Archive for the ‘1984’ Category
Darknet Numbers Pages Proof of Concept
Numbers Station:
So with all the kerfuffle over crypto I decided to give everyone a big fuck you and do something low-tek just to mess with the narrative. Right, so you all know what numbers stations are right? Well, I decided that it was time that the internet have one all it’s own but not on the clearnet no sir-ee! I wanted a darknet spooky spooky impenetrable super scary numbers station! So I began to hatch a dastardly nation state level of fuckery that surely will have the gubment all up in arms over my crypto darknet wizardry! I set up a site and I communicated with some people secretly and securely and no one was the wiser. Not one federal agency that I know of saw the site, no scripted scouring of the darknet cached my page that I am aware of (and I asked) and generally, I just pulled off the new age of tradecraft that the KGB should be jealous of!
Here’s how I did it.
Proof of Concept
The Plan
As I was thinking about a means of communication using the darknet to avoid prying eyes and to do so securely I came to the conclusion that I sure could use PGP and some email service out there but gee, lately those have been pwn3d too so fuck that. Instead I wanted to be more old skewl and opted for two way comms through OTP and a static page that could live on the darknet at periods of the day and night of my choosing with those I want to communicate with in the know as to timetables with, well, a timetable. Commonly on the air Numbers stations beacon at specific times of the day and week so this is kind of the same thing. So I set to making a highly portable TOR capable platform that I could take with me and connect to WIFI at hotels, bars, cafe’s, rando people’s houses etc. I could effectively have a transient site that would be hard to track and harder to narrow down where it lives because it is not in some rack somewhere stationary and waiting to be deanonymized and pwn3d.
I opted for a netbook that I had laying around after doing the math on a Raspberry Pi. It was far cheaper to use an old old netbook I had than go spend money on a pi and it was just as portable. Once I got the laptop up and running on backbox, I then installed the TOR system and configured it for having it’s own hidden site. I then installed lighthttpd and created a very small stripped down page of text and color which I then hid the encoded text in the black space. No need to be all fancy here and it was a flourish anyway. It doesn’t have to be pretty to work and yet this lightweight site and the server it was on allowed me to communicate well enough while the whole thing was secure from being hacked. I had testing run on it and the tester was unable to own the box nor the site.
Once the testing was over I let the site run. It was up and down per specific times and communication was made using a second site on the darknet where people could post to a pasteit where we could have coded signals (basically; understood and complying) so that the communications stream would be innocuous enough using code words. You could use images on chan’s or the old trope of putting up an ad for something and even having more code in the text of that if you wanna get fancy and all.
The Tools
- Net top laptop
- Backbox linux distro
- TOR
- Lighthttpd
- One Time Pads (plenty of places on the net to create them)
- Timetable for uptime and downtime for comms
- Assets to communicate with
The Tradecraft
Using this method of secret communication one could plan out all kinds of badness if they wanted to. Having a stealth site that is transient too also allows for more security but as always the people are the weak point. If an asset is caught then the means of communication is blown. Just like the analog counterparts (AM/SW Numbers Stations) this type of communication could go on untouched and unbroken for a long time because of the frequency changes, the IP address changes, and mobility of the asset. Just imagine if the analog version of Numbers Stations were actually not just in some building but in a backpack eh?
The hardest part of all of this is that you have to train your assets to use OTP and to have proper OPSEC. It can be done though, so this is a viable means of secret communication that is low tek enough yet high tek enough for the average person to easily carry out if they are determined to. It would bypass all the email shenanigans as well as texts, calls, chats, that can be intercepted by warrants to companies like Apple and AT&T. After all, how hard is it today to get a distro of linux on a box, install TOR, set up a hidden site, and start using OTP?
Wait… Ok maybe it is a little hard.
Still doable though… I mean it worked for me and my “assets”
Enjoy kids!
K.
The 0day and The Snowman
<REDACTED> sent me this blog post this morning and I read it with due diligence per our relationship. Once I had finished reading it and the bile taste left my mouth I decided that I should put down some thoughts here to share…
First off, let’s all face facts that NO ONE has the full story here. No one. Not one fucking person. Snowden is lying to some extent, the NSA and the government are lying to some extent, and anyone who does not have direct experience with what happened at the VERY top of clearance probably doesn’t have the whole story either. It’s called classification, over classification, and compartmentalization. Whether or not it is to protect “sources and methods” or not, there are always lies, obfuscations, and inveigling that happen within the community. So fuck you all for all of your jibber jabber back and forth on who’s bad and who’s not and what damage this has done to our safety.
That really includes you Mike Rogers.
Here’s my take on it all.. Fuck if I know what the fuck happened and you don’t either!
I watched Stone’s movie and thought it heavy handed and certainly not the facts as they are presented.. That is presented by whichever source you want to believe. Just like this whole fucking HSPCI report timed EXACTLY to coincide with the release of a fucking film to spin the media and the people? JESUS FUCK if this report isn’t a propaganda leaflet drop what the fuck is?
Ok so fuck this shit. Everyone move on. Understand that you are all being surveilled to whatever extent you want to believe either by the government or the companies you slavenly give your information to in order to get access to the next great fucking Facebook app! Big brother is everywhere and he is in your pocket right now ticking your neither regions!
LOVE IT OR LEAVE IT!
If you want to leave it then stop using the shit, learn to secure your shit, and use OPSEC.
Dr. K.
Spies Using Social Media? No. Way. *Eyeroll*
THIS rather breathlessly hyperbolic report on JTRIG using social media and hacking to spy on, or manipulate people, governments, and movements as well as gather INTEL on them had me eyerolling. Yes, this is new in that social media is new as is the Internet and hacking but really, the techniques of manipulating populaces for political and espionage advantage are nothing new. The spy agencies out in the world perform these PSYOPS and disinformation operations all the time and in the olden days kids they used to manipulate the press, then TV and the press, then INFOTAINMENT. There is nothing new here…
What you all have to realize is that now YOU are more easily hackable, your information more able to be stolen or accessed by writ of law, or YOU give it away by using applications that have been expressly created to give the agencies access to you as in this URL shortener that GCHQ used on the protesters in the Arab Spring. You all have to realize that unless you are code auditing everything you use on the net, then you too could easily fall prey to information leakage or outright compromise if you are a target of the “community” at large.
