Privacy Digest

Breakdown in security led to compromise of SSNs - Via PogoWasRIght - Privacy News Headlines:

Promotion selection lists containing the names and Social Security numbers of more than 50,000 active-component noncommissioned officers were compromised earlier this year and in 2005, according to officials familiar with an ongoing Army investigation.

The 2008 sergeant first class list that was compiled by a board that met in February initially was the subject of the probe. The public version of that 8,620-name list was released by Human Resources Command March 20.  read more »

Air Force Halts Cyber Command Program - Via Threat Level:

After months touting its intention to be the front line for defending cyberspace, the Air Force has suspended plans to establish its much hyped Cyber Command program, according to Nextgov.

The program is being halted until new senior Air Force leaders have time to review it and determine a focus and direction.

The Cyber Command was courted by governors in several states who all wanted the command's headquarters based in their jurisdiction in order to benefit from federal investments and jobs that a command center would bring. But from the beginning, the program had been marred by a vague mission definition "to defend cyberspace" and a lack of focus. A defense expert told Wired writer Marty Graham earlier this year that the program was full of "gee-whiz flackery."  read more »

Air Force cracks software, carpet bombs DMCA - Via Ars Technica :

Last week, a US Court of Appeals upheld a ruling on software piracy. The organization doing the piracy, however, happened to be a branch of the US government, and the decision highlights the significant limits to the application of copyright law to the government charged with enforcing it. Most significantly, perhaps, the court found that because the DMCA is written in a way that targets individual infringers, the government cannot be liable for claims made under the statute.

[...]

Although Davenport did his development on a personal system at home, he began to bring beta versions of his code in for testing, and eventually started distributing his improved system within his unit, giving the software a timed expiration. A demonstration to higher-ups led to a recommendation for his immediate promotion, but that was followed by demands that the code for his software be turned over to the USAF.  read more »

British UFO Hacker Gary McKinnon Is Coming to America - Via Threat Level:

Threat Level extends its warmest welcome to hacker Gary McKinnon, who just lost his extradition appeal to the U.K.'s highest court and will soon be pressing his search for extraterrestrial life from the confines of a U.S. detention facility.

Federal prosecutors in New Jersey and Virginia have been trying to extradite the 42-year-old Londoner for six years to put him on trial for penetrating over 90 unclassified Pentagon systems in 2001 and 2002 -- and allegedly crashing some of them.  In interviews, McKinnon has admitted the hacking spree (though not the damage), which he says was a search for evidence of a military UFO coverup.

Apparently he was stoned through a lot of it, which explains why most of the intrusions were into Army computers, when everyone knows the Air Force is hiding the UFOs.  read more »

Slashdot | Wikileaks Gets Hold of Counterinsurgency Manual - Via Slashdot:

HeavensBlade23 writes in to let us know that Wikileaks has published a US Special Forces counterinsurgency manual, titled Foreign Internal Defense Tactics Techniques and Procedures for Special Forces (1994, 2004).
"The document, which has been verified, is official US Special Forces doctrine. It directly advocates training paramilitaries, pervasive surveillance, censorship, press control and restrictions on labor unions & political parties. It directly advocates warrantless searches, detainment without charge and the suspension of habeas corpus. It directly advocates bribery, employing terrorists, false flag operations and concealing human rights abuses from journalists. And it directly advocates the extensive use of 'psychological operations' (propaganda) to make these and other 'population & resource control' measures more palatable."

(Read Original Article - Via Slashdot .)

Pentagon Wants Kill Switch for Planes - Via Danger Room from Wired.com :

The Pentagon's non-lethal weapons division is looking for technologies that could "disable" aircraft, before they can take off from a runway -- or block the planes from flying over a given city of stretch of land.

In a request for proposals, issued earlier this week, the Joint Non-Lethal Weapons Directorate announced that it would like arms-makers to come up with a way to "safely divert an aircraft in the air or stop and/or disable an aircraft on the ground." And no, shooting the thing with a missile doesn't count. The Directorate wants "reversible effects which allow the targeted aircraft to be quickly returned to an operational condition with minimal time to repair."  read more »

Justice Dept. Memo Outlined Legal Justification for Harsh Interrogation - Via NewsHour with Jim Lehrer Podcast | PBS:

The Pentagon Tuesday disclosed a 2003 memo, since rescinded, that outlined the justifications for using harsh interrogation techniques against terror suspects and said President Bush's wartime authority trumps any ban on torture. A reporter explains the memo.

(Read Original Article - Via NewsHour with Jim Lehrer Podcast | PBS.)

Air Force Aims for 'Full Control' of 'Any and All' Computers - Via Wired News: Security Blanket:

The Air Force wants a suite of hacker tools, to give it "access" to -- and "full control" of -- any kind of computer there is.  And once the info warriors are in, the Air Force wants them to keep tabs on their "adversaries' information infrastructure completely undetected."

The government is growing increasingly interested in waging war online.  The Air Force recently put together a "Cyberspace Command," with a charter to rule networks the way its fighter jets rule the skies. The Department of Homeland Security, Darpa, and other agencies are teaming up for a five-year, $30 billion "national cybersecurity initiative."  That includes an electronic test range, where federally-funded hackers can test out the latest electronic attacks.  "You used to need an army to wage a war," a recent Air Force commercial notes.  "Now, all you need is an Internet connection."  read more »

NSA Attacks West Point! Relax, It's a Cyberwar Game - Via Wired News: Security Blanket:

Five hours into their assault on West Point, the hackers got serious.

