Snowden-Manning Heros?

DISCLAIMER: I have no first hand knowledge of the NSA PRISM program.  This is just my personal opinion of Edward Swowden’s release of classified information and the impacts.

What is PRISM:

PRISM is the code name for the data collection program which was born out of the Protect America Act.

Recently Mr. Edward Snowden released classified information to the international media and fled the U.S.  He was working on the PRISM program and felt that the right thing to do was to tell U.S. citizens about their loss of privacy.



SHH!! Don’t tell anybody this.. but privacy has BEEN gone if you are on Facebook, Google or any other social network.  These organization are storing our private data.  But what do these organizations do with that data?

  • Do they try to protect your data?
  • Do they sometime release it to third parties?
  • Can certain data you store on their system be used against you in a court of law?
  • All of the Above 🙂

Encrypt your data.  That is the only real way to have privacy to a trusted party.   Don’t use FB or Google for stuff you want hidden.

The Need for Some Sort of PRISM:

Spies get a very very bad rap lately.  Analysts are unsung heros.   It that world nothing is what it seems.  The media presents one side of everything.  You have to dig and cross reference to get facts.  Intelligence provides a proactive answer to security.  I am speaking from the perspective of someone who has done security defensively.  There is a need for gathering data within the U.S. infrastructure.  Once data is gathered, it can be correlated to detect patterns of potential threats.

So I think we MUST have something like PRISM (especially in the US) due to the exposure of our assets and the subsequent likelihood of attack. We have a high risk.  And the greatest risk is from INSIDERS (ironically enough PRISM cannot protect itself).

There are three main issues with the programs current setup:

1.  Lack of Oversight & Transparency: There seems to be very little transparency and  oversight that represents US citizens regarding privacy and controlling how far the government can go.  US Senators are led away from what is really going on.

2.  Total Information Awareness:  This system may be too DAMN powerful as far as what it is capable of.  In fact, it seems to be like using GOD Mode 24/7 to gather information.  Snowden mentioned that it can track ANY email.. is this on a whim?  does there need to be some sort of probable cause or “reason to believe” or is this left to the discretion of the guy with his finger on the button.. this leads to the next issue..

3. The Patriot Act II + Protect America Act =  Its too DAMN politically powerful.  This program has the legal backing to do anything with NO checks and balances.


Would I call Snowden/Manning heros/martyrs?  I would not group Snowden with Manning.  The information that Snowden released (so far) is showing a the capability of NSA spying (something that was done by whistle blower William Binney in 2002).  PVT First Class Bradley Manning leaked a lot of war material that risked a lot of people’s lives:

videos of the July 12, 2007 Baghdad airstrike and the 2009 Granai airstrike in Afghanistan; 250,000 United States diplomatic cables; and 500,000 army reports that came to be known as the Iraq War logs and Afghan War logs. It was the largest set of restricted documents ever leaked to the public. —

The problem with this is that it actually endangered the lives of informants, and some people that were on the ground in Afghan/Iraq.  Manning fucked up big time.  Snowden is a hacktivist who will have to spend sometime in prison or in Iceland evading the US government unless the American public rallies to sway the politicians.

Whistleblower Protection:

My hope is that there is due care taken on this issue.  Because there is a real concern regarding the Constitution, Privacy and uncheck powers of the government.  If not, perhaps the next administration will take up the call of the people.  SarbanesOxley Act of 2002 has a Whistleblower Protection Act that would be helpful if such a law could apply to Snowden.  I am not so sure about that.

Transparency & Accountability

I know their needs to be transparency and accountability. But I think its naive to think that we should release all information on all classified data to the world as the Wikileaks crowd believes.  


Organizations & States have an obligation to maintain Confidentiality of critical data.

That means databases with witness protection programs must be kept Confidential, bank transactions must be protected..

Nations have some serious enemies (ESPECIALLY the US).  The US governments duty is to protect its people from those enemies (foreign or domestic).

