Interesting little story at Bloomberg with all the ingredients: Worms, theft, wire transfers, insensitive banks, and mysterious international fraudsters.

http://www.bloomberg.com/news/2011-0...indemnify.html

That is an interesting news story, and the authors make some valid points.

But I'd like to put it in perspective. I follow the comp-security/privacy news very closely, so I can often spot trends others might miss.

In recent weeks I've seen quite a few US-centric news stories thumping on these themes:

• cyberinsecurities hurt everyone, including US small businesses
• the US intelligence community should be given much greater freedom to snoop 24/7 on everyone's packets.

These stories rarely point out that the US secret police already operates at internet choke points inside the USA purpose-built (many GB/sec) deep packet inspection (DPI) boxes which tee selected traffic to spook servers; recently the executive openly gave them authority to do this, allegedly to monitor traffic in and out of US defense firms and other "critical industries" including telecoms, and for this stated purpose the "density" of DPI boxes has recently been greatly expanded. Allegedly:

• all packets of all US persons can be inspected at the point where they enter the internet (server rooms of US ISPs),
• all packets of interest to US spooks are allegedly teed to their own datacenters.

Those stories which do discuss this point make much of the legal distinction between "header" and "content" of packets. But very often the content is in the "header" (for example, look at the url of a typical internet search request), and in any case, recent directives appear to erase this distinction; allegedly, it is already common for US spooks to monitor the content of text messages and VOIP calls inside the US, for example.

What is behind the news stories harping on the common themes I listed above? Well, the US spooks are campaigning for public support for their request to the US Congress for the "legal authority" to DPI anyone's traffic without having to give anyone a reason for intercepting email/VOIP/financial-transactions (which is allegedly what they have been doing illegally for almost a decade).

One clue that the story you cited is part of their PR campaign is this excerpt:
I put "legal authority" in quotes because the authorities which the US executive branch has already granted the US secret police (mostly in secret directives) have mostly never been challenged in court, and many US legal scholars feel they are probably unconstitutional.

These issues affect persons living outside the US, because a large portion of the world's internet traffic passes at some point through the US, and the US spooks have long operated DPI boxes at the point where international traffic enters US controlled territory. Also, intelligence agencies in many other countries model their ambitions after those of the US spooks (but are generally even less able to actually pay for 24/7 universal population surveillance without creating huge budget deficits).

My feeling about US three letter agencies is they should be all one thing or all the other. In particular

• NSA, CIA were founded as intelligence agencies; espionage is illegal in every country, so these agencies are law-breaking agencies,
• FBI was founded as a law-enforcement agency.

15 years ago there was a high impenetrable wall between the law-breaking and law-enforcement three letter agencies, and for very good reasons. After 9/11 this wall was taken down and now DHS, CIA, NSA, FBI (and especially their private spyco partners) appear to all be deeply involved in lawbreaking. In my opinion, this cripples the moral authority of agencies such as FBI which still claim to also be in part law enforcement agencies.

Furthermore, while the DPI boxes are expensive, the real hidden cost in this vast-expansion-of-domestic-spookery initiative appears to be the cost of the datacenters needed to analyze the vast torrents of data the US spooks are slurping up. To sort through this data, the secret police have been quietly building several huge datacenters around the USA, each drawing as much power as a city the size of Baltimore, MD. In order to roboinspect (and optionally store for later retrieval and/or human inspection) absolutely every packet which enters the US internet anywhere anytime--- which is their ultimate goal--- they will need many more. The total cost of the existing internet snooping appears to be upwards of 100 billion annually and is said to be by far the largest component of the combined US intelligence budget of some 150 billion annually and growing fast (could be 300 billion annually by 2015).

