The FBI's Quiet Plan to Begin Mass Hacking
Senator Ron Wyden delivered a speech on the floor of the Senate on Thursday calling for passage of a bill that would annul new rules for judges. These rules will give the FBI authority to hack millions of people's computers with a single search warrant, regardless of where the device is located.
The Stop Mass Hacking Act (S. 2952, H.R. 5321), which has bipartisan support, is composed of a single sentence:
"To prevent the proposed amendments to rule 41 of the Federal Rules of Criminal Procedure from taking effect."
Wyden's bill attempts to stop the upcoming changes to Rule 41, set to take effect in less than 90 days.
The changes to Rule 41 would allow judges to grant warrants to search and seize electronic media located outside of their home districts when the location of the information is “concealed through technological means."
For instance, when a person is using Tor.
The broad search warrants allowable under these new rules will apply to people using Tor in any country—even if they are journalists, members of a legislature, or human rights activists. The FBI will be permitted to hack into a person’s computer or phone remotely and to search through and remove their data. The FBI will be able to introduce malware into computers. It will create vulnerabilities that will leave users exposed.
To quote a tweet from Daniel Shuman of the NGO Demand Progress, "Even if you like mass FBI hacking, shouldn't the Senate hold a hearing first before it automatically becomes law?"
We are at a critical point in the United States regarding surveillance law. Some public officials, like those at the US Department of Justice (the FBI is a department of DOJ), understand very well how surveillance technology works and the implications of the Rule 41 changes. But the judges who must approve these warrants under the new rules vary widely in their technical expertise and understanding of how these decisions affect the larger Constitutional issues of search and seizure. Rule 41 will allow savvy law enforcement officials to seek those judges who don't yet understand the tech.
Similarly, there are many members of Congress who don't yet understand either the technology or its impact on democratic institutions and values. Some understand that Tor and encryption are currently used by politicians, judges, and even the FBI to keep their communications private--but others do not. Some—but not all—know that privacy tools like Tor can help enforce the separation of powers by preventing one branch of government from spying on another. Some know that a back door for one good guy is eventually a back door for multiple bad guys. Many others do not.
So some US officials can take advantage of this ignorance in order to expand their power. And since the FBI works for the Department of Justice, and the Department of Justice works for the White House, Rule 41 gives new surveillance power to the Administrative branch of US government. New power over millions of people--that Congress never discussed or approved.
Why go through Congress, the reasoning goes, and risk public exposure, debate, and possible defeat, when law enforcement can tweak a rulebook and get the same new hacking power?
If you care about FBI mass hacking, urge Congress to pass the Stop Mass Hacking bill on social media with the hashtag #SMHAct (one of the better legislative hashtags).
If you are an American citizen, there is much more you can do. Here is a seemingly minor thing--but one that can have great impact. Call and leave a message with the Washington, DC, office of the US Senator from your state. Senators actually count these calls, and they influence their decisions--Perhaps they don't want to be voted out of office by the constituents they ignored.
Here is a list of Senators' phone numbers (calling is much more effective than email for this purpose): http://www.senate.gov/general/contact_information/senators_cfm.cfm?Orde…
Your call or voicemail can be very simple:
"My name is _____, I am Senator ____'s constituent in the state of ___, and I support the "Stop Mass Hacking Act." I ask Senator _____ to support The Stop Mass Hacking Act also and that it be considered during this work period. Thank you.”
You can also leave a thank you message with Senator Wyden's office--This gives Wyden more ballast to encourage his colleagues to support the bill).
If you make those calls or leave voicemails and you're on Twitter, tweet that you called your Senator using their Twitter handle and the #SMHAct hashtag. This amplifies the power of the phone call.
The Stop Mass Hacking Act has bipartisan support. Senator Steve Daines (R-Montana), along with Senator Rand Paul (R-Kentucky) Senators Tammy Baldwin (D-Wisconsin) and Jon Tester (D-Montana) are original co-sponsors of the Senate bill.
People listen to the Tor community on issues of anonymity technology. But the threat to anonymity can be just as destructive when it comes because of a small rule change--a bureaucratic sleight of hand---as when it comes through a attack on our software by a state intelligence agency. As Tor users, our threat model includes both, so our response as a community must also include both.
