Jaison Mathew

Writing about information security/privacy; Avid tech enthusiast. In or around San Francisco.

wired:

When 17-year-old George Hotz became the world’s first hacker to crack AT&T’s lock on the iPhone in 2007, the companies officially ignored him while scrambling to fix the bugs his work exposed. When he later reverse engineered the Playstation 3, Sony sued him and settled only after he agreed to never hack another Sony product.

When Hotz dismantled the defenses of Google’s Chrome operating system earlier this year, by contrast, the company paid him a $150,000 reward for helping fix the flaws he’d uncovered. Two months later Chris Evans, a Google security engineer, followed up by email with an offer: How would Hotz like to join an elite team of full-time hackers paid to hunt security vulnerabilities in every popular piece of software that touches the internet?

Today Google plans to publicly reveal that team, known as Project Zero, a group of top Google security researchers with the sole mission of tracking down and neutering the most insidious security flaws in the world’s software. Those secret hackable bugs, known in the security industry as “zero-day” vulnerabilities, are exploited by criminals, state-sponsored hackers and intelligence agencies in their spying operations. By tasking its researchers to drag them into the light, Google hopes to get those spy-friendly flaws fixed. And Project Zero’s hackers won’t be exposing bugs only in Google’s products. They’ll be given free rein to attack any software whose zero-days can be dug up and demonstrated with the aim of pressuring other companies to better protect Google’s users.

MORE: Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers

rtamerica:

The NSA’s spying program extends far beyond terrorists and metadata, invading the privacy of American citizens in the name of security. Does privacy matter? And is giving it up to the NSA really keeping us safe?

descentintotyranny:

Did the CIA Illegally Spy on the Senate? Now We May Never Know

July 10 2014

The Department of Justice will not investigate whether the Central Intelligence Agency illegally spied on staffers of the Senate Intelligence Committee and removed documents from committee servers, McClatchy confirmed Thursday. The CIA also claimed committee staffers took documents from the intelligence agency without authorization, and that claim will also not be investigated.

“The department carefully reviewed the matters referred to us and did not find sufficient evidence to warrant a criminal investigation,” Justice Department spokesman Peter Carr told McClatchy.

It’s a fizzling denouement to one of the more fascinating political dramas of the Obama era. Earlier this year, without any warning, Intelligence Committee chairwoman Dianne Feinstein took the Senate floor and delivered a lengthy, forceful speech directly accusing the CIA of spying on private committee computers and removing sensitive documents. It was an unprecedented public eruption of tensions between the security state and the legislative branch.

The backstory is that the Intelligence Committee conducted an extensive investigation into Bush-era torture, and produced a 6,300-page report that is not yet public. It’s reportedly a “searing” indictment of the agency—and the CIA responded by denying many of the damning charges.

The problem is that investigators came across what’s known as the “Panetta review,” an internal review ordered by the former CIA director that reportedly confirms most of the worst findings about torture by CIA agents. It’s this review that Feinstein publicly charged the CIA with removing from private committee computers after gaining illegal access.

This is a serious charge—it’s not substantially any different from CIA agents breaking into a physical Senate office and removing files.

What’s odd about Justice’s refusal to pursue a formal investigation is that Feinstein claims Brennan essentially admitted the cyber break-in. This is what she said during her speech back in March:

[O]n January 15, 2014, CIA Director Brennan requested an emergency meeting to inform me and Vice Chairman Chambliss that without prior notification or approval, CIA personnel had conducted a “search”—that was John Brennan’s word—of the committee computers at the offsite facility. This search involved not only a search of documents provided to the committee by the CIA, but also a search of the ”stand alone” and “walled-off” committee network drive containing the committee’s own internal work product and communications.

According to Brennan, the computer search was conducted in response to indications that some members of the committee staff might already have had access to the Internal Panetta Review. The CIA did not ask the committee or its staff if the committee had access to the Internal Review, or how we obtained it.

Instead, the CIA just went and searched the committee’s computers.

A second-party retelling of a confession may not be enough to obtain a conviction, but it’s hard to imagine there is not enough smoke here to at least pursue an investigation. Aside from the immediate implications regarding Bush-era torture—and, with the revelations this week about CIA spying in Germany, an agency that may essentially be going rogue—the incident raises grave concerns about constitutional separation of powers, as Feinstein herself noted in her speech.

Feinstein said she is at least happy that Justice won’t investigate the CIA’s claim that committee staffers essentially stole the Panetta report from CIA computers, a charge she firmly rebutted, at length, in her March speech.

Others took a more aggressive stand. Senator Mark Udall, a member of the committee, doesn’t think this is over:

Senate Majority Leader Harry Reid didn’t directly criticize the Justice Department on Thursday, but did restate that he believed the CIA was engaged in wrongdoing.

The ultimate goal of the NSA is total population control.
— 出典:William Binney