The FBI's Quiet Plan to Begin Mass Hacking

by ailanthus | September 12, 2016

Senator Ron Wyden delivered a speech on the floor of the Senate on Thursday calling for passage of a bill that would annul new rules for judges. These rules will give the FBI authority to hack millions of people's computers with a single search warrant, regardless of where the device is located.

The Stop Mass Hacking Act (S. 2952, H.R. 5321), which has bipartisan support, is composed of a single sentence:

"To prevent the proposed amendments to rule 41 
of the Federal Rules of Criminal Procedure from taking effect."

Wyden's bill attempts to stop the upcoming changes to Rule 41, set to take effect in less than 90 days.

The changes to Rule 41 would allow judges to grant warrants to search and seize electronic media located outside of their home districts when the location of the information is “concealed through technological means."

For instance, when a person is using Tor.

The broad search warrants allowable under these new rules will apply to people using Tor in any country—even if they are journalists, members of a legislature, or human rights activists. The FBI will be permitted to hack into a person’s computer or phone remotely and to search through and remove their data. The FBI will be able to introduce malware into computers. It will create vulnerabilities that will leave users exposed.

To quote a tweet from Daniel Shuman of the NGO Demand Progress, "Even if you like mass FBI hacking, shouldn't the Senate hold a hearing first before it automatically becomes law?"

We are at a critical point in the United States regarding surveillance law. Some public officials, like those at the US Department of Justice (the FBI is a department of DOJ), understand very well how surveillance technology works and the implications of the Rule 41 changes. But the judges who must approve these warrants under the new rules vary widely in their technical expertise and understanding of how these decisions affect the larger Constitutional issues of search and seizure. Rule 41 will allow savvy law enforcement officials to seek those judges who don't yet understand the tech.

Similarly, there are many members of Congress who don't yet understand either the technology or its impact on democratic institutions and values. Some understand that Tor and encryption are currently used by politicians, judges, and even the FBI to keep their communications private--but others do not. Some—but not all—know that privacy tools like Tor can help enforce the separation of powers by preventing one branch of government from spying on another. Some know that a back door for one good guy is eventually a back door for multiple bad guys. Many others do not.

So some US officials can take advantage of this ignorance in order to expand their power. And since the FBI works for the Department of Justice, and the Department of Justice works for the White House, Rule 41 gives new surveillance power to the Administrative branch of US government. New power over millions of people--that Congress never discussed or approved.

Why go through Congress, the reasoning goes, and risk public exposure, debate, and possible defeat, when law enforcement can tweak a rulebook and get the same new hacking power?

If you care about FBI mass hacking, urge Congress to pass the Stop Mass Hacking bill on social media with the hashtag #SMHAct (one of the better legislative hashtags).

If you are an American citizen, there is much more you can do. Here is a seemingly minor thing--but one that can have great impact. Call and leave a message with the Washington, DC, office of the US Senator from your state. Senators actually count these calls, and they influence their decisions--Perhaps they don't want to be voted out of office by the constituents they ignored.

Here is a list of Senators' phone numbers (calling is much more effective than email for this purpose): http://www.senate.gov/general/contact_information/senators_cfm.cfm?Orde…

Your call or voicemail can be very simple:

"My name is _____, I am Senator ____'s constituent in the state of ___, and I support the "Stop Mass Hacking Act." I ask Senator _____ to support The Stop Mass Hacking Act also and that it be considered during this work period. Thank you.”

You can also leave a thank you message with Senator Wyden's office--This gives Wyden more ballast to encourage his colleagues to support the bill).

If you make those calls or leave voicemails and you're on Twitter, tweet that you called your Senator using their Twitter handle and the #SMHAct hashtag. This amplifies the power of the phone call.

The Stop Mass Hacking Act has bipartisan support. Senator Steve Daines (R-Montana), along with Senator Rand Paul (R-Kentucky) Senators Tammy Baldwin (D-Wisconsin) and Jon Tester (D-Montana) are original co-sponsors of the Senate bill.

People listen to the Tor community on issues of anonymity technology. But the threat to anonymity can be just as destructive when it comes because of a small rule change--a bureaucratic sleight of hand---as when it comes through a attack on our software by a state intelligence agency. As Tor users, our threat model includes both, so our response as a community must also include both.

UPDATE: Phoning is by far most important. Then you can tweet to your Senator.

The Twitter accounts for US Senators are here: http://www.socialseer.com/resources/us-senator-twitter-accounts/ #SMHAct

-----
H.R.5321: https://www.congress.gov/bill/114th-congress/house-bill/5321
S.2952: https://www.congress.gov/bill/114th-congress/senate-bill/2952

Comments

Please note that the comment area below has been archived.