UPDATE: Phoning is by far most important. Then you can tweet to your Senator.
The Twitter accounts for US Senators are here: http://www.socialseer.com/resources/us-senator-twitter-accounts/ #SMHAct
-----
H.R.5321: https://www.congress.gov/bill/114th-congress/house-bill/5321
S.2952: https://www.congress.gov/bill/114th-congress/senate-bill/2952
[This is the kind of post
[This is the kind of post which governments are likely to try to censor or delete]
Regarding this tor-talk message about state-sponsored attacks on Tor users:
https://lists.torproject.org/pipermail/tor-talk/2016-September/042265.h…
1. How does one "run TB from a sandbox"?
2. How to efficiently remove the suspect root certs from TB store?
3. Does the poster's advice apply to Tails booted from R/O DVD?
Did you notice that no one
Did you notice that no one ever bothered replying to that rather pointless e-mail? It cites the post by @movrcx, and I replied (at length) to that in my comment at:
https://blog.torproject.org/blog/tor-browser-605-released#comment-208877
explaining why the claims of exposure were overegged, and didn't actually apply to Tails 2.5.
To answer your questions:
1. How does one "run TB from a sandbox"?
Apart from DIY? You could:
a) try QubesOS (it uses Xen), which allows you to set up VMs;
b) use Tails, which uses AppArmor for application isolation of Tor Browser. See:
https://tails.boum.org/contribute/design/application_isolation/#index1h2).
2. How to efficiently remove the suspect root certs from TB store?
This is pointless.
Even though Firefox will let you delete or distrust each root certificate, you still have to recognise it, and how would you?
In any case, the attack did not work because @movrcx managed to generate a fake root certificate. Note that @movrcx re-compiled Firefox after incorporating his fake root certificate into his own source code on his own system. He thought that was the cause of the attack, but it was not. The 'bug' in Firefox that allowed the attack to work was that if certificate pinning was used (which Tor Browser did), Firefox was failing to reject unpinned certificates. @movrcx did not understand this, which is why he became disregarded again.
3. Does the poster's advice apply to Tails booted from R/O DVD?
It is as inapplicable to Tails 2.5 and Tails 2.6 booted from DVD±R as it would be from DVD±RW or USB stick. The Tails team reconfigured TBB to not auto-update extensions: @movrcx's attack would not have worked on Tails 2.5. It's still the case for Tails 2.6, with no sign of them changing this.
This is helpful (and
This is helpful (and reassuring since I use Tails almost exclusively). Thank you for taking the time.
To repeat a previous request: it would be wonderful if Nick M, Matthew G, Bruce S, Micah L type Tor associates could author a series reviewing what we currently know about state-sponsored attacks on Tor network, and how we guess FBI's attacks starting 1 Dec 2016 might work. (They are attacking us indiscriminately already, but starting 1 Dec that will apparently be "legal" according to US courts, but certainly not according to the US Constitution.) In particular, what we know about MITMs and governments subverting CAs to obtain fraudulent certs for high value domains such as google.com or torproject.org.
Example of question I would like to see answered: many websites I visit seem to use startssl certs, and these seem to be issued by a subsidiary of WoSign, the rogue CA which Mozilla (thank you Mozilla) is about to remove from the Firefox root cert cache. How worried should I be about that? Am I seeing more WoSign certs than I should, and does that suggest MITM?
I am sure the people I nominated are overwhelmed with work. We users are also overwhelmed, with incomplete information we must try to assess to protect ourselves, our colleagues, our friends and families.
Thanks for replying! I'm
Thanks for replying! I'm finally glad one of my blathering comments actually helped someone!
The point of my posts like that is not to debunk any and all conspiracy theory stuff, but to put to sleep things that we can be more sure of as not something we need to worry about. Then we can concentrate on wheat, not chaff.
[This is the kind of comment
[This is the kind of comment which US/RU governments are likely to try to censor or delete]
One powerful argument against encouraging US agencies from random attacks on Tor users is that "NOBUS" [sic] malware becomes available to other actors, as illustrated by the NSA Equation Group leaked malware being published by DC Leaks.
