- cypherpunks - lists.cpunks.org

Millennials' Dream Job
by John Young 27 Feb '16

27 Feb '16

http://www.nytimes.com/2016/02/28/magazine/the-new-dream-jobs.html No. 1 Google No. 4 Apple No. 5 FBI No. 8 CIA No. 19 NSA "The high ranking of national-security employers also speaks to millennials' hope to make a difference in the world."

5 4

Michael Hayden's Treasonous Espionage
by John Young 27 Feb '16

27 Feb '16

Michael Hayden's Treasonous Espionage https://www.amazon.com/review/R18T6ASRBEC8Y3/ref=cm_cr_rdp_perm?ie=UTF8&ASI…

1 0

Re: [cryptography] Apple's refusal, crypto wars shifting to OS/device wars
by John Young 27 Feb '16

27 Feb '16

It's good to see The Intercept and others smell a rat with the fake fight between Apple and the USG (hardly only the FBI). Crediting Snowden and his flacks with this phony crypto war is a bit much, though, opposition to government instrusions around the world have been persistent for decades, especially against the ever increasing digital violations and forever failing protections against them. "Strong crypto is hard to do while making it easy for users." What is most needed from the Snowden 90% still-secret wad are defenses against the USG now that alarms have been repeatedly clanged about redacted and incomplete offenses. Most peculiar that almost no defensive measures have been released, although Snowden may have insisted on not releasing those as threats to US national security. Snowden's alleged demand that outlets check with USG before releases to assure no national harm is institutionalized in national security reporting, but is also required by fear of prosecution of outlets and their investors such as Omidyar, Slim, Bezo, all the major media. Withholding the 90% of Snowden material which he claims was given to the public, is damnable betrayal of the public for monetary and professional benefits. In this way the Snowden material has been handled like the USG handles it, as if it is owned by the handlers, not by the ones who paid for it. It would not be off-base to accuse the Snowden handlers of what Apple and the USG are doing, engaging in a fake fight "in the public interest" for pecuniary gain. Privacy and civil liberties are being peddled as commercial products, cheered yesterday by Apple investors. The DNI's Privacy and Civil Liberties Oversight Board is as much a marketing scam as the American Civil Liberties Union, same kind of people populate both, testify in Congress, meet with POTUS, work the lecture circuit. At 11:05 AM 2/27/2016, you wrote: >John Young wrote: > USG is not USA. Apple is not >its buyers. USG v Apple is not about citizens >and privacy. It's about secretkeepers against >the public. Therefore, except for members of >âthe publicâ who have no secrets (no credit >card PINs, no private medical conditions, no >private relationships, no private future plans, >no private original ideas, no private and >unpopular political views, etc.), âitâs >about secretkeepersâ against themselves? I >suppose then we should all file amicus briefs on >both sides? John Young wrote: > Govs may concede >crypto public protection to assure other means >remain effective. Promoting public crypto as a >cloak appears to be the campaign underway, now >as in the 1990s, so beguiling to crypto >advocates to claim a win (for the >industry-org-edu to continue doing openly and >secretly what it does best). This has been >addressed previously and yesterday by an article >at The Intercept. >https://theintercept.com/2016/02/26/fbi-vs-apple-post-crypto-wars/ > > After the 2013 Snowden revelations, as >mainstream technology companies started >spreading encryption by putting it in popular >consumer products, the wars erupted again. Law >enforcement officials, led by FBI Director James >Comey, loudly insisted that U.S. companies >should build backdoors to break the encryption >just for them. > > That wonât happen because >what these law enforcement officials are asking >for isnât possible (any backdoor can be used >by hackers, too) and wouldnât be effective >(because encryption is widely available globally >now). Theyâve succeeded in slowing the spread >of unbreakable encryption by intimidating tech >companies that might otherwise be rolling it out >faster, but not much else. > > Indeed, as almost >everyone else acknowledges, unbreakable >encryption is here to stay. > > Tech privacy >advocates continue to remain vigilant about >encryption, actively pointing out the >inadequacies and impossibilities of the >anti-encryption movement, and jumping on any >sign of backsliding. > > But even as they have >stayed focused on defending encryption, the >government has been shifting its focus to >something else. > > The ongoing, very public >dispute between Apple and the FBI, in fact, >marks a key inflection point at least as far >as the puublicâs understanding of the >issue. > > You might say weâre entering the >Post-Crypto phase of the Crypto Wars. Think >about it: The more we learn about the FBIâs >demand that Apple help it hack into a >password-protected iPhone, the more it looks >like part of a concerted, long-term effort by >the government to find new ways around >unbreakable encryption rather than try to >break it. Withoutt Ed Snowdenâs >whistle-blowing, Glenn Greenwaldâs, Laura >Poitrasâ and Ewen MacAskillâs journalism, >reporting by the Intercept and by the Washington >Postâs Bart Gellman, and Appleâs refusal, >âthe publicâ would not be discussing this at >all. >_______________________________________________ >cryptography mailing list >cryptography(a)randombit.net >http://lists.randombit.net/mailman/listinfo/cryptography

