PILIGER article: ASSANGE - Epic Struggle For Justice

SPECIAL FEATURE 31 Jul 2015 Julian Assange: The Untold Story Of An Epic Struggle For Justice By John Pilger This is an updated version of John Pilger’s 2014 investigation which tells the unreported story of an unrelenting campaign, in Sweden and the US, to deny Julian Assange justice and silence WikiLeaks. FULL ARTICLE @ SOURCE: https://newmatilda.com/2015/07/31/julian-assange-untold-story-epic-struggle-justice --------------------- COMMENT Another great article, and an excellent overview of what's going on.

Business Insider - "British spies are officially setting the standard for fighting hackers"

British spies are officially setting the standard for fighting hackers Business Insider Alastair Stevenson, Business Insider Jul. 29, 2015, 7:27 AM 13 UK big ben union flag jack umbrellaREUTERS/Luke MacGregorBritish spy standards have gone international. A pilot scheme for the UK government’s cyber security training initiative has launched in the US, Canada, Australia and New Zealand – meaning British spies are now setting the international standard for fighting hackers. The scheme will be run by the Communications-Electronics Security Group (CESG), the information security arm of the GCHQ. It is an extension of the CESG's ongoing UK Certified Professional (CCP) scheme. The UK scheme launched in October 2012 and is designed to ensure security professionals meet a quality benchmark set by the CESG, assuring potential hirers of their anti-hacker abilities. The scheme ranks professionals at three levels of competency: Practitioner, Senior Practitioner, and Lead Practitioner. To date, the scheme has accredited 1,200 UK professionals in a variety of roles, including penetration testers and crypto custodians. Penetration testers are hackers companies hire to find holes in their defences. Crypto custodians are professionals that manage companies' use of encryption. Encryption is a security technology that scrambles digital information using specialist mathematics. It makes it so only people in possession of a specific unlock key or password can read the encrypted information. The pilot international scheme will be limited to security and information risk advisors (SIRA) and IA architects – the people who advise companies on how to protect their data and design their information security systems. The new US, Canada, Australia and New Zealand tests will be run by the APMG International examination body and CESG. BUSINESS INSIDER - VIA http://www.techinsider.io/gchq-has-expanded-its-security-training-scheme-to-run-in-the-us-canada-australia-and-new-zealand-2015-7 --------------------- COMMENT Thought this was interesting, but now I'm not that sure.  LOL IA = information assurance APM Group Ltd (APMG) =  global accreditation body, UK based (offices all over) More:  CCP - 'CESG Certified Professional' http://apmg-cyber.com/products/ccp-cesg-certified-professional

Google Compute Engine - Cloud Computing & Customer Held Encryption Keys / Red Herrings