I would also like you all to take note that those who may support Wikileaks, or be a member of say Anonymous also were targeted and used in this operation by GCHQ as well so if you are an Anon, you too have been targeted rather directly (like the citation of Topiary’s conversations) so you too are not safe even if you are trying to use good OPSEC, which, it turned out, and I have written about in the past, you were not. Oddly enough though, the Snowden leaks on JTRIG also show how the same issues are at play for those operators within NSA/GCHQ as well. Trying to keep sock accounts straight, know the language and the patter, as well as the political issues is problematic when you are doing things on a larger scale (trust me I know) so at least you have that going for you right?
Heh.
Wake up people.
OPSEC… Live it.
Dr. K.
THE SNOWMAN EFFECT: It’s all about the dick pics!
Watch video first.. Yes, watch it again if you haven’t already then read on….
Ok, so do you feel some horror and outrage even though you laughed your ass off? Yeah, me too. But after those feelings wear off I am just left with a sense of creeping dystopia and loathing. Honestly, this shit is just out of hand and no one is really capable or willing to deal with it and this comedic bit by John Oliver hits the nail on the head. No matter what you think of Snowden the point is even after all of the data being released and all its portents shared nothing substantive has happened. Sure, the world now knows and the security community at least seems to be in a quandary over it all but the general populace it seems cannot be bothered to even know who Snowden is and what he did? To quote myself here;
“JESUS FUCK!”
Ok ok ok, maybe the sampling was skewed in Times Square that day and the sampling was small but really, no one in there had a real grasp of the leaks never mind the import to their daily hyper connected lives? I am still a little stymied to believe this to be the case but there you have it on HBO. So as the date approaches for the re-up on the Patriot Act, and specifically the most egregious of all the egregious shit in it, Section 215 we the people seem to just be abdicating our rights as citizens to say no to this. Even as we see more executive orders come out on hacking and the ‘cyber’ that seem at least notionally obtuse and open to interpretation if not outright deliberately so to allow abuses, we are just gonna go back to collectively not caring about anything other than Kim Kardashian’s ass?
Oh.. Wait a minute here, I am forgetting about the dick pics!
Well obviously we have our priorities straight as a nation and a freedom loving people right? I mean FOR GOD’S SAKE YOU CAN TAKE MY PERSONAL CALLS AND CALL ME A TERRORIST BUT FUCK ME YOU CANNOT LOOK AT MY DICK PICS YOU SURVEILLANCE BASTARDS! Yeah, that is a bridge too far my friends! I suspect I will be seeing new ‘Don’t Tread On Me’ flags with a penis instead of a snake soon enough.
Ok, well then we have proven that we as a nation, as a people, do not comprehend the problem of pervasive surveillance enough to do anything about it UNLESS it is about our personal porn. I get it now. As no one but Oliver has made it about this I predict that section 215 will just get another pass. Meanwhile all our data collection will continue and the mass surveillance state will grow even further than it already has. This leaves me once again back at the stage of Neo Ludditism. Excuse me while I go to my 6’x12′ cabin in the woods and make my ‘packages’…
K.
ASSESSMENT: Operation Rolling Thunder
Operation: ROLLING THUNDER:
It has come to light that the GCHQ (The UK’s NSA) took action against Anonymous by DDoS as well as the use of HUMINT and malware attacks to attempt to dissuade them from further actions. While this may be a surprise to some it is just a matter of action and reaction in the hive mind of the IC. Of course at one time there may have been more trepidation about carrying out direct action against quote unquote “dissidents” as some may call Anonymous but those days are long gone and one of the primary reasons such actions are easily rationalized now is because of terrorism. Terrorism used to mean blowing things up or taking hostages but now, with the 5th domain of cyber, that equation has changed greatly in the eyes of the worlds governments. Of course in this case it was the British carrying out the covert actions against the anonymous servers and users and as many know the Brits don’t have the most stellar first amendment record (D orders) and have a different perspective on what people have the right to do or say that may be considered civil disobedience. However, I should like to point out that it is highly likely that the UK did not act alone here and that it is probable that the NSA and the UKUSA agreements were in play here as well. I once sat on a panel at Defcon where I warned that these types of tactics as well as others would be used by the governments of the world against the Anon’s if push came to shove and it seems that I was not far off the mark. We have crossed the Rubicon and we are all in a new domain where the rules are fluid.
Civil Disobedience vs. Criminality In Anon Actions:
Some have written that these actions now revealed by Snowden show that we are all in danger of censorship and of direct action if we say or do things online that a government or agency doesn’t like and they are correct. It really is a matter of dystopian nightmare import when one stops to think that these were not state actors nor really terrorists by definition (yet) that GCHQ and the JTRIG were carrying out netwar on. The rationale I am sure is that the C&C of Anon needed to be taken out because they were “attacking” sites with DDoS or other actions (hacking in the case of LulzSec) and thus were a clear and present danger to… Well… Money really. While some consider DDoS a form of civil disobedience others see it as a threat to the lifeblood of commerce as well as portents of larger attacks against the infrastructure of the internet itself or perhaps the power grid as we keep hearing about from sources who really haven’t a clue on how these things work. Sure, there were criminal actions taken by Sabu and others within the collective as well as the splinter cell that was LulzSec/Antisec but most of the activity was not anything that I would consider grounds for covert action. That the JTRIG not only used malware but also HUMINT and SIGINT (all things used in nation state covert collections and actions) shows that they were genuinely afraid of the Anon’s and Lulzers and that their only solution was to reciprocate with nation state tools to deny and disrupt their cabal. I think though that most of the aegis that the IC had though was the fact that they “could” do it all without any sanction against them because it was all secret and they hold the keys to all of the data. Of course now that is not the case and they should be held accountable for the actions they took just as the CIA has been or should have been in the past over say the covert action in Nicaragua. I don’t think this will happen though so what will really only come out of this revelation is more distrust of governments and a warning to Anonymous and others about their operational security.
Cyber Warfare and Law:
What this release shows though most of all is that the government is above the law because in reality there is very little real law on the books covering the 5th domain of cyberspace. As we have seen in the last few years there has been a rapid outpace of any kind of lawfare over actions taken in cyberspace either on the nation state level (think APT tit for tat) and criminal actions such as the target hack and all the carding going on. In the case of the US government the military has far outstripped the government where this is concerned with warfare units actively being formed and skills honed. All the while the government(s) has/have failed to create or edit any of the current law out there concerning cyber warfare in any consistent manner. So this leaves us with warfare capabilities and actions being carried out on a global medium that is not nation state owned but globally owned by the people. Of course this is one of the core arguments over the internet, it’s being free and a place of expression whereas corporations want to commoditize it and governments want to control it and make war with it. This all is muddled as the people really do not truly own the infrastructure corporations do and well, who controls what then without solid laws? Increasingly this is all looking more and more like a plot from Ghost in the Shell SAC with government teams carrying out covert actions against alleged terrorists and plots behind every bit passing over the fiber. The upshot though is that as yet the capacity to carry out actions against anyone the government see’s as a threat far outstrips the laws concerning those actions as being illegal just as much as the illegalities of actors like Anonymous. The current law is weak or damaged and no one has really stepped up in the US yet to fix even the CFAA in a serious way as yet.
