Tag Archives: wikileaks

Who Has the Right to Free Speech? Let Credit Cards Decide The Wikileaks Saga from 2010 to 2019

Visa and Mastercard’s partner company in Iceland, Valitor was found guilty by the Reykjavik District Court for illegally blocking payments to the controversial international nonprofit WikiLeaks – a media outlet that publishes classified documents provided by anonymous sources The case against Valitor began sometime in 2010 when a data hosting company named DataCell was given the responsibility to handle donations sent to WikiLeaks.The year 2010 was a particularly important one for the publishing company as its famous Chelsea Manning leaks made rounds in media houses across the world. However, soon after the leaks, Valitor blocked transactions from Visa card holders in Iceland to WikiLeaks, thus starting a legal tug-of-war that would last for years.

Fast forward to 2019, DataCell has finally won the legal battle against Valitor which has now been ordered to pay approximately $9.85 million to both DataCell and Wikileaks’ publishing firm, Sunshine Press Productions.

Excerpts from Iceland: Debit Card Company Fined $9.85 Million for Blocking WikiLeaks Payment, April 30, 2019

CIA Hacking Tools

On 7 March 2017, WikiLeaks began its new series of leaks on the U.S. Central Intelligence Agency…code-named “Vault 7” by WikiLeaks..

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones….

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA”…

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation)…. Malware called “Weeping Angel”, developed by the CIA’s Embedded Devices Branch (EDB), infests smart TVs, transforming them into covert microphones…  The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.

Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware.

Attacks against Internet infrastructure and webservers are developed by the CIA’s Network Devices Branch (NDB). The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools, which are described in the examples section below.

Cyber ‘weapons’ are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.  Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them. There are substantial price incentives for government hackers and consultants to obtain copies since there is a global “vulnerability market” that will pay hundreds of thousands to millions of dollars for copies of such ‘weapons’. Similarly, contractors and companies who obtain such ‘weapons’ sometimes use them for their own purposes, obtaining advantage over their competitors in selling ‘hacking’ services…

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa….

If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target’s territory including observation, infiltration, occupation and exploitation...

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity…The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.  With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

Excerpts from, Vault 7: CIA Hacking Tools Revealed, Wikileaks Press Release, Mar. 7, 2017

Conspiracy as Government

WikiLeaks founder Julian Assange first outlined the hypothesis nearly a decade ago: Can total transparency defeat an entrenched group of insiders?“Consider what would happen,” Assange wrote in 2006, if one of America’s two major parties had their emails, faxes, campaign briefings, internal polls and donor data all exposed to public scrutiny.”They would immediately fall into an organizational stupor,” he predicted, “and lose to the other.”

A decade later, various organs of the Democratic Party have been hacked; several staffers have resigned and Democratic presidential candidate Hillary Clinton has seen the inner workings of her campaign exposed to the public, including disclosures calling into question her positions on trade and Wall Street and her relationship with the party’s left . Many of these emails have been released into the public domain by WikiLeaks.

Some see the leaks as a sign that Assange has thrown his lot in with Republican rival Donald Trump or even with Russia. But others who’ve followed Assange over the years say he’s less interested in who wins high office than in exposing — and wearing down — the gears of political power that grind away behind the scenes.  “He tends not to think about people, he thinks about systems,” said Finn Brunton, an assistant professor at New York University who has tracked WikiLeaks for years. “What he wants to do is interfere with the machinery of government regardless of who is in charge.”WikiLeaks’ mission was foreshadowed 10 years ago in “Conspiracy as Governance,” a six-page essay Assange posted to his now-defunct blog.

