Cyber Security Intelligence

Twitter< Follow on Twitter >

September Newsletter #1 2014

Big Bank Hack: FBI and Secret Service Scoping Financial Cyberattacks

A US Federal Bureau of Investigation spokesman said Wednesday the agency is working with the Secret Service to determine the "scope" of reported cyberattacks against several financial institutions.

Bloomberg reported on Wednesday that Russian hackers struck JPMorgan Chase and another bank earlier this month. A subsequent report in the New York Times said the attacks hit JPMorgan Chase and four other U.S. financial institutions.

The Times reported that "gigabytes" of information were stolen, including customer account information.

A JPMorgan Chase spokeswoman did not confirm the attacks, saying that, "companies of our size unfortunately experience cyberattacks nearly every day. We have multiple layers of defense to counteract any threats and constantly monitor fraud levels."

Representatives for Wells Fargo, Bank of America and Citigroup -- also frequent targets for hackers -- could not be immediately reached for comment.

FBI spokesman Paul Bresson said via email that combating cyber threats is a top priority for the government, and the agency constantly works with U.S. companies to fight attacks.

Media reports speculated the attacks could be in retaliation due to sanctions against Russia for its actions in Ukraine, but the motives remain unclear.

Quoting an anonymous source, Bloomberg wrote that one of the attacks was executed via a zero-day vulnerability in one of the bank's websites. A zero-day flaw is one that attackers are exploiting but for which there is no fix.

NSA has 850 billion pieces of searchable metadata

The National Security Agency (NSA) is reported to have developed its own search engine to sift through the billions of phone calls, emails and other electronic communications it harvests and monitors from around the world.

Called ICREACH, the engine operates rather like Google's search system in that it `spiders' and analyses data in multiple ways, allowing a hashed search database to be created.
According to The Intercept newswire, ICREACH has allowed various US agencies - including the FBI - to sift through more than 850 billion pieces of metadata that the NSA has collated down the years.

The `spidering' of data - unlike Google - is in both directions, meaning that users can `reverse lookup' data relationships, allowing the `creator' of a piece of data to be cross-referenced to their associates, in much the same way that BT/Post Office used to offer a reverse lookup telephone directory service in the UK until the 1980s.

That service - which was withdrawn on privacy grounds - allowed a user to give a phone number to an enquiry operator and the name of the person to be given.

The NSA, of course, has no such privacy limitations, since ICREACH is reportedly used exclusively by US government agency staff. This means, says The Intercept, that data on people around the world can be searched and analysed - even where no wrongdoing has been logged. notes that ICREACH seems to be a separate operation from the so-called 215 database that the NSA uses to store information on phone calls by American citizens. The database was named after section 215 of the Patriot Act, which the NSA says allowed for the creation of the system.

Independent analyst Graham Cluley, in his analysis of ICREACH, says the database includes records obtained through Executive Order 12333, which is the main program used by the NSA to collect its data and is not subject to US Congress oversight.

"Started in 2007, ICREACH was originally intended to internally share data collected from several networks, for tracking suspect's movements, reveal political or religion affiliations and associate networks. However, according to a memo from 2010, the program has been accessible to nearly a thousand analysts working in more than 23 US government agencies that carry out intelligence work," he said on the Tripwire website.

ICREACH, he goes on to say, can process more than five billion records every day and the saved metadata has information concerning when and to whom phone calls are made or emails are sent. It may also, he notes, reveal the GPS location of a citizen's device.

"There are clearly serious questions which need to be asked about whether the authorities have overstepped their remit and invaded individuals' civil liberties and rights to privacy," he said.

Steve Smith, managing director of security consultancy Pentura, said that, irrespective of the legality of the NSA information gathering activities, this latest leak from Edward Snowden demonstrates both how far people will go to obtain personal information - and just how much information we unwittingly or unknowingly leave on the Web for others to find.

"ICREACH is obviously a highly sophisticated, resource-heavy information gathering tool that hackers and cyber-criminals are unlikely to have the man power or finances to emulate. However, looking past whether it is desirable or legal for a state to collect such information, it further highlights the importance of being careful with both personal and business data," he said.