Covert Actions, HUMINT, and SIGINT:
When I was on the panel at DEFCON I spoke of the governments and agencies likely using disinformation and other covert actions against the digital insurgency that they perceived was being levied against them. Now with the perspective of the Snowden collection it is plain to me that not only will the easily make the call to carry out actions against those they fear but also those actions are myriad. If you are going against the nation state by attacking it’s power elite or its interests expect the actions to be taken against you to be swift and unstoppable. In the case of the DDoS this was just a tit for tat disruptive attack that seemed to have worked on some. The other more subtle attacks of hacking via insertion of malware through phishing and intelligence gathering my using spiked links and leverage against providers shows how willing they were to effect their goals. Now consider all that we have learned from Snowden and conjure up how easy it is today with NSL letters and obfuscated secret court rulings on the collection of data wholesale from the internet and infrastructure.. You should be scared. Add to this the effect of the over-classification of everything and you have a rich environment for abuses against whomever they choose no matter how many in the IC say that they are to be trusted. The base fact is this; The internet is the new battlefield for war as well as espionage not just criminality and law enforcement actions. If you are considered a threat by today’s crazy standards of terrorism is everywhere, then you too can have your data held in Utah where someday someone could make a case against you. Some of that data may in fact come from direct covert actions against you by your government or law enforcement per the rules today as they stand.
ANALYSIS:
The final analysis of this presentation that was leaked and the actions alleged to have been taken against Anonymous is that there is no real accountability and that secrecy is the blanket for covert action against non combatants in any war. We are in a new dystopian nightmare where cyberwar is concerned and there is a lot of fear on the governments part on attacks that could take down grids (misinformed ones really) as well as a ravening by some to be “in” on the ground level for carrying out such warfare. Without proper laws nationally and internationally as well as proper oversight there never will be an equitable solution to actions in cyberspace as either being criminal, grounds for war, or civil disobedience just as there will always be the high chance of reciprocity that far outstrips a common DoS. The crux here is that without the proper laws you as a participant of a DDoS could be sanctioned for attack and then over prosecuted for your actions as we have seen these last few years. Without a solid legal infrastructure and a Geneva Convention of sorts concerning cyber warfare, no one is safe. As an ancillary factor to this I would also say to all those in Anonymous and any other collectives that may rise you should be very careful and step up your OPSEC and technical security measures if you are going to play this game. As we have seen many of those key players in Anonymous and LulzSec were caught up with and are in legal trouble just as much as the guy who just decided to join a DoS for a minute and was fined a huge amount of money for his trouble. Remember, it’s all fun and games until the governments of the world decide that it’s not and want to squash you like a bug.
K.
WEAPONS OF MASS INANITY: MIKE HAYDEN RETIRES BUT NEVER GOES AWAY
oepseqlrndhrypgwcqvo
LADIES AND GENTS, THE NEW DOCTOR CYBERLOVE IS….
What is it Mike? Why do you feel you need to sit and smirk on panels while spinning more and more exotic fantasist tales about the terrible cyber future out there? For that matter why do you feel compelled to joke about putting Ed Snowden on a kill list? I mean, you are retired man! You should be somewhere warm with your wife, sitting on a porch sipping a warm beer and enjoying life. Instead you are making the rounds trying increasingly more boldly to steal Dr. Cyberlove’s (Richard Clarke) thunder? What is up with you man? I mean are you trying to sell services or some kind of security appliance to the masses now that you are on that sweet sweet government pension? Or is it that you are now able to be the center of attention and talk after being bottled up so long as a secret squirrel at NSA?
Well in any case you are taking THE PRIZE with this little story you told about “CYBER MASS SHOOTERS!!” WHOA dude you went completely plaid with this one! You have my attention at the very least! Well, that may not be so good though having my attention but I digress. Shall I tell the folks out there what I think about your little story?
*looks conspiratorially at the crowd and ushers them closer with an eyebrow waggle*
BOLLOCKS! It’s absolu-fucking-lutely bollocks my friend! Holy what the hell? Dude you are delusional and those panels that people are inviting you to increasingly are going to be comprised of you and Alex Jones having aneurysm fights.
ZOMG IT’S A CYBER MASS SHOOTER WITH METASPLOIT! TAKE COVER!
The fastest-growing cyber threat is from a kind of digital mass shooter, a deranged or outraged hacker able to obtain cyberweapons currently available only to nation-states and organized crime, a former senior U.S. intelligence official said Thursday.
“They’re just mad, they’re mad at the world,” said retired Air ForceGen. Michael Hayden. “They may have demands that you or I cannot understand.”
Mr. Hayden warned that within five years hackers “will acquire the [cyberattack] capabilities that we now associate with criminal gangs or nation states,” such as being able to conduct online sabotage of industrial control systems that run power plants, factories and utilities.
Looks at that statements over and over and over again always having the same vapor lock.. HOLY WTF? Who do you think invented this shit in the first place? The hackers, the criminals, and YOU GUYS Mike! I cannot fathom just how clueless Mike seems here. I mean, he was in charge of the NSA so how could he be so out of touch? Perhaps he has early onset Alzheimers? Did he eat the British beef in the 80’s?
*shakes head*
Ok so yeah “cyber mass shooters” I am trying to stifle a giggle every time I say it in my head. I don’t think Mike has really thought this one through. Has he seen the hackers out there? Has he got a good grasp of the infrastructure as well that we have? I mean HOLY COW! First off, let’s look at the hackers. It would take a cabal to do what he is talking about. The only cabals I know of are the criminal gangs, the nation states, and maybe Anonymous. So yeah, it’s all groups Mike, not one sole hacker master mind. I mean really, we aren’t all Thomas Jane ya know..