In the essay, Assange described authoritarian governments, corporations, terrorist organizations and political parties as “conspiracies” — groups that hoard secret information to win a competitive advantage over the general public. Leaks cut these groups open like a double-edged knife, empowering the public with privileged information while spreading confusion among the conspirators themselves, he said. If leaking were made easy, Assange argued, conspiratorial organizations would be gripped by paranoia, leaving transparent groups to flourish…

It’s possible that malicious sources are using WikiLeaks for their own ends, said Lisa Lynch, an associate professor at Drew University who has also followed Assange’s career. But she noted that a lifetime far from public service and an aversion to email make Trump a more difficult target.”If Trump had a political career, he’d be more available for Wikileaking,” she said…

He has targeted Republican politicians in the past; in the run-up to the 2008 election his group published the contents of vice presidential candidate Sarah Palin’s inbox. Her reaction at the time anticipated the Democrats’ outrage today. “What kind of a creep would break into a person’s files, steal them, read them, then give them to the press to broadcast all over the world to influence a presidential campaign?” Palin wrote in her autobiography, “Going Rogue.”

Excerpt fro RAPHAEL SATTER,With email dumps, WikiLeaks tests power of full transparency, Associated Press, Oct. 24, 2016

Internet or Equinet?

“The Internet governance should be multilateral, transparent, democratic,and representative, with the participation of governments, private sector, civil society, and international organizations, in their respective roles. This should be one of the foundational principles of Internet governance,” the external affairs ministry says in its initial submission to the April 23-24 Global Multistakeholder Meeting on the Future of Internet Governance, also referred as NETmundial, in Sao Paulo, Brazil.  The proposal for a decentralised Internet is significant in view of Edward Snowden’s Wikileaks revelations of mass surveillance in recent months.

“The structures that manage and regulate the core Internet resources need to be internationalized, and made representative and democratic. The governance of the Internet should also be sensitive to the cultures and national interests of all nations.”The mechanism for governance of the Internet should therefore be transparent and should address all related issues. The Internet must be owned by the global community for mutual benefit and be rendered impervious to possible manipulation or misuse by any particular stake holder, whether state or non-state,” the ministry note says.  NETmundial will see representatives from nearly 180 countries participating to debate the future of Internet…

The US announced last month of its intent to relinquish control of a vital part of Internet Corporation for Assigned Names and Numbers (ICANN) – the Internet Assigned Numbers Authority (IANA).  “Many nations still think that a multilateral role might be more suitable than a multistakeholder approach and two years back India had proposed a 50-nation ‘Committee of Internet Related Policies’ (CIRP) for global internet governance,” Bhattacharjee added.

The concept of Equinet was first floated by Communications Minister Kapil Sibal in 2012 at the Internet Governance Forum in Baku, Azerbaijan.  Dr. Govind, chief executive officer, National Internet Exchange of India, is hopeful that Equinet is achievable. “Equinet is a concept of the Internet as a powerful medium benefiting people across the spectrum.It is all the more significant for India as we have 220 million Internet users, standing third globally after China and the US.””Moreover, by the year-end India’s number of Internet users are expected to surpass that of the US. The word Equinet means an equitable Internet which plays the role of an equaliser in the society and not limited only to the privileged people.”

He said the role of government in Internet management is important as far as policy, security and privacy of the cyber space is concerned, but the roles of the private sector, civil society and other stakeholders are no less. “Internet needs to be managed in a more collaborative, cooperative, consultative and consensual manner.”  Talking about the global strategy of renaming Internet as Equinet, he said: “Globally the US has the largest control over the management of the Internet, which is understandable since everything about Internet started there. Developing countries have still not much say over the global management of the Internet. But it is important that the Internet management be more decentralised and globalised so that the developing countries have more participation, have a say in the management where their consent be taken as well.”  The ministry note said: “A mechanism for accountability should be put in place in respect of crimes committed in cyberspace, such that the Internet is a free and secure space for universal benefaction. A ‘new cyber jurisprudence’ needs to be evolved to deal with cyber crime, without being limited by political boundaries and cyber-justice can be delivered in near real time.”