September 18, 2016

Permalink

The senate.gov link blocks Tor (and archive.org!) but it appears to be accessible via startpage.com proxy. I'll definitely be calling on the next business day. Would it be beneficial to call our congressmen as well?

> The senate.gov link blocks Tor

I noticed that months ago, and tried to post about it, but my post never appeared.

I should start keeping track of posts which are "accidently" deleted or never appear, because I am starting to see a pattern: the ones which embarrass the USG vanish under mysterious circumstances. Curious, wouldn't you say?

So I called my state senators, then when I called to thank Wyden, I asked his secretary what else I can do to help, e.g. calling congressmen. He said the biggest thing is raise awareness and encourage other people to call their state senators, but also call congressmen regarding the House of Representatives version of the bill (same name, but use the "H.R." bill number above). He said contact them the same way, look up the House rep for your district (on house.gov or your state's house site) and leave a message. I'm not sure how much pull House members have on federal topics, but it can't hurt.

So I called my local House rep and left a thank-you with Ted Poe's (proposer of the House version of the Stop Mass Hacking Act) secretary. The process is virtually identical to that of the Senate. In total that's 5 calls. I regret not mentioning the "NoGlobalWarrants.org" site (run by the EFF) in my messages, but hopefully other callers will do so.

Are there any channels we can watch for updates on this within the Senate and Congress? E.g. to look for any statements made about Rule 41 and the Stop Mass Hacking Act at the congressional meetings and the like?

In other words, can we observe any feedback that this is actually working? Given that the Tor Browser 6.0.5 release blog post came 4 days after this one, and has many orders of magnitude more comments already, I fear that a lot of users are reading this post under the illusion that everyone else is calling, so they think their call won't make a difference.

I am against the mass hacking act. That is bullshit. Benjamin Franklin said "revolution is healthy for any governing body, not just one man but the combined effort of all man with a common goal". Looks like a revolution is in order.

> Are there any channels we can watch for updates on this within the Senate and Congress? E.g. to look for any statements made about Rule 41 and the Stop Mass Hacking Act at the congressional meetings and the like?

thehill.com is a good Tor-friendly resource which has been covering this issue. Sometimes they post a notice (too often a few hours too late in my experience) about something happening in real time in a key Congressional meeting room, such as a "markup session" in which staffers and lobbyists put in all the loopholes which enable corruption to flourish and the wealthy to profit, and remove all any language which would actually empower the citizen to try to improve his/her lowly station. (Some might be surprised by how many staffers would not substantially disagree with this characterization of marathon 20 hour markup sessions.)

One bad practice which The Hill could easily fix: staffers want to know the bill numbers (e.g HR1234 or S567), but for some reason The Hill typically fails to mention these.

Unfortunately, only a professional lobbyist located in DC itself who is wandering the halls of the Capitol daily can really hope to track the progress of legislation.

If one finds some malware which is part of a FBI NIT on a computer but one doesn't realise that, and one removes/fixes it, has one committed a crime by impeding a federal criminal investigation?

September 19, 2016

In reply to by Anonymous (not verified)

Permalink

I'm not sure what you're referring to with that. If it was in reply to my comment above, please use the "reply" button so it is easy for me and other users to tell. In any case, please quote the specific part of the comment or blog post that your comment pertains to. Without this information, I can't really make sense of your comment at all.

September 19, 2016

Permalink

"The broad search warrants allowable under these new rules will apply to people using Tor in any country". This must be breaking some sort of international privacy laws, doesn't it? Europe has their own LEA's and I don't think they would grant the FBI "global" rights to hack into European Tor users computers!!! That if something is a severe breach of international privacy/telecommunications/ whatnot laws, right? And thus the FBI would be subject to legal action (as a defendant) at least in Europe.

September 13, 2016

Permalink

Thank you for drawing attention to this important issue. I called my Senators but don't want to draw attention to myself via social media. I strongly encourage other US citizens to call their Congresspeople.

September 19, 2016

Permalink

I simply cannot register the amount of abuse of power this will grant the FBI if a disaster such as this is allowed to pass. Land of the free, home of the terrified.

September 20, 2016

Permalink

it's not mass hacking, it's not even mass cracking, it's the next step in digital tyranny: arbitrary seizure of electronics if they can't get what they want.

