Wired's Kim Zetter rounds up some of the highlights from Untangling the Web: A Guide to Internet Research [PDF], an NSA guide to finding unintentionally published confidential material on the Web produced by the NSA and released in response to a Muckrock Freedom of Information Act request. As Zetter notes, the tactics discussed as described as legal, but are the kind of thing that weev is doing 3.5 years in a Federal pen for:
Want to find spreadsheets full of passwords in Russia? Type “filetype:xls site:ru login.” Even on websites written in non-English languages the terms “login,” “userid,” and “password” are generally written in English, the authors helpfully point out.
Misconfigured web servers “that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers,” the authors write, then offer a command to exploit these vulnerabilities — intitle: “index of” site:kr password.
“Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data,” the authors assert in their book. Instead it “involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.” You know, sort of like the “hacking” for which Andrew “weev” Aurenheimer was recently sentenced to 3.5 years in prison for obtaining publicly accessible information from AT&T’s website.
Use These Secret NSA Google Search Tips to Become Your Own Spy Agency
At the New York Times, Mark Mazzetti
reports on the promotion of a C.I.A. officer "directly involved in the 2005 decision to destroy interrogation videotapes and who once ran one of the agency’s secret prisons." — Xeni
Russian security firm Kaspersky Lab
claims to have uncovered a new "cyber-espionage toolkit"
designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran. The researchers claim this new malware has been found infecting systems in other countries in the Middle East, and targets online financial systems. More at Wired Threat Level
. They're calling this one "Gauss." — Xeni
In case there was any doubt in your mind, the alleged $1T cost to America from cyberwar and the $250B cost to America from "cyber-theft of Intellectual property" are both total bullshit. Pro Publica breaks it down.
One of the figures Alexander attributed to Symantec — the $250 billion in annual losses from intellectual property theft — was indeed mentioned in a Symantec report, but it is not a Symantec number and its source remains a mystery.
McAfee’s trillion-dollar estimate is questioned even by the three independent researchers from Purdue University whom McAfee credits with analyzing the raw data from which the estimate was derived. "I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large," said Eugene Spafford, a computer science professor at Purdue.
Spafford was a key contributor to McAfee’s 2009 report, "Unsecured Economies: Protecting Vital Information" (PDF). The trillion-dollar estimate was first published in a news release that McAfee issued to announce the report; the number does not appear in the report itself. A McAfee spokesman told ProPublica the estimate was an extrapolation by the company, based on data from the report. McAfee executives have mentioned the trillion-dollar figure on a number of occasions, and in 2011 McAfee published it once more in a new report, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF).
In addition to the three Purdue researchers who were the report’s key contributors, 17 other researchers and experts were listed as contributors to the original 2009 report, though at least some of them were only interviewed by the Purdue researchers. Among them was Ross Anderson, a security engineering professor at University of Cambridge, who told ProPublica that he did not know about the $1 trillion estimate before it was announced. "I would have objected at the time had I known about it," he said. "The intellectual quality of this ($1 trillion number) is below abysmal."
Does Cybercrime Really Cost $1 Trillion?
Brian Krebs interviews Joe Stewart, a security researcher
"who’s spent 18 months cataloging and tracking malicious software that was developed and deployed specifically for spying on governments, activists and industry executives." Speaking at Defcon in Las Vegas, Stewart says the "complexity and scope of these cyberspy networks now rivals many large conventional cybercrime operations. — Xeni
This fake German passport for Hitler was produced in 1941 by Britain's Special Operations Executive, the spy branch in charge of forging documents for moles, spies, partisans, and other covert operatives, as a proof of concept. In a moment of spirited hijinks, the SOE made Herr Schicklgruber into a Jew seeking a visa to enter British-controlled Palestine.
This passport shows what the forgers were capable of producing. It also hints at their sense of humour and their opinion of Hitler and his beliefs. They've given Hitler's passport a red 'J' (which stood for 'Jew' on a German passport). He has a visa allowing his entry into Palestine, which was under British control at that time. The passport also describes Hitler's occupation as a 'painter'. Under distinguishing features, they list his 'little moustache'.
Adolf Hitler's fake passport
A trove of photos from an East German secret police guide to disguise reveal an ineptitude that borders on the comical. No wonder these guys managed to miss the fact that the wall was about to come down, despite having dossiers on practically everyone on the country:
At first glance the photos look staged. They show stocky men stiffly clad in various outfits that include fur hats and thick coats with upturned collars -- and, most importantly, sunglasses. But these photos aren't stage props from a silly low-budget spy film, they are images snapped by members of the feared East German secret state police, or Stasi, for an internal course called the "art of disguising."
Berlin-based artist Simon Menner unearthed the images while sifting through the Stasi archives, which were opened to the public after the fall of the Berlin Wall. He was allowed to reproduce the photos and they are now on display in an exhibition entitled: "Pictures from the Secret Stasi Archives."
(via Making Light