"We need to be conscious about what Web sites, applications, devices and software we use and what data they are collecting about us. Information collected by ICREACH, such as emails, mobile phone locations, Internet chats and phone calls, could, in the wrong hands, be used for social engineering and phishing attacks," he added.

Smith concluded by saying that businesses should have a clear security and data loss prevention strategy that educates staff on best practice, to reduce the risk of a trail to sensitive business data being left behind when working on the internet.

Snowden left clues for NSA but it missed them all

If the NSA still doesn't know the full extent of the greatest leak of secrets in its history, it's not because of Edward Snowden's attempts to cover his tracks. On the contrary, the NSA's most prolific whistleblower now claims he purposefully left a trail of digital bread crumbs designed to lead the agency directly to the files he'd copied.

In a Wired interview published recently, the 31-year-old megaleaker has revealed that he planted hints on NSA networks that were intended to show which of its documents he'd smuggled out among the much larger set he accessed or could have accessed. Those hints, he says, were intended to make clear his role as a whistleblower rather than a foreign spy, and to allow the agency time to minimize the national security risks created by the documents' public release.

The fact that NSA officials have told the press that his haul may have been as large as 1.7 million documents, says Snowden, is a sign that the agency has either purposely inflated the size of his leak or lacks the forensic skills to see the clues he left for its auditors. "I figured they would have a hard time," Snowden tells Wired, describing the agency's attempts to reverse-engineer his leak. "I didn't figure they would be completely incapable."

Snowden's new claims go further: That he intended those footprints to outline exactly what he'd taken. In addition to shedding light on his motives, Snowden says he meant the clues to allow the NSA to avoid collateral damage from his leaks, changing codenames and plans to anticipate the release of some of its most sensitive secrets.

The repetition of the 1.7 million number by political figures and the press is at least partly intended to mischaracterise Snowden's intentions, argues his lawyer Jesselyn Radack, who is also national security director for the whistleblower-focused Government Accountability Project. "I think they probably didn't spot the bread crumbs," she says of the NSA's investigators. "Even if they did get them, I think this [1.7 million] number is manufactured out of whole cloth to give the impression of a wholesale data dump. In fact, Ed very carefully selected exactly what he wanted to turn over and why."

When Wired asked an NSA spokesperson to comment on Snowden's new claims or its internal estimate of the size of his leak, spokesperson Vanee Vines responded with this statement: "If Mr. Snowden wants to discuss his activities, that conversation should be held with the US Department of Justice. He needs to return to the United States to face the charges against him."

Despite his early intention to make the NSA aware of the scope of his data theft, Snowden may have good reason to now keep the extent of his leaks secret. That knowledge could serve as an important bargaining chip if Snowden seeks to return to the U.S. and negotiate a plea deal, an option he's hinted at exploring.

In the meantime, Snowden tells Wired -- perhaps with a certain amount of schadenfreude -- that the government's overestimation of the size of his leak has left it to imagine the worst. "I think they think there's a smoking gun in there that would be the death of them all politically," Snowden says. "The fact that the government's investigation failed -- that they don't know what was taken and that they keep throwing out these ridiculous huge numbers -- implies to me that somewhere in their damage assessment they must have seen something that was like, 'Holy shit.' And they think it's still out there."

A Second Whistleblower - There is a New Edward Snowden!

For some time sections of the cyber security community have been absorbed by questions is Edward Snowden the only whistleblower, or does the National Security Agency now face a second leaker? If so, what do they know? And what does it mean for the surveillance debate?

The speculation began after German television network Das Erste reported on XKeyscore, a system used by the NSA and its Five Eyes intelligence partners?—?and approved partner nations, including Germany and Sweden?—?to filter the massive inflow of raw communications intercepts to find the nuggets of interest. It’s a search engine, in other words?—?except that according to previously revealed presentations, it can also operate in real time, with each installation sifting through 10 gigabits per second of data that’s being channeled into it from anywhere.

XKeyscore runs at multiple locations around the world, including three sites operated by Britain’s NSA partner agency, Government Communications Headquarters, under the codename TEMPORA. That presumably includes the highly secret Middle East stations in Oman that, The Register revealed, “tap into various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf” and elsewhere.