IANAL but we sort of have that already with civil asset forfeiture, where they can seize anything, without a warrant, that they have probable cause (but not necessarily proof) was obtained as a result of (or used in furtherance of?) a crime. I think the difference here might be that CAF assets are simply new toys/money for the LEA, while those seized under this law (with a warrant, unconstitutional as that warrant may be) can also be used as evidence in a court of law. I'm just guessing at this, so anyone please correct me if I'm wrong.

US cops are already stopping pedestrians and seizing amounts ranging from 8 cents upward. The only purpose of this "asset forfeiture" is to terrorize people who live in poor neighborhoods (which are often drug-infested, but not everyone who lives in poor neighborhoods is a drug user and even fewer are involved in the drug business). The real crooks, Big Pharma and Big Bank executives, get their huge bonuses every year, and so it goes.

September 20, 2016

Permalink

I am from spain, of course i will share this but, will it be legal to hack people from other countrys? Sorry if there are some mistakes, love what you do.

September 21, 2016

Permalink

Suggest we all call back to point out that US judges are suppressing evidence obtained by FBI illicit intrusions into remote servers owned and operated by others:

http://arstechnica.com/tech-policy/2016/09/judge-child-porn-evidence-ob…
Judge: child porn evidence obtained via FBI’s Tor hack must be suppressed
Third judge rules that Playpen search warrant was invalid from the start.
Cyrus Farivar
21 Sep 2016

This is the kind of embarrassing comment USG cannot tolerate, so it uses zero-days/malware to illegally intrude into a remote server owned by someone else, and deletes comments.

If FBI gets its way, soon it will be hacking arstechnica.com and removing stories it dislikes. Taking people off the street for wearing backpacks. Carrying phones which use end-to-end encryption. Putting people in preventative detention camps, a possibility which is being seriously discussed inside USG, as confirmed by an inside source at the RAND corporation. See this ebook which critiques FBI/NCTC CVE programs on the grounds that the math shows they won't work, just as commentators have pointed out in this blog:

http://ismor.cds.cranfield.ac.uk/30th-symposium-2013/behavioural-indica…

This is an unclassified public document but the authors have clearly also been reading classified documents (not cited in the references of course).

If they really wanted to find out about this browser---Then they might actually here in this site. Its easy to find in the internet. So its really hard for us to cover now, if they do.

September 21, 2016

Permalink

I understand the problem and what the solution is but does this also mean that using tor will become useless? I kind of get that impression from the text

September 21, 2016

Permalink

Looks like comments are being deleted or censored here AGAIN.

Shari, what gives?

September 14, 2016

Permalink

Does this include the possibility that the FBI hacks individuals outside of the US?

With a warrant signed by a judge under the new rules, yes! And if you don't like the idea of the US FBI hacking your computer, I would consider contacting the foreign office of your national government immediately--also get in touch with EDRi (www.EDRi.org) if you are in Europe, or your local privacy advocacy organization.

*If it is safe to do so*, follow up publicly so that people can see your views by posting on social media, blogging, writing an opinion piece or letter to the editor in your newspaper. You can also phone or email reporters to alert them to the situation. The US FBI collaborates with the US NSA, and the NSA collaborates with lots of countries. So your foreign office may not be totally against the idea of US interference or hacking. Thus, it's best to be public about your views if possible.

Here is an article about FBI/NSA/international collaboration: https://www.fbi.gov/news/testimony/the-fbis-role-in-cyber-security

#SMHAct and #Rule41 are good hash tags to use on social media.

September 15, 2016

In reply to ailanthus

Permalink

Do you think the Iranian government also has the potential to mass hacking?

This post from EFF addresses your question in more detail:

https://www.eff.org/deeplinks/2016/08/illegal-playpen-story-rule-41-and…
The Playpen Story: Rule 41 and Global Hacking Warrants
Mark Rumold
26 Sep 2016