*slips in Die Hard refence #score!*
Next we have the idea that one sole hacker is going to be able to attack the “infrastructure” in a way that will be able to take it down. Uh yeah Mike, I’m sorry but that is just not so easy. I mean, it’s not like all the power companies run all the same things and are all connected to the same subnet mmkay? No Mike, it will take nation state patience, money, and access to take down a section of the grid for example and cause mass annoyance. There will not be “mass casualties” as you allude to and what did you say.. “Dislocation”???
Head—>Desk—>Head—>Desk
Following that stellar statement we have this claptrap about how the hacker can now have “cyber weapons” like those of the nation state. Let me disabuse you of this notion right now Mikey…
WE ALREADY HAVE THEM! AND WE ARE MAKING THEM EVERY DAY!
The derp on that statement makes me want to just punch some small furry critter in the nuts man. SEE WHAT YOU DO TO ME MIKE!?!? Look, if you have a copy of Metasploit you are now actually, according to you Mike, A MASS CYBER SHOOTER! Your statement is infantile and it is the WORST type of fear mongering I have seen since your predecessor Dr. Cyberlove (aka Richard Clarke)
*hangs head*
Lastly, let’s talk about this infinitely stupid comment about how the “mass cyber shooter” may have no “demands” that we can understand.
*blink*
What? Just how many movies have you been watching since you retired man? I think you have some real misinformation in your head from watching one too many Die Hard movies my friend. Wow.. Just WOW man! I am in awe of your derp on this one and that is a hard thing for me to do. I am almost speechless here …. Well not really.
THE NEW MINISTRY OF FEAR
Finally I think Mike has envisioned a new “Ministry of Fear” for us all to cling to in troubled times. He will be in charge of the ministry and he will make the rounds to all of the appropriate places to spew his stories of “cyber mass shooters” to a ravening lame stream media machine. Your hopes I am sure, are that you and your pals can scare the straights into compliance with the NSA pogroms you and yours have been carrying out and are now in trouble over. As long as you keep the fear levels at the right height, you and your pals can keep on keepin on with the tacit approval from the people.
Mike, you’d be wrong.
The Ministry of fear will fail and as long as you are out there saying these epic derptastic things I will be here countering them on my measly little blog. So, for the news media I will now break this down into small bytes, which I will then puree into a nice baby food consistency for you to slurp down.
//BEGIN
- There will be no singular cyber mass shooter it takes too much effort and coherence to pull something off like this.
- WE ALREADY HAVE THE TECH TO WREAK HAVOC I MEAN, HAVE YOU SEEN ANONYMOUS? MASS ANNOYANCE IS ALREADY HERE!
- If demands are made sure, you may have to look up some terms on Wikipedia or 4chan but hey, you will understand what “we” want so rest assured you will know.
- FINALLY: NO NO NO NO THE GRID WILL NOT COLLAPSE FROM A HACKER. THIS IS NOT A BRUCE WILLIS FILM! THE END IS NOT NYE.
END\\
God I need a drink…
K.
So here’s my thing….
VQX HWMVCUSE JQJFASSNTG QV! X HQ JD ISIAVVE!
Face it.. We are all PWND six ways to Sunday
Every frigging day we hear more and more about how the NSA has been emptying our lives of privacy and subverting the laws of this land and others with their machinations. It’s true, and I have been saying as much since the day Mr. Klein came out of his telco closet and talked about how the NARUS system had been plugged into the MAE West back in the day. We are all well and truly fucked if we want any kind of privacy today kids and we all need to just sit back and think about that.
*ponder ponder ponder*
Ok, I have thought about it and I have tried to think of any way to protect myself from the encroachment of the NSA and all the big and little sisters out there. I am absolutely flummoxed to come up with any cogent means to really and truly protect my communications. Short of having access to the NSA supercloud and some cryptographers I don’t think that we will not truly have any privacy anymore. If you place it on the net, or in the air. We have reached in my opinion the very real possibility of the N-Dystopia I have talked about before in the Great Cyber Game post.
As the pundits like Schneier and others groan on and on about how the NSA is doing all of this to us all I have increasingly felt the 5 stages of grief. I had the disbelief (ok not completely as you all know but the scope was incredible at each revelation) Then the anger came and washed over me, waves and waves of it as I saw the breadth and scope of the abuse. Soon though that anger went away and I was then feeling the bargaining phase begin. I started to bargain in my head with ideas that I could in fact create my own privacy with crypto and other OPSEC means. I thought I could just deny the government the data. I soon though began to understand that no matter what I did with the tools out there that it was likely they had already been back door’d. This came to be more than the case once the stories came out around how the NSA had been pressuring all kinds of tech companies to weaken standards or even build full back doors into their products under the guise of “National Security”
Over time the revelations have all lead to the inescapable truth that there is nothing really anyone can do to stop the nation state from mining our communications on a technological level. Once that had fully set in my mind the depression kicked in. Of late I have been more quiet online and more depressed about our current state as well as our future state with regard to surveillance and the cyberwarz. I came to the conclusion that no matter the railing and screaming I might do it would mean nothing to the rapidly approaching cyberpocalypse of our own creation arriving. ….In short, we can’t stop it and thus the last of the five stages for me has set in. I accept that there is nothing I can do, nay, nothing “we” can do to stop this short of a bloody coup on the government at large.
I now luxuriate in my apathy and were I to really care any more I would lose my fucking mind.
OPSEC! OPSEC! OPSEC!
Speaking of losing one’s mind.. Lately people all have been yelling that OPSEC is the only way! One (the gruqq) has been touting this and all kinds of counterintelligence as the panacea for the masses on these issues. Well, why? Why should we all have to be spies to just have a little privacy in our lives huh? I mean it’s one thing to be a shithead and just share every fucking stupid idea you have on FriendFace and Tweeter but really, if you can’t shut yourself up that is your problem right? No, I speak of the every day email to your mom telling her about your health status or maybe your decision to come out etc. Why should the government have the eminent domain digitally to look at all that shit now or later?
If you take measures to protect these transactions and those measures are already compromised by the government why then should you even attempt to protect them with overburdened measures such as OPSEC huh? I mean, really if you are that worried about that shit then go talk to someone personally huh? I know, quite the defeatist attitude I have there huh? The reality is that even though I claim not to be caring about it (re: apathy above) I actually do but I realize that we no longer have privacy even if we try to create it for ourselves with technical means. If the gov wants to see your shit they will make a way to do so without your knowing about it. I fully expect someday that they will just claim eminent domain over the internet completely.