Consider this:  Certain information on the physical/logical locations of weapons systems, pattens on lethal biochemicals, information on the capabilities of a nation are very effective tools in the hands of really bad people.

Its naive to think that opening up all classified data is going to set the world free.  I wish humanity was in a kinder, gentler situation.. but the reality is some crazy people want to kill as many people as possible.

Yes!  I agree that governments with unrestricted power can be MUCH more dangerous.  Some transparency with check and balances are necessary.



The post modern war conflict is a fight over ideology. Its less about my nation versus your nation and more and more about belief systems.  

RIGHT NOW there is someone with the intent to kill as many people as possible.  With the capability and opportunity they would strike.  There IS an enemy and they are anywhere and everywhere.  You can no longer point at a map and say “All these people are my enemy.”

Now there is an enemy willing to kill you over what you believe, what you represent and what they think you are.  And more than likely, THEY are living in your city.   Who are “THEY”?

Figuring out who THEY are.. is where data mining and correlation comes in.

The threat-source can be from ANY country, race, creed, or religious faction. They are more and more likely to have a citizenship in your country for the sake of having free reign to make the most damage on the most people that represent what they seek to destroy.

Its sounds crazy until a bomb goes off in the middle of a Boston Marathon with the attackers on their way to Time Square.  Luckily, there was surveillance to help deter further killings.

How do we fight against these threats?
Threats can be detected via patterns within information.

Solution:  The government should allow the program manager of the system to explain why its necessary, provide proof of its usefulness.  Limit the use and extent of PRISMs power.

I hope the president will listen to the Internet community on this.  I hope that some political party will hear the cries of thousands of potential constituents then take an intelligent look at the public’s concerns.  Realistically, the American public voted on the reps that backed the laws that created this system.  They accepted it by proxy.  But the shock is from the alleged reach of this program.  Its too bad it took Snowden is risking years away from home and possibly prison for the US to wake up and start talking about something that was leaked years ago.

Hack the Censors

During the renewal of the USA Patriot Act, the various communities on the Internets began frothing at the mouth. I recall one (alleged) Chinese citizen saying something about how China was more free than the United States. Which is (circa 200X) a pretty ridiculous thing to say. In response, I wrote something like “F@KK the President of the United States George W. Bush. Can you say that in about Hu Jintao in China?” He said, no.

In some countries, it is pretty dangerous to be a blogger with a free mind. Its ironic because, for me, that is what blogging is all about. Its sad that bloggers have to watch their collective mouths in countries like China, Iran and others

Apparently, searching for words like “women” in Iran will give you an “404 – Dear Subscriber” page. I’ve heard that searching from behind China’s legendary Great Firewall words like “Freedom” and “Democracy” are not allowed.

Other netizen controllers include (but are not limited to): Saudi Arabia, Syria and Pakistan

Governments with this level of blanket censorship do not understand the nature of the Internet. Organizations around the world like Global Internet Freedom Consortium, Voice of America, and Falun Gong conspire to get around the censorship. Devices such as Tor and Psiphon have been developed to go around the firewalls.

In the war of suppression of ideas, China has actually hired thousands of people to flood the Internet with government messages to out due dissenters.

The best thing China, Pakistan, Iran and other countries can do to control the flow of ideas is to take care of their people not suppress them. The unfortunate thing about taking care of the people is that it requires giving people freedom to speak which is dangerously close to democracy.

Inspired by NY Times article on the subject.

Security Team of Barack Obama

Dear Secret Service,

Thank you for the fine work of protecting President George W. Bush. Regardless of my personal disagreements with about 90% of his administrations actions I wish nothing beyond a very irritating groin rash on the man who has been my president from 2000 – 2008.

I hope that you can do the same thing for President Obama. I am certain you’ll be proactive in your security techniques. I am definitely not questioning whether or not you are good at your job.

As an American citizen I just ask that you go one step further by looking at potential insider threats. I’m not trying to promote some sort of conspiracy theories or anything and I certainly don’t have any reason to believe that your current staff is stocked with traitors of the American Republic. I’m just pointing out potential threats.

