A Snowden leak accompanying today’s story on the NSA’s Tailored Access Operations group (TAO) details the NSA’s toolbox of exploits , developed by an NSA group called ANT (Advanced or Access Network Technology). ANT’s catalog runs to 50 pages, and lists electronic break-in tools, wiretaps, and other spook toys. For example, the catalog offers FEEDTROUGH, an exploit kit for Juniper Networks’ firewalls; gimmicked monitor cables that leak video-signals; BIOS-based malware that compromises the computer even before the operating system is loaded; and compromised firmware for hard drives from Western Digital, Seagate, Maxtor and Samsung. Many of the exploited products are made by American companies, and hundreds of millions of everyday people are at risk from the unpatched vulnerabilities that the NSA has discovered in their products. The ANT division doesn’t just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer’s motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this “Persistence” and believe this approach has provided them with the possibility of permanent access. Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies. Shopping for Spy Gear: Catalog Advertises NSA Toolbox [Jacob Appelbaum, Judith Horchert and Christian Stöcker/Spiegel]
Read the original post:
NSA has a 50-page catalog of exploits for software, hardware, and firmware
Hugh Pickens DOT Com writes “The Boston Globe reports that the pending use of GPS tracking devices, slated to be installed in Boston police cruisers, has many officers worried that commanders will monitor their every move. Boston police administrators say the system gives dispatchers the ability to see where officers are, rather than wait for a radio response and supervisors insist the system will improve their response to emergencies. Using GPS, they say, accelerates their response to a call for a shooting or an armed robbery. ‘We’ll be moving forward as quickly as possible, ‘ says former police commissioner Edward F. Davis. ‘There are an enormous amount of benefits. . . . This is clearly an important enhancement and should lead to further reductions in crime.’ But some officers said they worry that under such a system they will have to explain their every move and possibly compromise their ability to court street sources. ‘No one likes it. Who wants to be followed all over the place?’ said one officer who spoke anonymously because department rules forbid police from speaking to the media without authorization. ‘If I take my cruiser and I meet [reluctant witnesses] to talk, eventually they can follow me and say why were you in a back dark street for 45 minutes? It’s going to open up a can of worms that can’t be closed.’ Meanwhile civil libertarians are relishing the rank and file’s own backlash. ‘The irony of police objecting to GPS technology for privacy reasons is hard to miss in the aftermath of United States v. Jones, ‘ says Woodrow Hartzog. ‘But the officers’ concerns about privacy illustrate just how revealing GPS technology can be. Departments are going to have to confront the chilling effect this surveillance might have on police behavior.'” Read more of this story at Slashdot. 
MikeatWired writes “It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting’s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It’s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today. But FBI Supervisory Special Agent Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marque behind bars.” Read more of this story at Slashdot. 
Charlie writes, “There is a smoke shop in Scotia NY, owned by a young black man. There are many, many smoke shops in the capital region, but the rest are owned by white people. 
The DHS has responded to a Freedom of Information Act request filed by the ACLU asking when and how it decides whose laptop to search at the border. It explained its legal rationale for conducting these searches with a blank page: On Page 18 of the 52-page document under the section entitled “First Amendment,” several paragraphs are completely blacked out. They simply end with the sentence: “The laptop border searches in the [Immigration and Customs Enforcement] and [Customs and Border Protection] do not violate travelers’ First Amendment rights as defined by the courts.” More excellence from “the most transparent administration in American history.” Also, the DHS rejected claims that it should limit searches to situations where it had reasonable grounds for suspicion, because then they would have to explain their suspicion: First, commonplace decisions to search electronic devices might be opened to litigation challenging the reasons for the search. In addition to interfering with a carefully constructed border security system, the litigation could directly undermine national security by requiring the government to produce sensitive investigative and national security information to justify some of the most critical searches. Even a policy change entirely unenforceable by courts might be problematic; we have been presented with some noteworthy CBP and ICE success stories based on hard-to-articulate intuitions or hunches based on officer experience and judgment. Under a reasonable suspicion requirement, officers might hesitate to search an individual’s device without the presence of articulable factors capable of being formally defended, despite having an intuition or hunch based on experience that justified a search. Feds say they can search your laptop at the border but won’t say why [Cyrus Farivar/Ars Technica] 
In an excellent NYT story, Sarah Lyall reports on “lights-out London” — the phenomenon whereby ultra-wealthy foreigners (often from corrupt plutocracies like Kazakhstan and Russia) are buying up whole neighbourhoods in London, driving up house-prices beyond the reach of locals, and then treating their houses as holiday homes. They stay for a couple weeks once or twice a year, leaving whole neighbourhoods vacant and shuttered through most of the year, which kills the local businesses and turns central London into something of a ghost town. “Some of the richest people in the world are buying property here as an investment,” [Paul Dimoldenberg, leader of the Labour opposition in Westminster Council] said. “They may live here for a fortnight in the summer, but for the rest of the year they’re contributing nothing to the local economy. The specter of new buildings where there are no lights on is a real problem…” Meanwhile, prices are rising beyond expectation. For single-family housing in the prime areas of London, British buyers spend an average of $2.25 million, Ms. Barnes said, while foreign buyers spend an average of $3.75 million, which increases to $7.5 million if they are from Russia or the Middle East… The most visible, and also the most notorious, of the new developments is One Hyde Park, a $1.7 billion apartment building of stratospheric opulence on a prime corner in Knightsbridge, near Harvey Nichols, the park and the Mandarin Oriental Hotel, which functions as a 24-hour concierge service for residents. Apartments there have been purchased mostly by foreign buyers who hide their identities behind murky offshore companies registered to tax havens like the Isle of Man and the Cayman Islands. It is rare to see anyone coming to or going from the complex, and British newspapers have been trying since it opened two years ago to discover who lives there. Vanity Fair reported recently that as far as it could discern after a long trawl through records, the owners seem to include a cast of characters who might have come from a poker game in a James Bond movie: a Russian property magnate, a Nigerian telecommunications tycoon, the richest man in Ukraine, a Kazakh copper billionaire, someone who may or may not be a Kazkh singer and the head of finance for the emirate of Sharjah. A Slice of London So Exclusive Even the Owners Are Visitors [NYT/Sarah Lyall] ( via Beyond the Beyond ) 