Here is an important post from EFF on how NSA Equation Group helps RU attack US citizens, even *before* Prepresident Trump takes office:
https://www.eff.org/deeplinks/2016/09/nsas-failure-report-shadow-broker…
NSA’s Failure to Report Shadow Broker Vulnerabilities Underscores Need for Oversight
Bill Budington and Andrew Crocker
23 Sep 2016
> But the NSA’s overconfidence should disturb us, as security researcher Nicholas Weaver points out. The “sensors” mentioned by Reuters are likely a non-technical reference to monitoring of the Internet backbone by the NSA under such authorities as Section 702 and Executive Order 12333, which could act as a form of Network Intrusion Detection System (NIDS). (The Department of Homeland Security also operates an NIDS called Einstein specifically to monitor government networks.) But Weaver explains that at least some of the exploits, including those that affected Cisco and Fortinet products, appear not to lend themselves to detection by outside monitoring since they operate within a target’s internal network. In other words, the NSA’s confidence that its surveillance tools weren’t being used by other actors might have been seriously misplaced.
[This is the kind of comment
[This is the kind of comment which USG is likely to try to censor or delete]
More FBI illegality:
http://www.msn.com/en-us/news/us/fbi-behind-mysterious-surveillance-air…
FBI behind mysterious surveillance aircraft over US cities
Jack Gillum, Eileen Sullivan, and Eric Tucker
2 Jun 2015
https://www.buzzfeed.com/peteraldhous/spies-in-the-skies
America is being watched from above. Government surveillance planes routinely circle over most major cities — but usually take the weekends off.
Peter Aldhous and Charles Seife
https://www.bloomberg.com/features/2016-baltimore-secret-surveillance/
Secret Cameras Record Baltimore’s Every Move From Above
Since January, police have been testing an aerial surveillance system adapted from the surge in Iraq. And they neglected to tell the public.
Monte Reel
23 Aug 2016
[This is the kind of comment
[This is the kind of comment which USG is likely to try to censor or delete]
FBI Director James Comey's demands remind me of something Mayor Richard Daley, the infamous leader of the Chicago machine, once said:
"The policeman isn't there is to create disorder. The policeman is there to preserve disorder".
Who benefits from "riots" in Charlotte? FBI, the police, the DOJ, NCTC, and the surveillance-military-industrial complex, because "civil disorder" pays their salaries, their Christmas bonuses, their stock dividends.
It's a little conspicuous
It's a little conspicuous how the Tor Project recently elected a whole new board of directors, and now comments are mysteriously vanishing and not showing up at all.
Surely the co-incidence in
Surely the co-incidence in timing with Uranus passing in front of Aries the Ram right now is even more astonishing?
Wow, thanks for posting the
Wow, thanks for posting the comments. Really appreciated.
It seems likely in view of what we know about NSA/GCHQ intrusions and specific determined targeting of TP that the bad guys broke in and deleted them. Just one more thing to insert somewhere into the ever growing prioritized list of things TP needs to try to fix when you can find the time.
We'll see how long comments critical of USG TLAs stay visible...
Well, I thought it likely
Well, I thought it likely the comments would come back as I don't buy this "it was the NSA what done it" or "TP is compromised" stuff. See my post at:
https://blog.torproject.org/blog/tor-messenger-020b2-released#comment-2….
I mean, if you think it through, such 'sabotage' is too obvious and easily overcome. Many posts were archived by archive.org, for example.
Most of my other comments have returned and made it though since. I know several have not made it past moderation, but I think it's all more likely because moderating the comments is a real drag. I've noticed the older the blog I'm commenting on the less likely my post makes it through, so maybe someone doesn't check for comments on old blogs.
> I mean, if you think it
> I mean, if you think it through, such 'sabotage' is too obvious
Until further leaks reveal more about how the bad guys operate (and sometimes, how they mess up), we will not know for sure.
One place where we may differ is that I am probably less willing than you are to assume that everything every NSA/TAO operator (or other government operator) does is well thought out and intelligent. Put another way, I think that while not generally stupid, they are often stressed and frustrated and consequently not infrequently behave not only badly but also foolishly.