The SQL [structured query language] inserts that came earlier were just pablum intended to lull the Army cadets into a false sense of security. But then the bad guys unleashed a stealthy kernel-level rootkit that burrowed into one workstation, started scraping data and "calling home."

It was a highly sophisticated attack, but this time the bad guys were really good guys in wolves' clothing.

For four days in late April, the National Security Agency -- the nation's most secretive repository of spooks, snoops and electronic eavesdroppers -- directed coordinated assaults on custom-built networks at seven of the nation's military academies, including West Point, the Army university 50 miles north of New York City.  read more »

FBI Practices Need Strict Oversight, ACLU Says - Via American Civil Liberties Union:

Washington, DC – As FBI Director Robert Mueller appeared before Congress today, the American Civil Liberties Union urged the House Judiciary Committee to ask him the “hard questions.”

“Director Mueller has plenty to answer for,” said Caroline Fredrickson, director of the ACLU Washington Legislative Office. “The FBI’s track record of late has been dismal. Members of the committee should take this opportunity to push for real answers to questions about National Security Letters, delays in the naturalization process and the FBI’s role in torture and anti-terrorism policies set by the administration.”  read more »

Declassified NSA Document Reveals the Secret History of TEMPEST - Via Threat Level:

It was 1943, and an engineer with Bell Telephone was working on one of the U.S. government's most sensitive and important pieces of wartime machinery, a Bell Telephone model 131-B2. It was a top secret encrypted teletype terminal used by the Army and Navy to transmit wartime communications that could defy German and Japanese cryptanalysis.

Then he noticed something odd.

Far across the lab, a freestanding oscilloscope had developed a habit of spiking every time the teletype encrypted a letter. Upon closer inspection, the spikes could actually be translated into the plain message the machine was processing. Though he likely didn't know it at the time, the engineer had just discovered that all information processing machines send their secrets into the electromagnetic ether.  read more »

FBI, politicos renew push for ISP data retention laws - Via The Iconoclast - CNET News.com:

WASHINGTON--The FBI and multiple members of Congress said on Wednesday that Internet service providers must be legally required to keep records of their users' activities for later review by police.

Their suggestions for mandatory data retention revive a push for potentially sweeping federal laws--which civil libertarians oppose--that flagged last year after the resignation of Attorney General Alberto Gonzales, the idea's most prominent proponent.

FBI Director Robert Mueller told a House of Representatives committee that Internet service providers should be required to keep records of users' activities for two years.  read more »

Bush Wonders: What's the Big Deal? - Via ACLU Blog:

In the introduction to their book, Administration of Torture, ACLU attorneys Amrit Singh and Jameel Jaffer quote President Bush:

"Let me make very clear the position of my government and our country. We do not condone torture. I have never ordered torture. I will never order torture. The values of this country are such that torture is not a part of our soul and our being."

Flash forward to this past week, when ABC News revealed that orders to torture prisoners arrested in the so-called "war on terror" came from the very top of the Bush administration cabinet. On Friday, in an interview with ABC News' Martha Raddatz, Bush said of the news:

…[Y]es, I'm aware our national security team met on this issue. And I approved. I don't know what's new about that; I'm not so sure what's so startling about that.  read more »

Air Force Cyber Command Gives Away the Goods - Via Threat Level:

Businessweek published an interesting story last week about cyber espionage involving a spear-phishing attack that targeted a Booz Allen Hamilton executive. The e-mail contained an attachment embedded with a key-stroke logger and appeared to come from a trusted source in the Pentagon. The attacker "knew enough about the 'sender' and 'recipient' to craft a message unlikely to arouse suspicion."

Spear phishing of course involves a targeted attack against a specific individual or individuals. To be effective, it requires the attacker know something about the target of the attack -- the target's work title, the nature of his duties, etc.  read more »

Government to Seek Terrorists in World of Warcraft: The Full Proposal - Via Threat Level:

Loyal readers might remember that the government's spooks are working on software that can spot terrorists lurking in massive, multi-player games, something it dubs the Reynard Project.

THREAT LEVEL just got a copy of the November 2007 proposal for the cutting edge Intelligence Advanced Research Projects Activity (IARPA).  

In it, Dr. Rita Bush and Kenneth Kisiel from the Disruptive Technology Office cite the current advantages of terrorism in the online world -- anonymity, covert communication channels and the ease of information warfare -- as reason to start studying multi-player games and virtual worlds like Second Life and World of Warcraft. 

The proposal opens with a scenario of what would happen if the nation's intelligence community failed to get a head start:  read more »

ACLU Calls for Investigation into NSL Abuse - Via American Civil Liberties Union:

Washington, DC – The American Civil Liberties Union yesterday called on Department of Justice Inspector General Glenn Fine to begin an internal investigation into the Federal Bureau of Investigation’s (FBI) use of National Security Letters (NSLs), and whether they were used to funnel Americans’ private information to the Department of Defense (DOD). The NSL statute is a tool used by law enforcement to compel the release of information, such as communications or business records, without a court order. The revelation that the military is getting the FBI to issue NSLs in strictly DOD investigations was disclosed in documents obtained by the ACLU through a Freedom of Information Act lawsuit. The ACLU sent a letter to Fine yesterday asking him to investigate whether the FBI has aided the DOD in circumventing the law.

"If the DOD has, in fact, used the FBI to sidestep the law and gain access to Americans’ private information that they are not entitled to, there should be swift and severe consequences,"  read more »