NSA hacked Huawei, totally penetrated its networks and systems, stole its sourcecode


A new Snowden leak details an NSA operation called SHOTGIANT through which the US spies infiltrated Chinese electronics giant Huawei -- ironically, because Huawei is a company often accused of being a front for the Chinese Peoples' Liberation Army and an arm of the Chinese intelligence apparatus. The NSA completely took over Huawei's internal network, gaining access to the company's phone and computer networks and setting itself up to conduct "cyberwar" attacks on Huawei's systems.

The program apparently reached no conclusion about whether Huawei was involved in espionage. However, the NSA did identify many espionage opportunities in compromising Huawei, including surveillance of an undersea fiber optic cable that Huawei is involved with.

Read the rest

HOWTO search the Web like the NSA

Wired's Kim Zetter rounds up some of the highlights from Untangling the Web: A Guide to Internet Research [PDF], an NSA guide to finding unintentionally published confidential material on the Web produced by the NSA and released in response to a Muckrock Freedom of Information Act request. As Zetter notes, the tactics discussed as described as legal, but are the kind of thing that weev is doing 3.5 years in a Federal pen for:

Want to find spreadsheets full of passwords in Russia? Type “filetype:xls site:ru login.” Even on websites written in non-English languages the terms “login,” “userid,” and “password” are generally written in English, the authors helpfully point out.

Misconfigured web servers “that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers,” the authors write, then offer a command to exploit these vulnerabilities — intitle: “index of” site:kr password.

“Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data,” the authors assert in their book. Instead it “involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.” You know, sort of like the “hacking” for which Andrew “weev” Aurenheimer was recently sentenced to 3.5 years in prison for obtaining publicly accessible information from AT&T’s website.

Use These Secret NSA Google Search Tips to Become Your Own Spy Agency

Officer linked to torture tapes' destruction advances within C.I.A.

At the New York Times, Mark Mazzetti reports on the promotion of a C.I.A. officer "directly involved in the 2005 decision to destroy interrogation videotapes and who once ran one of the agency’s secret prisons."

New virus targets online banking systems in Mideast

Russian security firm Kaspersky Lab claims to have uncovered a new "cyber-espionage toolkit" designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran. The researchers claim this new malware has been found infecting systems in other countries in the Middle East, and targets online financial systems. More at Wired Threat Level and Reuters. They're calling this one "Gauss."

Cybercrime, patent-theft numbers are total bullshit

In case there was any doubt in your mind, the alleged $1T cost to America from cyberwar and the $250B cost to America from "cyber-theft of Intellectual property" are both total bullshit. Pro Publica breaks it down.

One of the figures Alexander attributed to Symantec — the $250 billion in annual losses from intellectual property theft — was indeed mentioned in a Symantec report, but it is not a Symantec number and its source remains a mystery.

McAfee’s trillion-dollar estimate is questioned even by the three independent researchers from Purdue University whom McAfee credits with analyzing the raw data from which the estimate was derived. "I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large," said Eugene Spafford, a computer science professor at Purdue.

Spafford was a key contributor to McAfee’s 2009 report, "Unsecured Economies: Protecting Vital Information" (PDF). The trillion-dollar estimate was first published in a news release that McAfee issued to announce the report; the number does not appear in the report itself. A McAfee spokesman told ProPublica the estimate was an extrapolation by the company, based on data from the report. McAfee executives have mentioned the trillion-dollar figure on a number of occasions, and in 2011 McAfee published it once more in a new report, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF).

In addition to the three Purdue researchers who were the report’s key contributors, 17 other researchers and experts were listed as contributors to the original 2009 report, though at least some of them were only interviewed by the Purdue researchers. Among them was Ross Anderson, a security engineering professor at University of Cambridge, who told ProPublica that he did not know about the $1 trillion estimate before it was announced. "I would have objected at the time had I known about it," he said. "The intellectual quality of this ($1 trillion number) is below abysmal."

Does Cybercrime Really Cost $1 Trillion? (via /.)

Report: complexity of cyberspying botnets greater than previously known

Brian Krebs interviews Joe Stewart, a security researcher "who’s spent 18 months cataloging and tracking malicious software that was developed and deployed specifically for spying on governments, activists and industry executives." Speaking at Defcon in Las Vegas, Stewart says the "complexity and scope of these cyberspy networks now rivals many large conventional cybercrime operations.

Fake British WWII passport for Hitler


This fake German passport for Hitler was produced in 1941 by Britain's Special Operations Executive, the spy branch in charge of forging documents for moles, spies, partisans, and other covert operatives, as a proof of concept. In a moment of spirited hijinks, the SOE made Herr Schicklgruber into a Jew seeking a visa to enter British-controlled Palestine.

This passport shows what the forgers were capable of producing. It also hints at their sense of humour and their opinion of Hitler and his beliefs. They've given Hitler's passport a red 'J' (which stood for 'Jew' on a German passport). He has a visa allowing his entry into Palestine, which was under British control at that time. The passport also describes Hitler's occupation as a 'painter'. Under distinguishing features, they list his 'little moustache'.

Adolf Hitler's fake passport (via Neatorama)

Stasi spywear: the inept art of commie disguise

A trove of photos from an East German secret police guide to disguise reveal an ineptitude that borders on the comical. No wonder these guys managed to miss the fact that the wall was about to come down, despite having dossiers on practically everyone on the country:
At first glance the photos look staged. They show stocky men stiffly clad in various outfits that include fur hats and thick coats with upturned collars -- and, most importantly, sunglasses. But these photos aren't stage props from a silly low-budget spy film, they are images snapped by members of the feared East German secret state police, or Stasi, for an internal course called the "art of disguising."

Berlin-based artist Simon Menner unearthed the images while sifting through the Stasi archives, which were opened to the public after the fall of the Berlin Wall. He was allowed to reproduce the photos and they are now on display in an exhibition entitled: "Pictures from the Secret Stasi Archives."

Stasi Chic (via Making Light)