Until now, most discussion has been about the potential capabilities of XKeyscore. It’s obvious why an intelligence agency might want to intercept communications in and out of Iraq or Yemen, say, but how much of that can be read? The Das Erste report now reveals how the NSA is using XKeyscore in practice. The researchers, who include Tor Project members Jacob Appelbaum, Aaron Gibson and Leif Ryge, had access to what is supposedly some of XKeyscore’s targeting code. It indicates that the NSA has been looking for people who not only download and use the Tor privacy tool, the Tails secure operating system and the like, but also those who just read about them.

Therefore authorities have concluded there is at least one other leaker spilling classified secrets about the government’s surveillance programs, according to CNN reporter Evan Perez.
Close observers of the surveillance leaks have for months speculated that there might be another leaker besides Snowden. The Intercept, a channel of First Look Media launched by journalist Glenn Greenwald, has routinely published leaks from Edward Snowden since it formed earlier this year. But two recent stories about the government’s terrorist watch database, cited unnamed sources. Greenwald himself said in July that it “seems clear at this point” there is another leaker besides Snowden.

While certainly the most known, Snowden is not the only person in recent years to leak sensitive government information. The Obama administration has charged more people with violating the Espionage Act than all previous presidents combined.

The Privacy Implications Of NSA Searches

The Obama administration recently attempted to downplay the damning revelations made in the Washington Post about the NSA’s broad data sweeps under Section 702 of the Foreign Intelligence Service Act (FISA).

In response, officials told the New York Times “the agency routinely filters out the communications of Americans and information that is of no intelligence value.”

The administration’s response quickly jumping to the NSA’s defense is in line with its previous pattern of standing in front of the agency whenever damaging news leaked about its practices. Soon after former NSA contractor Edward Snowden’s first revelations were published last year, President Barack Obama staunchly supported the surveillance programs. His stance softened as public outcry grew, and he suggested reforms including an overhaul of the collection of telephony metadata program in January.

Almost half of the communications in a large trove collected under Section 702 that Snowden supplied to The Post last year contained e-mail addresses or other details the NSA identified as belonging to U.S. citizens. More than 65,000 references were “masked” to protect Americans’ privacy, but The Post found nearly 900 email addresses in the files that were not minimized that could be linked to Americans. In the same initial June 2013 speech, Obama said Americans’ emails weren’t being collected.

The government’s claim that information found to be “of no intelligence value” is filtered seems farcical when the report revealed that the Snowden cache included a photo of a young girl smiling in front of a mosque and school children’s academic transcripts.

It is reasonable that the White House would defend its agency’s ongoing programs. It becomes problematic when its vindications of the intelligence apparatus go so far that they’re wrong. One has to wonder if Snowden was able to get around the government’s “very strict controls” protecting this data, who else could and where it could be leaked next?

Executive order 12333

One thing sits at the heart of what many consider a surveillance state within the US today.
The problem does not begin with political systems that discourage transparency or technologies that can intercept everyday communications without notice. Like everything else in Washington, there’s a legal basis for what many believe is extreme government overreach—in this case, it's Executive Order 12333, issued in 1981.

“12333 is used to target foreigners abroad, and collection happens outside the US," whistleblower John Tye, a former State Department official, told Ars recently. "My complaint is not that they’re using it to target Americans, my complaint is that the volume of incidental collection on US persons is unconstitutional.”

The document, known in government circles as "twelve triple three," gives incredible leeway to intelligence agencies sweeping up vast quantities of Americans' data. That data ranges from e-mail content to Facebook messages, from Skype chats to practically anything that passes over the Internet on an incidental basis. In other words, EO 12333 protects the tangential collection of Americans' data even when Americans aren't specifically targeted—otherwise it would be forbidden under the Foreign Intelligence Surveillance Act (FISA) of 1978.

In a May 2014 interview with NBC, former NSA contractor Edward Snowden said that he specifically asked his colleagues at the NSA whether an executive order could override existing statutes. (They said it could not.) Snowden’s lawyer, Jesselyn Radack, told Ars that her client was specifically “referring to EO 12333.”

Snowden says ‘lies pushed me over the edge’

Edward Snowden says dishonest comments to Congress by the US intelligence chief were the final straw that prompted him to flee the country and reveal a trove of national security documents.

In an interview with Wired magazine in Moscow, where he sought asylum after the revelations, Snowden said he had long been troubled by the activities of the National Security Agency (NSA), which employed him as a contractor.

