05/17/14

Bitcoin 2.0 and the Segway Bike

Bitcoin 2.0 and the Segway Bike

gAtO Imagine – some of the business side applications we can build with future triggered events being executed by Autonomous Cyber Robots. All build on the basic Bitcoin 1.0 code but not using the coins but the blockchain – there be treasure in that blockchain but it’s all math ugh!!!.

segway_bike_Bitcoin

Ok first what is Bitcoin 2.0? Basically it’s a new way to have a cyber robot or a cyber drone that can do what you instruct them to do. It is a timestamp triggered event and you can now just add business rules to it that will work in cyberspace.

What do you do online today?

  • Shop for things and have them delivered
  • Online banking
  • Buy and sell stocks and bonds
  • Send donations to Charities or political organizations

So now you can build cyber-business rules to be execute on the web and put them into one of these cyber robot or a cyber drone. I use these 2 terms because when people hear drones they think attacks and such and yes you can now build digital FINANCIAL  warriors that can execute based on events, millions of them and they can be used for good and evil.

timeStamp- or -blockchain-trigger event – robots with business rules- example//

  • Send 100 Bitcoins to my family every 6 months after I die.
  • Buy or sell stocks ambiguously  – Digital Business Contracts – or Personalities
  • Any transaction that can be performed on the web!
  • Set up a corporation by an Ethereum digital actors
  • Any Business rule that can executed digitally 

gAtO lOvE Ethereum //= it is a platform and a programming language that makes it possible for any developer to build and publish next-generation distributed applications. https://www.ethereum.org/  Next Generation Smart Contracts and a Decentralize Application Platform. Non-geek cyber-business rules OK…

GAtO used to lug around an Osborne luggable computer… 1.0 laptops – but gAtO was cool aligning 10MB (yes 10 Mega Bytes) hard rives the size of a large home freezer. The good old computers days… Out of hardware back to Biz -mEoW

MasterCoin – The Master Protocol facilitates the creation and trading of smart properties and user currencies as well as other types of smart contracts. Mastercoins serve as the binding between bitcoins (BTC), smart properties and smart contracts created on top of the Mastercoin Protocol. Non-geek cyber-business rules OK…

Similar Alt-coins but both the same (going after the business side) in a way but these seem to be a new wave of Bitcoin 1.0 off shoots. Now NameCoin and Trusted coin are on a different course, since they are more into the digital Notary service that can be done with any blockchain type Bitcoin off shoot. And LiteCoin 84 Million -versus- 21 Million in Bitcoins another fight but of a different financial play on this alt-coin. LiteCoin is around $10 bucks Per so we have to keep an I on them too.

Once again these another development are being built on the shoulder of the great Satoshi Nakamoto work. GaTo as a technologist love all these new and exciting toys to play with. Then I think about the Segway Bike I alway wanted one but then again really, I’m I really ready to give up walking? Back in 2001 it was so cool, it was the evolution of the bicycle or was it???

13 years later this evolution the revolution of the bicycle is seem by most as the Mall Police ride by. Ok maybe in Seattle or San Francisco I can see that but really. Now Bicycle Cops are everywhere but real cops on a Serway Bike – you know maybe I don’t really want one anymore. But I wonder if I can buy one with Bitcoins? ummm

DogE-Coin is hot with the young bloods as a NEW digital currency that’s taking Reddit and other places by storm- I know gAtOCoin, maybe I’ll start one of my own, there only about 500 Alt-Coins around and growing all built on the Bitcoin core code. Bitcoin is only 5 Years Old -Wow- Imagine in another 3-5 years // world wide currencies all over doing different things creating the NEW Cyber-System D-(system) that no government can controls, of the people and by the people. Double -Wow

gAtO’s bet is on Bitcoin, simple it has payed it’s dues, from an underground play toy to International financial deals like flying to the Moon on Virgin Air, I wonder if I can buy that with Litecoins- you listening Richard Branson I’m mining Namecoin too Richard.

The new Bitcoin business Investors and Incubators are hopping with new Bitcoin 2.0 ideas, but is it different if it’s control by the users, not the sole players like the bankers and older financial players. But truth be told these will bring newer workable solutions that will trickle down to the normal person. We must be careful because these new worldwide cyber solution will have little government controls so the game is changing and the ability to jump on this but NOT to give up privacy with government toys like TPM – Trusted Computer Platform – yes July 2015 all Windows 8 devices will have TPM 2.0 in control of your devices. The US solution cyber Kill Switch.

AT least Apple has not added TPM into it’s hardware but they banned against Bitcoin -Steve told you to Innovate Apple- But that’s another battle.

You can trust your government spying on you IF you have nothing to hide RIGHT!!! - gAtO oUt

Digital System D-

System D is a slang phrase pirated from French-speaking Africa and the Caribbean. The French have a word that they often use to describe particularly effective and motivated people. They call them débrouillards. To say a man is a débrouillard is to tell people how resourceful and ingenious he is. The former French colonies have sculpted this word to their own social and economic reality. They say that inventive, self-starting, entrepreneurial merchants who are doing business on their own, without registering or being regulated by the bureaucracy and, for the most part, without paying taxes, are part of “l’economie de la débrouillardise.” Or, sweetened for street use, “Systeme D.” This essentially translates as the ingenuity economy, the economy of improvisation and self-reliance, the do-it-yourself, or DIY, economy.

 

06/14/13

Cyber Illuminate – Prism

gAtO lOcO-  I know conspiracy theory’s but this one stop me cold.  I was looking at a newscast and the NSA Prism illuminate_dollarlogo came on, OK pink Floyd – dark side of the moon rip-off but something caught my eye – the triangle on the dollar bill and the Prism logo triangle ummmm…. – an all seeing triangle -what every one tells about the Illuminate logo. If you apply a prism to data -it’s the same thing you grab all the light/data and filter it down to different data streams, categories -colors. I can see the meaning of the logo for prism now, wonder how much they paid a no-bid contractor for that logo.  prism-logo-61013

—a new world order – cyberspace —

Then I remember the CISPA fight we had a while back and on one of them it said. “Cyber Intelligence Sharing & Protection Act” that was pretty much the same thing we find now in what Prism does with phone and data collection. So my question is, if Prism has been going on since the Patriot Act and the NSA has been doing this legally.

Why CISPA? Why SOPA? Why PIPA? Come on Prism is legal so why all this data sharing when the government was doing it under our nose. I think what this kid Shoden did was stupid, but it’s his choice and he will live with this one way or another. What he showed us has opened a discussion that I think was needed in the cyber world. cispa

Cyber society is the new norm and we older-people must accept that these young men and women know this technology and how to use it better than we do. Cyberspace belongs to everyone today and I hope we together can change things for the better. But I don’t think the powers that be will give over so easily. Prsim is a perfect example of how the cold war mentality has change with the digital domain becoming more real. We will not recognize the Internet 10 years from now, but if the Illuminate have there way they will be watching us –  gAtO lOcO oUt…      Illuminate

 

06/12/13

Government use of Cyber Weaponized Exploits

gAtO rEaD- The government is buying hackers exploits – not to stop these sophisticated cyber exploits but to use these tools against it’s own people- they are using the tools to infiltrate computer networks worldwide, leaving behind spy programs and cyber-weapons that can disrupt data or damage systems.network

The core problem: Spy tools and cyber-weapons rely on vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public warnings. So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired. So your computer is vulnerable and the governments knows it and will not disclose this information, but use it against you to place cookies,RAT’s or other spyware into your computer -maybe- I trust our government don’t you?

If you got nothing to hide, you should not be worried… right????

So our Tax dollars are going to Hackers and cyber criminals that sell these exploits all over the world. As a tax payer I don’t like this part at all. But the worst part is by us taking the lead of cyber offensive cyber tools -example.. Stuxnet – it is a plan book for other countries to do the same. So what we do in cyberspace has become socially acceptable to do in cyberspace and then we bitch about China. I don’t get it – mEoW

Officials have never publicly acknowledged engaging in offensive cyber-warfare, though the one case that has beenmost widely reported – the use of a virus known as Stuxnet to disrupt Iran’s nuclear-research program – was lauded in Washington. Officials confirmed to Reuters previously that the U.S. government drove Stuxnet’s development, and the Pentagon is expanding its offensive capability through the nascent Cyber Command.

Then you have the Prism disclosure and PoW- US Cyber Agents Disrupt Publication of Popular Al Qaeda Magazine – This means that Obama’s cyber military is potentially capable of more targeted attacks, specified at damaging particular pieces of information or infrastructure. I wonder where they got those vulnerabilities? maybe some bad guys—/Nato_cyber_plat

What worries me is as the U.S engages in these attacks our enemies are learning what is acceptable in cyberwar. So we must be careful not to lose the fact that everyone is watching what we do and how we treat cyberspace and others governments will follow, defensive and offensive, they are learning from the best the U.S. Government -gAtO oUt

ref: http://www.reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510

 

http://www.businessinsider.com/us-cyber-agents-disrupt-inspire-magazine-2013-6

 

 

07/6/12

Online Security Basic -should I use encryption

gAto fOuNd - this -/ Basic Security Guide /- a while ago in the .onion and while I don’t agree with everything in this write-up I learned some new things. At the end of the day –/ they can’t take away what’s in your head -always be a critical thinker - gAtO oUt

Online Security Basic - link are .onionLand

Transcribed from http://g7pz322wcy6jnn4r.onion/opensource/generalguide.html on 2011-04-16.

