Espionage Files: Brit Spies Used URL Shortener to Honeypot Arab Spring Dissidents

Brit1

A shadowy unit of the British intelligence agency GCHQ tried to influence online activists during the 2009 Iranian presidential election protests and the 2011 democratic uprisings largely known as the Arab Spring, as new evidence gathered from documents leaked by Edward Snowden shows.

The GCHQ’s special unit, known as the Joint Threat Research Intelligence Group or JTRIG, was first revealed in 2014, when leaked top secret documents showed it tried to infiltrate and manipulate—using “dirty trick” tactics such as honeypots—online communities including those of Anonymous hacktivists, among others.

The group’s tactics against hacktivists have been previously reported, but its influence campaign in the Middle East has never been reported before. I was able to uncover it because I was myself targeted in the past, and was aware of a key detail, a URL shortening service, that was actually redacted in Snowden documents published in 2014.

THE HONEYPOT

A now-defunct free URL shortening service—lurl.me—was set up by GCHQ that enabled social media signals intelligence. Lurl.me was used on Twitter and other social media platforms for the dissemination of pro-revolution messages in the Middle East.

These messages were intended to attract people who were protesting against their government in order to manipulate them and collect intelligence that would help the agency further its aims around the world. The URL shortener made it easy to track them.

Read the Remainder at Motherboard

Warrior Tech: Bulletproof Headscarf

BK

Beirut fire sergeant Wissam Bleik was killed by a stray bullet during the Beirut municipal elections in May. He was a victim of celebratory gunfire, which usually follows political speeches in Lebanon.

Lebanese authorities are struggling to battle this dangerous ritual, which often happens at weddings, funerals and elections. Advocacy groups like Cheyef 7alak have been creating videos to show the dangers of firing stray bullets, but the crime continues.

One Beirut designer Salim Kadi has come up with a solution—the world’s first bulletproof headscarf which he recently unveiled at Beirut Design Week.

“Historically, the keffiyeh was worn to protect one from the environment, but violence is our new environment,” said Kadi.

“I thought it was necessary to re-imagine what a contemporary keffiyeh would be.”

The K29 Keffiyeh 001 is a 120 by 120 cm headscarf embroidered with Kevlar, a strong plastic which is typically used for bulletproof vests, boats and airplanes.

Kevlar is not easily transported between countries, as it is illegal to import body armor without prior authorization from border protection and sometimes requires a license issued by the government. It is illegal to export Kevlar from the US. There is a10% sales tax and a duty rate of 5%to get Kevlar into Lebanon.

Kadi smuggled it into Lebanon. He then gave it to Dalida Faris, a seamstress in Ain al-Hilweh, a Palestinian camp on the outskirts of Saida in southern Lebanon. It took two weeks for her to make it “under very trying circumstances,” said Kadi, including little electricity.

The keffiyeh has always been a symbol of resistance; it was a national for solidarity often worn by Palestinian leader Yasser Arafat, it has been worn in the military and as a fashion statement. But none of these clichés seem to interest Kadi.

“I am interested in the images of demonstrations around the world—whether in Paris, Buenos Aires or Jerusalem—where the keffiyeh seems to operate as a symbol in a universal struggle against injustice,” he said. “In those images, those who wear it appear to me like fantastic superheroes.”

Stopping a bullet to the head would require at least nine layers of Kevlar, which is possible in the way one wraps the keffiyeh around the head.

“The Kevlar is quite stiff in comparison to cotton, but the more it is worn, the suppler it becomes,” said Kadi. “Wearing it feels like wearing a motorcycle helmet, without the extra weight.”

At first, Kadi created an umbrella-like shield made of Kevlar, but he said it was “too passive as a pun and too bourgeoisie as an object.” That led him to designing an object he could relate to symbolically. “The Kevlar and the keffiyeh is a perfect match,” he said.

Kadi designed this for his friends, family and everyone who could potentially fall victim to stray bullets caused by celebratory gunfire—he hopes to mass produce them and make them available for an affordable price, or even for free.

“Myself, last year, I was stepping out of a bar on a bright Sunday afternoon when a stray bullet landed with a loud ‘TAKH!’ on the pavement two meters away from me,” said Kadi.

