We begin with a twofer from Reuters:
South African spooks red-faced from latest spy data leak
A mass leak of South African espionage secrets will cause many foreign agencies to think twice before sharing information with Pretoria, hampering its efforts to walk a delicate diplomatic tightrope between East and West, experts said on Tuesday.
Britain’s Guardian paper and Gulf TV channel Al Jazeera said they had obtained hundreds of dossiers, files and cables from the world’s top spy agencies to and from South Africa, dubbing it “one of the biggest spy leaks in recent times”.
“A leak like this affects the credibility of the agencies and how they cooperate,” said Mike Hough, a retired professor from Pretoria University’s Institute for Strategic Studies. “It could lead to the termination of certain projects.”
From Al Jazeera, something many journalists have assumed for a half century:
Spy cables: Israel airline used as intelligence ‘front’
Leaked documents reveal South Africa challenged Mossad over alleged clandestine security operations under El Al cover.
Secret cables obtained by Al Jazeera’s Investigative Unit confirm that South Africa’s spy agencies concurred with allegations that Israel uses its flag-carrier, El Al Airlines, as cover for its intelligence agencies.
Leaked documents from South Africa’s intelligence agency support claims made on a 2009 South African television programme by a former El Al employee-turned-whistleblower.
Despite official Israeli denials, the whistleblower’s claims prompted an emergency meeting between senior officials from both sides, as well as a separate note of enquiry from Canada’s intelligence agency.
Another leak, via the Guardian:
Spy cables: Greenpeace head targeted by intelligence agencies before Seoul G20
South Korea’s intelligence service requested information about South African activist Kumi Naidoo in runup to leaders’ meeting in 2010
The head of Greenpeace International, Kumi Naidoo, was targeted by intelligence agencies as a potential security threat ahead of a major international summit, leaked documents reveal.
Information about Naidoo, a prominent human rights activist from South Africa, was requested from South African intelligence by South Korea’s National Intelligence Service (NIS) in the runup to a meeting of G20 leaders in Seoul in 2010.
He was linked in the intelligence request with two other South Africans who had been swept up in an anti-terrorist raid in Pakistan but later released and returned to South Africa.
And from Al Jazeera, faults revealed:
Spy Cables expose S Africa’s alarming security failings
Secret documents reveal an array of security lapses and flaws within South African government and intelligence.
South African government and security agencies have left secrets exposed at every level and foreign spies have access to all areas of government, according to Intelligence documents obtained by Al Jazeera’s Investigative Unit.
A secret security assessment by South African intelligence says foreign espionage is booming, with more than 140 foreign spies estimated to be operating in South Africa – and that the South African state is doing a poor job of protecting itself.
They are thought to have gained access to government departments, ministries and “even the presidency” and are suspected of breaking into nuclear power plants, stealing military blueprints and hacking computers.
The report slams poor security awareness among civil servants, who regularly failing to observe the most basic procedures, leaving classified information unlocked and failing to adequately vet new recruits.
From the Los Angeles Times, a major security fail:
State Department official arrested, suspected of soliciting sex from minor
A senior State Department official who oversees counter-terrorism programs has been arrested on suspicion of of soliciting sex from a minor, authorities in Virginia said late Tuesday.
Daniel Rosen was arrested at his home in Washington, D.C., just after noon and is being held in the city’s jail on suspicion of use of a communications device to solicit a juvenile, said Lucy Caldwell, spokeswoman for the Fairfax County Police Department.
According to his LinkedIn profile, Rosen, 44, is the director of counter-terrorism programs and policy for the State Department. Police said they have notified the State Department of his arrest.
A kindred failure across the pond, via the London Telegraph:
Sir Malcolm Rifkind to step down as MP and resigns from security committee
Tory MP Sir Malcolm Rifkind is to step down as an MP at the General Election and has also resigned as chairman of the Parliamentary Intelligence and Security Committee
Sir Malcolm Rifkind, the Conservative MP embroiled in cash for access allegations, is to step down as an MP at the General Election and has also resigned as chairman of the Parliamentary Intelligence and Security Committee.