> The warrant the FBI used in the Playpen investigation—which resulted in the delivery of malware to over a thousand computers, located around the world—violated [the *current version* of] Rule 41, an important rule of federal criminal procedure. Although Rule 41 may seem obscure, it plays a vital role in limiting when federal law enforcement agencies can conduct lawful searches and seizures.
> ...
> This “territorial” restriction [in the current version of Rule 41] is an important one. It ensures that any search or seizure that is authorized has a sufficient nexus to the judicial district, and it helps guard against law enforcement “forum shopping”—where law enforcement is able to seek out sympathetic or unquestioning judges to obtain warrants, even if those warrants have little or no connection to the judicial district.
> ...
> As we’ve written about before, DOJ is pushing a change to Rule 41. The new Rule 41 would, for the first time, authorize magistrates to issue search warrants, like the Playpen warrant, when “technological means” like Tor or VPNs are obscuring the location of a computer, or when a computer is swept up in a "botnet." In these circumstances, law enforcement could remotely access, search, seize, or copy data on computers, no matter where the computers were located and without providing notice to the users being searched. That means the FBI could go to almost any federal magistrate judge and get a warrant authorizing the FBI to hack into a computer (or, as was the case in the Playpen investigation, thousands of computers), no matter where in the world those computers are located.
>
> Make no mistake: the changes to Rule 41 will result in many, many more warrants like the one used in the Playpen case. "Fine," you might say, "I'm not doing anything illegal online. The FBI won't have any interest in hacking into my computer." But, because the Rule 41 changes authorize hacking when a computer is part of a botnet, even innocent users caught up in a botnet could be unknowingly subjected to an FBI search.

It is far worse than that. It is appears a virtual certainty that come 1 Dec 2016 FBI will secretly seek and obtain from their most obliging magistrate judges orders targeting everyone who posts at blogs like this one.

Is this why Shari is apparently mulling shutting down this blog entirely? If we conclude that all visitors will be routinely attacked, those coming from the most oppressive countries could very well have their lives endangered if their own governments detect the telltale signature of FBI's NIT "phoning home" to Quantico.

Now that I think about it--- and I am horrified to say so--- maybe it *does* make sense to shut down the blog before 1 Dec 2016. A horrid prospect, but there are far too many unanswered questions about how FBI malware works and whether it would endanger visitors from countries where using Tor is virtually illegal.

Most appalling of all: even if TP moved outside the US before 1 Dec 2016, which would almost certainly be a very good idea, FBI will still be able to freely attack any visitor to the new blog.torproject.org, because under the new version of Rule 41 it will be free to hack any device anywhere in the world, regardless of the laws of any other nation.

I interpret your question to read: "Have the proposed changes to Rule 41 been blocked by the US Congress"?

Please recall that the proposed changes to Rule 41 will make it "legal", under the laws of the US, for FBI to use malware and malicious network activity to break into any computer anywhere in the world, possibly using what are in effect "Writs of Assistance" which can be issued by any magistrate judge (the lowest kind in the US court system).

FBI has demanded these changes for years, because they want to "legalize" actions targeting the Tor network which it has undertaken illegally for many years. The changes have already been approved by the US Supreme Court, so the only way left to stop them from coming into force is to persuade the US Congress to pass a bill blocking them.

So the answer is: the changes will take effect on 1 Dec 2016 *unless* the US Congress passes a bill (the Stop Mass Hacking Act sponsored by Sen. Wyden is the Senate version) to block these changes. There is still time to call members of Congress in order to urge them to take action.

September 15, 2016

Permalink

abnormality on tails 2.6rc1 - after facebookcorewwwi chat to reporter: new circuit was build. never experienced such behaviour before. even facebook asked me if i want to send again.

September 15, 2016

Permalink

Who the hell do America think they are creating laws permitting a US organization to cut across all National laws and plant backdoors on computers around the world. It is high time the Internet was controlled by an independent International body. Don't forget the internet was created by a Brit. not an American as most seem to think.

September 25, 2016

Permalink

One Comment was made "Tor has to make the next step"
We in the Community are TOR so we all need to stand. Always Remember People are going to be "Policed" so far and then the People Stand up to them." That is the Answer.

September 25, 2016

Permalink

That is good relating to stop terrorists communicating online or planning something bad.but to a normal law abiding citizen taking hacking into their privacy thats bad. the other part that also cyberstalking, criminals using the internet for the wrong and harmful reasons need to be taken down

September 25, 2016

Permalink

[This is the kind of post which USG is likely to try to censor or remove]

[moderator: one post cited below quotes Bruce Scheier, who is on the Board of TP]

Two recent posts from EFF directly related to the topic of the blog post above:

https://www.eff.org/deeplinks/2016/09/digital-equivalent-rumor-should-n…
A Digital Rumor Should Never Lead to a Police Raid
Law Enforcement, Courts Need to Better Understand IP Addresses, Stop Misuse
Aaron Mackey
22 Sep 2016

> If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional. Yet EFF has found that police and courts are regularly conducting and approving raids based on the similar type of unreliable digital evidence: Internet Protocol (IP) address information.

https://www.eff.org/deeplinks/2016/09/playpen-story-some-fourth-amendme…
The Playpen Story: Some Fourth Amendment Basics and Law Enforcement Hacking
Mark Rumold
21 Sep 2016

> It’s an old legal adage: bad facts make bad law. And the bad facts present in the Playpen prosecutions—the alleged possession and distribution of child porn, coupled with technology unfamiliar to many judges—have resulted in a number of troubling decisions concerning the Fourth Amendment’s protections in the digital age.