Contents[hide]

Basic F.A.Q.

What is encryption?

Encryption is a method of encoding information in such a way that it is computationally difficult for eavesdroppers to decode, but computationally easy for the intended recipient to decode. In practical terms, encryption makes it almost impossible for you to be successfully wiretapped. Encryption can also make it essentially impossible for computer forensic teams to gather any data from your hard disk drive. Encryption is the process of making information difficult or impossible to recover with out a key. The key is either a passphrase or a huge random number protected by a passphrase. Encryption algorithms fall into two primary categories: communications and storage. If you use a program such as GPG to encrypt your E-mail messages, you are using encryption for communications. If you use a program such as Truecrypt to encrypt your hard disk drive, you are using encryption for storage.

Is there a big difference between storage and communication encryption?

Yes. Data storage encryption often uses only symmetric algorithms. Communication encryption typically uses a combination of asymmetric and symmetric algorithms. Asymmetric algorithms are generally far easier to break than symmetric algorithms. In practice this is not significant as the computing power required to break either strong asymmetric or strong symmetric algorithms is not likely in the grasp of any agency.

Should I use encryption?

Yes! If you participate in the Internet underground it is essential for your continued freedom that you learn how to use encryption programs. All communications should be encrypted as well as all stored data. For real time communication encryption we suggest either Pidgin or Adium instant messages with the OTR plug-in. For non-real time communication encryption we suggest GPG. Truecrypt does a great job of encrypting stored data and can also encrypt the OS partition if you use Windows. Various flavors of Linux and Unix also allow for the OS partition to be encrypted although the particular program used will vary. If an alternative installation CD is used Ubuntu allows for OS partition encryption during the installation process.

What is plausible deniability?

When discussing stored data encryption plausible deniability means that an encrypted container can decrypt into two different sets of data depending on the key used. Plausible deniability allows for you to pretend to cooperate with authorities with out them being able to tell you are not cooperating. For example, perhaps they demand you give up your password so they can decrypt some of your communications or stored data. If you used a system with plausible deniability you would be able to give them a password that would indeed decrypt the encrypted data. However, the decrypted data they can now see will be non-sensitive data you intentionally allowed for them to decrypt. They can not see your sensitive information and they can not prove that you didn’t cooperate.

Do I need plausible deniability?

Possibly. It really depends on where you live. In the U.K. it is a crime to refuse to give law enforcement your encryption keys on demand. Refusal to reveal encryption keys is punishable by several years in prison, but this is quite possibly a lot less time than you would get if you did reveal your encryption keys. In the U.S.A. the issue has not yet gone to the supreme court and lower judges have ruled in both directions. In general it is a good idea to use plausible deniable encryption when possible. Truecrypt supports plausible deniability for all functions under Windows. For Linux there is no current software supporting out-of-the-box plausible deniability of the OS partition. With Linux you may be able to achieve a type of plausible deniability by encrypting your entire drive and putting the bootloader on another device. Then you can argue the drive was freshly wiped with a PRNG and there is no key to decrypt.

Of course the police can break encryption, right?!

If you are using a strong encryption program (such as GPG, OTR, Truecrypt, etc) and a long and random password (or automatically generated session key, such as OTR) the police are not going to be able to directly break the encryption. This is not to say they can not get your key in other ways! For example they could install a keylogger onto your keyboard or use various transient signal attacks to capture your key while you type it. An emerging method of encryption key compromise uses application layer exploits to remotely grab keys from RAM. These ‘side channel’ attacks need to have active measures taken against them (the best of which are using a strong anonymity solution and hardened OS).

What about the NSA?

The NSA is not going to be able to break strong data storage encryption algorithms (symmetric). They are also probably not able to break strong communication encryption algorithms (asymmetric). Very powerful quantum computers can be used to greatly reduce the bit strength of an encryption algorithm. Symmetric algorithms have their bit strength cut in half. Asymmetric algorithms are easily broken by such powerful computers. If you are using AES-256 a powerful quantum computer will reduce its bit strength to the still unbreakable 128. If you are using even a 4,096 bit RSA key with GPG, a powerful quantum computer can break the encryption. However, keep two things in mind; It is not likely that the NSA or anyone else has such a computer, and anyone sane will assure you that unless you are a foreign military or major terrorist the NSA will not act on any intelligence they gather by by breaking your communication encryption.

But anything can be hacked, right? Why not encryption?

Encryption algorithms are not hacked, they are cryptanalyzed. Not every single thing done with a computer can really be considered hacking. Hackers may be able to exploit the implemented code of a program using an encryption algorithm, but even the best hackers tend to know little about encryption. Hacking and cryptography are not the same field and most hackers who think they know a lot about encryption actually know very little about it. Encryption is a field of pure mathematics and good encryption algorithms are based firmly on the laws of mathematics as they are currently understood. Unless there is some very unlikely discovery in the field of mathematics the security claims made about most encryption algorithms will stand firm even if the best hackers (or even more impressively cryptographers) in the world try and attack them.

Note: Some hackers are skilled enough to side channel your encryption with application layer exploits unless you take hardening counter measures. This is not hacking the encryption algorithm although it is using hacking to counter encryption. Following our general security guide (later on this page!) will make it much harder for hackers to do this. To hack you through Open Source the attacker will first have to compromise Open Source, we have taken many security measures to make this very difficult to do.

Using encryption programs myself is difficult, but Hushmail, Safe-Mail or (Insert name here) will manage it for me!

Fully web based services can not really offer you strong encryption. They manage your keys for you and for this reason they have access to your keys. It does not matter what the company is named or what they promise, all of them are liars and some are probably honeypots. These services will not offer you strong encryption and law enforcement will be able to gain access to your communications. If you play with fire you need to learn how to protect yourself or you will be burned. It is not overly difficult to manage your own encryption and it is the only possible way for you to maintain your security.

What exactly is anonymity?

Anonymity is the property of being indistinguishable from a given set size (number of others). In the way the term is commonly used anonymity is the inability to be traced. A trace could mean that an attacker follows your communication stream from you to the end destination you are communicating with. A trace could also mean that an attacker follows a trail of logs from the end destination you communicate with back to your location. Anonymity solutions make it difficult to trace your communications and by doing so also make it harder to map out the networks you participate in. Anonymity can also be used to prevent censorship. If a server is hosted as part of an anonymity network and its location can not be determined then an attacker is incapable of demanding the censorship of the services hosted by the server.

Why do I need anonymity?

If you are not using an anonymity solution your presence on the Internet can be trivially traced back to your presence in real life. If you are participating in activities on the Internet which you would not want to be traced to your real life identity, you need anonymity. If you are participating in a network you need anonymity to protect yourself from network analysis. If no one on your network is using anonymity solutions and the police bust one of them, they will be able to see who all they communicated with as well as who all those people communicated with etc. Very quickly and with high precision the police will be able to map out the entire network, going ‘outward’ to many degrees. This may be useful for evidence (for use in court) and it is certainly useful for intelligence (so they know where to look next).

I already use encryption so there is no need for me to be anonymous!

Although encryption and anonymity highly compliment each other they serve two different goals. Encryption is used to protect your privacy, anonymity is used to hide your location and protect you from network analysis. Strong anonymity requires encryption, and encryption is greatly benefited when combined with anonymity (after all, it is hard to install a keylogger if you don’t know where the target is located!). If you use strong encryption but no anonymity solution the feds may not be able to see what you say but they will know who you are and who you are talking with. Depending on the structure and purpose of your network, a single compromised node may very well remove all benefits of using encrypted communications. Many of the most realistic and devastating attacks on encryption systems require the attacker to gain a physical presence; if you are not using an anonymity solution this is trivial for them to do. If the feds do not know where you are, they can’t bug your keyboard with a keylogger. Anyone who says you do not need anonymity if you use encryption should be looked at with great suspicion.

Tor exit nodes can spy on my communication streams so I should not use it!

If you use Tor to connect to the open Internet (.com instead of .onion) it is true that the exit node can spy on your communications. You can reduce the risk of this by making sure you only connect to SSL websites (https:// instead of http://). You can further reduce the risk of this by always checking the fingerprint of the SSL certificate and making sure it does not change with out an adequate reason being presented by the site administrator. You can eliminate the risk of a spying exit node in some contexts. For example if you encrypt a message yourself with GPG before you send it, the exit node will not be able to break the encryption even if they are spying.

Tor is not meant for privacy (unless you only access .onions) it is meant for anonymity! If you want privacy while using Tor you will need to either only access .onions or you will need to layer it on yourself by using GPG, SSL, OTR or other encryption on top of it. Using Tor to connect to the open Internet with out using any privacy tools yourself can actually reduce your privacy from some attackers. Remember, Tor to the open Internet is for anonymity it is not for privacy. Anonymity is just as important as privacy. Also, networking tools with a larger focus on privacy than anonymity (such as VPNs), will not offer you privacy from law enforcement anymore than Tor will and they also tend to offer substantially worse anonymity!