Sir Malcolm was suspended by the Conservative Party pending an internal investigation on Monday after telling undercover reporters from The Telegraph and Channel 4’s Dispatches that he would use his position as a politician to help a fictitious Chinese company.
His decision to stand down as the Conservative MP for Kensington means there will be a contest for one of the Conservative Party’s safest seats.
The Guardian exposes a case of Chicago P.D. reality rising to film noir levels:
Chicago’s Homan Square ‘black site’: surveillance, military-style vehicles and a metal cage
This building looks innocent enough. But those familiar with the secretive interrogation and holding facility describe a shocking display of police abuses
From the outside, you have to concentrate to realize Homan Square is a police facility. At first glance, it’s an unremarkable red brick warehouse, one of a handful on Chicago’s west side that used to belong to Sears Roebuck, complete with roll-up aluminum doors. No prominent signage tells outsiders it belongs to the police. The complex sits amidst fixtures in a struggling neighborhood: a medical clinic, takeout places, a movie theater, a charter school.
But a look at what surrounds the warehouse gives clearer indications of Homan Square’s police business. The yellow barrier for cars at the street checkpoint. The vans in the motor pool marked Chicago Police Forensic Services parked next to the unmarked cars. The black-and-white checkered door to match the signature pattern on Chicago police hats. The floodlights on the roof. The guy with a gun walking outside and smoking a cigarette in a black windbreaker with POLICE written on the back.
Over the years Homan Square has formed a backdrop for high-profile drug seizures, where Chicago officials or cops display cocaine, marijuana and guns taken off the street. The rock group Portugal.The Man reportedly sent Homan Square detectives three dozen doughnuts – plus croissants and danishes – in gratitude for helping the band recover stolen music equipment.
But its interrogations function is less well known, even to close observers of Chicago police. Anthony Hill, an attorney, said he once made it into Homan Square, to the surprise of police, and said he saw “four, five cells,” describing it as a “bare-bones police station.
“When I got in, they were so shocked I was there they didn’t know what to do with me,” he said.
The Hill takes a profitable spin through the revolving spooky door:
NSA staffers rake in Silicon Valley cash
Former employees of the National Security Agency are becoming a hot commodity in Silicon Valley amid the tech industry’s battle against government surveillance.
Investors looking to ride the boom in cybersecurity are dangling big paydays in front of former NSA staffers, seeking to secure access to the insider knowledge they gained while working for the world’s most elite surveillance agency.
With companies desperate to protect their networks against hackers, many tech executives say the best way to develop security products is to enlist the talents of people who have years of experience cracking through them.
“The stories he could tell,” venture capitalist Ray Rothrock recalled about his meetings with a former NSA employee who founded the start-up Area 1 Security. “They come with a perspective that nobody in Silicon Valley has.”
From the Verge, from their resumes:
The NSA’s SIM heist could have given it the power to plant spyware on any phone
Last week, The Intercept published shocking new documents detailing a campaign by US and UK spies to hack into the SIM manufacturer Gemalto, stealing crucial encryption keys that protect and authenticate cellphone signals. But while it was clearly a major attack, I had a hard time seeing the operational benefits for the world’s spy agencies. SIM encryption only protects calls between your phone and the cell tower, which means any would-be surveillers would need to stay within a mile of the target. It’s also puzzling because carriers are often happy to hand over all their data with a blanket court order. Why would the GCHQ go to so much trouble for access to data they mostly already have?
But in the days since the report published, there’s been concern over an even more frightening line of attack. The stolen SIM keys don’t just give the NSA the power to listen in on calls, but potentially to plant spyware on any phone at any time. Once the stolen keys have bypassed the usual protections, the spyware would live on the SIM card itself, undetectable through conventional tools, able to pull data and install malicious software. If the NSA and GCHQ are pursuing that capability, it could be one of the biggest threats unearthed by Snowden so far.
