"grugq"

A San Diego Republican operator ran a massive, multimillion-dollar Facebook scam that targeted boomers

Asher Burke died in March after a helicopter he'd chartered to visit the Kenyan ranch he'd invested in as an "entrepreneur playground" crashed in high winds; his stateside obits called the 27-year-old deputy political director of the Republican Party of San Diego as an entrepreneur, the founder and CEO of Ads, Inc, "on a mission to disrupt the lifestyle industry with our advanced approach to product creation and marketing." Read the rest

Latvia opens up its KGB files and names 4,000+ "informants," many of whom claim they were framed

When Latvia attained independence in 1991, the retreating KGB left behind two sacks and two briefcases containing indexed records of the secret informants who had been paid to turn in their neighbors for offenses including anti-Kremlin activism and watching pornography. Read the rest

Some important technical (and skeptical) notes about the Chinese-backdoored-servers story

Yesterday, Bloomberg published a blockbuster story accusing the Chinese military of sneaking spy-chips "the size of a grain of rice" onto the motherboards of servers sold by Supermicro and/or Elemental for use in data-centers operated by the biggest US corporations (Apple and Amazon, among others), as well as US warships and military data-centers, and the servers used by Congress and the Senate. Read the rest

Just look at this banana-futures-speculation cryptocurrency

Just look at it. Read the rest

A talented impersonator is scamming Richard Branson and pals for millions

Richard Branson got a call from the UK Secretary of State for Defence asking for his help in a covert ransom payment of $5m to rescue a ranking diplomat from kidnappers; Branson recognised the man's voice but he was suspicious of the plan to validate the scheme by sending an assistant to lobby of a government building to meet the Secretary's secretary and exchange codewords. Read the rest

How to covertly toss an apartment, Stasi style

In 1984, the Stasi -- East Germany's notorious secret police -- searched the flat of an auditor to determine if he'd leaked files that put the country in a bad light to Stern, a West German magazine, published in Hamburg. They recorded the clandestine search for posterity, and used it as the basis for a training video explaining to other secret police operatives how to search a dissident's home without alerting them that they were under suspicion. (via Grugq) Read the rest

The Bureaucratic Style in American prose

After Colin Dickey wrote about United CEO Oscar Munoz's nonpology for the savage beating of Dr David Dao, he was taken to task for accusing the CEO of writing in the "passive voice."

The closer Dickey looked, the more he concluded that "passive voice" is not a good characterization of the style employed by corporate America; rather, the instantly recognizable "Bureaucratic Style" "makes use of both active and passive constructions, but its purpose is uniform: to erase and efface any active agent on the part of the bureaucracy."

Dickey's essay on Bureaucratic Style is fascinating.

To begin with, the bureaucratic style works to erase cause. Here is Munoz’s description of the start of the incident: “On Sunday, April 9, after United Express Flight 3411 was fully boarded, United’s gate agents were approached by crewmembers that were told they needed to board the flight.” Setting aside the passengers for a second, in this sentence there are two named actors: the gate agents and the crewmembers. You might expect, then, that this all started when the crewmembers approached the gate agents and told them they needed to board the flight. However, a closer reading of the syntax implies this is not the case; the crewmembers themselves “were told they needed to board the flight.” Who told them? The sentence does not make this clear, even though it is this unnamed actor, presumably a supervisor, who set this entire chain of events in motion. Deliberately pushed back as far off the stage as possible, there is no one here to responsibly hold accountable for subsequent events.

Read the rest

How to suppress the truth, embarrassed government edition

DC Dave's "Seventeen Techniques for Truth Suppression" are a good analytical tool for understanding what's happening when governments are embarrassed by revelations of corruption and criminality and get to spinning, a kind of Spicer-Conway masterclass (albeit one that's spoiled by its descent into conspiracy theory with the Vince Foster suicide as an example of such truth-suppression). Read the rest

How East Germany's Stasi tried to drive activists insane, and how they resisted

East Germany's secret police, the Stasi, were the most aggressive surveillance force of their day -- at the Stasi's peak, one in 60 East Germans was snitching for the agency. Read the rest

How Kenyan spies and cops use electronic surveillance for illegal murder and torture squads

Privacy International interviewed 57 sources for their report on the link between surveillance and torture and murder in Kenya, including 32 law enforcement, military or intelligence officers with direct firsthand knowledge of the programs. Read the rest

Breitbart was a unique driver of hyper-partisan, trumpist news that shifted the 2016 election