If I use Tor can I be traced by the feds?

So far, probably not unless you get very unlucky or misconfigure something. The feds are getting better at tracing people faster than Tor is getting better at avoiding a trace. Tor is for low latency (fast) anonymity, and low latency solutions will never have the ability to be as anonymous as high latency (very slow) solutions. As recently as 2008 we have documented proof that FBI working with various other international federal agencies via Interpol could not trace high priority targets using the Tor network. There is a large amount of information indicating that this is still the case. This will not be the case forever and better solutions than Tor are going to be required at some point in the future. This does not mean you should stop using Tor! It is quite possible that no VPN solution offers better anonymity than Tor, and the only low latency network which can be compared to Tor in terms of anonymity is I2P. Freenet is an anonymous datastore which possibly offers better anonymity than Tor or I2P. In the end it is very difficult to say what the best solution is or who it will hold up to, but most people from the academic anonymity circles say Tor, I2P or Freenet are the best three options. JAP is considered worse than the three previously suggested solutions, but better than most VPN services. You should at the very least use an encrypted two hop solution if you want a chance at remaining anonymous from the feds.

Traced is a very particular term. It means that the attacker either can observe your exit traffic and follow it back to your entry point or that the attacker can see your traffic enter a network and follow it to its exit point. Tor does a good job of protecting from this sort of attack, especially if you have not pissed off any signals intelligence agencies. Tor does not protect from membership revealment attacks! It is vital that you understand this attack and take measures to counter it if you are a vendor. To learn more about how to counter this attack keep reading this document, we discuss more in the applied security advice section on this page.

If I use Tor can I be traced by the NSA?

Probably. If you want a chance of being anonymous from the NSA you should research the Mixmaster and Mixminion remailer networks. NSA usually traces people by hacking them and doing a side channel attack. They have dozens of zero day exploits for every major application. This is also how they compromise GPG and FDE. Your best bet to remain anonymous/secure from the NSA is to use ASLR with a 64 bit processor to protect from hacking + Tor + Random WiFi location.Using airgaps can protect from them stealing encryption keys. This would involve using one machine with access to the internet to receive data, transfer the encrypted data to another machine with a CD which you then destroy, and decrypt on a machine with no access to the internet. Don’t reuse transfer devices or else they can act as compromise vectors to communicate between the machine with no internet connection and the machine with internet connection. Mixminion is better than mixmaster.

If I use hacked cable modems am I untraceable?

No, the cable company can trace you and so can the police and feds. However, it will make it more difficult for them to do so. People have been busted using this technique by itself!

If I use hacked or open WiFi am I untraceable?

The degree of untraceability you get by using WiFi access points depends largely on how you are using them. If you always use your neighbors connection, the trace will go to your neighbor before it goes to you. However, if law enforcement make it to your neighbors house before you stop the pattern of behavior, they can use WiFi analysis equipment to trace the wireless signal from your neighbors router and back to you. Many people have been busted this way. Also, if you use many different WiFi access points but they fit into a modus operandi (such as always from a particular type of location, maybe coffee shop) , you can eventually be identified if law enforcement put enough effort into doing so. Some people have been busted using this technique. If you use a brand new random location (harder than it sounds) every time you make a connection your identity can still be compromised, but the amount of effort required increases tremendously (assuming you are protected from side channel attacks anyway, be they CCTV cameras or remote WPS infections). We have not heard of anyone being busted if they used a brand new randomly selected WiFi access point for every connection.

If I send a package domestic to the USA with USPS do they need a warrant to open the package?

Yes, if it is sent in such a way that it could contain communications. For example, a letter will require a warrant but perhaps a very large and heavy box will not. For the most part, they need a warrant. No other mailing company requires a warrant to open any sort of packages. International packages can be inspected by customs with no need for a warrant.

Should I use masking scents, such as perfumes etc?

No, masking scents will not prevent a dog from hitting on the package. Masking scents will however make the package seem more suspicious to humans. Vacuum seal the product and be very careful to not leave any residues.

Applied Security Guide

Step Zero: Encrypt your hosts HDD

If you use Windows this can be done with Truecrypt

If you use Linux there are various ways you can accomplish this, usually an install time option

Step One: Configure the base system, harden OS

Application layer attacks exploit programming or design flaws of the programs you use, in general the goal of such attacks is to take over your system. For a deeper look at application layer exploits please check out the this page. These attacks are very dangerous because they can circumvent a lot of the other security you use, like encryption and anonymity solutions. The good news is that Open Source acts as an application layer firewall between you and everyone you communicate with through Open Source. We have taken great care to harden our server from attack and even if you take no precautions yourself it should not be trivial for you to be hacked through our server. However it is still a good idea for you to harden your own system. You don’t know for sure if you can trust us and there is no reason to be a sitting duck if our server is indeed compromised.

The first step you should take is running the operating system you use to connect to Open Source in a Virtual Machine. We suggest that you use Virtualbox. Virtual machines like Virtualbox create virtual hardware and allow you to run an operating system on this virtual hardware. It sounds complex but you really don’t need to know a lot about the theory, Virtualbox does all the work for you. There are a few reasons why you should use a virtual machine. The primary reason is that if the browser in your virtual machine is hacked the attacker is stuck inside of the virtual machine. The only way they can get to your normal OS is if they find a vulnerability in the virtual machines hypervisor, this adds complexity to their attack. The second reason you should use a virtual machine is because it makes it easier to use Linux if you are used to Windows or Mac OSX. Linux is a lot easier to secure than those operating systems but it is also harder to use. By using a virtual machine you can use your normal OS and Linux at the same time, Linux runs as a guest OS in a window on your normal (host) OS.

It is very simple to set up a virtual machine. Download and install Virtualbox. After launching it you will need to create a new VM. It is pretty simple and the program will walk you through the steps. Make sure to create a large enough virtual drive to install an OS, I suggest around ten gigabytes. You will need an install image so you can put the OS of your choice on the VM. Download the most recent Ubuntu ISO and use this. Remember, it doesn’t really matter if you don’t know how to use Linux. All you are using this VM for is using Firefox to browse Open Source, security comes before ease of use! Now that your virtual machine has been created you need to point it to your Ubuntu install CD. You can do this by going to the machines storage tab in the Virtualbox manager and pointing the CD drive to your install ISO. You will possibly be required to configure your virtual machine to connect to the internet if the default settings do not work for you, but chances are high that they will. Now you need to boot the virtual machine and install Ubuntu. Installing Ubuntu takes a little over half an hour and is very easy, you can simply select to use the default options for almost all of the steps.

Now that Ubuntu has been installed in a virtual machine it is time to start hardening it. The first step is to make sure it is fully patched and up to date. You can do this by going to System -> Administration -> Update manager from the bar on the top of your screen. Make sure you install all new updates because the updates include important security patches. It will take a while to update your system.

Now it is time to do some more advanced hardening steps. These steps may seem to be difficult if you are not very advanced technically, but don’t worry it is all just following instructions and you only have to do it once. Go to Applications -> Accessories -> Terminal from the top bar on your screen. This will launch a command line interface. Now type in the following commands hitting enter after each:

sudo aa-enforce /etc/apparmor.d/*

 

This command enables every AppArmor profile that Ubuntu ships with, including one for Firefox. AppArmor is an application layer firewall and makes it a lot harder for a hacker to compromise an application configured with a profile.

sudo apt-get install bastille

This downloads a generic hardening script that will walk you through some automated steps to make your system more secure.

sudo bastille -c

This launches the bastille hardening script. It will walk you through every step, in general you should select the default option. Make sure you at least read every step, there might be some things you don’t want it to do but in general the default options are good.

Step Two: Configure Tor and GPG, harden Firefox

Follow these simply step by step guides in order

Install TorInstall GPGConfigure Firefox with Tor and Harden it

Although it is not required for customers to know how to use GPG they still should. Our system will protect your communications in some ways. Your messages are stored in encrypted containers set to dismount if an intrusion is detected. Our server is highly hardened and resistant to hackers infiltrating it and spying on your messages. We are also a Tor hidden service and therefor offer encryption from you to us and from us to the people you communicate with. Our server is still the weak point in this system, a particularly skilled hacker could compromise the server and manage to spy on your communications undetected. The server could be traced by an attacker who could then flash freeze the RAM and dump the encrypted container keys. As far as you know we could even be law enforcement, or law enforcement could compromise us at a later date (the first is not true and the second is not likely, but do you really know this?). Our system does not hide your communications from us if we are your adversary, the same is true for Hushmail and Safe-mail. You can protect your communications with high grade encryption algorithms simply by learning to use GPG and it isn’t hard so we highly suggest you do it. Vendors are required to accept GPG encrypted orders!

Step Three: Conceal your membership (VERY IMPORTANT FOR VENDORS)

Using Tor by itself is not enough to protect you, particularly if you are a vendor. Membership revealment attacks combined with rough geolocation intelligence can lead to a compromise! The gist of a membership revealment attack is easy to understand. The attacker merely determines everyone who is connecting to a particular network, even if they are incapable of determining where the traffic being sent through the network is destined for. Tor does a good job of preventing an attacker who can see exit traffic from following the stream back to your location. Unfortunately, if you ship product the attacker can determine your rough geolocation merely by determining where you ship product from. If the attacker already knows your rough geolocation and they are capable of doing a membership revealment attack to determine who all in your area is connected to Tor, they can likely narrow down your possible identity to a very small set size, possibly even a set size of one.