It is important for US citizens to bear in mind that FBI routinely exploits the complicated structure of US "law enforcement" [sic] to evade restrictions on surveillance by "technical means". Several recent posts from ACLU on the topic of federal, state, county, and local LEA surveillance inside the USA:

https://www.aclu.org/report/community-control-over-police-surveillance-…
Community Control Over Police Surveillance: Technology 101

> The proliferation in local police departments’ use of surveillance technology, which in most places has occurred without any community input or control, presents significant threats to civil rights and civil liberties that disproportionately impact communities of color and low-income communities. The nationwide “Community Control Over Police Surveillance” effort is looking to change that through legislation mandating that local communities are given a meaningful opportunity to review and participate in all decisions about if and how surveillance technologies are acquired and used locally. Here is a list of costly and invasive surveillance technologies that might be recording you, your family, and your neighbors right now.

The white paper is here:

https://www.aclu.org/sites/default/files/field_document/tc2-technology1…
Technology 101

Among surveillance modalities not mentioned in the paper but currently under development:

o identification [sic] by "microbiome": yet another scientifically unvalidated forensic scheme in which a supposed "signature" from what bacteria are present on skin or in gut can be used to identify "suspects"; yes, you read that right, police want to start searching your home's sewer lines.

o forcible interrogation while hooked up the next generation of fMRI scanners (current scanners wont work right if a prisoner wriggles about); LEAs are even screaming for "stand-off" brain-wave scanners.

Both of these are mentioned in the recent PCAST white paper which shows that almost all of the so-called "forensic science" techniques beloved by FBI and other LEAs have never been scientifically validated, and even worse, most have been scientifically *invalidated*. FBI and DOJ have already announced they intend to ignore the report and to continue to use invalid "forensic science" methods. American tax dollars at work.

https://www.aclu.org/blog/speak-freely/let-there-be-light-cities-across…
Let There Be Light: Cities Across America Are Pushing Back Against Secret Surveillance by Police
Chad Marlow, Advocacy and Policy Counsel, ACLU
21 Sep 2016

> Think about how it feels when you are driving down a road, look in your rearview mirror, and notice a police car driving directly behind you. You tense up. You slow down. You try not to drift too much in your lane as you drive. One false move and those red flashing lights will switch on. Only after the police car drives past can you finally relax and exhale. As internationally renowned security technologist Bruce Schneier observed in his book "Data and Goliath," this is what surveillance feels like. But for many Americans who live in communities that are disproportionately targeted by police surveillance technologies, that feeling never goes away.

https://www.aclu.org/blog/free-future/police-use-social-media-surveilla…
Police Use of Social Media Surveillance Software is Escalating, and Activists are in the Digital Crosshairs
Nicole Ozer, Technology & Civil Liberties Policy Director, ACLU of Northern California
22 Sep 2016

> It goes without saying that speaking out against police violence or government overreach shouldn’t land you in a surveillance database. But it can, and it does. The ACLU of California has received thousands of pages of public records revealing that law enforcement agencies across the state are secretly acquiring social media spying software that can sweep activists into a web of digital surveillance.

Did you notice that no one ever bothered replying to that rather pointless e-mail? It cites the post by @movrcx, and I replied (at length) to that in my comment at:

   https://blog.torproject.org/blog/tor-browser-605-released#comment-208877

explaining why the claims of exposure were overegged, and didn't actually apply to Tails 2.5.

To answer your questions:

1. How does one "run TB from a sandbox"?

Apart from DIY? You could:
   a) try QubesOS (it uses Xen), which allows you to set up VMs;
   b) use Tails, which uses AppArmor for application isolation of Tor Browser. See:

      https://tails.boum.org/contribute/design/application_isolation/#index1h2).

2. How to efficiently remove the suspect root certs from TB store?

This is pointless.

Even though Firefox will let you delete or distrust each root certificate, you still have to recognise it, and how would you?

In any case, the attack did not work because @movrcx managed to generate a fake root certificate. Note that @movrcx re-compiled Firefox after incorporating his fake root certificate into his own source code on his own system. He thought that was the cause of the attack, but it was not. The 'bug' in Firefox that allowed the attack to work was that if certificate pinning was used (which Tor Browser did), Firefox was failing to reject unpinned certificates. @movrcx did not understand this, which is why he became disregarded again.

