Submit a link Features Reviews Podcasts Video Forums More ▾

FBI pays for malware so it can spy on us with our phones and computers

The Wall Street Journal covers the FBI's use of malware to take over peoples' computers and phones, including one package that is used to turn the microphone in Android devices into a remote listening device. The story is alarming, but misses the two most significant points:

1. That this undermines the security of all of us, not just the people whom the FBI spies upon. The fact that the FBI and other law enforcement organizations have created a market for bugs that can be turned into spyware means that people who find bugs are less likely to present them to the manufacturers for patching. That means that when those bugs are independently identified by criminals, we're all at risk of having our devices subverted.

2. The same companies that sell malware to the FBI also sell it to dictatorships around the world. The FBI legitimizes the development of spyware that is used by despots to decide whom to arrest, whom to disappear, and whom to murder.

Read the rest

What is the social media style of protest?

Zeynep Tufekci's essay analyzing the role that social media played in both the #OccupyGezi and the Arab Spring explores the differences and similarities between different uprisings, and has some very incisive things to say about what social media contributes to political change movements:

It was after the Gezi protesters were met with the usual combination of tear-gas and media silence something interesting started happening. The news of the protests started circulating around social media, especially on Twitter and Facebook. I follow a sizable number of people in Turkey and my Twitter friends include AKP supporters as well as media and academics. Everyone was aghast at the idea that a small number of young people, trying to protect trees, were being treated so brutally. Also, the government, which usually tends to get ahead of such events by having the prime minister address incidents, seemingly decided to ignore this round. They probably thought it was too few, too little, too environmental, too marginal.

On that, it seems they were wrong. Soon after, I started watching hashtags pop-up on Twitter, and established Twitter personas –ranging from media stars to political accounts– start sharing information about solidarity gatherings in other cities, and other neighborhoods in Istanbul. Around 3am, I had pictures from many major neighborhoods in Turkey –Kadıköy, Bakırköy, Beşiktaş, Avcılar, etc– showing thousands of people on the streets, not really knowing what to do, but wanting to do something. There was a lot of banging of pots, flags, and slogans. There were also solidarity protests in Izmit, Adana, Izmir, Ankara, Konya, Afyon, Edirne,Mersin, Trabzon, Antalya, Eskişehir, Aydın and growing.

Is there a Social-Media Fueled Protest Style? An Analysis From #jan25 to #geziparki

No internet for Syria

Nicole Perlroth: "Syria’s access to the Internet was cut on Tuesday. The most likely culprit, security researchers said, was the Syrian government." [NYT] Rob

The tweets you should follow in a crisis aren't necessarily the most obvious

Some interesting research based on the Arab Spring uprisings suggests that the best people to follow on Twitter during a crisis are often not particularly influential on Twitter outside the crisis. Likewise, they aren't likely to have had many followers before the event. Essentially, it's evidence supporting the common sense idea that, if you want the most accurate and relevant information, your best bet is to find people closest to the source, rather than relying on third-hand accounts. Maggie

Where does Assad's online army come from?

Syria's brutal Assad regime has damned few allies left in the world, but one of them, Russia, is governed by a dirty-tricking ruling elite who've made a science out of manipulating Internet opinion. This may explain the weird, stilted pro-Assad astroturf army who appear in any discussion of the regime's atrocities to explain that it's all a Jewish conspiracy.

And on like that. SyriaTribune maintains a YouTube channel stocked with clips from — surprise — Vladimir Putin’s Russia Today portraying Assad as the victim of a bloody-minded western conspiracy. A self-described French intellectual named Thierry Meyssan — author of 9/11 The Big Lie — reveals that TV images purporting to show Assad’s massacres of civilians were prepared by the CIA, along with White House deputy national security advisor Ben Rhodes, and “aims at demoralizing the Syrians in order to pave the way for a coup d’etat.” The #FakeRevolution hashtag on Instagram provides pictorial, meme-filled boosterism for Bashar, like a screengrab from Time’ app kindly telling user mybubb1e to stop voting for Assad for Person of the Year or Hillary Clinton with flames shooting out of her eyes and ear, courtesy of Bashar4Ever.

Meet the Assadosphere, the Online Defenders of Syria’s Butcher [Spencer Ackerman/Wired]

Why dictators (don't) shut down the Internet

Warren Ellis's Vice column, "How to Shut Down Internets," looks at the phenomenon of Middle Eastern dictators shutting off their nation's Internet during moments of extremis. Here's the money graf:

There are two reasons why these shutdowns happen in this manner. The first is that these governments wish to black out activities like, say, indiscriminate slaughter. That much is obvious. The second is sometimes not so obvious. These governments intend to turn the internet back on. Deep down, they believe they will be in their seats the next month and have the power to turn it back on. They believe they will win. It is the arrogance of power: they take their future for granted, and need only hide from the world the corpses it will be built on.