This is not likely to be useful for evidence but it will provide strong intelligence. Intelligence is the first step to gathering evidence. The attacker may put everyone in your area who they detect are connecting to the Tor network under meatspace surveillance looking for evidence of drug trafficking activity. For this reason it is highly important that you protect yourself from membership revealment attacks!

Membership revealment attacks are less a worry for customers (provided financiall intelligence is properly countered to avoid an attacker finding rough customer geolocations!) than they are for vendors. There are a few reasons why this is true. First of all a customer is likely to reveal more about their identity when they place an order than the attacker will be able to determine with a geolocation + membership revealment attack. Secondly, the vendors allowed to operate on Open Source have been highly screened to significantly reduce the probability that any of them are federal agents, but the customers on Open Source are not only anonymous but they are also not screened at all. Third of all, the organizational structure reduces the risk for customers; a customer may work with a few vendors but each vendor is likely to be working with hundreds or thousands of customers. Customers sourcing from Open Source are at minimal risk even if they have products delivered directly to there own residence, vendors working on Open Source at particularly vulnerable to membership revealment attacks due to the open nature of the site.

The primary concern for customers is that they load finances anonymously and the vendor decentralizes their financial network. If a vendor is using a star network (centralized) financial topology there is a risk that an attacker could map out the geographic locations where customers loaded funds. After determining where funding was loaded the attackers could do anonymizer membership revealment attacks in an area around the load point and filter out everyone who is not using an anonymizer. This will likely leave the customer and few others. The attacker may even be able to compare CCTV footage of the load to the users of anonymizers in the area and look for a facial recognition match. To counter this it is important for customers to make use of good financial counter intelligence techniques (E-currency layering being one). Customers may also choose to utilize transients by paying them a fee to load currency, this way the customer avoids being on CCTV at any point. If vendors decentralize funding points (ditch the star network topology) customers will be strongly protected from such attacks, however it is impossible for a customer to ensure that a vendor is using a 1:1 customer to account/pseudonym identification ratio.

There are several ways you can protect yourself from a membership revealment attack, if you are a vendor it would be foolish to not take one of these countermeasures. The primary way to protect from a membership revealment attack is to make sure you do not enter traffic through the same network you exit traffic through. As all traffic to Open Source ‘exits’ through the Tor network, entering your traffic through a VPN first will reduce your vulnerability to membership revealment attacks. The attacker will have to determine who all in your area uses any anonymizing technology and put all of them under meatspace surveillance, there are likely to be far more people in your area using some sort of proxy system than there are people using Tor in particular. This will substantially increase the cost of putting all ‘potential targets’ under surveillance.

Using a VPN is helpful but it is not the most ideal solution. Your crowd space against a membership revealment attack will increase but perhaps not by much depending on the particular area you work out of. Also, a particularly skilled attacker may be able to determine you are using a VPN to connect to Tor by fingerprinting traffic streams. Tor traffic is padded to 512 byte size packets, normal VPN traffic is not. By filtering for 512 byte streams, an attacker can determine who all is using Tor in a given area. VPN’s protect from IP routing based membership revealment attacks but not from traffic fingerprinting membership revealment attacks. However, it is less likely that an attacker will be able to do a traffic fingerprinting membership revealment attack. The Chinese intelligence services apparently are still using IP address based attacks to block access to the Tor network. This is not nearly as effective as traffic fingerprinting based attacks. This could be an indication that traffic fingerprinting membership revealment attacks are more difficult to carry out (likely), however it could also be due to a lack of skill on the part of Chinas intelligence services. It could also be that China is not particularly interested in blocking/detecting all Tor traffic and IP address based attacks meet their requirements.

A better option than using a VPN would be to set up a private VPS and then enter all of your Tor traffic through this. Doing this will make you much more resistant to IP address based membership revealment attacks because now the attacker will not even be able to narrow you down to all people in your area using any anonymity technology. This is still weak to traffic fingerprinting membership revealment attacks!

Perhaps the best option to avoid membership revealment attacks is to use open or cracked WiFi from a different location + Tor every single time you connect. You could even use open Wifi + VPN/VPS + Tor for very high security from membership revealment attacks. Using random (not your neighbors) open/cracked WiFi greatly increaces your resistance to a wide variety of identity revealing attacks. An attacker can still do membership revealment attacks on users of open WiFi but they can no longer gain useful intelligence from the attack. If they detect that an open WiFi connection unrelated to you is using Tor it can not be used to put you under meatspace surveillance unless they manage to identify you (facial recognition from CCTV cameras, etc).

If you are operating as part of a group you can avoid membership revealment attacks via smart organizational policy. The person responsible for communicating with customers should be different from the person shipping orders. Now the customers are incapable of determining where your actual rough geolocation is because product is sent from a different geographic area than you communicate from. Your shipper should be aware that they will potentially come under scrutiny via a geolocation + membership revealment attack, especially if they use Tor to enter traffic.

nother option is to configure Tor to use a bridge. Tor bridges are designed to allow people in nations such as China the ability to connect to the Tor network. China uses IP address based blocking to prevent users from connecting to known Tor nodes. Bridges are Tor entry guards that are not publicly listed and have a limited distribution mechanism. You can get some Tor bridge IP addresses from the Tor website. We do not suggest you use Tor bridges because they replace your entry guard and they are under crowded. This will lead to a lot less multiplexing on your Tor circuit and can hurt your anonymity in other ways, although it will indeed offer some level of protection from membership revealment attacks. China has managed to detect about 80% of Tor bridges, it is likely that NSA knows all of them. Police agencies in the West are probably not yet particularly worried about locating bridge nodes but they can probably do so with near the same accuracy as China. In our opinion it is not smart to rely on a Tor bridge to protect you from membership revealment attacks in most cases.

Step Four: Know how to do safe product transfer, handle finances safe

Note: Although customers sourcing from Open Source are encouraged to take the best security measures they can, it is not likely required for them to utilize advanced operational security regarding mail (such as fake ID boxes, tactical pick utechniques, etc). Because the vendors allowed to be listed here have been highly screened it is likely safe for customers to have product delivered directly to their homes. If you only work with highly trusted and trusted vendors your biggest concern will be a package being intercepted!

 

07/2/12

The future of the Deep Dark Web

gAtO tHiNk’S  -In todays world we want a little freedoms a little privacy online and more people will use encrypted methods to browse the web.-  Julian Assange said it best-I paraphrase-, in society we as a online-person have an expectation to certain rights of privacy and just want 3 basic things:

1.) Freedom of Communication

2.) Freedom of Movement

3.) Freedom of Economics

In todays world our technology-culture encourages people to give away every detail of our life away. On Facebook, Twitter, LinkedIn we tell people all kind of personal information. \\ everything you tell these website now belongs to them legally and they will do whatever they want with this data. They also want your shopping habits your reading habits and now they want to integrate it with other sites to extract more information. You don’t think so, how many cookies do you have on your computer??? -( I bet you don’t have a clue) what were you doing at 5:30pm last tuesday??? – Google knows, Facebook knows, Twitter knows —> they all know. They all know your friends and your enemies.

Today’s we are tied to cyberspace with almost ever aspect of our lives – Social – Economy – Culture – Political – Ethics – Money – Want’s – Desires – Greed – So me gAtO I want a secure -Freedom of Communication -Tor anonymized type networks for some of my personal questions.

 As more people use encrypted methods to browse the Web, it will become trickier for law enforcement agencies to intercept private communications in real-time, causing them to focus instead on tapping data that is stored in the cloud, according to the draft of an academic paper by a former privacy advisor to the Clinton Administration.

So this means that the legal beagles want to scare you more and more. I was just reading a post were someone said I don’t like to cruise the dark web because I’m afraid of Identity Theft…// In Tor-.onion network your secure with your identity, but if you log in to Facebook and start to give away your information well you just defeated what a Tor-style network does for you your anonymity is now gone.

Some segment of cyber-world will never need secure communication but we must ask what are our human values online? Are we ready to let everyone know the truth about oneself. The technology for anonymized network is here to stay and it’s not good or bad, but it’s powerful and a bit complicated. The watchers of the Watch need to keep our eye’s open for this one- gATo oUt  

 

06/25/12

System D- Bitcoin’s Underground Economy

bitcoins - system D gatomalo2

In Crypto-curency we trust. – I hate math but I like money – mAyBe sI-nO

gATO wAs- reading Forbes -Jon Matonis article about the shadow economy and bitcoins. The Bitcoin market is $10 Trillion and growing the crypto-currency is surpassing everyones imagination and why is that. System D is the answer, what is System D? It is a shorthand term that refers to a manner of responding to challenges that requires one to have the ability to think fast, to adapt, and to improvise when getting a job done. This can be applied to hackers, Anonymous, hacktivist and of course the Tor-Onion network.  They are all System D and growing because of it.