1 0

Book review of Michael Hayden's new book, _Playing to the Edge_
by dan＠geer.org 27 Feb '16

27 Feb '16

Book review of Michael Hayden's new book, _Playing to the Edge_ http://www.wsj.com/articles/in-defense-of-snooping-1456184621 When Gen. Michael V. Hayden arrived at Fort Meade as the director of the National Security Agency in 1999, he made an alarming discovery: America's premier signals intelligence agency did not have email. Two years later, just as he was finally managing to modernize the agency's obsolescent technology, planes slammed into the World Trade Center and the Pentagon. In _Playing to the Edge,_ a memoir of his decade at the apex of America's spy agencies -- he would head the CIA in 2006-09 -- Gen. Hayden offers a vivid account of his experience of the 9/11 attack and much else. The day began like any other. But as the reports flowed in from New York and Washington, routine gave way to the exigencies of war: evacuating thousands of employees, hanging blackout curtains, moving key teams to emergency stations. Gen. Hayden recollects how, at day's end, he returned home to his wife, embraced her and wept as they absorbed what had happened to our country. _Playing to the Edge_ offers a full excursion through the contemporary challenges facing American intelligence, including cyber warfare, Russian aggression, and armed conflict in Afghanistan and Iraq. But it also presents an intimate personal portrait -- an account of how its author came to be the man he is, someone who entered the Air Force Reserve Officer Training Corps while in college in the late 1960s, who reveres his hometown of Pittsburgh (and its Steelers), and who prays weekly in church for the souls of his twin sisters, who died at birth when he was a boy of 10. Naturally, given the years in which he held high office, much of Gen. Hayden's book is devoted to the battle against terrorists. He makes it plain from the outset that though intelligence-gathering is often in tension with liberty and the rule of law, its purpose is to protect both. The tension is most acute in the effort to counter terrorism, for the mission is apprehending a class of people with whom our judicial system is not designed to grapple: the "not-yet guilty." The NSA has sought to do such grappling in a number of ways, perhaps most controversially with Stellarwind, a program designed to track the U.S.-routed telephone calls of foreign terror suspects. In 2005, the New York Times disclosed the program's existence, igniting a political firestorm, with critics charging that Stellarwind amounted to warrantless wiretapping and that it was nearly worthless as an intelligence tool. Unsurprisingly, Gen. Hayden rejects both contentions. He walks readers through the legal issues, acknowledging that the administration's reasoning was, as in football, "playing to the edge". But he concludes, relying on the opinions of executive-branch lawyers and FISA-court judges, that the operation was within the president's constitutional authority as commander in chief. As for the program's effectiveness, Gen. Hayden harbors no doubts: Stellarwind, he writes, "uncovered illicit financing networks, detected suspect travel, discovered ties to aviation schools, linked transportation employees to associates of terrorists, drew connections to the illicit purchases of arms, tied U.S. persons to Khalid Sheikh Mohammed, and discovered a suspect terrorist on the no-fly list who was already in the United States." It was precisely the program's utility as a counterterrorism tool that made its disclosure by the Times so damaging. In general, the numerous unauthorized news leaks of the post-9/11 era, Gen. Hayden reports, led some key intelligence sources to clam up; others were captured and executed. He does not supply any specific details to back up such claims, presumably because the CIA would not permit him to do so. While arguing for maximum possible openness, Gen. Hayden observes that "espionage thrives in the shadows, and secrecy is an essential component of its success." Particularly galling to Gen. Hayden was a 2006 New York Times scoop that compromised a top-secret program to track terrorist finances. Three years later, the newspaper's editorial page was complaining that American intelligence was failing to halt what it described as "still a seemingly limitless stream of cash flowing to terrorist groups". Pointing to the hypocrisy on display -- the editorial was titled "Follow the Money" -- Gen. Hayden wryly comments: "Thanks for the suggestion." The larger picture that Gen. Hayden draws makes vivid the extraordinary range of challenges facing American intelligence and the high level of uncertainty that the work entails. A case study: Roughly a decade ago, American intelligence observed that Syria was erecting an elaborate structure in the desert near a town called al-Kibar. CIA analysts puzzled over it but were unable to divine its purpose, labeling it "enigmatic". It was only when "a liaison partner" -- probably Israeli intelligence (although Gen. Hayden does not identify it as such) -- provided detailed photographs that the CIA identified a nuclear reactor of North Korean design. Without local help, U.S. intelligence would have missed a Syrian nuclear-bomb development project. Israel destroyed the site in a bombing raid in 2007. The lesson that Gen. Hayden takes from the Syrian affair is sobering. "We chalked this one up as intelligence success, after a fashion," he writes. But he strongly intimates that it was really Israel's success -- and America's failure. More broadly, he says, Syrian behavior "went beyond our understanding". Extrapolating from this mixed record, Gen Hayden is pessimistic that American intelligence will fare well in tracking covert Iranian nuclear activity. If his pessimism is well-founded -- and there are few people more qualified to judge -- the surprise we experienced on 9/11 may be a prelude to a catastrophe of far greater dimensions.