3. Does the poster's advice apply to Tails booted from R/O DVD?

It is as inapplicable to Tails 2.5 and Tails 2.6 booted from DVD±R as it would be from DVD±RW or USB stick. The Tails team reconfigured TBB to not auto-update extensions: @movrcx's attack would not have worked on Tails 2.5. It's still the case for Tails 2.6, with no sign of them changing this.

This is helpful (and reassuring since I use Tails almost exclusively). Thank you for taking the time.

To repeat a previous request: it would be wonderful if Nick M, Matthew G, Bruce S, Micah L type Tor associates could author a series reviewing what we currently know about state-sponsored attacks on Tor network, and how we guess FBI's attacks starting 1 Dec 2016 might work. (They are attacking us indiscriminately already, but starting 1 Dec that will apparently be "legal" according to US courts, but certainly not according to the US Constitution.) In particular, what we know about MITMs and governments subverting CAs to obtain fraudulent certs for high value domains such as google.com or torproject.org.

Example of question I would like to see answered: many websites I visit seem to use startssl certs, and these seem to be issued by a subsidiary of WoSign, the rogue CA which Mozilla (thank you Mozilla) is about to remove from the Firefox root cert cache. How worried should I be about that? Am I seeing more WoSign certs than I should, and does that suggest MITM?

I am sure the people I nominated are overwhelmed with work. We users are also overwhelmed, with incomplete information we must try to assess to protect ourselves, our colleagues, our friends and families.

Thanks for replying! I'm finally glad one of my blathering comments actually helped someone!

The point of my posts like that is not to debunk any and all conspiracy theory stuff, but to put to sleep things that we can be more sure of as not something we need to worry about. Then we can concentrate on wheat, not chaff.

September 25, 2016

Permalink

[This is the kind of comment which US/RU governments are likely to try to censor or delete]

One powerful argument against encouraging US agencies from random attacks on Tor users is that "NOBUS" [sic] malware becomes available to other actors, as illustrated by the NSA Equation Group leaked malware being published by DC Leaks.

Here is an important post from EFF on how NSA Equation Group helps RU attack US citizens, even *before* Prepresident Trump takes office:

https://www.eff.org/deeplinks/2016/09/nsas-failure-report-shadow-broker…
NSA’s Failure to Report Shadow Broker Vulnerabilities Underscores Need for Oversight
Bill Budington and Andrew Crocker
23 Sep 2016

> But the NSA’s overconfidence should disturb us, as security researcher Nicholas Weaver points out. The “sensors” mentioned by Reuters are likely a non-technical reference to monitoring of the Internet backbone by the NSA under such authorities as Section 702 and Executive Order 12333, which could act as a form of Network Intrusion Detection System (NIDS). (The Department of Homeland Security also operates an NIDS called Einstein specifically to monitor government networks.) But Weaver explains that at least some of the exploits, including those that affected Cisco and Fortinet products, appear not to lend themselves to detection by outside monitoring since they operate within a target’s internal network. In other words, the NSA’s confidence that its surveillance tools weren’t being used by other actors might have been seriously misplaced.

September 25, 2016

Permalink

[This is the kind of comment which USG is likely to try to censor or delete]

More FBI illegality:

http://www.msn.com/en-us/news/us/fbi-behind-mysterious-surveillance-air…
FBI behind mysterious surveillance aircraft over US cities
Jack Gillum, Eileen Sullivan, and Eric Tucker
2 Jun 2015

https://www.buzzfeed.com/peteraldhous/spies-in-the-skies
America is being watched from above. Government surveillance planes routinely circle over most major cities — but usually take the weekends off.
Peter Aldhous and Charles Seife

https://www.bloomberg.com/features/2016-baltimore-secret-surveillance/
Secret Cameras Record Baltimore’s Every Move From Above
Since January, police have been testing an aerial surveillance system adapted from the surge in Iraq. And they neglected to tell the public.
Monte Reel
23 Aug 2016

September 25, 2016

Permalink

[This is the kind of comment which USG is likely to try to censor or delete]

FBI Director James Comey's demands remind me of something Mayor Richard Daley, the infamous leader of the Chicago machine, once said:

"The policeman isn't there is to create disorder. The policeman is there to preserve disorder".

Who benefits from "riots" in Charlotte? FBI, the police, the DOJ, NCTC, and the surveillance-military-industrial complex, because "civil disorder" pays their salaries, their Christmas bonuses, their stock dividends.