System D is a slang phrase pirated from French-speaking Africa and the Caribbean. The French have a word that they often use to describe particularly effective and motivated people. They call them débrouillards. To say a man is a débrouillard is to tell people how resourceful and ingenious he is. The former French colonies have sculpted this word to their own social and economic reality. They say that inventive, self-starting, entrepreneurial merchants who are doing business on their own, without registering or being regulated by the bureaucracy and, for the most part, without paying taxes, are part of “l’economie de la débrouillardise.” Or, sweetened for street use, “Systeme D.” This essentially translates as the ingenuity economy, the economy of improvisation and self-reliance, the do-it-yourself, or DIY, economy.

Essentially, bitcoin is the ‘System D’ of currencies — global, decentralized, and non-state sanctioned. In todays world were Greece, Spain and the U.S economy are falling apart we now have a currency that is not controlled by one governments it’s control by the people, and the powers that be the bankers are really pissed off.  This is why the “deep dark web” is being vilified. You hear about Silk Roads selling drugs and all kind of scary thing but in reality the black market is only a small portion of the dark web, but Bitcoins are a big part in it’s e-commerce and it’s not traceable that the bad part and the good part. You at home can set up a Bitcoin miner on your computer and start mining Bitcoins at home with a spare computer. It’s like a solar power cell on your roof top, or a windmill you can be in control of things again.

But the real issue is control! The bankers have no control of this new emerging economy. The 1% fear that if we the people start using this new currency we will diminish their power, their wealth and they can’t have that. Bitcoins are barley 3 years old and you hear everywhere that only criminals use it, it’s part of the bad guy’s and another fact that escapes people since it’s a crypto thing and we are talking about MATH they can only generate bit coins till 2030 so this is not the solution for a currency but at least we know where the end lies and we can make it better when nobody is in control.

History tell’s us that the robber (banker) barons use the same trick to spread rumors and crash the stock market in the early 1920, then they put in laws to get every one to sell their gold so they control it. We did have a currency based on Gold but they wanted this power and they payed the politicians off and got all our gold. Now they see this new currency and since it’s not under their control they want you to think it’s a bad thing.

Now a $10 Trillion dollar market will get these bankers up and ready for bear if they want to keep their power based and scaring the masses will not work when you can buy Bitcoins at any 7/11 or WallMart you can see that smart merchants are now accepting Bitcoins for the goods and services these early adopters will see themselves grow financially and hedge their bets on what is a winning worldwide currency. Governments will also go after this new markets because bankers have politicians in their pockets but this tidal wave of the new fiat currency will become de-facto very soon. Just in the last few months it has gone from $4.25 USD to today 6/25/2012 $6.28 according to mtgox.com one of the new traders in this new economy. That’s about about a %30 percent increase—/ now that’s a better rate than anyone can give you on your investmentCa$hing -mEoW- mEoW gAtO lIke that….//

So what does it mean to the average person well if you have Bitcoins in your portfolio you will make a killing as Bitcoins are expected to go to almost $30 USD by Christmas time 2012. gAtO predicts maybe $20-25 by the end of year but I lost my tail in the stock market in 2008 what do I know. Well I know that In that time frame I had no control of the market and today because I am active in this field of Cyberspace and cryptology I can see the patterns and I trust Bitcoins better than USD or EUROs. ViVa System D: – gAtO oUt

Read more Forbes -Could Bitcoin Become the Currency of System D?http://www.forbes.com/sites/jonmatonis/2012/03/19/could-bitcoin-become-the-currency-of-system-d/
06/20/12

NATO and Cyber WarFare

“The world has changed. Now we’re living in the era of cyber weapons”, said Eugene Kaspersky whose laboratory uncovered the virus, or cyber weapon, believed to have been used by the United States and Israel to attack Iran’s nuclear programme. From criminal activity, to international terrorism and inter-governmental warfare, he fears the worst and called for an international treaty to combat it at the Reuters Global Technology, Media and Telecoms summit held in London recently.

NATO Secretary General Anders Fogh Rasmussen while on a visit to Australia this week said that NATO and its partners face increasingly complex and unpredictable security challenges. He pointed to terrorism, cyber attacks and piracy as examples of the global security challenges that both NATO and Australia face. He said that a cyber attack disrupted the Parliament House website two years ago and that Australian government departments and ministerial offices are regularly subjected to similar attacks. In recent months financial institutions have been targeted as well. “I am convinced that our cooperation should also encompass maritime security and cyber security”, the Secretary General said.
NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) was formally established in May 2008 in order to enhance NATO’s cyber defence capability. Based in Tallinn, Estonia, the Centre is an international effort that currently includes Estonia, Latvia, Lithuania, Germany, Hungary, Italy, Poland, Slovakia, Spain, the Netherlands and USA as Sponsoring Nations.
23 NATO and six partner nations were involved in Cyber Coalition 2011, NATO’s main yearly cyber exercise. Assistant Secretary General for Emerging Security Challenges, Ambassador Gabor Iklodysaid:
I am delighted to see so many participants joining us for NATO’s major annual cyber coalition exercise. The number of players and observers is growing every year. This demonstrates the high importance that Allies and partners attach to achieving better protection against rapidly increasing cyber threats and also confirms NATO’s recognition as a key player in cyber defence. 
In February 2012, a 58 million Euro contract was awarded to establish a NATO Cyber Incident Response Capability (NCIRC), to be fully operational by the end of 2012. A  Cyber Threat Awareness Cell is also being set up to enhance intelligence sharing and situational awareness. In March the NATO Consultation, Command and Control Agency (NC3A) was awarded the contract for upgrading NATO’s cyber defence capabilities. Private industrial companies will enable the NCIRC to achieve full operational capability.
On 26 April, Spiegel Online reported that ‘NATO Faced with Rising Flood of Cyberattacks’. “Each day, we are seeing up to 30 significant attacks on our digital networks or on individual computers, mostly by way of emails infected by spyware and sent to individual NATO employees,” said Lieutenant General Kurt Herrmann from NCSA, which was founded in 2004 and has been operational since 2005. A further expansion of NC3A is anticipated next year. It was two years ago, that NATO officially identified the danger of cyber attack against member states as a strategic threat.
Earlier this month, 400 experts from all over the world gathered in Tallinn for the fourth International Conference on Cyber Conflict (CyCon 2012) organised by the NATO Cooperative Cyber Defence Centre of Excellence. The conference topic was Military and Paramilitary Activities in Cyberspace, and focused on aspects of law and policy, strategy and technology.
Author of ‘Virtual War’ and University of Toronto professor Michael Ignatieff writes in the Financial Times that:
Virtual technologies make it easier for democracies to wage war because they eliminate the risk of blood sacrifice that once forced democratic peoples to be prudent…Drones and cyberwar technologies are so cheap that it will be impossible to keep them under the lock and key of the sovereign. The age of the super-empowered, and therefore super-dangerous, individual has arrived.
Our cybersystems are now under constant attack and it is in responding to these attacks that they become more secure. States will have to allow the global community of coders and engineers who built and maintain the internet the freedom to keep the malware at bay and keep the system open for the rest of us….The new technologies are so easy and cheap to produce that the best international law and state action can hope for is to generate a limited set of shared norms to prohibit their most harmful uses.
NATO Policy on Cyber Defence, ‘Defending the Networks’ is available on the alliance’s website. It states that:
The 2010 NATO Strategic Concept highlighted the need to “develop further our ability to prevent, detect, defend against and recover from cyber-attacks…”. Threats are rapidly evolving both in frequency and sophistication. Threats emanating from cyberspace – whether from states, hacktivists or criminal organisations, among many others – pose a considerable challenge to the Alliance and must be dealt with as a matter of urgency.

A NATO Concept on Cyber Defence was first drafted for Defence Ministers in March 2011, which formed the conceptual basis of the revised NATO Policy on Cyber Defence. The Policy itself was then developed and approved by the NATO Defence Ministers on 8 June.

Cyber threats transcend state borders and organisational boundaries. Their vulnerabilities and risks are shared by all. Recognising the truly global nature of cyberspace and its associated threats, NATO and Allies will work with partners, international organisations, academia and the private sector in a way that promotes complementarity and avoids duplication. NATO will tailor its international engagement based on shared values and common approaches. Cooperation in the field of cyber defence could encompass activities including awareness-raising and sharing of best practices.
NATO is in the process of drafting an international law manual which will address concerns surrounding the prospect of cyber warfare, and how member states can best cooperate to mitigate mounting threats to network security. Publication is expected by the end of 2012. Colonel Ilmar Tamm, Director of the NATO Cooperative Cyber Defence Centre of Excellence said:
“Various states have managed to agree on laws that govern borders, international sea and air space, even outer space – but now we are faced with the task of adapting or creating laws and precedents for cyberspace…” 
Speaking at CyCon 2012, Major General Jaap Willemse, Assistant Chief of Staff Command, Control, Communication, Intelligence, Allied Command Transformation said that NATO is not considering launching a barrage of computer-based attacks. There are huge political, legal and diplomatic objections.”…”NATO does not have the doctrine, command and control, educational support or other factors needed to run an offensive capability.”
Reference — http://www.natowatch.org/
05/24/12

China Cyber-Warfare Capabilities

Cyber Espionage and Cyberwarfare Capabilities.