4 3

Re: Petrodollar further analysis - Putin buying gold with “little fanfare, but on a large scale”
by Zenaan Harkness 27 Feb '16

27 Feb '16

Further, I found this a good read: http://sputniknews.com/russia/20160226/1035375018/russia-gold-reserves-incr… Against the Dollar? What Russia’s Increase of Bullion Reserves Could Mean 10:30 26.02.2016(updated 10:52 26.02.2016) Get short URL 11643350 Russia seems to be launching a silent attack on the supremacy of the dollar and the Western countries, as President Putin is buying gold with “little fanfare, but on a large scale”; as there is no evident economic reason for such an increase, the move will provide Russia with an insurance against crises, according to German media. “It is a silent attack on the supremacy of the dollar,” states German newspaper Die Welt, referring to Russia’s recent increased resupply of its gold reserves. The outlet notes that “it is a declaration of independence, proclaimed in secret.” ( Bank bar manufacturing line opens at Yekaterinburg Plant ( © Sputnik/ Pavel Lisitsyn ( Can Russia's Big Gold Hedge Save the Ruble? “Russian President Vladimir Putin is buying gold at the moment — with little fanfare, but on a large scale,” it says, noting that in January alone Russia’s gold reserves increased by 20 metric tons. Russia’s stock now stands at more than 1,300 tons, it adds (according to statistics portal Statista, as of February 2016, it is already almost 1,400 tons — 1,392,9). “While politicians fear a new Cold War between Moscow and the West, it has already begun in the financial sector,” the newspaper further states. It also explains that there are no evident economic reasons for such an increase, therefore it might be also an attack on the supremacy of the reserve currencies of America and Europe. “One who buys gold reduces the dominance of the Western currencies,” the newspaper states. ( Yekaterinburg Non-Ferrous Metals Processing Plant ( © Sputnik/ Pavel Lisitsyn ( Putin's Payoff? Gold Surges Amid Stock Market Mayhem Since 2005, Russia’s gold reserves have nearly quadrupled, it says, adding that in the last twelve months they had grown by more than 200 tons. Ian Bremmer, an American political scientist specializing in US foreign policy and the president of Eurasia Group, a political risk research and consulting firm told the newspaper that money is often used as a financial weapon and in fact, Washington has used the dollar in the past to put pressure on Russia. Therefore the Russian head of state apparently wants to avoid such dependency in the future by using bullion reserves to insure against crises. The metal is recognized and is sought after worldwide, and its stockpile can’t be increased artificially. The newspaper also notes that there is only one country that is buying gold even more actively, and that is China. Its reserves now total nearly 1,600 tons (according to Statista — 1,762,3) – it ranks fifth globally, after the US, Germany, Italy and France. Russia comes sixth. Apparently, China also hopes to get rid of the dominance of Western reserve currencies.