“Much like many things in Lebanon, this gunfire is sadly never questioned enough and is accepted as a natural consequence of being here. Most people tend to run indoors but many times the bullets are not heard until it is too late. It often results in multiple accidental fatalities.”

Read the Original Article at Motherboard

 

 

Surveillance State: The U.S. Governments New Spy Sattelite

Spy

The second week of June 2016, the U.S. National Reconnaissance Office launched NROL-37, carrying its latest spy satellite into geosynchronous orbit via a Delta IV-Heavy rocket.

But it only took amateur space enthusiasts a few days to locate the mysterious new craft in the skies near Malaysia, over the Strait of Malacca.

While the contents and capabilities of the NROL-37 mission’s payload are classified — the satellite is innocuously labeled US-268 — its need to hitch a ride on the world’s biggest rocket strongly suggests it is the seventh member of the Mentor/Orion family, an extra-large class of signals intelligence satellites that helps provide eavesdropping capability to U.S. intelligence agencies.

Their large size also makes Mentor satellites the easiest to find and photograph. In a blog post, Dr. Marco Langbroek detailed how he and two other amateur skygazers found the Mentor-7 satellite near 104 E longitude over the course of a few days using standard photographic equipment.

You can always spot a geosynchronous satellite by taking long exposures of the sky at night and noting which “stars” aren’t moving.

In their observations, the satellite-tracking crew found that the spacecraft seems to be drifting west to its fixed geosynchronous position. Lanbroek speculates it will eventually stop near somewhere over Central Africa or Sri Lanka.

“The reason for the initial placement near 104 E is likely that in this position it is initially well placed for the Pine Gap Joint Defense Facility ground station in central Australia — one of two facilities dedicated to NRO SIGINT payloads — during the initial check-out phase,” Langbroek wrote.

Previous NRO launches have carried many other spy satellites, including NROL-39, which became infamous in 2013 for the ominous imagery on its mission patch — an octopus strangling the world above the phrase “Nothing Is Beyond Our Reach.”

NROL-37 also has somewhat-eerie branding, sporting a black-garbed knightwith an eagle-claw sword hilt which, according to the NRO, is meant to represent “extreme reach with global coverage.”

Read the Original Article at Motherboard

Cold War Files: Cold War Boardgame ‘Twilight Struggle’ Now Available Online

CW1

The Best Board Game Ever Is a Chilling Re-imagining of the Cold War

‘Twilight Struggle’ is finally available online

Of all the modern board games that constitute the current golden age of tabletop gaming — your Settlers of Catans, your Ticket to Rides, your Pandemics — one looms larger than all the others, like a mythical icon made of dice and cardboard.

That game is Twilight Struggle, a behemoth of a board game famous for its epic rulebook, length and depth of strategy. And this week, it’s being given a new, digital life with a release for P.C. and Mac via Steam.

Twilight Struggle, first published in 2005, is a two-player game that pits the United States and the Soviet Union against each other in a re-imagining of the Cold War. Players jockey for control of countries around the world, scoring points based on how much territory they’ve accumulated through influence and coups.

Its unique strategic element involves playing cards derived from real-life capitalists versus Commies events — say, Reagan’s “tear down this wall” speech or the Cuban Revolution — and reshaping the game world based on how well one side can mitigate the other’s actions.

That description doesn’t nearly do justice to this incredibly complex, award-winning game, where one must imagine and prepare for dozens of potential moves every turn.

And just like in the actual Cold War, it usually embroils a player in crisis, paranoia and threats of starting nuclear Armageddon. That fact kept it at thevaunted top slot on BoardGameGeek.com’s ranking of more than 80,000 games for five years, until it was usurped by newcomer Pandemic Legacyearlier this year.

For my money, Twilight Struggle looks poised to retake that top spot afterPandemic Legacy’s honeymoon phase is over. Pandemic, however, is also an incredible great game.

Translating such an intricate game to computers isn’t easy. Its print publisher, GMT Games, tried once before and ended up canceling the project in 2014 “after a long and challenging development process.” This version, developed by Playdek, came about via a Kickstarter that launched in June 2014. Less than a month later, the campaign raised $391,047, dwarfing its $50,000 goal.