> and easily overcome
The deleted posts have apparently not been recovered.
I was inaccurate! Some
I was inaccurate! Some deleted posts were restored in "Tor Messenger 0.2.0b2 is released" (https://blog.torproject.org/blog/tor-messenger-020b2-released), but only in that blog, and the rest are still missing. All my hard work ... :(
It's quite hard to spot new posts in older blogs if you don't go looking for them.
... while not generally stupid, they are often stressed and frustrated and consequently not infrequently behave not only badly but also foolishly.
Mmm, maybe. I recall the GCHQ fresh recruit testimonials, and got a feeling of 21 year olds wet behind the ears, so even that. In any case, I'd rather you continued following your conscience, because I might be wrong! Differing attitudes stop the groupthink growing.
“We’re in the midst
“We’re in the midst right now of one of the biggest battles in the privacy world that we have faced,” said Rep Farenthold. “Because of the horrendous terrorist attacks we’ve witnessed, there’s a willingness to give up some of our freedoms and privacy in order to feel safe. That’s completely understandable, but if we keep down this path, we’re going to wake up in a few years in George Orwell’s ‘1984.’ This is why, as we fight for security, the intrusion on privacy necessary to fight the war on terror needs to be narrowly tailored and aggressively overseen.”
http://poe.house.gov/2016/5/reps-poe-conyers-lead-bipartisan-house-coal…
Plus one. I hope TP will
Plus one. I hope TP will seek to engage the bipartisan privacy caucus in the US Congress.
We actually have some real opportunities to win some points, I think. By no means is it true that FBI is invincible--- Comey has gotten everything he demands (save backdoors) so far, but it appears the second half of his term will completely reverse the odds. In the first half of his term, Comey has been the Second Coming of J. Edgar Hoover, but in the second half, he is likely to look much more like the Second Coming of Louis Freeh.
"And since the FBI works for
"And since the FBI works for the Department of Justice, and the Department of Justice works for the White House, Rule 41 gives new surveillance power to the Administrative branch of US government."
Not to nitpick, but "the Administrative branch of the US government" is not one of the branches of government you'll learn about in middle school civics class and I'm pretty sure is not what the author intended.
https://motherboard.vice.com/
https://motherboard.vice.com/read/shadow-brokers-whine-that-nobody-is-b…
> “TheShadowBrokers … is thinking peoples is having more balls, is taking bigger risks for to make advantage over adversaries,” the group adds. “Equation Group is pwning you everyday, because you are giant fucking pussies.”
Calm down, open source it, heaven will reward you.
Even better, e-draft Snowden (hack the US presidential election so that write-in candidate Edward Snowden wins).
You think you live in a free
You think you live in a free country and are always spouting about the land of freedom but from the outside it looks more and more like you live in a cold war communist country when it comes to government control of the people. They only difference is they appear to let you have material goods to keep you happy. Your rights (and also to a slight lesser degree ours in the UK) are slowly being eroded away , all in the name of terrorism! Governments always prosper when they can keep their people scared.
I am unable to access
I am unable to access http://www.senate.gov/general/contact_information/senators_cfm.cfm?Orde…. I receive an "Access Denied" message:
"Access Denied
"You don't have permission to access "http://serve-403-www.senate.gov/general/contact_information/senators_cf…?" on this server.
"Reference #18.1059f180.1475780687.1d801da "
This URL appears in the original message. I am running GNU/Linux TOR. Any ideas?
Paul
The universal enemy of all
The universal enemy of all mankind, NSA, monitors the Senate website, ostensibly to prevent such potential embarrassments as ISIL (hypothetically) breaking in and replacing a web page with anti-USA propaganda.
I frequently see messages like the one you quoted (as well as CAPTCHAs) and usually assume that NSA "monitoring" servers sometimes take the idiots path by simply blocking any connection which comes from a Tor exit node, particularly when a Tor user is trying to execute a search or have some other interaction beyond simply viewing a web page.