In 2011, computer networks and systems around the world continued to be targets of intrusions and data theft, many of which originated within China. Although some of the targeted systems were U.S. government-owned, others were commercial networks owned by private companies whose stolen data represents valuable intellectual property. In the hands of overseas competitors, this information could diminish commercial and technological advantages earned through years of hard work and investment. Intrusions in 2011 occurred in key sectors, including companies that directly support U.S. defense programs.

Authoritative writings and China’s persistent cyber intrusions indicates the likelihood that Beijing is using cyber network operations (CNOs) as a tool to collect strategic intelligence. In parallel with its military preparations, China has increased diplomatic engagement and advocacy in multilateral and international forums where cyber issues are discussed and debated. Beijing’s agenda is frequently in line with Russia’s e&orts to promote cyber norms under a UN framework. In September 2011, China and Russia were the primary sponsors of an Information Security Code of Conduct that would have governments exercise sovereign authority over the %ow of information in cyberspace. China has not yet accepted that existing mechanisms (such as the Law of Armed Con%ict), apply in cyberspace. However, China’s thinking in this area may evolve as its own exposure increases through greater investment in global networks.

Technology Transfer, Strategic Trade Policy, and Military Modernization. 

The PRC continues to modernize its military by incorporating Western (mostly U.S.) dual-use technologies, which have also assisted its overall indigenous industrial, military industrial, and high-technology sector development. One of the PRC’s stated national security objectives is to leverage legally and illegally acquired dual-use and military-related technologies to its advantage. China has a long history of cooperation between its civilian and military sectors and openly espouses the need to exploit civilian technologies for use in its military modernization. In this context, the cumulative e&ect of U.S. dual-use technology transfers to China could also make a substantial material contribution to its military capabilities. For example, interactions with Western aviation manufacturing !rms may also inadvertently provide bene!t to China’s defense aviation industry. “rough its advisory role within the U.S. export control process, DoD will continue to identify and mitigate risk, and seek to prevent critical advanced technologies exports to China that could be diverted to unauthorized end-use or to third-country end-users of concern, or contribute to overall modernization of China’s military and defense industrial base.

Espionage.:

Chinese actors are the world’s most active and persistent perpetrators of economic espionage. Chinese attempts to collect U.S. technological and economic information will continue at a high level and will represent a growing and persistent threat to U.S. economic security. “e nature of the cyber threat will evolve with continuing technological advances in the global information environment.

Sensitive U.S. economic information and technology are targeted by intelligence services, private sector companies, academic/research institutions, and citizens of dozens of countries. China is likely to remain an aggressive and capable collector of sensitive U.S. economic information and technologies, particularly in cyberspace.

Civil-Military Integration. :

China’s defense industry has bene!ted from China’s rapidly expanding civilian economy, particularly its science and technology sector. Access to foreign advanced dual-use technology assists China’s civilian economic integration into the global production and research and development (R&D) chain. For example, with increasing globalization and integration of information technologies, companies such as Huawei, Datang, and Zhongxing, with their ties to the PRC government and PLA entities, pose potential challenges in the blurring lines between commercial and government/military-associated entities.

02/1/12

McConnell, Chertoff and Lynn: Chinas Cyber Thievery Is National Policy—And Must Be Challenged – WSJ.com

By MIKE MCCONNELL, MICHAEL CHERTOFF AND WILLIAM LYNNOnly three months ago, we would have violated U.S. secrecy laws by sharing what we write here—even though, as a former director of national intelligence, secretary of homeland security, and deputy secretary of defense, we have long known it to be true. The Chinese government has a national policy of economic espionage in cyberspace. In fact, the Chinese are the worlds most active and persistent practitioners of cyber espionage today.Evidence of Chinas economically devastating theft of proprietary technologies and other intellectual property from U.S. companies is growing. Only in October 2011 were details declassified in a report to Congress by the Office of the National Counterintelligence Executive. Each of us has been speaking publicly for years about the ability of cyber terrorists to cripple our critical infrastructure, including financial networks and the power grid. Now this report finally reveals what we couldnt say before: The threat of economic cyber espionage looms even more ominously.

via McConnell, Chertoff and Lynn: Chinas Cyber Thievery Is National Policy—And Must Be Challenged – WSJ.com.

01/14/12

US -Monitors Social Media

 

Social Media Web Sites Monitored by the NOC 

This is a representative list of sites that the NOC will start to monitor in order to provide situational awareness and establish a common operating picture under this Initiative. Initial sites listed may link to other sites not listed. The NOC may also monitor those sites if they are within the scope of this Initiative. Tool  Link  User/Password Required 
General Search 
Collecta http://collecta.com No
RSSOwl http://www.rssowl.org/ No
Social Mention http://socialmention.com/ No
Spy http://www.spy.appspot.com No
Who’s Talkin http://www.whostalkin.com/ No
Shrook RSS reader http://www.utsire.com/shrook/ No
Video 
Hulu http://www.hulu.com No
iReport.com http://www.ireport.com/ No
Live Leak http://www.liveleak.com/ No
Magma http://mag.ma/ No
Time Tube http://www.dipity.com/mashups/timetube No
Vimeo http://www.vimeo.com No
Youtube http://www.youtube.com No
MySpace Video http://vids.myspace.com/ No
Maps 
Global Incident Map http://globalincidentmap.com/ No
Google Flu Trends http://www.google.org/flutrends/ No
Health Map http://www.healthmap.org/en No
IBISEYE http://www.ibiseye.com/ No
Stormpulse http://www.stormpulse.com/ No
Trends Map http://www.trendsmap.com No
Photos 
Flickr http://www.flickr.com/ No
Picfog http://picfog.com/ No
Twicsy http://www.twicsy.com No
Twitcaps http://www.twitcaps.com No
Twitter/API 
Twitter/API http://www.twitter.com Yes
Twitter Search 
Monitter http://www.monitter.com/ No
Twazzup http://www.twazzup.com No
Tweefind http://www.tweefind.com/ No
Tweetgrid http://tweetgrid.com/ No
Tweetzi http://tweetzi.com/ No
Twitter Search http://search.twitter.com/advanced No
Twitter Trends 
Newspapers on Twitter http://www.newspapersontwitter.com/ No
Radio on Twitter http://www.radioontwitter.com/ No
Trendistic http://trendistic.com/ No
Trendrr http://www.trendrr.com/ No
TV on Twitter http://www.tvontwitter.com/ No
Tweet Meme http://tweetmeme.com/ No
TweetStats http://tweetstats.com/ No
Twellow http://www.twellow.com/ No
Twendz http://twendz.waggeneredstrom.com/ No
Twitoaster http://twitoaster.com/ No
Twitscoop http://www.twitscoop.com/ No
Twitturly http://twitturly.com/ No
We Follow http://wefollow.com/ No
Facebook 
It’s Trending http://www.itstrending.com/news/ No
Facebook http://www.facebook.com Yes
MySpace  http://www.myspace.com Yes
MySpace (limited search) http://www.myspace.com No
Blogs Aggs 
ABCNews Blotter http://abcnews.go.com/Blotter/ No
al Sahwa http://al-sahwa.blogspot.com/ No
AllAfrica http://allafrica.com/ No
Avian Flu Diary http://afludiary.blogspot.com/ No
BNOnews http://www.bnonews.com/ No
Borderfire http://www.borderfirereport.net/ No
Borderland Beat http://www.borderlandbeat.com/ No
Brickhouse Security http://blog.brickhousesecurity.com/ No
Chem.Info http://www.chem.info/default.aspx No
Chemical Facility Security News http://chemical-facility-security-news.blogspot.com/ No
ComputerWorld Cybercrime Topic Center http://www.computerworld.com/s/topic/82/Cybercrime+and+Hacking No
Counter-Terrorism Blog http://www.counterterrorismblog.com/ No
Crisisblogger http://crisisblogger.wordpress.com/ No
Cryptome http://cryptome.org/ No
Danger Room http://www.wired.com/dangerroom/ No
Drudge Report http://drudgereport.com/ No
El Blog Del Narco http://elblogdelnarco.blogspot.com/ No
Emergency Management Magazine http://www.emergencymgmt.com No
Foreign Policy Passport http://blog.foreignpolicy.com/ No
Global Security Newswire http://gsn.nti.org/gsn/ No
Global Terror Alert http://www.globalterroralert.com/ No
Global Voices Network http://globalvoicesonline.org/-/world/americas/haiti/ No
Google Blog Search http://blogsearch.google.com No
Guerra Contra El Narco http://guerracontraelnarco.blogspot.com/ No
H5N1 Blog http://crofsblogs.typepad.com/h5n1/ No
Homeland Security Today http://www.hstoday.us/ No
Homeland Security Watch http://www.hlswatch.com/ No
Huffington Post http://huffingtonpost.com/ No
Hurricane Information Center http://gustav08.ning.com/ No
HurricaneTrack http://www.hurricanetrack.com/ No
InciWeb http://www.inciweb.org/ No
Informed Comment http://www.juancole.com/ No
Jihad Watch http://www.jihadwatch.org/ No
Krebs on Security http://krebsonsecurity.com/ No
LA Now http://latimesblogs.latimes.com/lanow/ No
LA Wildfires Blog http://latimesblogs.latimes.com/lanow/wildfires/ No
Livesay Haiti Blog http://livesayhaiti.blogspot.com/ No
LongWarJournal http://www.longwarjournal.org/ No
Malware Intelligence Blog http://malwareint.blogspot.com/ No
MEMRI http://www.memri.org/ No
MexiData.info http://mexidata.info/ No
MS-13 News and Analysis http://msthirteen.com/ No
Narcotrafico en Mexico http://narcotraficoenmexico.blogspot.com/ No
National Defense Magazine http://www.nationaldefensemagazine.org No
National Terror Alert http://www.nationalterroralert.com/ No
NEFA Foundation http://www.nefafoundation.org/ No
Newsweek Blogs http://blog.newsweek.com/ No
Nuclear Street http://nuclearstreet.com/blogs/ No
NYTimes Lede Blog http://thelede.blogs.nytimes.com/ No
Plowshares Fund http://www.ploughshares.org/news-analysis/blog No
Popular Science Blogs http://www.popsci.com/ No
Port Strategy http://www.portstrategy.com/ No
Public Intelligence http://publicintelligence.net/ No
ReliefWeb http://www.reliefweb.int No
RigZone http://www.rigzone.com/ No
Science Daily http://www.sciencedaily.com/ No
STRATFOR http://www.stratfor.com/ No
Technorati http://technorati.com/ No
Terror Finance Blog http://www.terrorfinance.org/the_terror_finance_blog/ No
The Latin Americanist http://ourlatinamerica.blogspot.com/ No
Threat Level http://www.wired.com/threatlevel/ No
Threat Matrix http://www.longwarjournal.org/threat-matrix/ No
Tickle the Wire http://www.ticklethewire.com/ No
Tribuna Regional http://latribunaregional.blogspot.com/ No
TruckingInfo.com http://www.truckinginfo.com/news/index.asp No
United Nations IRIN http://www.irinnews.org/ No
Ushahidi Haiti http://haiti.ushahidi.org/ No
War on Terrorism http://terrorism-online.blogspot.com/ No
WikiLeaks http://wikileaks.org/ No
WireUpdate http://wireupdate.com/ No

The Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), will launch and lead the Publicly Available Social Media Monitoring and Situational Awareness (Initiative) to assist the Department of Homeland Security (DHS) and its components involved in fulfilling OPS statutory responsibility (Section 515 of the Homeland Security Act (6 U.S.C. § 321d(b)(1)) to provide situational awareness and establish a common operating picture for the federal government, and for those state, local, and tribal governments, as appropriate. The NOC and participating components1 may also share this de-identified information with international partners and the private sector where necessary and appropriate for coordination. While this Initiative is not designed to actively collect Personally Identifiable Information (PII), OPS is conducting this update to the Privacy Impact Assessment (PIA) because this initiative may now collect and disseminate PII for certain narrowly tailored categories. For example, in the event of an in extremis situation involving potential life and death, OPS will share certain PII with the responding authority in order for them to take the necessary actions to save a life, such as name and location of a person calling for help buried under rubble, or hiding in a hotel room when the hotel is under attack by terrorists. In the event PII comes into the Department’s possession under circumstances other than those itemized herein, the NOC will redact all PII prior to further dissemination of any collected information. - gAtO oUt

Reference: http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_ops_publiclyavailablesocialmedia_update.pdf

1.2 What are the sources of the information in the system? 

Members of the public as well as first responders, press, volunteers, and others provide publicly-available information on social medial sites including online forums, blogs, public websites, and message boards. OPS is permitted to establish user names and passwords to form profiles on social media sites listed in Appendix A and to use search tools under established criteria and search terms such as those listed in Appendix B for monitoring that supports providing situational awareness and establishing a common operating picture.

1.3 Why is the information being collected, used, disseminated, or maintained? 

The NOC will identify, use, disseminate, and maintain this information to comply with its statutory mandate to provide situational awareness and establish a common operating picture for the entire federal government, and for state, local, and tribal governments as appropriate and to ensure that this information reaches government decision makers. The aggregation of data published via social media sites should make it possible for the NOC to provide more accurate situational awareness, a more complete common operating picture, and more timely information for decision makers.

1.4 How is the information collected? 

The NOC will identify information directly from third-party social media services. The NOC will access and collect information from various informational streams and postings that the NOC, as well as the broader public, view and monitor. See Appendix A for a list of the types of sites that may be viewed for information. See Appendix B for the types of search terms used in social media monitoring.

1.5 How will the information be checked for accuracy? 

The NOC will identify information from third-party social media services submitted voluntarily by members of the public and compares that information with information available in open source reporting and through a variety of public and government sources. By bringing together and comparing many different sources of information, the NOC will attempt to provide a more accurate picture of contemporaneous activities.

1.6 What specific legal authorities, arrangements, and/or agreements defined the collection of information? 

Congress requires the NOC “to provide situational awareness and establish a common operating picture for the entire federal government and for state, local, and tribal governments as appropriate, in the event of a natural disaster, act of terrorism, or other manmade disaster; and ensure that critical terrorism and disaster-related information reaches government decision-makers.” Section 515 of the Homeland Security Act (6 U.S.C. § 321d(b)(1)). While the NOC may receive PII, PII is not actively collected. Much of the data within this system does not pertain to an individual; rather, the information pertains to locations, geographic areas, facilities, and other things or objects not related to individuals. However, some personal information may be captured. Most information is stored as free text and any word, phrase, or number is searchable.

1.7 Privacy Impact Analysis: Given the amount and type of data Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 6

collected, discuss the privacy risks identified and how they were mitigated. 

There is a risk that the NOC will receive PII or other identifiable information that is not relevant to this Initiative. The NOC has a clear policy in place that any PII incidentally received outside the scope of the discrete set of categories discussed above will be redacted immediately. Also, under this initiative OPS will not: 1) actively seek PII; 2) post any information; 3) actively seek to connect with other internal/external personal users; 4) accept other internal/external personal users’ invitations to connect; and 5) interact on social media sites. Information collected to provide situational awareness and establish a common operating picture originates from publicly available social media sites and is available to the public.

Section 2.0 Uses of the Information 

The following questions are intended to delineate clearly the use of information and the accuracy of the data being used.

2.1 Describe all the uses of information. 

The NOC will use Internet-based platforms that provide a variety of ways to follow activities by monitoring publicly-available online forums, blogs, public websites, and message boards. Through the use of publicly-available search engines and content aggregators, the NOC will continuously monitor activities on social media sites, such as those listed in Appendix A, using search terms, such as those listed in Appendix B, for information. The NOC will gather, store, analyze, and disseminate relevant and appropriate information to federal, state, local, and foreign governments, and private sector partners requiring and authorized to receive situational awareness and a common operating picture.

2.2 What types of tools are used to analyze data and what type of data may be produced? 

NOC analysts will be responsible for monitoring and evaluating information provided on social media sites and will use tools offered by third-party social media sites to aid them in this overall effort. The final analysis will be used to provide situational awareness and establish a common operating picture.

2.3 If the system uses commercial or publicly available data please explain why and how it is used. 

Publicly-available, user-generated data can be useful to decision-makers as it provides “on-the-ground” information to help corroborate information received through official sources.

2.4 Privacy Impact Analysis: Describe any types of controls that may be in place to ensure that information is handled in accordance with the above described uses. 

The risk is that PII will be sent to the NOC unintentionally. This has been mitigated by the clear policy that PII, outside the scope of the discreet set of categories discussed above, inadvertently collected shall be redacted immediately before further use and sharing. The Department is providing notice of all uses of information under this Initiative through this PIA. The NOC will not actively collect or use any PII Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 7

outside the scope of the discreet set of categories discussed above.

Section 3.0 Retention 

The following questions are intended to outline how long information will be retained after the initial collection.

3.1 What information is retained? 

The NOC will retain only user-generated information posted to publicly-available online social media sites. Information posted in the public sphere that the Department uses to provide situational awareness or establish a common operating picture becomes a federal record and the Department is required to maintain a copy.

3.2 How long is information retained? 

The NOC will retain information for no more than 5 years to provide situational awareness and establish a common operating picture. This five-year retention schedule is based on the operational needs of the Department.

3.3 Has the retention schedule been approved by the component records officer and the National Archives and Records Administration (NARA)? 

Yes.

3.4 Privacy Impact Analysis: Please discuss the risks associated with the length of time data is retained and how those risks are mitigated. 

The risk associated with retention of information is that PII will be retained when it is not necessary and that the information will be kept longer than is necessary. The NOC has mitigated this risk by redacting PII outside the scope of the discreet set of categories discussed above that it inadvertently collects and is working with NARA on a retention schedule to immediately delete PII, upon the approval of this schedule by NARA, as well as to maintain records necessary for further use by the Department.

Section 4.0 Internal Sharing and Disclosure 

The following questions are intended to define the scope of sharing within the Department of Homeland Security.

4.1 With which internal organization(s) is the information shared, what information is shared and for what purpose? Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 8

Information will be shared within the NOC and with government leadership who have a need to know. The NOC is sharing this information for the statutorily mandated purpose of providing situational awareness and establishing a common operating picture.

4.2 How is the information transmitted or disclosed? 

Information will be transmitted via email and telephone and by other electronic and paper means within the NOC and to government leadership where necessary and appropriate. PII will not actively be collected outside the scope of the discreet set of categories discussed above. However, if PII is inadvertently pushed to the NOC, it will be redacted by the NOC before information is shared. The remaining data is analyzed and prepared for reporting.