But other experts doubt the possibility of an Equinet or equalising the Internet globally.  Sivasubramanian Muthusamy, president, Internet Society India, Chennai, who is also a participant in the NETmundial, told IANS that the idea of Equinet is not achievable.  “Totally wrong idea. Internet provides a level playing field already. It is designed and operated to be universally accessible, free and open. Internet as it is operated today offers the greatest hope for developing countries to access global markets and prosper.”  “The idea of proposing to rename the Internet as Equinet has a political motive, that would pave way for telecom companies to have a bigger role to bring in harmful commercial models that would destabilize the open architecture of the Internet. If India is considering such a proposal, it would be severely criticized. The proposal does not make any sense. It is wrong advice or misplaced input that must have prompted the government of India to think of such a strange idea,” he said.

Excerpt from India wants Internet to become Equinet, Business Standard, Apr. 20, 2014

Getting Rid of Hacktivists: US Approach

Thirteen members of a hacking collective that calls itself Anonymous were indicted on Thursday (October 3, 2013) on charges that they conspired to coordinate attacks against prominent Web sites.The 13 are accused of bringing down at least six Web sites, including those belonging to the Recording Industry Association of America, Visa and MasterCard.  The attacks caused “significant damage to the victims,” the indictment said.

The attacks, carried out from September 2010 to January 2011, were part of campaign called Operation Payback, which started as an effort to support file-sharing sites but later rallied around WikiLeaks and its founder, Julian Assange.  Hackers took down the sites by inflicting a denial of service, or DDoS, attack, in which they fired Web traffic at a site until it collapsed under the load. Though the indictment mentions 13 hackers, thousands more participated in the attack by clicking on Web links that temporarily turned their computers into a digital fire hose aimed [at the websites of the companies].

According to the indictment, which was handed up at Federal District Court in Alexandria, Va., the hackers’ tool of choice was a simple open-source application known as Low Orbit Ion Cannon, which requires very little technical know-how.  Hackers simply posted a Web link online that allowed volunteers to download an application that turned their computer into a “botnet,” or network of computers, that flooded targets like Visa.com and MasterCard.com with traffic until they crashed…

By BRIAN X. CHEN and NICOLE PERLROT, U.S. Accuses 13 Hackers in Web Attacks, New York Times, October 3, 2013

Excerpt from indictment

“In connection with planning various DDoS cyber-attacks, members of the conspiracy posted fliers captioned “OPERATION PAYBACK” and claimed that: “We sick and tired of these corporations seeking to control the internet in their pursuit of profit. Anonymous cannot sit by and do nothing while these organizations stifle the spread of ideas and attack those who wish to exercise their rights to share with others.”

PDF of Indictment on Scribd

Hunting Down Hackers in US: Barrett Brown

A federal court in Dallas, Texas has imposed a gag order on the jailed activist-journalist Barrett Brown [pdf] and his legal team that prevents them from talking to the media about his prosecution in which he faces up to 100 years in prison for alleged offences relating to his work exposing online surveillance.

The court order, imposed by the district court for the northern district of Texas at the request of the US government, prohibits the defendant and his defence team, as well as prosecutors, from making “any statement to members of any television, radio, newspaper, magazine, internet (including, but not limited to, bloggers), or other media organization about this case, other than matters of public interest.”  It goes on to warn Brown and his lawyers that “no person covered by this order shall circumvent its effect by actions that indirectly, but deliberately, bring about a violation of this order”…

But media observers seen the hearing in the opposite light: as the latest in a succession of prosecutorial moves under the Obama administration to crack-down on investigative journalism, official leaking, hacking and online activism.Brown’s lead defence attorney, Ahmed Ghappour, has countered in court filings, the most recent of which was lodged with the court Wednesday, that the government’s request for a gag order is unfounded as it is based on false accusations and misrepresentations.

The lawyer says the gagging order is a breach of Brown’s first amendment rights as an author who continues to write from his prison cell on issues unconnected to his own case for the Guardian and other media outlets.In his memo to the court for today’s hearing, Ghappour writes that Brown’s July article for the Guardian “contains no statements whatsoever about this trial, the charges underlying the indictment, the alleged acts underlying the three indictments against Mr Brown, or even facts arguably related to this prosecution.”