Google has just done something that’s going to annoy the US and UK governments Business Insider     Alastair Stevenson, Business Insider     Jul. 29, 2015, 11:15 AM    2 UK Prime Minister David Cameron is not going to like this. Google has rolled out a security service for its business customers that could put a serious downer on the UK government’s plans to increase law enforcement’s surveillance powers. The service was revealed by Google product manager Leonard Law in a blog post and is currently in beta form. It will let businesses running the company's Google Compute Engine create their own encryption keys. Encryption is a security technology that scrambles digital information using specialist mathematics. It makes it so only people in possession of a specific unlock key or password can read the encrypted information. Google’s move may not sound like a big deal to people outside the technology community, but the implications for the move are pretty massive. What the Google Compute Engine is Google’s Compute Engine is the basis of the company's cloud computing platform. Cloud computing is a special type of technology that uses a network of remote servers hosted on the internet to run computer processes traditionally done on a device’s internal hardware. In theory, this means cloud computing customers can get high-powered computer performance, or run complex tasks beyond normal hardware’s capabilities without having to buy lots of equipment. As well as Google, which uses the tech to power many of its own services, such as YouTube, numerous big-name companies including Coca Cola, Best Buy, Rovio, Avaya and Ocado also use the Compute Engine. How it links to government surveillance The widespread use of Google’s cloud tech means it handles vast amounts of  user data. Data running through the platform can include things like customer records, account information and, at times, the user's geographic location. PRISM documents leaked by Edward Snowden in 2013 revealed intelligence agencies, such as the NSA and GCHQ, have been siphoning vast amounts of web user information from Google's cloud platform – as well as many other cloud service providers. The move makes sense, as the Compute Engine’s large customer base lets the agencies collect data from multiple companies and services from one central source. A game of cat and mouse Google already encrypts services running through its Compute Engine by default. This partially protects customers as it means agencies like the NSA or GCHQ cannot read the data without knowing which encryption key was used. However, the tactic is not foolproof, as the NSA and GCHQ can use legal requests, such as letters sent under the US Foreign Intelligence Surveillance Act (FISA), to force Google to unlock or hand over unencrypted copies of the data. This issue was set to get even worse in the UK and US as both governments have hinted at plans to make it easier for law enforcement and intelligence agencies. Law enforcement agencies within the US have been lobbying for the US government to control business use of encryption since the PRISM leaks emerged. FBI director of counter-terrorism Michael Steinbach warned lawmakers that strong encryption technology allows terrorists "a free zone by which to recruit, radicalize, plot and plan," in June. UK prime minister David Cameron has hinted at plans to hamper the use of encryption. Cameron told Parliament he wants to "ensure that terrorists do not have a safe space in which to communicate," on June 6. How companies having their own keys will hamper surveillance Experts within the security community have argued that Google’s move will cause problems for the UK government’s plans. FireEye global technical lead Simon Mullis explained to Business Insider this is because it will make it so Google won’t be able to decrypt the data, even if ordered to. “Essentially the access to, ownership and management of the keys used to encrypt all data within Google Cloud is now handled by the end-customer," he said. "[This will] make it harder for any external agencies such as law enforcement or intelligence services to gain access to the decrypted data as there are fewer parties [people able to unlock the data] involved.” As a result, if law enforcement wanted access to the encrypted Compute Engine data, they would have to mount individual requests to each customer, a practice that would slow their surveillance operations. Business Insider has reached out to the UK Prime Minister's press team for comment on how custom encryption keys will impact Cameron's plans. Google is one of many technology companies working to fight the UK and US government’s surveillance plans. A group of 140 companies, including Google, Microsoft, Apple and Facebook, sent an open letter to President Obama in May urging him to reject the encryption proposals, fearing they would damage the US economy. Apple CEO Tim Cook claimed law enforcement’s hostility towards encryption is dangerous in June. SOURCE http://www.techinsider.io/google-has-offered-compute-engine-customers-advanced-encryption-powers-2015-7 --------------------- COMMENT 'Terrorists' is the big stick / leverage go-to for governments to demand access. If I were a company, I would prefer complete control of my own data.  Relying on cloud computing doesn't appeal, even though it may be cheaper.  And why would you trust any company that can unencrypt your data?  But I guess the advantage might be in passing the buck.  As in, if data is compromised, you can maybe blame it on the third party cloud host & they get lumped with compensation payouts? This is a good companion article regarding encryption offerings:   The Red Herring of Digital Backdoors and Key Escrow Encryption Bill Blunden EXTRACTS By concentrating on key escrow the CEOs of Silicon Valley are able to conjure up the perception of an adversarial relationship with federal agencies. This is absolutely crucial because tech companies need to face the public wearing a white hat. In the aftermath of the PRISM scandal, where C-suite types were caught colluding with the government on a first-name basis, American executives are frantically trying to convince people on behalf of quarterly revenue that they’re siding with consumers against spying. An interesting but fundamentally flawed narrative, given how much economic espionage the government conducts and how much spying corporate America does. Who do you think benefits from this sort of mass surveillance? All told it’s likely that private sector involvement henceforth will transpire off stage. Far removed from the encryption debate. Rather than forgo the benefits of aggressive spying, CEOs will merely conceal their complicity more deeply while making lots of noise for rubes about encryption. In this sense zero-day bugs offer the added benefit of plausible deniability. That is, backs doors based on zero-day bugs are vital spy tools that masquerade as mere accidents. Only fitting, one might conclude, as spies and magicians are kindred spirits performing artful tricks that beguile more susceptible members of the audience. http://www.counterpunch.org/2015/07/29/the-red-herring-of-digital-backdoors-and-key-escrow-encryption/ I really like this guy's articles.