A team of esteemed scholars including Yochai "Wealth of Networks" Benkler and Ethan Zuckerman (co-founder of Global Voices) analyzed 1.25 million media stories published between April 1, 2015 and election day, finding "a right-wing media network anchored around Breitbart developed as a distinct and insulated media system, using social media as a backbone to transmit a hyper-partisan perspective to the world." Read the rest

Three kinds of propaganda, and what to do about them

Jonathan Stray summarizes three different strains of propaganda, analyzing why they work, and suggesting counter-tactics: in Russia, it's about flooding the channel with a mix of lies and truth, crowding out other stories; in China, it's about suffocating arguments with happy-talk distractions, and for trolls like Milo Yiannopoulos, it's weaponizing hate, outraging people so they spread your message to the small, diffused minority of broken people who welcome your message and would otherwise be uneconomical to reach. Read the rest

Anonymous infiltrated the KKK by friending Blue Lives Matter supporters on Facebook

The Anonymous activists behind "OpKKK" -- which infiltrated and unmasked Klan members, including many in US military and police departments -- began by creating thin-but-plausible fake identities on Facebook that signalled support for "Blue Lives Matter." By friending other accounts that indicated support for Blue Lives Matter, they found themselves being auto-suggested friendships with KKK members. Read the rest

Hackers claim to have stolen NSA cyberweapons, auctioning them to highest bidder

The Shadow Brokers, a previously unknown hacker group, has announced that it has stolen a trove of ready-to-use cyber weapons from The Equation Group (previously), an advanced cyberweapons dealer believed to be operating on behalf of, or within, the NSA. Read the rest

Malware-Industrial Complex: how the trade in software bugs is weaponizing insecurity

Here's a must-read story from Tech Review about the thriving trade in "zero-day exploits" -- critical software bugs that are sold off to military contractors to be integrated into offensive malware, rather than reported to the manufacturer for repair. The stuff built with zero-days -- network appliances that can snoop on a whole country, even supposedly secure conversations; viruses that can hijack the camera and microphone on your phone or laptop; and more -- are the modern equivalent of landmines and cluster bombs: antipersonnel weapons that end up in the hands of criminals, thugs and dictators who use them to figure out whom to arrest, torture, and murder. The US government is encouraging this market by participating actively in it, even as it makes a lot of noise about "cyber-defense."

Exploits for mobile operating systems are particularly valued, says Soghoian, because unlike desktop computers, mobile systems are rarely updated. Apple sends updates to iPhone software a few times a year, meaning that a given flaw could be exploited for a long time. Sometimes the discoverer of a zero-day vulnerability receives a monthly payment as long as a flaw remains undiscovered. “As long as Apple or Microsoft has not fixed it you get paid,” says Soghioan.

No law directly regulates the sale of zero-days in the United States or elsewhere, so some traders pursue it quite openly. A Bangkok, Thailand-based security researcher who goes by the name “the Grugq” has spoken to the press about negotiating deals worth hundreds of thousands of dollars with government buyers from the United States and western Europe.

Read the rest

Security companies and governments conspire to discover and hide software vulnerabilities that can be used as spyware vectors

The Electronic Frontier Foundation's Marcia Hoffman writes about security research companies that work to discover "zero day" vulnerabilities in software and operating systems, then sell them to governments and corporations that want to use them as a vector for installing spyware. France's VUPEN is one such firm, and it claims that it only sells to NATO countries and their "partners," a list that includes Belarus, Azerbaijan, Ukraine, and Russia. As Hoffman points out, even this low standard is likely not met, since many of the governments with which VUPEN deals would happily trade with other countries with even worse human rights records -- if Russia will sell guns to Syria, why not software exploits? VUPEN refuses to disclose their discoveries to the software vendors themselves, even for money, because they want to see to it that the vulnerabilities remain unpatched and exploitable for as long as possible.

“We wouldn’t share this with Google for even $1 million,” said VUPEN founder Chaouki Bekrar. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.” VUPEN, which also “pwned” Microsoft’s Internet Explorer, bragged it had an exploit for “every major browser,” as well as Microsoft Word, Adobe Reader, and the Google Android and Apple iOS operating systems.

While VUPEN might be the most vocal, it is certainly not the only company selling high-tech weaponry on the zero-day exploit market. Established U.S. companies Netragard, Endgame, Northrop Grumman, and Raytheon are also in the business, according to Greenberg.

Read the rest

:)