1 1

Update: [tor-talk] How does one remove the NSA Virus off the BIOS Chip as described by Snowden in the ANT Program
by coderman 27 Feb '16

27 Feb '16

belated catch-up: - YES! i am still looking for anyone who kept the copies of taobios-v2.tar.bz2 downloaded on the 10th, 11th, or 13th and not the expected sha256sum as in https://lists.torproject.org/pipermail/tor-talk/2015-December/039678.html - this or some FOIAs or maybe *ahem* got peertech.org dedi burned; (~_~;) , shit rained - keys died in a fire... at least learning was enjoyed in large measure? *grin* [ see addendum. ] - if you didn't get the bios captures the first time, they are also now at: http://cubicmeteryhbozt.onion/taobios-v2.tar.bz2 L1-bios-readA.bin and L2-bios-readA.bin images have been submitted to VirusTotal, no hits. however, remember it is looking at UEFI code modules, and as discussed, both payloads take pains to avoid common BIOS forensic techniques - they're not rogue UEFI malmodules sitting in easy reach! :) - the FOIAs are, = Meta-FOIA: https://www.muckrock.com/foi/united-states-of-america-10/procnopenopes-2417… = New Req(FBI): https://www.muckrock.com/foi/united-states-of-america-10/keykeeperkomikal-2… = New Req(DoJ): https://www.muckrock.com/foi/united-states-of-america-10/keykeeperkomikalde… and list at ello still excellent, too: https://ello.co/ohj2eevi/post/SDNS4ZsILYAG_SQ8yMl9Ew … :P ... Addendum: the incident and response info: https://ello.co/ohj2eevi/post/AcOPfljWjTmfuFEkpc5Pbg , however it seems they've lost the 8 comments which contained the detailed updates. i can find archives in PDF if anyone cares? - the "signal" honey token service used to detect the TLS MitM is described here: https://ello.co/ohj2eevi/post/JwQUX_nGF4OhtaJXDySzjg . best regards, [ fwd is for posterity; with apologies by the megabyte, :o ] ---------- Forwarded message ---------- From: coderman <coderman(a)gmail.com> Date: Sun, 6 Dec 2015 19:31:28 -0800 Subject: Re: [tor-talk] How does one remove the NSA Virus off the BIOS Chip as described by Snowden in the ANT Program To: <PARTIED TO REMAIN NAMELESS...> are you going to take a look, at least? there is a write up, using rpi2: $ flashrom -r bios.bin -V -p linux_spi:dev=/dev/spidev0.0 . . . Found Winbond flash chip "W25Q64.V" (8192 kB, SPI). with the pre-built program (flashrom): flashrom-piprebuilt-0.9.8.tar.bz2 i show you binwalk diff, with a rogue storage area: < Scan Time: 2015-12-05 23:14:56 < Target File: L1-bios-readA.bin < MD5 Checksum: 26857cc3e814d5e924c133e961d1a993 --- > Scan Time: 2015-12-05 23:15:16 > Target File: L2-bios-readA.bin > MD5 Checksum: b47e3205e77e94b8f2e9400d4f915e76 9d8 < 806912 0xC5000 LZMA compressed data, properties: 0x5D, dictionary size: 16777216 bytes, missing uncompressed size ___________________________________________________________________________________________________________________________________ See also, https://jbeekman.nl/blog/2015/03/reverse-engineering-uefi-firmware/ and even take pictures for you to replicate, [ see attached ] don't you want to learn to fish, young padwan?