To let harm befall such a great American who has become a symbol of hope for people around the world would be a serious blemish on YOU.

p.s. Congrats on the Win, President Obama

The rise of “intelligent” CCTV

I think its great that we have better technology in security. What is disconcerting are laws like the Patriot Act and FISA bill which take right from citizens for the sake of more security. With this increased technological power in security, there needs to be more balance, but it seems the rights of citizens (particularly privacy and civil liberties) are taking a back seat to all manor of political will. All this powered by the fear of terrorism after 9/11.

I’m not saying we should not be more cautious or more aware. I’m not saying that more security is not necessary. What I am saying is that Taking away liberties is not necessary. And even if you feel it is necessary to spy on all citizens indefinitely to “catch terrorist” shouldn’t there be checks and balances on the watchers. Who will watch the watchers? How will we ensure that their powers are not abused.

New Technologies:
Smart CCTV – There are now smart security cameras with pattern recognition that allow them to alarm when some one does something suspicious such as climb a fence, or put down a bag and walk away. That technology has been developed by companies like ObjectVideo Inc. Defense Advanced Research Products Agency (DARPA) hopes to take it a step further by creating systems that can learn everyday patterns and send alarm when things are outside of their known pattern, also known as anomaly detection.

read more | digg story

State of the North American Union: Mexican Trucks Begin Crossing Border Saturday

The decision to open up the borders for the sake of business was made in the 90s by the first Bush, finalized by President Clinton and nurtured by David Rockafeller (CFR). The entire package was called the North American Free Trade Agreement [NAFTA]. Many of the same concerns were brought up back then.

Truckers from Mexico will be delivering goods as early as 2007 Labor day weekend.

The expected employment effects of NAFTA were by far the most common point of debate and were at the center of a series of Senate Finance Committee hearings held during Sep., 1992 and again in Sep., 1993. It was well understood that NAFTA would lead to job decreases in some sectors and job creation in others. The main point of contention was the expected net effects of NAFTA on employment. The position of the committee members, the administration and public witnesses on this point were often polarized. Senator Donald Riegle Jr. (D-Mich.), for example, noted in his opening statement at Sep. 8, 1992 Senate Finance Committee hearings, “The main export we are going to ship to Mexico under the agreement, apparently, as it has been negotiated here, is going to be jobs.”(5) This sentiment was echoed by Thomas R. Donahue, secretary-treasurer of the AFL-CIO as he noted in his prepared 1993 statement, “In brief, the AFL-CIO believes that the adoption of [NAFTA] would seriously harm the US economy, resulting in the loss of hundreds of thousands of American jobs and a decline in the nation’s standard of living.”(6) Whereas administration witness, US Trade Representative, Carla Hills, held the opposite view as she noted in 1992, “This agreement will generate new, higher-paying jobs for Americans. More than 600,000 Americans now owe their jobs to our exports to Mexico. This number is expected to swell to over 1 million by 1995 with NAFTA.”(7) — Find Articles

“What a slap in the face to American workers, opening the highways to dangerous trucks on Labor Day weekend, one of the busiest driving weekends of the year,” said Teamsters President Jim Hoffa.
Joining the Teamsters in seeking the emergency stay were the Sierra Club and Public Citizen.
“Before providing unconditional access throughout the country to tens of thousands of big rigs we know little to nothing about, we must insure they meet safety and environmental standards,” Sierra Club executive director Carl Pope said.

The Federal Motor Carrier Safety Administration, in a statement, said it was working closely with the department’s inspector general “as his office completes an additional assessment of the program and we prepare a detailed response to that report.”The Bush administration said last week it would start the cross-border program once the Transportation Department’s inspector general certifies safety and inspection plans.

The elected officials voting on NAFTA were influenced greatly by the cold hard cash of lobbyists who wanted it to happen. David Rockafeller & Dick Cheney of the Council on Foreign Relations had a LOT to do with NAFTA.