September 26, 2016

Permalink

It's a little conspicuous how the Tor Project recently elected a whole new board of directors, and now comments are mysteriously vanishing and not showing up at all.

September 26, 2016

Permalink

Wow, thanks for posting the comments. Really appreciated.

It seems likely in view of what we know about NSA/GCHQ intrusions and specific determined targeting of TP that the bad guys broke in and deleted them. Just one more thing to insert somewhere into the ever growing prioritized list of things TP needs to try to fix when you can find the time.

We'll see how long comments critical of USG TLAs stay visible...

Well, I thought it likely the comments would come back as I don't buy this "it was the NSA what done it" or "TP is compromised" stuff. See my post at:

   https://blog.torproject.org/blog/tor-messenger-020b2-released#comment-2….

I mean, if you think it through, such 'sabotage' is too obvious and easily overcome. Many posts were archived by archive.org, for example.

Most of my other comments have returned and made it though since. I know several have not made it past moderation, but I think it's all more likely because moderating the comments is a real drag. I've noticed the older the blog I'm commenting on the less likely my post makes it through, so maybe someone doesn't check for comments on old blogs.

> I mean, if you think it through, such 'sabotage' is too obvious

Until further leaks reveal more about how the bad guys operate (and sometimes, how they mess up), we will not know for sure.

One place where we may differ is that I am probably less willing than you are to assume that everything every NSA/TAO operator (or other government operator) does is well thought out and intelligent. Put another way, I think that while not generally stupid, they are often stressed and frustrated and consequently not infrequently behave not only badly but also foolishly.

> and easily overcome

The deleted posts have apparently not been recovered.

I was inaccurate! Some deleted posts were restored in "Tor Messenger 0.2.0b2 is released" (https://blog.torproject.org/blog/tor-messenger-020b2-released), but only in that blog, and the rest are still missing. All my hard work ... :(

It's quite hard to spot new posts in older blogs if you don't go looking for them.

... while not generally stupid, they are often stressed and frustrated and consequently not infrequently behave not only badly but also foolishly.

Mmm, maybe. I recall the GCHQ fresh recruit testimonials, and got a feeling of 21 year olds wet behind the ears, so even that. In any case, I'd rather you continued following your conscience, because I might be wrong! Differing attitudes stop the groupthink growing.

September 26, 2016

Permalink

“We’re in the midst right now of one of the biggest battles in the privacy world that we have faced,” said Rep Farenthold. “Because of the horrendous terrorist attacks we’ve witnessed, there’s a willingness to give up some of our freedoms and privacy in order to feel safe. That’s completely understandable, but if we keep down this path, we’re going to wake up in a few years in George Orwell’s ‘1984.’ This is why, as we fight for security, the intrusion on privacy necessary to fight the war on terror needs to be narrowly tailored and aggressively overseen.”

http://poe.house.gov/2016/5/reps-poe-conyers-lead-bipartisan-house-coal…

Plus one. I hope TP will seek to engage the bipartisan privacy caucus in the US Congress.

We actually have some real opportunities to win some points, I think. By no means is it true that FBI is invincible--- Comey has gotten everything he demands (save backdoors) so far, but it appears the second half of his term will completely reverse the odds. In the first half of his term, Comey has been the Second Coming of J. Edgar Hoover, but in the second half, he is likely to look much more like the Second Coming of Louis Freeh.

September 29, 2016

Permalink

"And since the FBI works for the Department of Justice, and the Department of Justice works for the White House, Rule 41 gives new surveillance power to the Administrative branch of US government."

Not to nitpick, but "the Administrative branch of the US government" is not one of the branches of government you'll learn about in middle school civics class and I'm pretty sure is not what the author intended.

October 02, 2016

Permalink

https://motherboard.vice.com/read/shadow-brokers-whine-that-nobody-is-b…

> “TheShadowBrokers … is thinking peoples is having more balls, is taking bigger risks for to make advantage over adversaries,” the group adds. “Equation Group is pwning you everyday, because you are giant fucking pussies.”

Calm down, open source it, heaven will reward you.

Even better, e-draft Snowden (hack the US presidential election so that write-in candidate Edward Snowden wins).

October 04, 2016

Permalink

You think you live in a free country and are always spouting about the land of freedom but from the outside it looks more and more like you live in a cold war communist country when it comes to government control of the people. They only difference is they appear to let you have material goods to keep you happy. Your rights (and also to a slight lesser degree ours in the UK) are slowly being eroded away , all in the name of terrorism! Governments always prosper when they can keep their people scared.