Our earlier report focused on the Ki keys, used to encrypt traffic between the phone and the tower — but this new attack uses a different set of keys known as OTA keys, short for “over-the-air.” Each SIM card gets its own OTA key, typically used to remotely install updates. Manufacturers can send a binary text message directly to the SIM card, and as long as it’s signed with the proper OTA key, the card will install the attached software without question. If those keys were compromised, it would give an attacker carte blanche to install all manner of spyware. Researcher Claudio Guarnieri, who’s researched the Snowden documents extensively, says the OTA keys could make the Gemalto heist the most important news to come out of the documents so far. “It’s scary,” Guarnieri says. “If the NSA and GCHQ have obtained a large quantity of OTA keys, we’re facing the biggest threat to mobile security ever.”
From the Guardian, real class-y AT&T:
AT&T is putting a price on privacy. That is outrageous
Poor customers should not have to choose between being spied on and forking over money
Imagine if the postal service started offering discount shipping in exchange for permission to scan every letter you receive and then target you with junk mail based on the contents of your personal mail.
One of the largest telecommunications companies in America, AT&T, is doing just that for customers of its super-fast gigabit broadband service, which is rolling out in select cities. Though a few months ago, it dropped the use of an undeletable “supercookie” that tracked subscribers’ web browsing activity, AT&T reportedly plans to track and monetize its broadband customers’ internet activity – “webpages you visit, the time you spend on each, the links or ads you see and follow, and the search terms you enter” – to deliver targeted “ads online, via email or through direct mail”.
The tracking and ad targeting associated with the gigabit service cannot be avoided using browser privacy settings: as AT&T explained, the program “works independently of your browser’s privacy settings regarding cookies, do-not-track and private browsing.” In other words, AT&T is performing deep packet inspection, a controversial practice through which internet service providers, by virtue of their privileged position, monitor all the internet traffic of their subscribers and collect data on the content of those communications.
What if customers do not want to be spied on by their internet service providers? AT&T allows gigabit service subscribers to opt out – for a $29 fee per month.
After the jump, ghoulish corporate vultures follow our health concerns online, a Dutch university occupation evicted, Germans lose faith in democracy, the Anthem health data breach scope widens, widespread ongoing hack points persist in many aps, denial of service attacks target Google in Vietnam, on to the Mideast and an Assyrian Christian army mobilizing to fight ISIS, a Saudi apostasy death sentence, a Pakistani cell phone fingerprint requirement, pushing for a North Korean nuclear surrender, China raises NATO hackles with a missile sale to Turkey, Hong Kong delegates to the Beijing legislature call for a crackdown, Shinzo Abe aims for more power for military commanders, more Okinawan anger over an American military base move, and a Japanese human rights downgrade. . .
Profitable ghoulishness, via Al Jazeera America:
The CDC knows what ails you — and now, so do many others
Perhaps it will not come as a big surprise to learn that the highly trafficked, for-profit medical information site WebMD keeps track of your search terms and then makes some of the information available to third-party vendors. It’s kind of like what the term “for profit” means. But how about one of the other top hits for health-related searches, the Centers for Disease Control? That’s a non-profit government agency — they don’t provide information to marketing interests, right?
Wrong.
Tim Libert, a researcher at the University of Pennsylvania, analyzed the top 50 search results for a couple thousand common diseases and discovered 91 percent of the pages that popped up made so-called “third-party requests” to outside organizations. “That means when you search for ‘cold sores,’ for instance, and click the highly ranked ‘Cold Sores Topic Overview WebMD’ link, the website is passing your request for information about the disease along to one or more (and often many, many more) other corporations,” reports Brian Merchant at Motherboard.