The digital version is faithful to the tabletop original, with a sleek user interface and transitions between turns. It will also solve one of the game’s biggest problems — finding someone to play with. It’s not simple to convince a friend to read a couple dozen pages of rules and strategy, and even less so to sit them down for a game that could easily last six hours.

It’s a challenge one might encounter even among like-minded gamers at a brick-and-mortar store’s tabletop night, given the length. An online multiplayer component is just what struggling Strugglers could use.

So far, the community has praised the easy-to-adapt-to interface as well as cosmetic additions like the mood-setting Cold War sound effects and audio clips Playdek has integrated into the game. However, a consistent critique so far is that the A.I. opponent in single-player is buggy and slow, so expect playtime to last quite a while until that’s fixed.

Playdek says that post-release, it’ll work on developing the A.I. system, and it has also promised a mobile release on iOS and Android, “with other platforms to follow after.”

As they say, the Cold War never really ended.

This story originally appeared at Motherboard.

Read the Original Article at War is Boring

Cyber-News: FBI Is Pushing Back Against Judge’s Order to reveal TOR Browser Exploit

TOR

Last month, the FBI was ordered to reveal the full malware code used to hack visitors of a dark web child pornography site. The judge behind that decision, Robert J. Bryan,said it was a “fair question” to ask how exactly the FBI caught the defendant.

But the agency is pushing back. On Monday, lawyers for the Department of Justice filed a sealed motion asking the judge to reconsider, and also provided a public declaration from an FBI agent involved in the investigation.

In short, the FBI agent says that revealing the exploit used to bypass the protections offered by the Tor Browser is not necessary for the defense and their case. The defense, in previous filings, has said they want to determine whether the network investigative technique (NIT)—the FBI’s term for a hacking tool—carried out additional functions beyond those authorised in the warrant.

DoJ attorneys have also asked to submit a filing ex parte and in camera, meaning that only the judge would be presented with evidence under the motion.

“Tsyrklevich claims that he requires access to the government’s ‘exploit’ to determine if the government ‘executed additional functions outside the scope of the NIT warrant,’” Special Agent Daniel Alfin writes. He is referring to Vlad Tsyrklevich, a malware expert held by the defense to analyse the NIT. In January, the defense did receive some of the NIT code, but not sections that would ensure that the identifier issued to the suspect’s NIT-infection was unique, and the exploit used to break into the computer.

This specific case concerns Jay Michaud, a public school administration worker from Vancouver, Washington, who was arrested in July 2015. In February 2015, the FBI seized a dark web child pornography site and ran it from their own servers for 13 days. During this time, the agency deployed a NIT against people who visited specific, child pornography threads, which grabbed their real IP address, among other technical details.

“Knowing how someone unlocked the front door provides no information about what that person did after entering the house.”

Tsyrklevich has written a declaration after analysing the parts of the NIT that have been disclosed, but the full text of that document remains under seal.

“He is wrong,” Alfin continues. “Discovery of the “exploit” would do nothing to help him determine if the government exceeded the scope of the warrant because it would explain how the NIT was deployed to Michaud’s computer, not what it did once deployed.”

Here, Alfin starts an analogy for software vulnerabilities: that of a flaw in a lock.

“In layman’s terms, an ‘exploit’ could be thought of as a defect in a lock that would allow someone with the proper tool to unlock it without possessing the key,” he writes.

“Knowing how someone unlocked the front door provides no information about what that person did after entering the house. Determining whether the government exceeded the scope of the warrant thus requires an analysis of the NIT instructions delivered to Michaud’s computer, not the method by which they were delivered.”

Alfin also claims that the identifiers attached to each NIT-infection, another point of contention for Tsyrklevich, are indeed unique.

“I have reviewed the list of unique identifiers generated during the operation and confirmed that there were in fact no duplicate identifiers generated,” Alfin adds.

NIT code has been disclosed in the past. In a 2012 case, the government provided details of its technique which turned out to involve the hacking-toolkit Metasploit. The FBI used a Flash applet to make a direct connection over the internet, instead of routing the targets’ traffic through Tor.

Peter Carr, a spokesperson for the Department of Justice, told Motherboard in an email “We’ll decline to comment beyond our public filings.”

Read the Original Article at Motherboard