The universal enemy of all mankind, NSA, monitors the Senate website, ostensibly to prevent such potential embarrassments as ISIL (hypothetically) breaking in and replacing a web page with anti-USA propaganda.

I frequently see messages like the one you quoted (as well as CAPTCHAs) and usually assume that NSA "monitoring" servers sometimes take the idiots path by simply blocking any connection which comes from a Tor exit node, particularly when a Tor user is trying to execute a search or have some other interaction beyond simply viewing a web page.

October 07, 2016

Permalink

[This is the kind of post which USG is likely to try to censor or delete]

The Yahoo scandal appears to be highly relevant to the issue of USG-mandated cyberwar against ordinary citizens all over the world:

https://motherboard.vice.com/read/yahoo-government-email-scanner-was-ac…
Yahoo’s Government Email Scanner Was Actually a Secret Hacking Tool
Lorenzo Franceschi-Bicchierai
7 Oct 2016

> The spy tool that the US government ordered Yahoo to install on its systems last year at the behest of the NSA or the FBI was a “poorly designed” and “buggy” piece of malware, according to two sources closely familiar with the matter.
>
> Last year, the US government served Yahoo with a secret order, asking the company to search within its users’ emails for some targeted information, as first reported by Reuters this week. It’s still unclear what was the information sought, but The New York Times, citing an anonymous official source, later reported that the government was looking for a specific digital “signature” of a “communications method used by a state-sponsored, foreign terrorist organization.”
>
> Anonymous sources told The Times that the tool was nothing more than a modified version of Yahoo’s existing scanning system, which searches all email for malware, spam and images of child pornography. But two sources familiar with the matter told Motherboard that this description is wrong, and that the tool was actually more like a “rootkit,” a powerful type of malware that lives deep inside an infected system and gives hackers essentially unfettered access.

Numerous previous stories, including one using JA's analysis of another item of NSA malware leaked by a post-Snowden source, have stated that NSA malware tends to be written rapidly, poorly tested, and to be buggy and to behave unpredictably when deployed in the real world.

The Yahoo/USG Cyberwar on US scandal will have serious consequences for the millions of US companies which do business in Europe and need to transfer information back and forth (for example, payroll for their own employees):

https://www.techdirt.com
Yahoo Email Scanning May Sink EU Privacy Shield Agreement
from the nsa-fucking-things-up-again dept

> After the US/EU "safe harbor" on data protection was tossed out thanks to NSA spying being incompatible with EU rights, everyone had tried to patch things up with the so-called "Privacy Shield." As we noted at the time, as long as the NSA's mass surveillance remained in place, the Privacy Shield agreement would fail as well. This wasn't that difficult to predict.
>
> And there are already some challenges to the Privacy Shield underway, including by Max Schrems, who brought the original challenge that invalidated the old safe harbor. But things may have accelerated a bit this week with the story of Yahoo scanning all emails. This news has woken up a bunch of EU politicians and data protection officials, leading to some serious questions about whether it violates the Privacy Shield agreement.

There is much more detailed information in other posts in this blog, but two very important improvements are:

o work towards memory address layout randomization

o work towards sandboxing Tor Browser

Browsers are huge complicated programs, so eliminating all such is an almost hopeless task, but sandboxing and memory address layout randomization should make it much harder for the bad guys to exploit any overlooked software vulnerabilities in Tor Browser.

Tails already implements some sandboxing and memory address layout randomization, I believe, which may imply that Tails users may better resist a possible attempt by FBI, come 1 Dec 2016 when the changes to Rule 41 will come into effect, to attack all Tor users with malware. Better than users who are using the plain vanilla Tor Browser running under their usual OS, I mean.

Tails is requesting donations to fund their 2017 work; see tails.boum.org

I have no financial relationship with Tails other than as a user and occasional donor. I rely on Tails and I hope others will consider making a donation.

November 06, 2016

Permalink

dONe leaving messages for senators and congressmen. What a waste of effort I'm sure. Fuck the government!

November 16, 2016

Permalink

Thank you, Tor, for all that you do, including coaching us on the Stop Mass Hacking Act (S. 2952, H.R. 5321).

I called both of my Senators and my Representative as well.

I also called to thank Sen. Wyden for his leadership on this matter. The guy who answered the phone in Sen. Wyden's office said this issue is near and dear to the Senator's heart <3

November 17, 2016

Permalink

Can we please have an update on the fight to persuade the US congress to block the changes to Rule 41? We are almost out of time, but there may still be an opportunity to exploit the general horror in the Congress (even among Republicans) at the political abuses by FBI in the recent election.