But it also means something similar is happening when you look up something on what seem like more secure or, at least, less nakedly capitalist sites like the Mayo Clinic, Planned Parenthood or, yes, the CDC. “This isn’t because [any of those places] is intending to do anything nefarious,” writes Merchant, “it’s just because they’ve installed convenient free software.”
Motherboard explains it like this: “Let’s say you make a search for ‘herpes.’ Plugging that query into a search engine will return a list of results. Chances are, whatever site you choose to click on next will send information not just to the server of the intended site — say, the Centers for Disease Control, which maintains the top search result from Google — but to companies that own the elements installed on the page.”
From DutchNews.nl, a Dutch university occupation evicted:
Police evict protesting students from Amsterdam university building
Police on Tuesday evicted students from Amsterdam university building the Bunge Huis.
The students are demanding more democracy and transparency from the university authorities, and began their sit-in 11 days ago. They are also protesting at the sale of the Bunge Huis, which is being sold by the university to property developer Aedes Real Estate.
According to reports in the university magazine Folia, the police arrived at 09.30 on Tuesday and entered the building through a side window. They told the students to leave or be arrested. Several students promptly left the building. Those that remained have now been arrested, according to Folia.
RT covers a German loss of faith:
20% of Germans want revolution, majority say democracy ‘isn’t real’ – study
Twenty percent of Germans believe that their current living conditions won’t be improved by reforms and only a revolution can reshape society. That’s according to a study released by the Free University of Berlin.
The study, titled “Against the state and capital – to revolution” focused on opposition to capitalism, fascism and racism, and concluded that Germans are more left-wing in their attitudes than previously thought. The challenge for the researchers was to analyze the core structural similarities between right and left-wing extremism.
Twenty-five years after the fall of the Berlin Wall, the ideological divide between the former East and West Germany is still marked, with left-wing ideas getting more support in eastern Germany. According to the study, 60 percent of Germans living in the east considered socialism to be a good idea, compared to only 37 percent of residents in the west. Almost 50 percent said they had recently noticed increased surveillance of left-wing dissidents by police and the state, while nearly one-third of Germans fear that by spying on its citizens the country may be sliding toward a dictatorship.
The multi-year research project was conducted under the federal program “Democracy initiative strengths.” For the representative survey, almost 1,400 people were surveyed by polling firm Infratest Dimap.
The study results are reported in German here.
RT has a video report:
20% of Germans advocate revolution – ‘globalisation is fueling dissent’
Program notes:
Twenty percent of Germans believe that their current living conditions won’t be improved by reforms and only a revolution can reshape society. That’s according to a study released by the Free University of Berlin.
For more on the topic RT crosses live to Prof Dr Werner J. Patzelt Chair of Political Systems and Comparative Politics at the Dresden University of Technology, Head of the Institute of Political Science.
From Network World, the Anthem health data breach scope widens:
Anthem’s latest breach estimate says 78.8 million were affected
The Anthem data breach may have exposed 78.8 million records, according to a more finely tuned estimate by the health insurance company, but Anthem is still investigating exactly how many records hackers extracted from a database.
Hackers accessed a database at Anthem that contained customer and employee records with names, birth dates, Social Security numbers, addresses, phone numbers, email addresses and member IDs, the health insurance company said on Feb. 4. Some records included employment information and income levels, but no financial information was compromised, it said.
It marked one of the largest data breaches to affect the health care industry, adding to a string of recent attacks that have shaken large companies, including retailers Home Depot, Target and Michaels.
From SecurityWeek, widespread ongoing hack points persist in many aps:
McAfee: Popular Mobile Apps Remain Vulnerable to MiTM Flaws Found Last Year
Intel Security’s McAfee Labs is reporting that the vast majority of the most popular mobile apps found to be vulnerable to man-in-the-middle attacks (MitM) attacks in research performed last year remain exposed to attacks.