[This is the kind of post
[This is the kind of post which USG is likely to try to censor or delete]
The Yahoo scandal appears to be highly relevant to the issue of USG-mandated cyberwar against ordinary citizens all over the world:
https://motherboard.vice.com/read/yahoo-government-email-scanner-was-ac…
Yahoo’s Government Email Scanner Was Actually a Secret Hacking Tool
Lorenzo Franceschi-Bicchierai
7 Oct 2016
> The spy tool that the US government ordered Yahoo to install on its systems last year at the behest of the NSA or the FBI was a “poorly designed” and “buggy” piece of malware, according to two sources closely familiar with the matter.
>
> Last year, the US government served Yahoo with a secret order, asking the company to search within its users’ emails for some targeted information, as first reported by Reuters this week. It’s still unclear what was the information sought, but The New York Times, citing an anonymous official source, later reported that the government was looking for a specific digital “signature” of a “communications method used by a state-sponsored, foreign terrorist organization.”
>
> Anonymous sources told The Times that the tool was nothing more than a modified version of Yahoo’s existing scanning system, which searches all email for malware, spam and images of child pornography. But two sources familiar with the matter told Motherboard that this description is wrong, and that the tool was actually more like a “rootkit,” a powerful type of malware that lives deep inside an infected system and gives hackers essentially unfettered access.
Numerous previous stories, including one using JA's analysis of another item of NSA malware leaked by a post-Snowden source, have stated that NSA malware tends to be written rapidly, poorly tested, and to be buggy and to behave unpredictably when deployed in the real world.
The Yahoo/USG Cyberwar on US scandal will have serious consequences for the millions of US companies which do business in Europe and need to transfer information back and forth (for example, payroll for their own employees):
https://www.techdirt.com
Yahoo Email Scanning May Sink EU Privacy Shield Agreement
from the nsa-fucking-things-up-again dept
> After the US/EU "safe harbor" on data protection was tossed out thanks to NSA spying being incompatible with EU rights, everyone had tried to patch things up with the so-called "Privacy Shield." As we noted at the time, as long as the NSA's mass surveillance remained in place, the Privacy Shield agreement would fail as well. This wasn't that difficult to predict.
>
> And there are already some challenges to the Privacy Shield underway, including by Max Schrems, who brought the original challenge that invalidated the old safe harbor. But things may have accelerated a bit this week with the story of Yahoo scanning all emails. This news has woken up a bunch of EU politicians and data protection officials, leading to some serious questions about whether it violates the Privacy Shield agreement.
How, exactly, is Torbrowser
How, exactly, is Torbrowser being modded to protect us?
There is much more detailed
There is much more detailed information in other posts in this blog, but two very important improvements are:
o work towards memory address layout randomization
o work towards sandboxing Tor Browser
Browsers are huge complicated programs, so eliminating all such is an almost hopeless task, but sandboxing and memory address layout randomization should make it much harder for the bad guys to exploit any overlooked software vulnerabilities in Tor Browser.
Tails already implements some sandboxing and memory address layout randomization, I believe, which may imply that Tails users may better resist a possible attempt by FBI, come 1 Dec 2016 when the changes to Rule 41 will come into effect, to attack all Tor users with malware. Better than users who are using the plain vanilla Tor Browser running under their usual OS, I mean.
Tails is requesting
Tails is requesting donations to fund their 2017 work; see tails.boum.org
I have no financial relationship with Tails other than as a user and occasional donor. I rely on Tails and I hope others will consider making a donation.
dONe leaving messages for
dONe leaving messages for senators and congressmen. What a waste of effort I'm sure. Fuck the government!
Thank you, Tor, for all that
Thank you, Tor, for all that you do, including coaching us on the Stop Mass Hacking Act (S. 2952, H.R. 5321).
I called both of my Senators and my Representative as well.
I also called to thank Sen. Wyden for his leadership on this matter. The guy who answered the phone in Sen. Wyden's office said this issue is near and dear to the Senator's heart <3
Can we please have an update
Can we please have an update on the fight to persuade the US congress to block the changes to Rule 41? We are almost out of time, but there may still be an opportunity to exploit the general horror in the Congress (even among Republicans) at the political abuses by FBI in the recent election.