Dick Cheney keeping CFR Secrets

Add to My Profile | More Videos

But why would the CFR support this:

Is this really going to happen:

If there is a North American Union, why isn’t on the news:

bonus conspiracy theory:

US National ID Card: Security or Citizen Tracker

Most American citizens violently oppose a National ID card.  The federal government can get around this in two ways: 

    1. Don’t call it a national ID card 
    2. Don’t put the federally controlled database in a federal building

The U.S. government is doing both of these things (as up 2007, should be complete by 2009).

According the the Department of Homeland Security’s FAQ on REAL ID it is NOT a national ID card & the feds will not create a national database:

“Is this a National ID card?

No. The proposed regulations establish common standards for States to issue licenses. The Federal Government is not issuing the licenses, is not collecting information about license holders, and is not requiring States to transmit license holder information to the Federal Government that the Government does not already have (such as a Social Security Number). Most States already routinely collect the information required by the Act and the proposed regulations.”

“Will a national database be created that stores information about every applicant?

No. The REAL ID Act and these regulations do not establish a national database of driver information. States will continue to collect and store information about applicants as they do today. The NPRM does not propose to change this practice and would not give the Federal government any greater access to this information”  

Well piss on my back and tell me its raining! The government is NOT creating a national ID card.  The only problem with the above statements issued by the DHS is that they are bullshit. 

Imagine.  ME, a security guy of all people, opposed to a National ID Card?  But I’m not the only one.

First off, what is this National ID Card REAL ID Card?

On March 1, the Department of Homeland Security (DHS) released draft regulations [PDF] for implementing REAL ID, which makes states standardize drivers licenses and create a vast national database linking all of the ID records together. Once in place, uses of the IDs and database will inevitably expand to facilitate a wide range of tracking and surveillance activities.EFF

As stated above, the National ID Card for the U.S. would be based on existing State I.D. Cards and driver’s license programs.  The main issue is linking all state databases together so that the federal government can track citizens.  

Now you may be wondering: Does this sound like something an illegal immigrant and/or criminal would not be able to falsify?  (and even if they are caught current laws for illegal immigrants are not enforced)  If illegal immigrants are not going to abide by the law, does this law really enhance the nation’s security?  

Oppose the Real ID Act of 2005 

My main reason for opposing a US national ID card is that I don’t trust the federal government with a consolidated view and control of all of our information.  I think all the information they gather will eventually fall into the wrong hands (on purpose or by negligence).  I was in the military, so the feds already have my data and the feds have lost MY {privacy act protected} information more than once.  A branch of the U.S. government lost 25.6 million account including the Social Security Numbers for Veterans more than once. They kept this information secret from the victims for 19 days.  19 days is ample time for someone to steal an identity once they have the information they need.  In one case the data was supposedly recovered and deemed by the FBI forensics as un-tampered with.  Supposedly they are not creating a seperate national database… but the linked state system WILL be the national database from which the feds will feed.  Its a play on words and I wish people would wake up screaming about this.

There seems to be a disregard for protecting the privacy and security of citizens.  The resources that would normally be used to protect us are being wasted and sent to serve other purposes.  In my oppinion security is still NOT being done because illegal immigrant laws are not being enforced despite the fact there is a “war on terrorism”.  Now if you don’t think something is seriously wrong about the protection of our borders at a time when their is a “war on terrorism” read the story of Border Patrol Agent Ignacio Ramos being jailed for shoot a drug dealer trying to enter the country. The DHS officials lied to congress about these agents (and got caught).  Drug smuggler Osbaldo Aldrete-Davila is a free man.  Meanwhile, other border patrol agents are being deployed to IraqI believe there is a reason that the law is not enforced but I leave that speculation up to you.

Privacy Clearing House has a chronological list of data breaches starting from 2005.  The more databases of large organizations (schools, federal/state, credit cards) our personal information is in, the greater the risk of ID theft and financial fraud we face.  ID theft is currently the fastest growing crime in the US and UK.  And its been the fastest growing for a long time.  I attribute this to organizations putting security last when it should be implemented from the very begining and maintained aggressively. 