The McAfee report revisits an analysis performed by Carnegie Mellon University’s Computer Emergency Response Team (CERT). In September, CERT revealed that more than 20,000 Android applications failed to validate SSL certificates, leaving users vulnerable to attackers. A spreadsheet of the affected applications can be found here.
According to McAfee Labs, nearly three-quarters of the 25 most downloaded apps on CERT’s list are still unpatched.
Denial of service attacks target Google in Vietnam, via SecurityWeek:
Google Vietnam Targeted in DNS Hijacking Attack
Google’s Vietnam domain (google.com.vn) was hijacked on Monday by hackers apparently associated with the notorious Lizard Squad group.
Users who accessed the Google Vietnam website were presented with a picture of a man taking a selfie, along with a message that claimed the site was hacked by Lizard Squad. The hackers also took the opportunity to advertise their Lizard Stresser DDoS service, which is now called Shenron.
Google Vietnam wasn’t actually hacked. Instead, the attackers redirected the domain’s visitors to a defacement page through DNS hijacking.
According to OpenDNS, the attackers managed to redirect users by changing the Google nameservers (ns1.google.com, ns2.google.com) to CloudFlare IP addresses (173.245.59.108, 173.245.58.166). The defacement page had been stored on a DigitalOcean-hosted server located in the Netherlands.
On to the Mideast and an Assyrian Christian army mobilizing to fight ISIS, via USA Today:
Army of Assyrian Christians aims to fight Islamic State
Assyrian Christians in the Nineveh Plains, with the help of a group of Americans, are building a fighting machine to stand toe-to-toe with the Islamic State to preserve their homeland, their history and their heritage.
The Nineveh Plains Protection Unit, or NPU, is a battalion of 350 to 500 men trained by Sons of Liberty International, an American-led non-profit group aimed at “stepping in where governments in the international community have failed.”
SOLI founder Matthew VanDyke of New York, a filmmaker who became a freedom fighter in the Libyan civil war and spent six months as a prisoner of war under the Moammar Ghaddafi regime, said it was the brutal execution of his friends James Foley and Steven Sotloff at the hands of the Islamic State, also known as ISIS or ISIL, that made him focus on his role in stopping the group’s spread.
The Independent covers a Saudi apostasy death sentence:
Man to be beheaded in Saudi Arabia after ripping up a Koran and hitting it with his shoe
A man who posted a video online of himself ripping up a Koran and beating the shredded holy book with a shoe is to be beheaded in Saudi Arabia for renouncing his Muslim faith.
The unnamed prisoner, in his 20s, was given the death sentence by the country’s Sharia courts for the offence of apostasy – abandoning Islam – the Saudi Gazette reported.
Deviation from the nation’s enforced Sunni faith is harshly punished, according to Human Rights Watch.
Getting digital in Pakistan with the Washington Post:
Pakistanis face a deadline: Surrender fingerprints or give up cellphone
Cellphones didn’t just arrive in Pakistan. But someone could be fooled into thinking otherwise, considering the tens of millions of Pakistanis pouring into mobile phone stores these days.
In one of the world’s largest — and fastest — efforts to collect biometric information, Pakistan has ordered cellphone users to verify their identities through fingerprints for a national database being compiled to curb terrorism. If they don’t, their service will be shut off, an unthinkable option for many after a dozen years of explosive growth in cellphone usage here.
Prompted by concerns about a proliferation of illegal and untraceable SIM cards, the directive is the most visible step so far in Pakistan’s efforts to restore law and order after Taliban militants killed 150 students and teachers at a school in December. Officials said the six terrorists who stormed the school in Peshawar were using cellphones registered to one woman who had no obvious connection to the attackers.
Pushing for a North Korean nuclear surrender with Kyodo News:
5 nations seek ‘exploratory’ talks on N. Korea denuclearization: Yonhap
Five of the six countries involved in the stalled talks aimed at ending North Korea’s nuclear program see the need to hold “exploratory” talks to measure Pyongyang’s willingness to denuclearize, Yonhap News Agency reported Wednesday, citing South Korea’s chief delegate to the talks.