But it was only when Director of National Intelligence James Clapper told lawmakers that the agency does "not wittingly" collect data on millions of American citizens that he was angry enough to act. Snowden says he made his decision to leave his office in Hawaii and head to Hong Kong with secret documents on thumb drives after reading in March 2013 about Clapper briefing a Senate committee.

"I think I was reading it in the paper the next day, talking to coworkers, saying, can you believe this...?" Snowden said.

Snowden told Wired that he had already thought about "whistle-blowing" several times over the previous few years. Snowden told Wired he had been troubled by other discoveries in his work with the agency, including that the NSA was spying on the pornography-viewing habits of political radicals.

"It's much like how the FBI tried to use Martin Luther King's infidelity to talk him into killing himself," he said. "We said those kinds of things were inappropriate back in the '60s. Why are we doing that now?"

Snowden was also disturbed by the NSA's effort to massively speed up data collection with a secret data storage facility which scanned billions of phone calls, faxes, emails and text messages from around the world. He told Wired he put off his plan to leak NSA secrets at the time of the election of President Barack Obama, hoping for a more open government. But he became disenchanted with the president and by 2013 was ready to spill the secrets he had acquired.

After Clapper's testimony to Congress, Snowden said his colleagues did not appear shocked, but he was concerned he was getting too deep into an "evil" system. Journalist James Bamford -- who conducted the interviews under tight security -- wrote that Snowden appeared "relaxed and upbeat."

In three days of interviews over several weeks, Snowden said he was willing to end his exile in Moscow and face prison in the United States "as long as it served the right purpose…I care more about the country than what happens to me," he said.

According to the interview, Snowden said he learned that the NSA in 2012 accidentally knocked out the Internet in Syria while trying to install software to intercept communications during the country's civil war.

An NSA spokeswoman said in response to the interview: "If Mr. Snowden wants to discuss his activities, that conversation should be held with the US Department of Justice. He needs to return to the United States to face the charges against him."

In a new cover story for Wired magazine, the former NSA contractor provided writer James Bamford with previously unreported allegations of NSA cyberattack tools, including a piece of software, codenamed MonsterMind, that would automate a hostile response when it detected a network intrusion. He also alleged that a 2012 incident that took Syria’s Internet offline was the fault of the NSA.

Snowden Complicates the Prevention of Future Leaks

Before Edward Snowden joined Daniel Ellsberg and Chelsea Manning in the annals of American whistleblowers, he was a young man who witnessed the attacks of September 11, 2001, and enthusiastically volunteered to join the national-security state. Back then, he believed in the wisdom of the War in Iraq, saw the National Security Agency as a force for good, and hoped to serve within the system. Since his first interview with Glenn Greenwald and Laura Poitras, we’ve known that he gradually lost faith in the federal government, believed it to be engaged in illegal, immoral acts, and decided to gather and leak some of its secrets.

One of the most comprehensive narratives of what specifically prompted his transition from insider to conscientious objector appears in the recently published interview he granted to James Bamford, author of several books on the NSA. Whether one believes Snowden’s leaks to be salutary or deeply regrettable, it’s useful to understand and grapple with what prompted him to act as he did, especially as the Obama administration works to make future leaks less likely. One method for preventing leaks that hasn’t been discussed: Run a federal government that carries out fewer morally and legally objectionable actions in secret.

According to the interview, Snowden was disillusioned and influenced by what he saw during his time at the CIA and the NSA, as many Americans would’ve been:

“Snowden would see some of the moral compromises CIA agents made in the field. Because spies were promoted based on the number of human sources they recruited, they tripped over each other trying to sign up anyone they could, regardless of their value. Operatives would get targets drunk enough to land in jail and then bail them out—putting the target in their debt. ‘They do really risky things to recruit them that have really negative, profound impacts on the person and would have profound impacts on our national reputation if we got caught,’ he says. ‘But we do it simply because we can.’”

“Because of his job maintaining computer systems and network operations, he had more access than ever to information about the conduct of the war …. ‘This was the Bush period, when the war on terror had gotten really dark,’ he says. ‘We were torturing people; we had warrantless wiretapping.’”