Brown, 32, was arrested in Dallas on 12 September last year and has been in prison ever since, charged with 17 counts that include threatening a federal agent, concealing evidence and disseminating stolen information. He faces a possible maximum sentence of 100 years in custody.  Before his arrest, Brown became known as a specialist writer on the US government’s use of private military contractors and cybersecurity firms to conduct online snooping on the public. He was regularly quoted by the media as an expert on Anonymous, the loose affiliation of hackers that caused headaches for the US government and several corporate giants, and was frequently referred to as the group’s spokesperson, though he says the connection was overblown.

In 2011, through the research site he set up called Project PM, he investigated thousands of emails that had been hacked by Anonymous from the computer system of a private security firm, HB Gary Federal. His work helped to reveal that the firm had proposed a dark arts effort to besmirch the reputations of WikiLeaks supporters and prominent liberal journalists and activists including the Guardian’s Glenn Greenwald.

In 2012, Brown similarly pored over millions of emails hacked by Anonymous from the private intelligence company Stratfor. It was during his work on the Stratfor hack that Brown committed his most serious offence, according to US prosecutors – he posted a link in a chat room that connected users to Stratfor documents that had been released online. The released documents included a list of email addresses and credit card numbers belonging to Stratfor subscribers. For posting that link, Brown is accused of disseminating stolen information – a charge with media commentators have warned criminalises the very act of linking.

As Geoffrey King, Internet Advocacy Coordinator for the Committee to Protect Journalists, has put it, the Barrett Brown case “could criminalize the routine journalistic practice of linking to documents publicly available on the internet, which would seem to be protected by the first amendment to the US constitution under current doctrine”.

Excerpt, Ed Pilkington, US stops jailed activist Barrett Brown from discussing leaks prosecution, Guardian, Sept. 4, 2014

 

US Government Lobbying for Biotechnology Industry

American diplomats lobbied aggressively overseas to promote genetically modified (GM) food crops such as soy beans, an analysis of official cable traffic revealed on Tuesday.  The review of more than 900 diplomatic cables by the campaign group Food and Water Watch showed a carefully crafted campaign to break down resistance to GM products in Europe and other countries, and so help promote the bottom line of big American agricultural businesses.

The cables, which first surfaced with the Wikileaks disclosures two years ago, described a series of separate public relations strategies, unrolled at dozens of press junkets and biotech conferences, aimed at convincing scientists, media, industry, farmers, elected officials and others of the safety and benefits of GM producs…The public relations effort unrolled by the State Department also ventured into legal terrain, accotrding to the report. US officials stationed overseas opposed GM food labelling laws as well as rules blocking the import of GM foods. The report notes that some of the lobbying effort had direct benefits. About 7% of the cables mentioned specific companies, and 6% mentioned Monsanto. “This corporate diplomacy was nearly twice as common as diplomatic efforts on food aid,” the report said….

In some instances, there was little pretence at hiding that resort to pressure – at least within US government circles. In a 2007 cable, released during the earlier Wikileaks disclosures, Craig Stapleton, a friend and former business partner of George Bush, advised Washington to draw up a target list in Europe in response to a move by France to ban a variety of GM Monsanto corn.  “Country team Paris recommends that we calibrate a target retaliation list that causes some pain across the EU since this is a collective responsibility, but that also focuses in part on the worst culprits,” Stapleton wrote at the time.”The list should be measured rather than vicious and must be sustainable over the long term, since we should not expect an early victory. Moving to retaliation will make clear that the current path has real costs to EU interests and could help strengthen European pro-biotech voices,” he wrote.

Excerpts, Suzanne Goldenberg,Diplomatic cables reveal aggressive GM lobbying by US officials, Guardian, May 15, 2013