Tor Vulnerability - Traffic Analysis Identifies Guard Servers

Vulnerability could make Tor, the anonymous network, less anonymous     by  Barb Darrow     @gigabarb July 29, 2015, 5:27 PM EDT The bad news; MIT and QCRI researchers found a vulnerability in the Tor network. The good news: they also found a fix. The Tor network—used by activists, journalists, law enforcement, and yes, criminals—is famous for cloaking web surfers’ identities and locations. And, apparently, it contains a vulnerability that poses a risk to all that protective anonymity, according to researchers at MIT and the Qatar Computing Research Institute (QCRI). The good (or bad) news—depending on how you view Tor— is they say they’ve also come up with a fix to the problem that they will demonstrate at the Usenix Security Symposium next month, according to an MIT News story “Shoring up Tor.” An estimated 2.5 million people—including journalists, political activists, terrorists or just consumers who don’t want to share their browsing histories with Facebook or other commercial entities—use Tor daily. And that is why the network is of keen interest not only to “repressive” regimes like Russia and Iran but to governments a lot closer to home, including our own. Not to put too fine a point on this, but one person’s activist could be another person’s terrorist, but I digress. DigitalTrends has a good description of the Tor basics:     Tor works by anonymizing the transport of your data. Like an onion, Tor encrypts the data you send through the web in multiple layers. Your data is then “relayed” through other computers. Each relay sheds one layer then finally arrives at the source in full form. The software bounces users around a network of open connections run by volunteers all over the globe. This prevents people from spying on your Internet connection and discovering sites you visit. Tor scrambles information that could pinpoint your exact physical location. By using a Tor-configured browser, the user enters her request, and it is automatically swaddled in those encryption layers and is sent it to the next, randomly chosen machine that runs Tor. This machine, called “the guard,” peels off the first encryption layer and forwards the still-masked request on until it finally reaches a randomly chosen “exit” machine that strips off the final layer encryption to reveal the destination. Only the guard machine knows the sender and only the exit machine knows the requested site; no single computer knows both. The network also offers “hidden services” that enable an activist to aggregate sensitive news reports and make them available to select users, but not the world at large. That is, the archive is not searchable or available on the public Internet. The creation of those collection points, which involves the building of what Tor calls a “circuit” of machines, offered the researchers a way to snoop on Tor. By connecting a ton of their own machines to the network and then analyzing traffic, they were able to identify likely guard machines. From the MIT report:     The researchers showed that simply by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99 percent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit. Breaking Tor’s encryption wasn’t necessary.     Furthermore, by using a Tor-enabled computer to connect to a range of different hidden services, they showed that a similar analysis of traffic patterns could identify those services with 88 percent accuracy. That means that an adversary who lucked into the position of guard for a computer hosting a hidden service, could, with 88 percent certainty, identify it as the service’s host. The researchers, including Albert Kwon, an MIT graduate student in electrical engineering and computer science, and Mashael AlSabah, assistant professor of computer science at Qatar University, and a QCRI researcher, said the fix lies in obscuring data traffic patterns to and from the guard machines in a way that renders such “traffic fingerprinting” ineffective. If the network sends around enough dummy packets so that all the data sequences look the same to prying eyes, problem solved, and anonymity remains safe. SOURCE http://fusion.net/story/175068/sorry-the-way-you-type-is-exposing-your-identity-online-even-if-youre-browsing-anonymously/ --------------------- COMMENT Tor anonymity browser: search/request via Tor browser, wrapped in encryption layers first server = random 'guard' server (knows where request came from) next server = does not know location of request or request final server = random 'exit' server knows the request no single server knows both location & search/request runs data via network of open connections / servers run by volunteers all over globe  So: scrambles info that could pinpoint your physical location anonymises the transport of your data encrypts the data you send (& relays through the web in multiple layers) each relay sheds one layer relay finally arrives at source in full form Thought this was interesting.  Imagine the Tor people are adapting to the fake packet fix, whatever that is.   My reference to 'server' should probably read 'node' in the Tor network, I would think.  ------- ------- ------- Data transferred by computer is sent via 'packets'.  Due to size constraints, data sent out is broken up and reassembled at the destination. TCP / IP TCP/IP protocols guide how data is sent TCP = Transmission Control Protocol (reliability of data / checks data for errors & resends if required)  IP = Internet Protocol (more direct 'step closer' transmission of data) TCP/IP = two separate protocol - used together Most common TCP/IP protocols: HTTP  - b/w client (ie browser) & server / non-secure data transmissions HTTPS - b/w client & server / SECURE data transmissions - eg. credit card transaction data or other private data   FTP - b/w two or more computers:  one computer sends data to (or receives data from) another computer DIRECTLY. web client =  browser web server = receives client/browser requests & relays data back to web client/browser These are just notes for my benefit.  Hoping I have the info. straight.  LOL    --------------------- MORE MIT researchers figure out how to break Tor anonymity without cracking encryption http://www.extremetech.com/extreme/211169-mit-researchers-figure-out-how-to-break-tor-anonymity-without-cracking-encryption Researchers mount successful attacks against Tor network—and show how to prevent them http://phys.org/news/2015-07-mount-successful-tor-networkand.html