For me, this raises a couple of much more interesting questions:

1. Why would a basket-case dictator even allow his citizenry to access the Internet in the first place? (A: Because the national economy can't function without it)

2. Why not shut down the Internet the instant trouble breaks out? (A: Because it would be immensely unpopular, even among your sympathizers; also, see 1.)

Update: Bruce Schneier adds: "The reason is that the Internet is a valuable tool for social control. Dictators can use the Internet for surveillance and propaganda as well as censorship, and they only resort to extreme censorship when the value of that outweighs the value of doing all three in some sort of totalitarian balance."

How to Shut Down Internets

Molotov cocktail in the shape of a heart


"Armament" is Francis Baker's Arab Spring-inspired Molotov cocktail in the shape of a glass heart: "I created this work, inspired by the Egyptians and the so called Arab spring. The visual starting point is the Molotov cocktail that has been the weapon of choice for the protesters. There is a connection in any conflict between the combatants."

armament (via Richard Kadrey)

Glenn Greenwald replies to CNN's attempt to discredit story about compromised Bahrain coverage

Yesterday, I blogged Glenn Greenwald's Guardian story about CNN suppressing its own award-winning documentary on human rights abuses in Bahrain, which Greenwald linked to CNNi's commercial relationship with the ruling Bahraini regime. I was quickly contacted by two different PR flacks from CNN with a list of small, picky points it disputed about Greenwald's article, presented as though this constituted a thorough rebuttal. I immediately noticed that CNN's reps didn't dispute that the company had threatened to cut off Amber Lyon's severance payment if she continued to speak out on the issue, so I asked about it.

CNN's reps both told me they couldn't comment on "individual employees," which is awfully convenient. How nice for them that they can prepare and circulate a dossier that disconfirms minor elements of its critics' stories, but that it has some nebulous confidentiality code that prevents it from confirming the most damning claims made by those critics. Given that Lyon is no longer a CNN employee, and that she has divulged this threat, this feels more like an excuse than a reason. I certainly hope that CNN's own investigative journalists wouldn't accept such a pat evasion from the PR flacks that contact them.

Glenn Greenwald has published a thorough rebuttal to CNN's memo:

CNNi has nothing to say about the extensive financial dealings it has with the regime in Bahrain (what the article called "the tidal wave of CNNi's partnerships and associations with the regime in Bahrain, and the hagiography it has broadcast about it"). It has nothing to say about the repellent propaganda it produces for regimes which pay it. It has nothing to say about the Bahrain-praising sources whose vested interests with the regime are undisclosed by CNN. It provides no explanation whatsoever for its refusal to broadcast the iRevolution documentary. It does not deny that it threatened Lyon's severance payments and benefits if she spoke critically about CNNi's refusal. And it steadfastly ignores the concerns and complaints raised by its own long-time employees about its conduct.

In sum, CNNi's response does not deny, or even acknowledge, the crux of the reporting, and simply ignores the vast bulk of the facts revealed about its coverage of, and relationship with, the regime in Bahrain. Indeed, one searches its response in vain for any explanation to the central question which New York Times columnist Nicholas Kristof asked nine months ago:

Reply to response from CNNi

CNN suppresses its own award-winning doc on human rights abuses in Bahrain; has commercial ties to the regime

CNN sent its investigative correspondent Amber Lyon to produce an expensive documentary on the Arab Spring, including human rights abuses in Bahrain. Lyon and her crew were violently detained by Bahraini security forces, but soldiered on and made "iRevolution: Online Warriors of the Arab Spring," which went on to win awards and acclaim after its sole airing on CNN.

But CNN International, "the most-watched English-speaking news outlet in the Middle East," has never aired the doc. While cutting the doc, Lyon was pressured to include statements from the Bahraini government that she knew to be lies. And CNN itself under-reported the ongoing abuses in Bahrain. Now, CNN has threatened Lyon with sanction for her continued work to uncover the reason that her doc was blackballed by the international arm of her former employer. CNN itself has been remarkably friendly to the Bahraini regime, with which it has close financial ties.