4.3 Privacy Impact Analysis: Considering the extent of internal information sharing, discuss the privacy risks associated with the sharing and how they were mitigated. 

The risk associated with sharing this information is that PII will be inadvertently collected and shared. The NOC has mitigated this risk by establishing effective policies to avoid collection of PII outside the scope of the discreet set of categories discussed above and to redact it if collected inappropriately. The NOC will only monitor publicly accessible sites where users post information voluntarily.

Section 5.0 External Sharing and Disclosure 

The following questions are intended to define the content, scope, and authority for information sharing external to DHS which includes federal, state and local government, and the private sector.

5.1 With which external organization(s) is the information shared, what information is shared, and for what purpose? 

The NOC will use this Initiative to fulfill its statutory responsibility to provide situational awareness and establish a common operating picture for the entire federal government, and for state, local, and tribal governments as appropriate, and to ensure that critical disaster-related information reaches government decision makers. Information may also be shared with private sector and international partners where necessary, appropriate, and authorized by law.

5.2 Is the sharing of personally identifiable information outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of DHS. 

PII will not actively be collected. However, if pushed to the NOC and outside the scope of the discreet set of categories discussed above, the PII will be redacted. Any sharing will be compatible with DHS/OPS – 003 Operations Collection, Planning, Coordination, Reporting, Analysis, and Fusion SORN (75 Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 9

FR 69689, published November 15, 2010) and the newly published Department of Homeland Security Office of Operations Coordination and Planning – 004 Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records. Information is only collected to provide situational awareness and to establish a common operating picture.

5.3 How is the information shared outside the Department and what security measures safeguard its transmission? 

Information will be shared by phone, email, and other paper and electronic means.

5.4 Privacy Impact Analysis: Given the external sharing, explain the privacy risks identified and describe how they were mitigated. 

External sharing risks are minimal as the Initiative will only share PII on a narrowly-tailored category of individuals; only information collected to provide situational awareness and to establish a common operating picture is shared. Any sharing will be compatible with DHS/OPS – 003 Operations Collection, Planning, Coordination, Reporting, Analysis, and Fusion SORN (75 FR 69689, published November 15, 2010). Further, as part of the PCR, DHS has decided to publish DHS/OPS-004 Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records to provide additional transparency.

Section 6.0 Notice 

The following questions are directed at notice to the individual of the scope of information collected, the right to consent to uses of said information, and the right to decline to provide information.

6.1 Was notice provided to the individual prior to collection of information? 

Yes, notice is provided through this PIA and through DHS/OPS – 003 Operations Collection, Planning, Coordination, Reporting, Analysis, and Fusion SORN (75 FR 69689, published November 15, 2010), and the newly published Department of Homeland Security Office of Operations Coordination and Planning – 004 Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records

6.2 Do individuals have the opportunity and/or right to decline to provide information? 

Information posted to social media websites is publicly accessible and voluntarily generated. Thus, the opportunity not to provide information exists prior to the informational post by the user.

6.3 Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right? 

Individuals voluntarily post information on social media sites and have the ability to restrict access to their posts as they see fit. Any information posted publicly can be used by the NOC in providing situational awareness and establishing a common operating picture. Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 10

6.4 Privacy Impact Analysis: Describe how notice is provided to individuals, and how the risks associated with individuals being unaware of the collection are mitigated. 

There is no requirement to provide notice to individuals under the framework applied under this Initiative. Information posted to social media approved for monitoring under this Initiative is publicly accessible and voluntarily generated.

Section 7.0 Access, Redress and Correction 

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

7.1 What are the procedures that allow individuals to gain access to their information? 

Social media are public websites. All users have access to their own information through their user accounts. Individuals should consult the privacy policies of the services they subscribe to for more information.

For those included in the limited category of individuals upon whom PII may be collected who are seeking access to any record containing information that is part of a DHS system of records, or seeking to contest the accuracy of its content, they may submit a Freedom of Information Act (FOIA) or Privacy Act (PA) request to DHS. Given the nature of some of the information in the SWO and NOC Tracker Logs (sensitive law enforcement or intelligence information), DHS may not always permit the individual to gain access to or request amendment of his or her record. However, requests processed under the PA will also be processed under FOIA; requesters will always be given the benefit of the statute with the more liberal release requirements. The FOIA does not grant an absolute right to examine government documents; the FOIA establishes the right to request records and to receive a response to the request. Instructions for filing a FOIA or PA request are available at: http://www.dhs.gov/xfoia/editorial_0316.shtm.

The FOIA/PA request must contain the following information: Full Name, current address, date and place of birth, telephone number, and email address (optional). Privacy Act requesters must either provide a notarized and signed request or sign the request pursuant to penalty of perjury, 28 U.S.C. §1746. Please refer to the DHS FOIA web site for more information at www.dhs.gov/foia.

7.2 What are the procedures for correcting inaccurate or erroneous information? 

See above.

7.3 How are individuals notified of the procedures for correcting their information? 

Individuals are notified through this PIA, DHS/OPS-003 and DHS/OPS-004. Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 11

7.4 If no formal redress is provided, what alternatives are available to the individual? 

There is no specified procedure for correcting information to DHS; if there were, it relates to a social media-provided process and not a DHS process. Individuals may change their PII as well as the accessibility of their content posts at any time they wish through their user account management tools on the social media sites. Individuals should consult the privacy policies of the services to which they subscribe for more information.

7.5 Privacy Impact Analysis: Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated. 

The information available on social networking websites is largely user-generated, which means that the individual chooses the amount of information available about himself/herself as well as the ease with which it can be accessed by other users. Thus, the primary account holder should be able to redress any concerns through the third-party social media service. Individuals should consult the privacy policies of the services they subscribe to for more information.

Section 8.0 Technical Access and Security 

The following questions are intended to describe technical safeguards and security measures.

8.1 What procedures are in place to determine which users may access the system and are they documented? 

All NOC Media Monitoring analysts have access to media feed aggregation tools and sites which are publicly available. The analysts also have access to the MMC application which is only accessible via a physical connection to an isolated private network established at the NOC Media Monitoring Watch room. In addition to the physical security, the program requires an assigned username and password for access. The system cannot be remotely accessed.

8.2 Will Department contractors have access to the system? 

Yes, as it is required in the performance of their contractual duties at DHS. However, access to the MMC application is limited to NOC authorized analysts who are physically present at the NOC Media Monitoring Watch desk.

8.3 Describe what privacy training is provided to users either generally or specifically relevant to the program or system? 

All DHS employees and contractors are required to take annual privacy training. In addition, media monitoring analysts get specific PII training.

8.4 Has Certification & Accreditation been completed for the system or systems supporting the program? Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 12

No. Tools and sites being used for information collection are publicly available, third-party services. Any certification & accreditation has not been completed for MMC application since the system is housed on non-government furnished equipment on an isolated private network.

8.5 What auditing measures and technical safeguards are in place to prevent misuse of data? 

This PIA will be reviewed every six months to ensure compliance. This will be done in conjunction with a Privacy Office-led PCR of the Initiative and of OPS social media monitoring internet based platforms and information technology infrastructure.

As recommended by the Privacy Office, efforts are underway to implement auditing at the router level for all outbound http(s) traffic and generate audit reports which will be available for each compliance review and upon request. Also, information on sources used to generate all reports can be provided for review by Privacy officials. The MMC application server resides on a secure, firewalled, isolated private network that does not allow inbound access or connection.

8.6 Privacy Impact Analysis: Given the sensitivity and scope of the information collected, as well as any information sharing conducted on the system, what privacy risks were identified and how do the security controls mitigate them? 

Media feed aggregation tools/sites are publicly-available, third-party services. Information is collected by the service itself to establish an account. Thereafter, users determine their level of involvement and decide how “visible” they wish their presence on any given service to be. The ability to choose how much information to disclose, as well as the short period of retention for any information collected by the NOC serves to mitigate any privacy risk.

The only PII collected is of a very limited scope within the discreet set of categories discussed above. However, even that limited amount is secure. NOC does not retain any raw material reviewed during the collection phase. All data entered into the MMC application is carefully reviewed to ensure compliance with the guidelines provided in this PIA. The MMC application is not designed to share information by any means other than sending reports to a pre-approved, predetermined distribution list. The only way to access data in the application is for an authorized user physically connected to a contained system to pull out data, create a separate file and then share that file. Because the system cannot be accessed remotely, and the collected PII is very limited, privacy compromise risks are low.

Section 9.0 Technology 

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics and other technology.

9.1 What type of project is the program or system? 

Third-parties control and operate social media services. Users should consult with representatives of the service provider in order to make themselves aware of technologies utilized by the system.

9.2 What stage of development is the system in and what project Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 13

development lifecycle was used? 

Social media is active at all times and is third-party owned and operated.

9.3 Does the project employ technology which may raise privacy concerns? If so please discuss their implementation. 

Individuals should consult the privacy policies of the services they subscribe to for more information.

Responsible Officials 

Donald Triner

Director (Acting), National Operations Center

Office of Operations Coordination and Planning

Department of Homeland Security