“He began to consider becoming a whistle-blower, but with Obama about to be elected, he held off …. Snowden grew disappointed as, in his view, Obama didn’t follow through on his lofty rhetoric. ‘Not only did they not fulfill those promises, but they entirely repudiated them …. They went in the other direction. What does that mean for a democracy, when the people that you elect on the basis of promises can basically suborn the will of the electorate?’”

“Now he was learning about targeted killings and mass surveillance, all piped into monitors at the NSA facilities around the world. Snowden would watch as military and CIA drones silently turned people into body parts.”

“He would also begin to appreciate the enormous scope of the NSA’s surveillance capabilities, an ability to map the movement of everyone in a city by monitoring their MAC address, a unique identifier emitted by every cell phone, computer, and other electronic device.”

“Among the discoveries that most shocked him was learning that the agency was regularly passing raw private communications—content as well as metadata—to Israeli intelligence …. the NSA did virtually nothing to protect even the communications of people in the US. This included the emails and phone calls of millions of Arab and Palestinian Americans whose relatives in Israel-occupied Palestine could become targets based on the communications.”

“The NSA was spying on the pornography-viewing habits of political radicals. The memo suggested that the agency could use these ‘personal vulnerabilities’ to destroy the reputations of government critics who were not in fact accused of plotting terrorism.”

Elsewhere, Snowden has noted his disillusionment at the treatment of previous NSA whistleblowers, as well as his amazement that James Clapper and Keith Alexander were allowed to lie or mislead in congressional testimony without consequences.

Snowden’s account raises a question for Americans who want classified information kept secret. Would they rather have a national-security state run by employees who are inclined to speak out publicly when they witness years of immoral or illegal behavior? Or would they prefer them to keep quiet to avoid revealing sensitive information to adversaries? I submit that a system that conducts mass surveillance on Americans, tortures abroad, destroys the lives of innocents in intramural competitions to accrue CIA assets, ponders using pornography to discredit non-terrorists, and passes the private information of Americans to foreign governments is particularly dangerous if staffed entirely by people who are not sufficiently troubled by all that to let the public know what is going on.

George W. Bush, Barack Obama, and the most prominent members of their teams feel differently, of course, which helps explain why Snowden became a whistleblower in the first place. The national-security state is its own worst enemy, doing more to undermine its own legitimacy than its critics ever could.

GCHQ’s cyber war games to find future spooks

The GCHQ and Cyber Security Challenge have launched a new competition that will task contestants to ward off a series of simulated cyber attacks against a fictional aerospace firm, in a bid to recruit the next generation of infosec professionals.

The competition, codenamed Assignment: Astute Explorer, is the latest stage in the ongoing Cyber Security Challenge UK, which opened for entries in May. The competition requires contestants to help combat attacks from a fictional "Flag Day Associates" hacker group.
The latest stage of the challenge will see contestants take the role of GCHQ cyber experts working to spot vulnerabilities in "Ebell Technologies'" defences, which could be exploited by the Flag Day Associates.

Specifically the challenge will see competitors analyse various "snippets" of code that may contain vulnerabilities, explain why and how they could be exploited and finally suggest appropriate fixes.

Deputy director for the National Technical Authority for Information Assurance Chris Ensor said the competition has been designed to be as realistic as possible to ensure successful candidates have the potential to pursue a career in information security.

"GCHQ, as the UK's National Technical Authority for Information Assurance, is pleased to have been able to develop an original game for the Cyber Security Challenge," he said.

"We have designed Astute Explorer to really test candidates' cyber security skills. At GCHQ, like many other high-tech organisations, we recognise the need for a skilled workforce, which is why we are delighted to once again support the Cyber Security Challenge to inspire the next generation of Cyber Security talent."

The Cyber Security Challenge is an initiative sponsored by the UK government that is designed to discover untapped talent that has been running since 2010. The 2014 Cyber Security Challenge was won by 19-year-old student William Shackleton in March.

Theories about MH370 disappearance and Hack attacks

Hackers appearing to come from China covertly attacked Malaysian government computers and stole classified information in the early days of the search for missing airplane MH370, a new report has claimed.

Amirudin Abdul Wahab, CEO of government agency CyberSecurity Malaysia, told local paper The Star that officials in the Department of Civil Aviation, the National Security Council and Malaysia Airlines were among those targeted.