Cybersecurity: Darktrace

British cyber company Darktrace ramps up D.C. presence, investors take notice  By Aaron Gregg July 26 at 5:57 PM Follow @Post_AG Washington has always been a government town. But in recent years, the economic pinch of sequestration and other federal cutbacks has many local business leaders wondering where the next source of revenue will come from. Many see cybersecurity as a possible path away from government dependency, hoping that experts from the region’s intelligence community can find ways to sell their expertise to multi-national corporations that want to shore up their data. Darktrace, a Britain-based cybersecurity company that tries to spot internal threats by applying big data analysis to employees’ behavioral patterns, is one of the upstarts seeking to turn the region’s indigenous intelligence know-how into a commercial operation. The company announced Wednesday that it closed a $22.5 million round of financing from Summit Partners, a prominent venture capital firm. The company says it will use the capital to continue expanding its international footprint, hiring sales and marketing people to help broaden its customer base. Last month, the young firm opened a cyber operations center in Columbia, Md., to give it closer proximity to the wealth of talent sitting next door at the National Security Agency. “We’re taking the know-how that people from government agencies like the FBI, CIA and NSA have, and helping people in the commercial private sector to identify threats,” chief executive Nicole Eagan said. Eagan said the company’s plan is to approximate the so-called five eyes of the international spy community — a collaboration of government intelligence agencies from New Zealand, Australia, Britain, the United States and Canada — and sell it to the private sector. Right now Darktrace has offices in all five locations. “When you start to realize that cyber is a global problem, a cyber-threat can originate in one part of the world and culminate in another part of the work,” Eagan said. The company employs about 100 people, but its workforce is spread across 16 cities on four continents, with plans to expand into Latin America. [Related: Founded by spies and mathematicians, Darktrace isn’t your typical cyber-security firm] The company was founded two years ago by a union of Cambridge mathematicians and NSA veterans, with the help of close to $10 million in seed funding from Invoke Capital, a British venture capital firm backed by Mike Lynch, founder of British IT company Autonomy. Darktrace is one of many firms trying to spot data breaches in real time. The company’s Enterprise Immune System technology uses complex mathematical algorithms to take a behavioral “fingerprint” of each company’s day-to-day operations, created from seemingly mundane details such as when particular people tend to log in to certain systems and what they do there, where they work from and from what computer they log in. When something looks out of the ordinary, the company is notified in real time, and management gets a weekly update on the biggest threats it needs to worry about. “What Darktrace offers is an intelligent platform which learns what normal behavior is, and picks out what is unusual,” said Dan Raywood, an information security analyst at IT consultancy 451 Research. After spending a few years honing its product with early testers that included BT Group, a British telecommunications corporation, the company said it is done with research and development and is now focusing its efforts on getting to market. Today, Darktrace works with more than 100 corporations worldwide. It takes on customers by offering them a 30-day free trial, after which they are asked to commit to a three- or four-year contract. The company said more than 80 percent of the companies that try the free trial sign a contract. Darktrace declined to provide details of its financial performance. The company is operating in a crowded field with new firms popping up every day. “Whilst not totally unique, Darktrace has an interesting proposition at a time when spotting the anomaly is a key trend,” Raywood said.  Aaron Gregg covers the local economy for Capital Business, the Post’s local business section. He studied music (Jazz guitar) and political science at Emory University in Atlanta, and has a graduate degree in public policy from Georgetown. SOURCE http://www.washingtonpost.com/business/capitalbusiness/british-cyber-company-darktrace-ramps-up-dc-presence-investors-take-notice/2015/07/26/0fbef782-316d-11e5-97ae-30a30cca95d7_story.html --------------------- COMMENT LOL .. wonder if this is CIA venture capital? Cambridge makes me think of Cambridge Five and NSA's the mass surveillance mob that's been spying on European corporations and politicians. So is this some kind of UK intel meets US intel off the grid (and therefore opaque) Five Eyes clone?  Govt intelligence agencies aren't exactly transparent, so it probably hasn't got anything to do with being 'opaque'.  Maybe it's about having some legit cover, while keeping close tabs on big business? Or, .... I've got an over-active imagination.  LOL --------------------- Founded by spies and mathematicians, Darktrace isn’t your typical cybersecurity firm "... part of a contingent of cybersecurity executives accompanying British Prime Minister David Cameron on his recent trip to Washington, where the two countries announced the launch of a joint cyber-sharing initiative." http://www.washingtonpost.com/business/on-it/founded-by-spies-and-mathematicians-darktrace-isnt-your-typical-cybersecurity-firm/2015/02/15/eb71787e-b079-11e4-886b-c22184f27c35_story.html

Trade in Services Agreement (TiSA)