“The five countries have built consensus about the need to have ‘exploratory talks’ to gauge whether North Korea is serious about denuclearization before reopening the six-party forum,” Hwang Joon Kook was quoted as telling South Korean correspondents in Moscow.
“Six-way exploratory dialogue involving the North can be also taken into account,” he said.
From Want China Times, China raises NATO hackles with a missile sale to Turkey:
Sale of Chinese missile system to Turkey divides NATO
Turkey has been under immense pressure from its NATO allies since its intention to buy a Chinese missile defense system was made public, but this has done nothing to deter Turkey from the deal, reports Duowei News, a media outlet run by overseas Chinese.
This is the first time that Chinese and US military interests have clashed in relation to NATO, according to a Feb. 20 report on the website of Russia’s state-owned international broadcaster Sputnik International.
Turkey is diverging from the NATO line in its dealings with China and Beijing may take this opportunity to sow discord among NATO members, according to a Russian military analyst. On Thursday, Turkey’s minister of defense Ismet Yilmaz announced the results of the bidding to the public. He added that the system “will be integrated into the internal defense system in Turkey and will not be integrated with NATO.”
Hong Kong delegates to the Beijing legislature call for a crackdown, via Reuters:
Hong Kong delegates to China’s parliament seek mainland security laws to counter protests
Two Hong Kong delegates to China’s parliament are pushing to implement mainland security laws months after pro-democracy protesters shut down major parts of the Chinese-controlled city, broadcaster RTHK said on Sunday.
The last time Hong Kong tried to pass national security legislation was in 2003 when half a million people took to the streets, a key lawmaker withdrew his support and the government was forced to withdraw its proposal.
Stanley Ng, chairman of the pro-Beijing Federation of Trade Unions, said his proposal was triggered by the so-called “Occupy Central” protests, Hong Kong’s failure to pass its own national security laws and its lack of laws addressing foreign intervention and secession.
Shinzo Abe aims for more power for military commanders, from the Asahi Shimbun:
Defense ministry eyes more power for SDF officers
The Defense Ministry intends to shake up the principle of civilian control that governs the Self-Defense Forces by giving equal oversight of SDF operations to serving uniformed officers.
Under the current system, the defense minister and bureaucrats–both civilian positions–control SDF operations.
The Defense Ministry plans to submit a bill to the current Diet session to allow SDF officers to serve the minister in the same capacity as civilian officers.
It would be a revision to the law that created the Defense Ministry from the former Defense Agency, and is likely to trigger controversy among lawmakers.
More Okinawan anger over an American military base move, via the Asahi Shimbun:
Anti-base anger grows in Okinawa after U.S. military detains 2 protesters
U.S. military security personnel detained two Japanese anti-base protesters here, intensifying an already vociferous situation over the planned construction of a U.S. air station.
The two protesters were detained on Feb. 22, handed over to Okinawa prefectural police and arrested on suspicion of trespassing. They were released on the evening of Feb. 23 and welcomed by 100 base opponents in front of the Nago Police Station.
“I believe they arrested us just to annoy the opponents of the bases,” said Hiroji Yamashiro, chairman of the Okinawa Heiwa Undou Center (Okinawa peace movement center).
And a Japanese human rights downgrade, via Kyodo News:
Japan moving away from global human rights standards: Amnesty Int’l
Amnesty International slammed Japan for its handling of ethnic minorities and violence against women as well as curbing transparency through a secrecy law in its latest global human rights report released Wednesday, saying the country “continued to move away from international human rights standards.”
The global campaigning organization said the Japanese government failed to speak out against discriminatory rhetoric against ethnic Koreans and their descendants who live in the country and are targeted by demonstrators with racially pejorative terms and harassment.
The report covering 2014 noted a lack of action by the government to pass legislation prohibiting advocacy of hatred inciting hostility or violence in line with international standards.