Fuck OPSEC.. I want my government to do the right thing and not try to hide all their skirting of the law by making it classified and sending me an NSL that threatens to put me in jail for breaking the law.
Fuck this shit.
CYBERWARZ
Then we have the CYBERWARZ!! Oh yeah, the gubment, the military, and the private sector all have the CYBERWARZ fever. I cannot tell you how sick of that bullshit I am really. I am tired of all the hype and misdirection. Let me clear this up for you all right here and right now. THERE IS NO CYBERWAR! There is only snake oil and espionage. UNTIL such time as there is a full out kinetic war going on where systems have been destroyed or compromised just before tanks roll in or nukes hit us there is no cyberwar to speak of. There is only TALK OF cyber war.. Well more like masturbatory fantasies by the likes of Beitlich et al in reality. So back the fuck off of this shit mmkay? We do not live in the world of William Gibson and NO you are not Johnny Mnemonic ok!
Sick. And. Tired.
I really feel like that Shatner skit where he tells the Trekkies to get a life…
Awaiting the DERPOCALYPSE
All that is left for us all now is the DERPOCALYPSE. This is the end state of INFOSEC to me. We are all going to be co-opted into the cyberwarz and the privacy wars and none of us have a snowball’s chance in hell of doing anything productive with our lives. Some of us are breaking things because we love it. Others are trying to protect “ALL THE THINGS” from the breakers and the people who take their ideas and technologies and begin breaking all those things. It’s a vicious cycle of derp that really has no end. It’s an ouroboros of fail.
RAGE! RAGE! AGAINST THE DYING OF THE PRIVACY! is a nice sentiment but in reality we have no way to completely stop the juggernaut of the NSA and the government kids. We are all just pawns in a larger geopolitical game and we have to accept this. If we choose not to, and many have, then I suggest you gird your loins for the inevitable kick in the balls that you will receive from the government eventually. The same applies for all those companies out there aiding the government in their quest for the panopticon or the cyberwarz. Money talks and there is so much of it in this industry now that there is little to stop it’s abuse as well.
We are well and truly fucked.
So, if you too are feeling burned out by all of this take heart gentle reader. All you need do is just not care anymore. Come, join me in the pool of acceptance. Would you care for a lotus blossom perhaps? It’s all good once you have accepted the truth that there is nothing you can do and that if you do things that might secure you then you are now more of a target. So, do nothing…
Derp.
K.
BORN ON THE FOURTH OF JULY
jw hnne pjofkeq lhr Juoacbf
REVELATIONS
On this fourth of July as I sit here early in the morning I am left to think on all that is going on and the future from this moment on regarding the NSA revelations by EJ Snowden. Since coming out to Glenn Greenwald and the Guardian “We The People” have been getting the veil ripped away for us on some of the actions of our government for our “safety” from terror. Said actions have been in my opinion the end running of the constitution, the laws of the United States, and the bamboozling of the governed by the governors through the manipulation of fear and secrecy on the populace. The rubric of capturing all data to target only the wicked terrorists is a falsehood. No matter the protestations of the Clapper’s of the secret squirrel world that their machinations have defeated (X) amount of plots against us can assuage my fears that the system could and already has (by Snowden) be abused. Thus the assurance of “Trust us” by the government is hollow at the very least if not disingenuous.
It is said there are to be more revelatory things to come from “Snowman” but I think we should all be upset enough already to be storming the gates of congress seeking redress as it is. Let’s all face it, a system has been created to tap us all. No matter what is said about how it is run by laws that have been created to subvert our most basic of laws to start, the system itself presents a threat. We are now seeing congress going into action as well trying to shed some light on things that have been in fact lied about in their hearings but I fear that a combination of secrecy, our own collective apathy, and an ineptitude on the part of our representatives has already won out and this security industrial complex has rooted itself too deeply to be excised or even pruned. Know you all though, that it’s out there and that our most sovereign of ideals that our country was founded on has been tattered. Tattered by our own elected officials to “protect us” like children who cannot handle a boo boo.
MOTIVATIONS
Much has been made on the motivations of EJ Snowden and I will just throw my psychological hat in this ring right here and now. Given what I have seen of this man I think he has a narcissistic streak a mile wide and an active imagination that he is Jason Bourne or 007. That said though, I think his core belief here is that he was doing the right thing. I cannot fault him there because what he has shown us all is that the government is spying on us all no matter what they say. Collecting all data, saving it, and then choosing to sift through it is in fact a power that no one should have collectively on us all in one database. Think of this program as the one ring and you as Frodo.. But you have are wearing the one ring all the time and Sauron see’s your every move. Unless you go completely Luddite the government is going to have your number figuratively and literally and that is damn scary no matter the alleged protocols that they have in place.
So, now we come to the time where the attacks on Snowden, the media manipulations that go on for ratings, and the government spin makes him to be the story more so than the actual programs that he has brought to light. It is important here to not care about our boy Snowden any more than an amusing character in a larger passion play. Please consider “Snowman” the Falstaff to the Harry of the government. He is but a cipher to a larger story. Let EJ hang around in Shermeteyevo and pay him no more mind. Pay attention to the real problem here, and that is the programs that he has shown us all are out there and capturing all our data. Don’t get lost in the media derp.
PROTESTATIONS
Look to the Congress people! Look at history as well. If Nixon had had this technology we would have all been not only listened to but we would have become dissidents under the watchful eye of the likes of J. Edgar in some prison for having the temerity of not believing as he did. Power corrupts and absolute power corrupts absolutely as the saying goes. These programs in tandem with the laws being created around them to allow for the bypassing of other laws is absolute corruption. I do not care to hear the prevarications or the finagling that the government is tap dancing to to allow these things. It’s just wrong no matter the intent and it all stems from an administration that thought that torture was legal and sought to legalize it with the Yoo Memo’s. What was it that Nixon said? “If the President does it it is not illegal” I’m sorry no, it is illegal and immoral and a beast that has been created that cannot be controlled. I look at all of this and I keep going back to Caesar. Caesar was a great general and was installed during a time of great need to have a man like him running things. He won the war and then decided that he should be ruler in perpetuity, an emperor. I think we have crossed that same Rubicon today with these programs and I fear that it will not end and they will be abused.
All hail Caesar.. SPQR
K.
