The first-ever independent audit of whistleblower retaliation in US spy agencies was looking bad for the agencies, so it was shut down

For six months, the Intelligence Community Inspector General office investigated the cases of 190 whistleblowers who went through US spy agency channels to report corruption, waste, fraud, abuse and criminality, discovering that the overwhelming majority had faced some combination of indefinite delays and retaliation (being fired, facing paycuts and demotions, being passed over for promotions, etc) -- only one of the 190 whistleblowers had their case upheld, and that took 742 days. Read the rest

News report claims Dutch spies hacked Russian cyberwar operation and pwned their CCTVs, then recorded video of Russian government hackers attacking the DNC

Dutch left-leaning daily de Volkskrant has published a remarkable -- but thinly sourced -- report claiming that a Dutch spy agency called the General Intelligence and Security Service of the Netherlands (AIVD) hacked into the network of a notorious Russian spy group called "Cozy Bear" or APT29, thought to be an arm of the Russian spy apparatus, and obtained direct evidence of Russian state involvement in the hacking of the DNC during the 2016 US election campaign. Read the rest

The NSA's new "core values" statement no longer includes "honor," "honesty" or "openness"

Ironically, the most honest thing the NSA has done since its founding might just be deleting the word "honesty" from its statement of core values, in January 12th's revisions to the earlier version that also once included "openness." Read the rest

EFF to NSA: you scammed your way to another six years of warrantless spying, and you'd better enjoy it while it lasts

Last week, cowards from both sides of the aisle caved into America's lawless spy agencies, and today bipartisan senators reprised that cowardice to ensure that the Senate would not get a chance to vote on amendments to the renewal of Section 702, the rule that has allowed the NSA to conduct mass, warrantless surveillance on Americans in secret, without meaningful oversight or limits. Read the rest

Congressional Democrats have so little faith in Trump's leadership that they've awarded him the power to conduct limitless, warrantless mass surveillance of Americans

When Congress voted last week to renew the NSA's controversial Section 702 powers, which gives the spy agency the power to conduct mass, secret, warrantless surveillance on Americans, they also voted down a bipartisan amendment that would have limited the president's ability to abuse these powers, injecting the barest minimum of accountability and proportionality into a system that Republican and Democratic presidents alike have abused for decades. Read the rest

A detailed look at how US police forces collude with spy agencies to cover up the origin of evidence in criminal cases

Since the 1970s, spy agencies have been feeding police forces tips about who to arrest and where to look for evidence, despite the illegality of their practicing surveillance within the USA. Read the rest

The NSA can't recruit or retain hackers because the pay sucks and the Agency is a bureaucratic mess

The Washington Post reports that the NSA "is losing its top talent at a worrisome rate as highly skilled personnel" because of a mix of low-pay, uninspiring leaders, and a bureaucratic re-org that everyone hates. Read the rest

Reality Winner profile is a beautiful portrait of a brilliant, principled patriot who messed up

Reality Winner is the NSA whistleblower who is accused of leaking US intelligence community documents confirming Russian interference in the 2016 elections to the Intercept and who has been a cross between a punchline (her improbable name, her ill-chosen words on recorded prison conversations with her mother) and a cipher. Read the rest

Property of the People sues the FBI for details on "Gravestone," its reassuringly named secret mass-surveillance tool

In 2016, the watchdog group Property of the People discovered a secret FBI spying program called Gravestone, a mention of which slipped into the metadata of a document on the DoJ's website. Read the rest

Sources in Trump's White House report meetings to assemble a network of deniable wetwork/black ops spooks to target Trump's political enemies in the US and elsewhere

Multiple White House sources have told reporters that the Trump administration has been negotiating with Erik Prince (founder of the war-crimes plagued mercenary firm Blackwater; brother to pyramid-scheme billionaire/Education Secretary Betsy Devos) and ex-CIA operative John R. Maguire to assemble a private army of deniable, off-the-books spy/mercenaries who could target Trump's "deep state" political enemies in the USA, and kidnap and render similar figures overseas. Read the rest

Uber admits it breached 57,000,000 accounts, then bribed the hackers to cover it up, now they're paying a top ex-NSA lawyer to teach them transparency

Uber's Chief Security Officer Joe Sullivan and his top aide have both been forced out of the company in an act of penance for the revelation that the company suffered a breach in October 2016 in which hackers stole personal data from 50,000,000 riders and 7,000,000 drivers, including 600,000 drivers' US driving license numbers; Uber says the disgraced employees acted alone when they then paid the hackers who stole the data $100,000 to hush it up. Read the rest

Teardown of a consumer voice/location cellular spying device that fits in the tip of a USB cable

Mich from ha.cking bought a $25 "S8 data line locator" device -- a cellular spying tool, disguised as a USB cable and marketed to the general public -- and did a teardown of the gadget, offering a glimpse into the world of "trickle down surveillance" where the kinds of surveillance tools used by the NSA are turned into products and sold to randos over the internet for $25. Read the rest

Origin story of the Mimikatz password cracker is a parable about security, disclosure, cyberwar, and crime

Five years ago, Benjamin Delpy was working for an unspecified French government agency and teaching himself to program in C, and had discovered a vital flaw in the way that Windows protected its users' passwords. Read the rest

The DoJ's top crypto warrior wants "strong" encryption that he can break at will

Deputy Attorney General Rod Rosenstein has made a name for himself as a crypto warrior who promotes a murky idea called "responsible encryption," through which software would somehow be designed so that its security worked 100% of the time when criminals and foreign governments were trying to break it, but fail 100% of the time when the US government was trying to break it. Read the rest

Vault 8: Wikileaks publishes sourcecode from last spring's CIA Vault 7 cyberweapons leak

In March, Wikileaks published the Vault 7 leaks, a cache of CIA cyberweapons created under the doctrine of "NOBUS" ("No One But Us"), in which security agencies suppress the publication of bugs in widely used software, choosing instead to develop attack-tools that exploit these bugs, on the assumption that no one else will ever discover those bugs and use them to attack the people they're charged with defending. Read the rest

A new, virulent ransomware epidemic is fuelled by yet another leaked NSA cyberweapon

The global epidemic of Wannacry ransomware infections was the result of petty criminals fusing an old ransomware strain with a leaked NSA cyberweapon that was released by The Shadow Brokers, and the result was tens of millions of dollars' worth of economic harm. Read the rest

Kaspersky's explanation for possessing secret NSA cyberweapons is a doozy

Kaspersky -- a respected Russia-based security company -- has been under a cloud since they were accused of stealing NSA cyberweapons on behalf of the Russian government. But the company has a perfectly innocent -- if complicated and at times bizarre explanation for how it came to be in possession of the NSA's crown jewels. Read the rest

More posts