So, a national card REAL ID registry databases at the federal level may only add to on-going issues of personal security of US citizens which the US government does not seem to worried about too much. 

To the credit of the U.S. federal government, the Department of Homeland Security’s Chief Privacy Officer, Hugo Teufel III, issued a Privacy Impact Assessment (PIA).  According to the document the National ID card would be difficult to falsify. 

Other issues addressed in the PIA:

The PIA addresses the key privacy issues posed by the Act: (1) Does the REAL ID Act create a national identity card or database; (2) How will personal information required by the REAL ID Act be protected in the state databases; (3) How will the personal information stored on the machine readable technology on the driver’s licenses and identification cards be protected from unauthorized collection and use; and (4) Do the requirements for a photograph and address on the credential and the DMV employee background check erode privacy.

The REAL ID method will extend the life and legitamacy of the Social Security Number as a national ID number.

The DHS PIA document is exactly right when it states:

Some of the public concern about the REAL ID stems from the history surrounding the expansive use of the SSN beyond its original purpose of recording the information necessary to provide a public pension benefit.

The original purpose of the Social Security Number was to track taxation and payments for social programs under Roosevelt’s New Deal created in the 1930s following the Great Drepression.  These days the Social Security number is a de facto national ID number issued to all citizens and you really can’t do anything signifigant without it (i.e. get a job… unless your are an illegal immigrant.. i guess people in the US have privacy after all).  BTW – Collecting Social Security after age 65 is a joke… it is program that will not support the “baby boomer” (but that is a different issue all together). 

The DHS Privacy Impact Assessment goes through most general concerns the the REAL ID act posses to the privacy of U.S. citizens thoroughly…. except for one. Put on your tin-foil hats for this one.  The government works so closely with private companies (namely lobbyists pushing and paying for certain policies, bid and no-bid contracts, laws and regulations) that I believe that they would give out our con$olidated information for the right price. Realistically, a national database in some form or another already exists (social security).  But the REAL ID database would make it possible to have a REAL-time view of all transactions.

DHS PIA pg. 6: “financial institutions, retailers, hotels, health-care providers, and others may consider the REAL ID credential”. 

It sounds like the ultimate consolidation of all personal data.  It will merge your social, driver’s license, and possibly finacial and medical info. 

You see, the REAL ID system would not just be used in the police but with PRIVATE agencies.  On military installations you can’t do much of anything without a certain government ID card.  The data on this REAL ID will be the cream of the crop.  Particularly if is collects data on where you’ve been.  But conspiracy theories on new American corporate facism aside, people need to know that this is happening.  A wake up is long over due for Americans.  I just hope this cancerous apathy doesn’t kill the priciples of the country I love.

Check out the last line of the DHS Privacy Impact Assessment:

The public is encouraged to comment on the NPRM and on the privacy issues associated with implementation of the Act in order to ensure that the final rule reflects robust public input on these important issues.


Facial Recognition to deter ID Theft

DHS Privacy Impact Assessment REAL ID Act – Chief Privacy Officer, DHS

Four State Oppose RealID (New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)

(New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)Ron Paul oppinion on Amnesty for illegal immigrants and the National ID

(New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)

(New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)New World Ord… I mean other things that didn’t make it into the REAL ID ACT:

(New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)

(New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)

Original legislation contained one of the most controversial elements which did not make it into the final legislation that was signed into law. It would have required states to sign a new compact known as the Driver License Agreement (DLA) as written by the Joint Driver’s License Compact/ Non-Resident Violators Compact Executive Board with the support of AAMVA which would have required states to give reciprocity to those provinces and territories in Canada and those states in Mexico that joined the DLA and complied with its provisions. As a part of the DLA, states would be required to network their databases with these provinces, territories and Mexican states. The databases that are accessible would include sensitive information such as Social Security numbers, home addresses and other information. The foreign states and provinces are not required to abide with the Drivers Privacy Protection Act (DPPA) and are free to access and use the sensitive information as they see fit.  – REAL ID wiki

The UK is fighting the same battle of liberties

If I trusted the government, I suppose this would not be that big a deal.