Creating Your Own Privacy & ROI
img courtesy of XKCD http://xkcd.com/
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Preamble
With all the alleged revelations over the drift net surveillance happening to us all by the government I and others have been pondering the processes needed to protect one’s communications online and over the phone. Wired and other venues have put out reasonably ok articles on this but generally I think they have lacked on the ROI factor for the varying degree’s of surveillance that has been carried out for some time now, not just the NSA with PRISM. The immensity of it all I think can put one off on the idea of being able to keep their privacy especially given the pains that one must take to keep it on the nation state scale. However, there is much that could be done to have a modicum of privacy but one just has to understand the idea of OPSEC and have some technical base to work from in order to use the technologies such as TOR or CRYPTO in the first place. It is another thing altogether to keep that mindset every day and to understand the import of their use and the cause and effect that comes from failing to use them.
PRISM and NATION STATE SURVEILLANCE
As Ali (@packetknife) alluded to on the “Loopcast” recently with me, the idea that someone can completely deny the nation state program of surveillance is a tough one to swallow today. We all are connected to the net in some way whether it be your smartphone or some other connected device that we carry with us 24/7. In the case of the smart phone the utter and total pwn that goes on there is spectacular to think about. There is no need for tinfoil hat conspiracies about barcode tattoo’s on one’s neck here, all you really need is an iPhone and connectivity to know quite a bit about a person. This is why the metadata issue is a big one and people are seemingly unable to comprehend it. Let me clarify this for you all by also saying that not only are the calls to and from being easily monitored and mined (stored later for perusal when needed) by the NSA it seems, but also the GPS data as well. Remember the hubbub over the Apple collection of GPS data on the phones a couple years back? Remember the outrage on some parts over this? Well, now look at that in relations to how much of that data is accessible by the government too in this program. More to the point and this has not really been talked about, but are they correlating that data as well in the phone surveillance being carried out? My assumption is yes but like I said that seems to have been dwarfed and drowned out by the PRISM revelations.
Ok so now we are being data mined and correlated on the phone calls we make (metadata). Of who we are calling, how long we are talking, and when as well as the GPS (location) as well? All of that data is very informational about the habits of a person alone but start to analyze it from a personal and psychological perspective and you can build quite the dossier on someone without even having to listen to their conversations. Which I hasten to add that there are rumors of the caching of conversations generally not just under warrant from FISA. At this level, the nation state level of surveillance, one cannot hope to really be secure in their communications using technologies as they are because of the access the government has built for themselves post 9/11 with the Patriot Act as it’s fulcrum. Access mind you that we are giving them by proxy of the devices we buy and the services that provide the connection because without them we have no way to communicate other than in person or pen to paper with the post offices help right?
All of this though does not mean that the government is spying on you now. What it means though is that the legalities have been created or bent to the will of the government to have the illusion that the wholesale collection of all kinds of data for later use of anyone using these systems is legal. It also means that no matter the protestation of the government and the law enforcement bodies that they take all due care not to collect/use/surveill you vis a vis your data that there is a chance that someone within the system “could” and “might” do so outside of the rules and that is the problem here … Well other than the Constitutional, moral, and ethical issues that is. Just because it is against the rules does not mean someone won’t do it if they have the access. You know.. Like EJ Snowden having access to highly classified data that perhaps he shouldn’t have? Or furthermore the availability of Mr. Snowden being able to insert a USB drive into systems and siphon off said data to give to the press or anyone who’d listen right?
PRIVATE SECTOR or THE LITTLE SISTERS
Another issue that seems to be taking a back seat here is the notion of the Little Sisters to Big Brother. This idea springs from something I alluded to above in that the corporations that offer you the services (Gmail/ATT/Facebook etc) all collect data on you every minute of every day. They use this data for advertising, data mining, selling that data to other companies to form synergies on how to sell you on things etc. It is this practice of collecting all this data on us and our complicity in it that has given rise to the drift net approach that the government has taken with the surveillance programs like PRISM. The government is simply leveraging the capacities that are already there in the first place! You want to blame someone for this mess? Look in the mirror as you have allowed your data to be collected in the first place. YOU have placed your minute details out there on the internet to start with in email or posts to Twitter and Facebook for example. YOU are the culprit because you fail to understand OPSEC (Operational Security) and just scattered it on the net for anyone to see.
Of course other bits are more arcane. Cookies, tracking data within browsers and the like also give away much data on who you are, what you like, and allow the marketers to tailor ads for you when you go to sites that pay for the services. The aggregate of all of this data makes a digital portrait of you that unless you take pains to disallow the collection, will be sold and used by the corporations to package YOU as the commodity. I mean, how do you think Facebook works? It’s a social contract to connect to others and allow Facebook to make money off of your habits. Zucky is not in this to win a Nobel Peace Prize here ya know.
So when you think about all this surveillance going on please remember that you are complicit in it every time you surf the web, make a facebook post, a tweet, or send an email unencrypted (Google analytics kids) because they are all sifting that data to “get to know you better” *cough* It’s just a friends with benefits thing as the government see’s it being able to just hit them with an NSL and plant a server in the infrastructure to cull the data they want. As long as it doesn’t effect the bottom line (money) for them I suspect their worries about privacy are, well, pretty low on average. I mean after all you have already signed away your rights have you not? The little sisters are insidious and subtle and I am afraid they have already become metasticized within the society body.
The Only Privacy You Can Have Is That Which You Make Yourselves
“The only privacy that you have today is that which you make for yourself” is something I said a while back on a blog post or podcast and I still stand by it. It seems all the more relevant in the post Snowden world today. By creating privacy I mean leveraging technologies like encryption to keep your communications private and OPSEC to consider how you transmit information over the internet and telco. There are inherent problems though with all of these things as you can always make a mistake and end up leaking information either technically (an instance would be logging online with your own IP address to something) or process wise like putting your current location on Facebook and saying you’re on vacation for two weeks. It is all a matter of degree though and even if you are practicing OPSEC there are things outside of your control when the nation state is looking to spy on you. There are just no two ways about it, you can only fight the nation state so much with technology as they have more resources to defeat your measures eventually by end run or by brute force.
On the level of defeating the little sisters, well the same applies but with limitations. You can in fact surf the net on TOR with NOSCRIPT, cookies disallowed and on an inherently anonymized OS on a USB stick right? The little sisters can only do so much and they only interact when they see a profit in it. They after all are not looking to be voyeurs just for the fun of it. They want to sell you something or sell you as metadata right? However, if you start to anonymize yourself as much as you can and you are diligent about it you can stop the Little Sisters which in turn may minimize what the Big Brother can use too. The caveat is that you have to take pains to do this and you have to know what you are doing. There are no magic easy button offerings on the shelf that will hide you from them all and if you care then you will take the time to learn how to perform these measures.