“We received reports from the administrators of the agencies telling us that their network was congested with e-mail going out of their servers,” Amirudin is quoted as saying.

“Those e-mail contained confidential data from the officials’ computers, including the minutes of meetings and classified documents. Some of these were related to the MH370 investigation.” The incident has all the hallmarks of a classic targeted attack.

On Going Search

Despite some online rumors recently swirling that Malaysia Airlines Flight MH370 could have been found, official reports are confirming that the search is still very much on, with Malaysia Defense Minister Datuk Seri Hishammuddin Hussein reportedly heading to Australia to oversee the ongoing search. Hishammuddin has looked to reassure the families of the passengers and crew of the missing plane that they are still closely monitoring the search operations progress and will continue their focus to find the missing plane. MH370 is believed by some authorities to have crashed into the southern Indian Ocean (west of Australia).

Reports state that the Dutch company, Fugro, will take over the next phase of the search operations beginning September of this year. Fugro will use two ships in their search operations. It is reported that these ships are equipped with deep-water vehicles, multibeam echo sounders, side-scan sonar, and a couple of useful machines to guarantee the efficiency of their planned operations.

It is over 100 days since Malaysia Airlines flight MH370 disappeared during its journey from Kuala Lumpur to Beijing.

Despite the world's largest land, sea and air search operation, no trace of the plane has ever been found, and we appear no closer to discovering what really happened to the aircraft.
After weeks of trawling the Indian Ocean, authorities said last month the search zone has been "discounted as the final resting place" of the jet.

Not a single piece of the Boeing 777 has been found, nor any sign of 239 people on board. Speaking on the anniversary, Malaysian transport minister Hishammuddin Hussein said: "100 days after MH370 went missing, its loss remains a painful void in the hearts of all Malaysians and those around the world. We cannot rest and will not rest until MH370 is found.

"We cannot and will not abandon the families of the crew and passengers of MH370. We will, with the grace of God, find this missing plane and so with it begins the process of healing."
But, in the absence of any confirmed information, conspiracy theories about what really happened to MH370 have continued to circulate.

A new book claims that missing Malaysia Airlines Flight MH370 may have been accidentally shot down and the search for survivors covered up.

‘Flight MH370: The Mystery ’ makes the incredible allegation that the airline was shot down by US-Thai strike fighters as part of a training drill that went horribly wrong. The book says the drill was to involve mock warfare on land, in water and in the air, and would include live-fire exercises.

It adds: “Say a participant accidentally shot down Flight MH370. Such things do happen. No one wants another Lockerbie, so those involved would have every reason to keep quiet about it.”

Former Malaysian Prime Minister Mahathir Mohamad recently accused the CIA of known the whereabouts of flight MH370.

He said in a blog that someone was hide something because if the plane's GPS system failed then Boeing or the US government agency would know why.

In his latest blog, the 88-year-old suggests that in the event of the jet being hijacked, then control of the aircraft could have been remotely activated elsewhere.

He said: "Clearly Boeing and certain agencies have the capacity to take over uninterruptible control of commercial airliners of which MH370 B777 is one”.

The United States have been forced to flatly deny claims that the plane landed at its military base on the remote island of Diego Garcia.

There were strong rumours that the jetliner could have headed for the small coral atoll in the Indian Ocean, which sits around 3,500km from Malaysia.

However, a spokesman for the US embassy in the Malaysian capital said there was no truth in this speculation.

A Russian newspaper claimed MH370 has been hijacked and flown to Afghanistan, where the crew and passengers are now being held captive.

A military source reportedly told the Moskovsky Komsomolets newspaper: "Flight MH370 Malaysia Airlines missing on March 8 with 239 passengers was hijacked.

"Pilots are not guilty; the plane was hijacked by unknown terrorists. We know that the name of the terrorist who gave instructions to pilots is "Hitch.

"The plane is in Afghanistan not far from Kandahar near the border with Pakistan."

Web for free – but the price is deep Surveillance

'Be careful what you wish for," runs the adage. "You might just get it." In the case of the Internet, or, at any rate, the ‘world wide web’, this is exactly what happened. We wanted exciting services – email, blogging, social networking, image hosting – that were "free". And we got them. What we also got, but hadn't bargained for, was deep, intensive and persistent surveillance of everything we do online.