Here's more from Glenn Greenwald in The Guardian:

On 16 August, Lyon wrote three tweets about this episode. CNNi's refusal to broadcast "iRevolution", she wrote, "baffled producers". Linking to the YouTube clip of the Bahrain segment, she added that the "censorship was devastating to my crew and activists who risked lives to tell [the] story." She posted a picture of herself with Rajab and wrote:

"A proponent of peace, @nabeelrajab risked his safety to show me how the regime oppresses the [people] of #Bahrain."

The following day, a representative of CNN's business affairs office called Lyon's acting agent, George Arquilla of Octagon Entertainment, and threatened that her severance payments and insurance benefits would be immediately terminated if she ever again spoke publicly about this matter, or spoke negatively about CNN.

Why didn't CNN's international arm air its own documentary on Bahrain's Arab Spring repression? (via Reddit)

The Dictator's Practical Guide to Internet Power Retention, Global Edition

The Dictator's Practical Guide to Internet Power Retention, Global Edition is a wry little 45-page booklet that is, superfically, a book of practical advice for totalitarian, autocratic and theocratic dictators who are looking for advice on how to shape their countries' Internet policy to ensure that the network doesn't loosen their grip on power.

Really, though, this is Laurier Rochon's very good critique of the state of Internet liberation technologies -- a critical analysis of what works, what needs work, and what doesn't work in the world of networked technologies that hope to serve as a force for democratization and self-determination.

It's also a literal playbook for using technology, policy, economics and propaganda to diffuse political dissent, neutralize opposition movements, and distract and de-politicize national populations. Rochon's device is an admirably compact and efficient means of setting out the similarities (and dissimilarities) in the Internet control programs used by Singapore, Iran, China, Azerbaijan, and other non-democratic states -- and the programs set in place by America and other "democratic" states in the name of fighting Wikileaks and piracy. Building on the work of such fierce and smart critics as Rebecca McKinnon (see my review of her book Consent of the Networked), The Dictator's Guide is a short, sharp look at the present and future of networked liberation.

Firstly, the country you rule must be somewhat "stable" politically. Understandably "stable" can be defined differently in different contexts. It is essential that the last few years (at least) have not seen too many demonstrations, protests questioning your legitimacy, unrest, political dissidence, etc. If it is the case, trying to exploit the internet to your advantage can quickly backfire, especially if you can't fully trust your fellow party officials (this is linked to condition #3). Many examples of relatively stable single-leader states exist if in need of inspiration, Fidel Castro's Cuba for example. Castro successfully reigned over the country for decades, effectively protecting his people from counter-revolutionary individuals. He appointed his brother as the commander in chief of Cuba's army and managed his regime using elaborate surveillance and strict dissuasive mechanisms against enemies of the state.[49] As is always the case, political incidents will occur and test your regime's resilience (the Bay of Pigs invasion or the missile crisis, for example), but even massive states have managed to uphold a single-party model and have adapted beautifully to the digital age - in China's case, despite close to 87 000 protests in 2005.[2] Follow these states' example and seek stability, no matter what your regime type is. Without it, you are jeopardizing the two next prerequisites and annihilating your chances to rule with the internet at your side. If you are in the midst of an important political transformation, busy chasing counter-revolutionary dissidents or sending your military to the streets in order to educate protesters, you will need to tame these fires first and come back to this guide afterwards.

The Dictator's Practical Guide to Internet Power Retention, Global Edition

HOWTO survive a DDoS attack

The Electronic Frontier Foundation has published a comprehensive, multi-lingual guide to keeping sites that are undergoing distributed denial-of-service (DDoS) attacks alive.

Denial of service (DoS) and distributed denial of service (DDoS) attacks are increasingly common phenomena, used by a variety of actors—from activists to governments—to temporarily or indefinitely prevent a site from functioning efficiently. Often, the attack saturates the target with server requests designed to flood its bandwidth, leaving the server unable to respond to legitimate traffic.

Though the owners of major sites often have the resources to fend off or even prevent such attacks, smaller sites—such as those belonging to small independent media or human rights organizations—are sometimes permanently disabled due to a lack of resources or knowledge.

This guide aims to assist the owners of such websites by providing advice on choosing an appropriate webhost, as well as a guide to mirroring and backing-up their websites so that the content can be made available elsewhere even if their site is taken down by a DoS or DDoS attack.