ROI On Privacy
Finally, I would like to take stock of the fight here that you need to take on and what the ROI is for each adversary involved. In reality unless you go off the grid, change your identity and never touch another piece of technology ever again there is a high likelihood that your information will be tracked. One may in fact create a separate identity to pay bills with and use that one to surf online as well as other things but that is an extreme just like the idea of becoming a Luddite. There must be a middle road where you can feel that you are protecting a certain portion of your lives from the unblinking eye of the companies and governments that own or access the technologies that we use every day. You have to though, understand all of this and accept that in the end you may fail at keeping your privacy yours and yours alone. Come to grips with this and be smart and you can have a modicum of success if you are diligent.
A for instance of this ROI would be on the phones. If you TRULY want to be private then you have to lose your smartphone that you have billed to you and buy a burn phone. Cash is king and there is no information taken if you do it right. The unfortunate thing is that you then have to call only others who have the same burn phones out there without any metdata that ties it back to their real identities. You just try getting mom and dad to buy burn phones to talk to them on… It’s not that easy. So really, some of the ROI is minimized by the nuisance factor. The same can be said for the lay individual who is not going to go buy encryption products nor are they capable of installing a Linux system and running something like GPG. This is not going to work for everyone as well as not everyone is going to care about their privacy as the recent Pew poll showed where 56% of polled ok with surveillance program by NSA.
In the end it all comes back to the idea that you create your own privacy by your own actions. Do not trust that the government is going to protect your privacy and certainly don’t believe that the corporations will either. I mean, just look at how many spectacular fails there were on passwords that weren’t hashed or encrypted in any way by companies hacked by LulzSec. As well you should not trust the government, no matter how well intended, that they will be ABLE to protect your privacy as we have seen with recent events like Brad Manning’s theft of (S) data as well as now Snowden (TS/SCI) The actions of one person can be the downfall of every carefully crafted system.
So what is the ROI here? Well….
NATION STATE:
Crypto and anonymized traffic online will minimize your footprint but eventually they will break you if they want to. You have to be exceptional to fight the nation state level of surveillance. As for the driftnet out there well, unless you go luddite they have a lot of data to sift and commingle. They have a pretty good picture of who you are and much of that comes from the little sisters. Your ROI here is minimal because they have the power and the thing you MUST remember is that CRYPTO IS YOUR FRIEND!! Encrypt sessions for chat and emails and you will leave them with the task of either having to break that crypto or hack your endpoint to see the plain text. Make them work for it. Otherwise you may as well just BCC the NSA.GOV on each and every email today it seems.
LITTLE SISTERS:
The little sisters though are another thing. You can in fact obscure a lot of what you do online and through telco but you have to be diligent. It means time and sometimes money (burn phones or laptops in some cases) to obfuscate as much as you can. The ROI here is that IF you take these pains you are then able to deny them easy access to your habits and patterns. If you start using crypto in sessions and in communications like emails then you will be also geometrically heightening your privacy status. But you have to do it.. AND that seems to be the hard part for many whether it is laziness or apathy I am not sure.
Privacy is what you make of it… He says as he hits enter on a public blog post!
K.
[Jmhhw Kutdegc ohl Vmgi Uizvsr pspmspw avuzyiw ypicl Qephcv Tmwfcj’a yere. Kutdegc plqfkw sd Vqklsn vcukipd.]
Polvc Ayzfiui: Elr npwr, xfslm’k Qephcv Tmwfcj…[tgsoq on i xspbsl ezmpc Auzlmr fom i tpely mbsvi. Uoftsgi rilvk xlc titviv rc mpga mr vua fs tydyzk] Li bcyaf’x wcsg bg lets u xswx.
Zwmpgt: [Ayzea saew] W’g agvvw, pob A hsl’h qwjo jmf npw kstslveirr.
Rckc Kspriv: Oi hm. [Gbwow e aoll] Fexgchid Wiailqlc Eeshkq.
Fmqvix: Sl. Cmi’lm lli eisa A liyf vzwexfwho gr xfs ibziv cbx wx qc nvivw.
Hmay Awjhsl: Bi, bzex’q hbm XFM. Us’lm fsx avuzlivcr zwj hsksmbag wsfpmappybwm.
Tmwfcj: Wz, M wcs. Swm nyqh idwvxffie yszcfhuwrxq. Gyb mt jpwyvvpc bwwbsxspg.
Xquo Kmfxwf: Rs, rvub’k xlc QCI. Oi tpcnmux ssf awnivlayvl’w gmagcfmgyhcwfw, ac hlg ls fpsus lli mhbmj jijzu’a ushcg. Qm’ji xfs awgh ksmm, Usvxw.
Pcazst: Esy, Q uer’r hytd css kbil e vczcmx xlyh ca…Vmgi.
Rckc Kspriv: Uleluy ggyv kwhl, uepj im il xlgg hcefip… [ucdww Fggbwh e jmzxmv tmcqy wx tensl] Uj. Fvgqy.
State Of Surveillance: PRISM & Other Driftnets
Zlx kpkmn qp hbx ieandl bh hi lxjywy kx hbxbr bcjzwgy, lhnzix, jczsll, tnp cxmmvzw, tzhmsmv eblxtsalsitx yitkjljm cxr mxbzgpwz, aagpe gvx gy xscftmep, yfk vh Cekkhrym urofe bsesw, icm athg wvtvclzy vtuec, kbxiuvmxk fd Icdv ik tfrgjtimosg, tuh uutdwwneadjq kmlivbuprl njo dftve fm tl axgvvalh, fhf dvy ixremfz wk zlbgnw yi do gybsep.
Revelations
Some of you out there may be shocked and dismayed that the NSA and the FBI as well as other “customers” in the IC world have been collecting vast amounts of data from sources like Verizon (telco) and Google (internet) sources. Others already knew this but perhaps did not understand the sheer scope of the hoovering that has been going on. Myself, well I have had an inkling since I read the manuals for the NARUS STA-6400 system back in 2003 I think it was. That system was the progenitor of what we are seeing now within not only PRISM but other as yet to be named projects. Suffice to say though that we are well and completely surveilled and we have ourselves to blame really. We elected these people into positions of power and we also have not taken enough steps to insure that our elected government is being ethical, moral, and legal in their actions.