We ought to have known that it would happen. There's no such thing as a free lunch, after all. Online services cost a bomb to provide: code has to be written (by programmers who have to be paid); servers have to be bought or rented, powered, housed, cooled and maintained; bandwidth has to be paid for; and so on. So there were basically only two business models that could have supported our desires.

One model involved us paying for stuff. But we (or most of us, anyway) proved deeply resistant to this idea. We had the fantasy that everything online should be free, after we'd paid an ISP for a connection to the net. So paying for stuff was a non-starter.

The companies that provided the "free" services therefore had to find another business model. And in the end they found one: it was called advertising or, rather, putting advertisers in touch with the users of "free" services. And it turned out that the only way to do this involved intensive surveillance of everything those users did online.

Which brings us to where we are today, a world in which, as the security guru Bruce Schneier puts it: "The business model of the internet is surveillance. We build systems that spy on people in exchange for services. Corporations call it marketing."

When you put it like that, it sounds as though our emerging dystopia is the product of some sinister plot. But it isn't. It happened through the slow aggregation of lots of short-term decisions. There are no smoking guns in this story – and precious few evil geniuses.

In fact, if there are geniuses in the story, they were often naive. Not as naive perhaps as those of us who thought that free services were really free, but naive nonetheless. One of the nicest and most thoughtful of them is a guy named Ethan Zuckerman, who now heads the Centre for Civic Media at MIT. Just over a week ago, he published an extraordinary article in the Atlantic describing the unwitting role he had played in committing what he calls "the internet's original sin".

From 1994 to 1999, Zuckerman worked for, helping to plan, design and implement a website that sold content and services to recent college graduates. When that business failed to catch on (it wasn't "free", remember), became a web-hosting provider and then an early type of social network.

"Over the course of five years," Zuckerman writes, "we tried dozens of revenue models, printing out shiny new business plans to sell each one. We'd run as a subscription service! Take a share of revenue when our users bought mutual funds after reading our investment advice! Get paid to bundle a magazine with textbook publishers! Sell T-shirts and other branded merch!"

In the end, Tripod did find a route to financial viability. "The model that got us acquired," Zuckerman explains, "was analysing users' personal homepages so we could better target ads to them. Along the way, we ended up creating one of the most hated tools in the advertiser's toolkit: the pop-up ad. It was a way to associate an ad with a user's page without putting it directly on the page, which advertisers worried would imply an association between their brand and the page's content. Specifically, we came up with it when a major car company freaked out that they'd bought a banner ad on a page that celebrated anal sex. I wrote the code to launch the window and run an ad in it. I'm sorry. Our intentions were good."

I believe him. Zuckerman is a patently good person and he now does great work in the public sphere. But what he inadvertently kicked off was an arms race in which internet companies, realising that the most valuable ads are always those that are most likely to motivate the target to purchase something (which is why Google makes so much money), seek to learn more and more about each user in order to perfect the advertiser's aim. The result is the dystopia that is the modern web.

It didn't have to be like this, of course. But for the path of online history to have been different, we – the users – would have to have been willing to pay for the privilege. You could say, therefore, that we have got the web that we deserve.

Systems secretly track cellphones moves around the globe

Makers of surveillance systems are offering governments across the world the ability to track the movements of almost anybody who carries a cellphone, whether they are blocks away or on another continent.

The technology works by exploiting an essential fact of all cellular networks: They must keep detailed, up-to-the-minute records on the locations of their customers to deliver calls and other services to them. Surveillance systems are secretly collecting these records to map people’s travels over days, weeks or longer, according to company marketing documents and experts in surveillance technology.

The world’s most powerful intelligence services, such as the National Security Agency and Britain’s GCHQ, long have used cellphone data to track targets around the globe. But experts say these new systems allow less technically advanced governments to track people in any nation — including the United States — with relative ease and precision.

Users of such technology type a phone number into a computer portal, which then collects information from the location databases maintained by cellular carriers, company documents show. In this way, the surveillance system learns which cell tower a target is currently using, revealing his or her location to within a few blocks in an urban area or a few miles in a rural one.