1 0

Instead of Apple tasking a coder to work on cracking that iPhone...
by Rayzer 27 Feb '16

27 Feb '16

FWIW I don't see how the feds can force Apple to assign an employee to do anything not in their job description without violating that employee's contract, or their civil rights, and writing code to crack phones isn't in any Apple job description, but tightening phone security is... This is getting interesting. -- RR "Through counter-intelligence it should be possible to pinpoint potential trouble-makers ... And neutralize them, neutralize them, neutralize them" Apple Is Said to Be Working on an iPhone Even It Can’t Hack By MATT APUZZO and KATIE BENNER FEB. 24, 2016 WASHINGTON — Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts. If Apple succeeds in upgrading its security — and experts say it almost surely will — the company would create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year’s San Bernardino, Calif., rampage. The F.B.I. would then have to find another way to defeat Apple security, setting up a new cycle of court fights and, yet again, more technical fixes by Apple. The only way out of this back-and-forth, experts say, is for Congress to get involved. Federal wiretapping laws require traditional phone carriers to make their data accessible to law enforcement agencies. But tech companies like Apple and Google are not covered, and they have strongly resisted legislation that would place similar requirements on them. “We are in for an arms race unless and until Congress decides to clarify who has what obligations in situations like this,” said Benjamin Wittes, a senior fellow at the Brookings Institution. Companies have always searched for software bugs and patched holes to keep their code secure from hackers. But since the revelations of government surveillance made by Edward J. Snowden, companies have been retooling their products to protect against government intrusion. Apple built its recent operating systems to protect customer information. As its chief executive, Timothy D. Cook, wrote in a recent letter to customers, “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.” But there is a catch. Each iPhone has a built-in troubleshooting system that lets the company update the system software without the need for a user to enter a password. Apple designed that feature to make it easier to repair malfunctioning phones. http://www.nytimes.com/2016/02/25/technology/apple-is-said-to-be-working-on…

7 17

Relevant technical info re Apple iPhone cryptosecurity
by Steve Kinney 26 Feb '16

26 Feb '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Verry interesting... "The CIA Campaign To Steal Apple's Secrets" By Jeremy Scahill and Josh Begley, published in The Intercept: https://tinyurl.com/p9wtmdf "These machines have two separate keys integrated into the silicon of their Apple-designed processors at the point of manufacture. The two, paired together, are used to encrypt data and software stored on iPhones and iPads. One, the User ID, is unique to an individual’s phone, and is not retained by Apple. That key is vital to protecting an individual’s data and — particularly on Apple’s latest devices — difficult to steal. A second key, the Group ID, is known to Apple and is the same across multiple Apple devices that use the same processor. The GID is used to encrypt essential system software that runs on Apple’s mobile devices." -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJWz010AAoJEDZ0Gg87KR0LE78QAIUPc8cfT7wkWUKuY1XcpewY FyuFOM2feDiQDcLCxDk0jgGISS+0G3V7lK+JRoN83LPrd0WiXKi2Ermp2VKMNkN/ G4FMTVkLE6b3VJ0yPYOjXGR0kFg8pHmBsxn6TTeHkefe7sNMijaq9lXaIQqRXqBA xXfyKGzbEwUaQW7AZB0gpS51HVMFA/NJpeGkfiJ/HxzQOHU8BoyXKHqvTEPryQEG wvncgg16w3NRIlpYP4RAbYCyqwAGZQ9wt98bZbl74zQO4oIm6a2eUVKpdu80ymk6 KKZXWO/28ujZ+Tdya5dppso1QheY4UUIkTfaExAsJZTVCZQA3Or6DCXKpt8w2+kv 0OxpfQ3XdSMfPZVwijvPIzp/qrD3cbyoOc4eUQWe7fQ8YaVZyiLtggH0ZT07XFiB BQ/gC3bAg2HHN01BhGMMQ84MwHTtqHyQJsxSWaQn2IK0hsAe1391Xk1yF23luw5/ TMuLXJ0GKDMMlT8CAdn3lpMzwG2mbU9igKmR9sZyz7jTRx710pCvxZOdfi4Ld0ru eNNguLdWg14iYFFkZqSj4qxwkscnhPT3Uub0Yh4MnTVa6Yh7Ud4Dw11x0+43HqO8 96cqArs8Hx9qj+7czaK73uRBerVYicfZwtwsmLOeDpUhFv3CEhC+t3X7T0al3sv6 185sCwU15KQpcsii4r9R =tvGR -----END PGP SIGNATURE-----

