financial Cyber Intelligence Cyber Monitoring Cyber Notebook Cyber Policies Cyber Politics Cyber Reputation Cyber Revenue Cyber Strategy Cyber Study Cyber Threats Cyber Tools Cyber War Cyber Warfare Cyber Weapon Dark Web Deep Web Goverment Hackers Hacks Hacktivist human rights Information Warefare Infrastructure Notes to Myself Onion Web Social Media ToR Tor Network

mUsIcA by gAtO

Celtic Salsa

d-beat of my heart

classical Maggie

alissa's song

gAtO_jam 01

gravity down

mandy's soundsbox

gAtO_jam 02

1-cry-4-d-night

Copyright Notice 2012

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of USCyberLabs.com and the USCyberLabs member that posted this content--this includes using our RSS feed for any purpose other than personal use. ©Copyright ™uscyberlabs.com 2012

USCyberLabs

Cyber Security Notebook

Category Archives: Cyber Politics