“Any tin-pot dictator with enough money to buy the system could spy on people anywhere in the world,” said Eric King, deputy director of Privacy International, a London-based activist group that warns about the abuse of surveillance technology. “This is a huge problem.”

Security experts say hackers, sophisticated criminal gangs and nations under sanctions also could use this tracking technology, which operates in a legal gray area. It is illegal in many countries to track people without their consent or a court order, but there is no clear international legal standard for secretly tracking people in other countries, nor is there a global entity with the authority to police potential abuses.

Location tracking is an increasingly common part of modern life. Apps that help you navigate through a city or find the nearest coffee shop need to know your location. Many people keep tabs on their teenage children — or their spouses — through tracking apps on smartphones. But these forms of tracking require consent; mobile devices typically allow these location features to be blocked if users desire.

Tracking systems built for intelligence services or police, however, are inherently stealthy and difficult — if not impossible — to block. Private surveillance vendors offer government agencies several such technologies, including systems that collect cellular signals from nearby phones and others that use software to trick phones into revealing their locations.

Governments also have long had the ability to compel carriers to provide tracking data on their customers, especially within their own countries. The National Security Agency and GCHQ taps into telecommunication-system cables to collect cellphone location data on a mass, global scale.

But tracking systems that access carrier location databases are unusual in their ability to allow virtually any government to track people across borders, with any type of cellular phone, across a wide range of carriers — without the carriers even knowing. These systems also can be used in tandem with other technologies that, when the general location of a person is already known, can intercept calls and Internet traffic, activate microphones, and access contact lists, photos and other documents.

Companies that make and sell surveillance technology seek to limit public information about their systems’ capabilities and client lists, typically marketing their technology directly to law enforcement and intelligence services through international conferences that are closed to journalists and other members of the public.

Yet marketing documents obtained by The Washington Post show that companies are offering powerful systems that are designed to evade detection while plotting movements of surveillance targets on computerized maps. The documents claim system success rates of more than 70 percent.

A 24-page marketing brochure for SkyLock, a cellular tracking system sold by Verint, a maker of analytics systems based in Melville, N.Y., carries the subtitle “Locate. Track. Manipulate.” The document says the system offers government agencies “a cost-?effective, new approach to obtaining global location information concerning known targets.”

The brochure includes screen shots of maps depicting location tracking in what appears to be Mexico, Nigeria, South Africa, Brazil, Congo, the United Arab Emirates, Zimbabwe and several other countries. Verint says on its Web site that it is “a global leader in Actionable Intelligence solutions for customer engagement optimization, security intelligence, and fraud, risk and compliance,” with clients in “more than 10,000 organizations in over 180 countries.”

The Dark Net by Jamie Bartlett –
- Inside the Digital Underworld

Beyond the familiar online world that most of us inhabit - a world of Google, Hotmail, Facebook and Amazon - lies a vast and often hidden network of sites, communities and cultures where freedom is pushed to its limits, and where people can be anyone, or do anything, they want. A world that is as creative and complex as it is dangerous and disturbing. A world that is much closer than you think.

The dark net is an underworld that stretches from popular social media sites to the most secretive corners of the encrypted web. It is a world that frequently appears in newspaper headlines, but one that is little understood, and rarely explored. The Dark Net is a revelatory examination of the Internet today, and of its most innovative and dangerous subcultures: trolls and pornographers, drug dealers and hackers, political extremists and computer scientists, Bitcoin programmers and self-harmers, libertarians and vigilantes.

Based on extensive first-hand experience, exclusive interviews and shocking documentary evidence, The Dark Net offers a startling glimpse of human nature under the conditions of freedom and anonymity, and shines a light on an enigmatic and ever-changing world.

Predicting The Future: Fantasy Or Algorithm?

After failing to predict the Arab Spring, intelligence officials are now exploring whether Big Data, the combing of billions of pieces of disparate electronic information, can help them identify hot spots before they explode. The intelligence community has always been in the business of forecasting the future. The question is whether tapping into publicly available data — Twitter and news feeds and blogs among other things — can help them do that faster and more precisely.

Enter a Swedish-American start-up company called Recorded Future. The company has developed algorithms that chew through huge volumes of information to find between people and organizations. Then its visualization software spits out that information in relationships the form of a giant searchable timeline.

The full web site is currently under development and will be available during 2014