3 4

Re: [Cryptography] USG v. Apple, Apple Motion to Vacate Decrypt Order
by John Young 26 Feb '16

26 Feb '16

At 11:13 AM 2/26/2016, Henry Baker wrote: >If this interpretation of the All Writs Act is upheld, then the DOJ >will have to consult with the intelligence community prior to >compelling companies like Apple to decrypt phones. It would be quite >interesting for DOJ to publicly stipulate that NSA could (or could >not) break into iOS 8 or 9. This is truly a sticky wicket, since the >intelligence community is generally prohibited from working on >domestic issues. We asked for an opinion of Michael Froomkin, Law Professor at University of Miami, on Henry Baker's comments: https://cryptome.org/2016/02/can-spies-break-apple-crypto.htm

3 2

Re: [tor-talk] Fwd: Cryptopolitik and the Darknet
by Zenaan Harkness 26 Feb '16

26 Feb '16

On 2/25/16, eliaz <eliaz(a)riseup.net> wrote: > Elaboration: I said in my previous post that I never quite believed that > "there are more good than bad people." I think it's more to the point > of upgrading tor architecture to say that I don't feel comfortable > relying on "there are more good than bad people" as a justification for > the Tor Project's laudable aims. Regardless of numbers there *are* > people who will misuse tor, and the article gives good evidence that > those people are the ones who employ anonymous content platforms. - eliaz There is a principle: to give up anonymous publishing for the ~2% of bad actors, you will give up that right for the rest of us as well. Same goes for other rights, not just anonymity. By allowing people to drive on public roads, we accept that occasionally some nutcase will also drive on the roads, run down a pedestrian or cop and or cause a lot of damage to property. It's part of the bargain. Then some people will suggest "time for full time GPS tracking of all vehicles, you know, to stop the crazies", thereby giving up our right to anonymous travel. Once again, you will not stop the crazies, and you give up a basic right, something fundamental to being human, to being in society/ community. There's probably a fancy logical name for this "bad bargain" that "well meaning" humans seem to always want to make. Somehow they are wired differently to me and many others on this list. You see I always ask another question immediately to the thought or suggestion to "give up a liberty" (e.g. anonymous publishing, private phone calls, anonymous travel, pseudonymous travel, freedom of thought, etc), and that question I always ask is "do we lessen our humanity by treating ourselves as children, with cotton wool gloves?" Guns, knives, cars and communication are topical examples these days. I find it mind bending, but some folks actually think mandatory registration, rego plates and licensing, is a great idea for bicycles - you see, some folks on bikes have run into pedestrians, ride fast on footpaths, and if they're being chased on foot by police they can get away, not to mention how dangerous they are to the rider, there's just so many problems with bicycles we could probably raise a good argument to ban them completely - perhaps a govt buy back scheme and a govt financial compensation scheme for stationary exercise bikes to compensate for the health problems which would statistically arise due to the reduction in exercise of the population when bicycles are banned. These are serious problems. We must not be flippant about the dark dangers of cyclists traveling anonymously and dangerously, not to mention their rogue machinery!

3 2