Keeping Your Site Alive

Syrian insurgency front lines

The complex zones of control in Arab Spring uprisings can be baffling. Here's the BBC's new map of Syria's myriad front lines (compare to religious demography), which makes everything perfectly clear. Rob

Swedish telcoms giant Teliasonera complicit in mass surveillance in the world's worst dictatorships

The Swedish news show Uppdrag Granskning has posted an hour-long investigative journalism piece establishing the link between the giant Swedish telcoms company Teliasonera and oppressive regimes around the world. Teliasonera sold and supported network equipment that was used to spy on dissidents, journalists, political reformers, union leaders, and the general public in Belarus, Uzbekistan, Azerbaijan, Tajikistan, Georgia and Kazakhstan. Here's EFF's writeup of the piece:

The investigative report, titled “Black Boxes,” in reference to the black boxes Teliasonera allowed police and security services to install in their operation centers--which granted them the unrestricted capability to monitor all communications—including Internet traffic, phone calls, location data from cell phones, and text messages—in real-time. This has caused concern among Swedish citizens and Teliasonera shareholders, who had previously been assuaged by assurances from the telecommunications company that they follow the law in the countries in which they are operating. After a meeting with Peter Norman, Sweden’s Minister of Financial Markets, the chairman of Teliasonera’s board of directors issued a statement, announcing that they had launched “an action programme for handling issues related to protection of privacy and freedom of expression in non-democratic countries, in a better and more transparent way.”

Teliasonera’s declaration of good intentions may be too little too late after the damning evidence of abuse compiled by Uppdrag Granskning. Documents obtained by their investigators showed an Azerbaijani had his phone tapped after he published a piece about being beaten at the hands of government security agents while covering a story. The report also found that black-box surveillance was used in Belarus to track down, arrest, and prosecute protesters who attended an anti-government protest rally following the 2010 Belarusian presidential election. One Azerbaijani citizen says he was interrogated solely due to the fact that he voted for the Armenian representative in the 2009 Eurovision song contest.

Swedish Telcom Giant Teliasonera Caught Helping Authoritarian Regimes Spy on Their Citizens

Consent of the Networked: indispensable, levelheaded explanation of how technology can make us free, or take away our liberty

I've just finished Rebecca MacKinnon's Consent of the Networked, and now I'm kicking myself for letting it languish in my review pile for as long as I did. It is an absolutely indispensable account of the way that technology both serves freedom and removes it. MacKinnon is co-founder of the Global Voices project, and a director of the Global Network Initiative, and is one of the best-informed, clearest commentators on issues of networks and freedom from a truly global perspective.

MacKinnon does a fantastic job of tying her theory and analysis to real-world stories. She illustrates how governments are figuring out how to use networks to take freedom away, to control debate, to find and crush dissent. She shows how Internet corporations -- even the ones with a good track-record on protecting their users -- are prone to cooperating with the worst, most repressive instincts of governments (including supposedly liberal western governments).

But she also describes how technology contributes to freedom, and how savvy use of technology, combined with activism in the realm of Internet governance, lawmaking, and corporate affairs can turn technology into a force for liberation, accountability and freedom. She teases out the good and the bad of technology, working from recent examples like the Arab Spring uprisings, and names names and cites facts and figures when it comes to companies and governments who worked to undo the liberating power of technology.

Most of all, MacKinnon lays out a roadmap for tipping the technological balance towards freedom. She describes how diverse groups, including ones she works with, provide opportunities for all of us to work for positive change, in our capacity as citizens, employees of corporations, members of government, and as clued-in techies.

MacKinnon is a realist, but never a cynic, and provides a much-needed straight-shooting, levelheaded account of how the Internet changes power-relationships. This book should be read by anyone who cares about freedom today and in the decades to come.

Consent of the Networked: The Worldwide Struggle For Internet Freedom

Official book site

Malware targeted at Syrian activists can operate webcam, disable AV, keylog, steal passwords


A fake PDF purporting to contain information on "the formation of the leadership council of the Syrian revolution" is circulating. As the Electronic Frontier Foundation's Eva Galperin and Morgan Marquis-Boire report, it's bad news for people who install it.

The latest surveillance malware comes in the form of an extracting file which is made to look like a PDF if you have file extensions turned off. The PDF purports to be a document concerning the formation of the leadership council of the Syrian revolution and is delivered via Skype message from a known friend. The malware installs a remote administration tool called DarkComet RAT, which can capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more. It sends this data back to the same IP address in Syrian IP space that was used in several previous attacks, including the attacks reported by CNN in February, the Xtreme RAT Trojan EFF reported in March, and this sample from March 21st.

Syrian Internet users should be extremely cautious about clicking on suspicious-looking links, or downloading documents over Skype, even if the document purportedly comes from a friend.

Campaign Targeting Syrian Activists Escalates with New Surveillance Malware