These programs have been ongoing for some time now and it seems now they have become monsters that some even within the vast machine have decided are too big and too scary for the government to have control over without the public’s knowledge. Whoever leaked this information must have reached much the same conclusions that we all are now post the leaks that the government wields a set of tools that it should not be using without the approval of the governed who’s rights they are “encroaching” upon and for this I laud them. It is my personal feeling that the government and the LE as well as IC community have overstepped their bounds in this driftnet surveillance behemoth that they have built in the name of anti-terrorism. It is also my opinion that the number of plots allegedly broken up before going into action does not outweigh the constitutional rights that they are contravening to uncover and stop them.
Equivocations
Since the revelations on the wiretapping, metadata, and now internet content slurping we all have seen the reaction of the IC and the administration in response to them. What we have seen thus far has been a set of carefully worded speeches and ameliorating press releases hoping to quell our distrust in our leaders and these constitutionally questionable programs. The height of this for me was President Obama’s press meeting to address the issues where he uses language that basically says “ok yes you are right, your rights are being encroached upon but the benefits of this program outweigh your rights” This was a telling for me as the implication here is that the president, who is in fact alleged to be a constitutional scholar knows and admits that these programs are infringing on our fourth amendment right to privacy.
So what we have here is an administration that has not only carried on the programs and ideals of the previous piteously poor one but gone as far as to expand them for our “greater good” all the while increasing the classification of everything to protect their bad decisions from the public they claim to be protecting. This all may well have been done with good intentions but as “we the people” see it after the fact it comes off as overreach and Orwellian to say the least. In my world view having the power to do something is one thing if you have a sunlight policy that allows for some transparency but all of this is covered in a cloak of secrecy under the rubric that it is to protect us all from terrorism. While I can understand the need for operational security in anti-terrorism and intelligence work I cannot say that this data mining in the way it is being carried out outweighs the fundamental right to privacy that the Fourth Amendment affords all citizens. Furthermore all of the alleged oversight and controls that are in place over these programs may be best intentions but this is not to say that the programs cannot be abused or end run around by those in the chain of command to their own ends. Remember that it was Nixon who ordered the taps of enemies including the NSA as a means to that end until J. Edgar Hoover, out of a feeling of losing his own power, stopped the NSA by threatening to out the president and the program. So there is a history here to be cognizant of and that history is basically the aphorism; “Power corrupts and absolute power corrupts absolutely”
No matter the equivocations or couched and secretively worded explanations that this is all for “our good” the people have a right to reserve judgement as well as demand accounting on what is being done in their name by their duly elected government. The problems though for me are that all too many times the choices are classified, national security letters used to quash any resistance, and oversight by the people prevented with rhetoric over the greater good and this is wrong. The governed need to have a say in this and the government is not allowing that by classification and word play. Games of word semantics may be fun if it were just a game but when it comes to programs like PRISM it’s all really just sleight of hand and NLP to allow the government to do what it wants to, the most expedient thing, to protect the homeland (another nice NLP there by the way) from terror. I guess the question then becomes could this activity be carried out in a better and more transparent way that would still work against terrorism?
Hand Wringing
Look we know that communications are being watched. The terrorists know it too and have used tradecraft to protect their actions in the past. It’s really just common sense, so really do we need to keep it all a secret that we are collecting information? For that matter, do we need to really collect everything and sift through it to find that needle in the haystack as the press has been going on about? As I remember it the players have pretty much been known quantities even after the advent of the internet and the FISA court was a good tool in keeping the government on the straight and narrow with regard to taps and surveillance. In fact the FISA was set up to prevent another Nixon like abuse of the system. Now though it seems like the technology has outstripped the ability of a court like FISA to really watchdog the watchers and has become more of a lapdog than a pitbull. Remember that the FISA court was being end run quite a bit during the Bush administration because it held them up in their eyes. What then happened was the Patriot act and other mechanisms to make it easier for the LE’s and IC’s to just get what they wanted without a warrant, something we came to know as “warrantless wiretapping” or “roaming taps” where the FBI and others could just start surveillance without a warrant for up to 72 hours. It all began there really and down the primrose path we all went.
Frankly the Congress in my eyes went along with all of this because of a couple reasons. The first reason was fear. The second reason was fear of not being re-elected. Both of these reasons are no good and completely spineless. What has happened is that we went from a country of checks and balances to a country with few of either because you can’t check or balance that which has been classified as secret can you? Of course I also blame the populace as well for not being engaged in their governance as well but in cases like this it is much more about things being done in secret and not about us being disinterested. The telling thing will be what happens from here. Will the populace demand some sort of accountability? Will there be a groundswell of support for measures to insure the government is not abusing this power they have in collecting all this data? Or will we all go back to sleep collectively and settle in to watch Survivor and probe our navels? Things will remain status quo unless the populace speaks up and does something about it and if they do not it is my opinion that we will keep sinking further into a surveillance state.
Anger
Anger is what we need now and it is anger we should be feeling over all of these revelations this past week. I want you all out there to take a long look back at our country’s actions and laws since 9/11 and think. Do you really want to be represented to the world by the actions of total information awareness and prevarications by John Yoo that torture is acceptable as a common practice? Do you really trust that the government, law enforcement, and the IC’s will not overstep even more and abuse the system in place today for their own needs? Finally, do you really think that your government and those within it are that altruistic as to be all shining versions of Mr. Smith? I really don’t believe that you all think that that is the case so why would you just lay there and allow all this to go on without at least some kind of sunlight policy allowing the governed to know what the government is doing in their name or more to the point to the governed?
As for me well, I am just a dark bastard as some have called me. You might read this and think well that’s just him, but, I implore you all out there to take a step back and look at our history and the nature of human nature and then decide. I think you will all come to the same conclusion that this is the wrong path to be on. No matter how many times the players may tell you that the game is played fairly and for your protection ask yourselves and them to tell you how many times it has foiled a plot and saved us from ruin. If they say “well we can’t because it’s classified” then I want you to see them in a pair of plaid pants and white belt with matching shoes trying to sell you a car …because that is what they are doing.
Get angry and demand some transparency. Keep your eye on them because in fact you cannot trust them. Given the power to do what they like they will do so especially if there are no repercussions as it’s all classified. Alternatively though and in reality all you can do today is use encryption and take care with your communications if you do not want Uncle Sam and his pals to know about them. As I see it now they have a complete backdoor into everything and people start to use more encryption I would expect crypto to become a munition again….
But that’s just the dark bastard in me I guess…
K.
Krypt3ia 