TiSA – the new trade deal being kept under wraps Tony Burke The deal would enable corporations to monopolise entire sectors, such as telecoms and communications Earlier this month I wrote about Obama’s plans to fast track TTIP. Now, the WikiLeaks publication of seventeen documents related to the proposed TiSA trade deal has shone a welcome light on the secrecy surrounding negotiations on this trade deal. Although an outline of the plan has been in discussion for over a year it has remained secret, with the documents supposedly due to remain classified for five years. The Trade in Services Agreement (TiSA) has been around since 2013. Discussions are taking place between the USA, the EU and twenty-two other nations including Canada, Mexico, Australia, Israel, South Korea, Japan, Norway, Switzerland, Turkey, and many others across South America and Asia. Twelve of the G20 nations have a place at the table, and it has been extended to include Brazil, Russia, India and South Africa. Like TTIP, CETA, and TPP, the TiSA deal would turbo-charge global trade this time in ‘services’, which includes air and maritime transport; parcel delivery; e-commerce; telecommunications; accounting; engineering; consulting; health care; private education; and financial services – around 80 per cent of the US economy. Like the other deals, TiSA is veiled in secrecy but the leaked documents show that that it would restrict the ability of sovereign governments to manage their own legislation. This would be done through a regulatory cap limiting regulation of services at all levels from national to local government level. Using ‘standstill’ clauses, TiSA will be able to stop new laws being passed, and prevent new professional licensing, new or amended qualifications or technical standards being enacted. And like TTIP it has a ‘ratchet’ clause, which would make decisions made under TiSA irreversible. Experts also say the TiSA text is almost incomprehensible unless you are a trade lawyer.  However, it appears that foreign corporations must receive the same ‘national treatment’ as domestic companies; that regulations cannot be ‘more burdensome than necessary to ensure the quality of the service’ and no restrictions can be placed on foreign investment. This would allow corporations to monopolise entire sectors such as telecoms and communications. Public services, including telephone and postal services, would be broken up or forced into competition with foreign service providers. The United States and EU have said that that these regulations need not be permanent, but they also ‘noted the important complementary role of the private sector in these areas to improve the availability and diversity of services’. Catch 22 again! Corporations would also be able to use secret courts similar to the investor-state dispute settlement (ISDS) process in TTIP, TPP and CETA where they can demand compensation equal to ‘expected future profits’ lost through violations of the ‘regulatory cap’. Experts have warned that if TiSA comes into force, governments would be helpless to stop ‘financial innovation’ – including the type of behaviour which brought about the collapse of the banks in the US and the EU in 2007- 2008. Switzerland, that bastion of transparency, has proposed that TiSA must allow ‘any new financial service’ to enter their market. Regulations designed to protect investors and savers are ‘allowed’, but they ‘must not act contrary to TiSA rules’. A win-win situation for the banks! Financial services suppliers will also be able to use individual client data regardless of national privacy laws. And what of employment protections and workers’ rights? Well, although there is still a lack of clarity it appears that TiSA would classify migrant workers as ‘independent service suppliers’. This would apply not just to professionals such as architects, vets, engineers, accountants, designers and IT consultants, but to other migrant workers like nurses and care workers, who would be classed as ‘service suppliers’ with no employer-employee relationship. TiSA will put corporations before governments on every occasion, and as with TPP and TTIP the US president will have ‘fast track’ authority to push TiSA through the US legislature without line-by-line scrutiny. Rosa Pavanelli, general secretary of Public Services International (the global trade union umbrella body for public service workers) criticised “The irony of the text containing repeated references to transparency, and an entire Annex on transparency requiring governments to provide information useful to business, being negotiated in secret from the population exposes in whose interests these agreements are being made”. Larry Cohen, outgoing president of Communication Workers of America, said: “This is as big a blow to our rights and freedom as the Trans-Pacific Partnership, and in both cases our government’s secrecy is the key enabler.” Tony Burke is Assistant General Secretary of Unite responsible for manufacturing. He is a member of the TUC Executive Committee and General Council, the Labour Party National Policy Forum, Trade Union co-ordinator for the Morning Star newspaper and chair of the Campaign For Trade Union Freedom. He also contributes to Tribune, the Morning Star, The Manufacturer, the TUC’s Stronger Unions website and blogs at his own Power In A Union. SOURCE http://leftfootforward.org/2015/07/tisa-the-new-trade-deal-being-kept-under-wraps/ --------------------- COMMENT TiSA sounds as bad news as the TPP, so why would any responsible government enter into this?  Stand by for being screwed by corporations generally, as well as foreign corporations.

the dancer

PJ HARVEY the dancer  (acoustic version) [source: here] Like this quite a lot. Other PJH stuff is fascinating & quite compelling, but most of it is too intense & too jarring for me.