Bonus: Total “Terrorism” Information Awareness – TIA 

 Multiple standardized computing environments can be monitored and controlled using Open Grid Service Architecture (OGSA).  If the federal government is not using this technology togather data from the DMV systems I would be very surprised.





Defeating China's "Great" Firewall

“I guess it is not so “great” anymore!” – Digg User

The blog “Lightblue Touch Paper” explains how to get around the “GREAT” firewall of China.

I've heard of other ways to search around it as well.  Here are some comment from Bruce

digg story

I believe that the Chinese government will ultamitely not be capable of supressing the Chinese people's thirst for unrestricted knowlege.  Although, it is human nature to do what is easiest and follow the heard like sheep, it is also human nature to resist repression.

  There is only so much human beings can take.  I'm reminded of Shawshank Redemption in wich the title character mentions “time and pressure”.  Time and pressure is all it takes for a person to break.  Time and pressure. 

I'm sure the Chinese government would not call what they are doing “repression”.  They'd probably called it “protection”.  Or maybe they don't call it anything!  Internet censorship is not restricted to China.  The U.S. government also has restrictions on certain pages and content on the Internet.  Do enough searches about “terroism” and you might even get contacted by the FBI.  Fear is the driving factor for security in this country.  Blanket censorship is something I definitely DO NOT support. 

I guess only individuals can be free and only truly free in their own heart, souls and minds.  With all the breaches of privacy (or should I say complete lack of privacy) between the individual citizens in the US and the US gov't, how “free” and different is the U.S. government from the China govenment at the fundamental level?

The is a difference (freedom of speech for example) no doubt, but it seems as China moves toward freedom (with its entrance into the WTO and movement toward capitalism) the U.S. seems to be moving toward more control over its citizens as it seeks to sift though its sheep to find the wolves in sheeps clothing.

See what the International Current Affairs Society had to say:

“A group of intrepid H4X0rz have discovered how to easily bypass the Chinese governments censorship of words like 'democracy'.”

From a Chinese perspective of the GFW

Want to outwit hackers? Hire an ethical one

Some of my colleagues in the information security profession think that hacking is evil.  They strongly rebuke any information security professionals for condoning hacking. 

I think that is a ridiculous position to take.  How can we be any good at our job (particulary the more technical information security professionals) if we ignore the skills that malicious hackers use to exploit the very systems we protect?  Why would we bind our own hands from finding vulnerabilities before our enemys? 

Not knowing the darker side of security is like a Drug Enforcement Agent who can't recognize drugs because he or she has never had any exposure to controlled substances.  It is not my position that cops should rob a bank or abuse crack to REALLY know the criminal mind.  I'm just saying that security is not just about implementing secuirty practice, it is about knowing the exploits, vulnerabilities and threats and knowing them well.

Hacking is cool.  It is not all evil or criminal.  Sometimes I have to hack my system after locking myself out.  I've attempted to hack my own network to find vulnerabilities. 

I think hacking is about mastering systems, finding easier ways to do things in life, being clever.  The dangerous thing about hacking is that sometimes individuals are smarter than the systems that they interface with (or control them).  It is the mutant strain that changes everything, the revolution that forces change, the rebel refuses to submit and any of those can be very good or very bad.

Unfortunately, it is easier to destroy than to create, so some weak, ignorant, sociopaths give in to the darkside.  This is true of any method, skill, talent, profession ect.  It is a part of human nature to have users and abusers in our ranks.  You may even have some in your family!  It is my personal belief that what you reap is what you sow (karma); those who do bad will get theirs.  I choose to hack ethically lest I incur the wrath of the universe.

The first ethical-hacking course was started six years ago. Today, there are some half-dozen organizations offering similar instruction around the world

read more | digg story