The stories in this campaign never mention the cost, because in the current climate of fiscal austerity it obviously simply does not make sense to further expand the already huge US intelligence budget. And these datacenters also contribute to global warming, which is another reason why in my opinion, US lawmakers should be asking some very tough questions about whether the US should really be in the business of spying 24/7 on absolutely everything anyone does on-line, especially because it is far from clear that this would even be effective in actually combatting cybercrime. Indeed, I think it is quite clear that the real purpose of 24/7 universal population surveillance has nothing to do protecting small businesses from international cybercrime, but has everything to do with monitoring thought crime. The US executive is deeply worried that as the US continues to decline and its economy worsens, the US may experience political turmoil similar to that recently seen in countries like Egypt and Syria.

It is also relevant that US/UK based companies which make these specialized multi GB/sec DPI boxes have also been selling them for years to the secret police of countries like Egypt, Syria, Libya... Exact same equipment designed for 24/7 universal surveillance, for exactly the same purpose: oppression.

In my view, if you really want to combat cybercrime, it would be more effective to increase computer security, and I suspect that the most cost effective way to do that is to start fining major US software vendors for security blunders which cost more than a certain threshold. Then and only then will they finally start building in security from the start of each software project.

Also, in my view, a major part of the problem for US small businesses is that they have no friends in the struggle against cybercrime, because the US FBI and its partners appear to have morphed into law-breaking agencies, which means they cannot be trusted. Also, they appear to have adopted the maxim that everyone is a suspect all the time, which is typical of counter-intelligence agencies but in my view is utterly inappropriate for a law enforcement agency. It follows, I think, that if you believe, as I do, in the rule of law, and the principle that all persons should be equal before the law, then we cannot cooperate with lawbreaking agencies.

Another major issue which the stories in this PR campaign never mention is that all this domestic spookery requires not only a vast data processing capability but also a vast army of human "criminal intelligence analysts", numbering in the millions, each granted (it is said) full access to the geolocation, phone records, utility records, property records, credit records, banking records, local/interstate/international travel records, search records, voice mail, email, social media user accounts, religious affiliations, and medical records of anyone they suspect for any reason. And when it was revealed that the FBI was failing to properly enforce what little oversight mechanisms it had created to try to ensure that this army of spooks does not abuse their power, the response of the FBI was to eliminate any attempt at oversight.

And its even worse that that: a large portion of this army of domestic cyberspooks consists of contract employees working for private spycos hired to provide "CIAs" to state and local fusion centers inside the US. Indeed, the FBI appears to have outsourced to private companies many of its most objectionable domestic espionage activities, paying them large sums in return for having them assume the legal liabilities if they are caught and brought to justice. Where might this all lead? I point to the examples of countries such as Russia and China, where there is endemic corruption in the government and, it is said, extensive cooperation between organized crime and intelligence operations. At the very least, the governments of these countries appear to often turn a blind eye to spamming and cybercrime operations targeting citizens of their rivals on the international stage.

I would have to recommend to small business people that they not even report problems to US CERT, FBI, etc., but instead adopt open source software and come to forums like this for security advice, as a stop-gap measure until better measures are available. Because to reform the FBI, Americans will need to boycott the FBI.

And if you want to prevent political turmoil inside the US, the best way to do that is to provide good government at a cost the US can afford. Further vast expansions in the US secret police budget runs contrary to such a common sense strategy.

I cannot claim that there any easy solutions to the problem of cybercrime. Only the US spooks do that, when they imply (without presenting any real evidence) that if they are only given the legal authority and equipment they need to spy 24/7 on absolutely everything everyone does on-line, without any need to seek any warrants and without any oversight (which would add still more to the cyber-budget), they can eradicate cybercrime, terrorism, radicalism, nonconformism, atheism...

Today security = surveillance. This was not the case some time ago tho. Don't worry tho, there's nothing you can do, just accept your doom.

Thanks for reading my little essay!

Can't agree with that. In fact there is a great deal Americans can do, such as

• keeping abreast of the computer-security/privacy/human-rights news, including international news because these issues are global issues,
• monitoring their own PC/laptop for the signs of intrusion/monitoring by intelligence agencies foreign and domestic,
• joining organizations like the ACLU, EFF, EPIC, CDT,
• boycotting the FBI, until meaningful reforms are implemented (above all, returning to the quaint notion that a law-enforcement agency can have no truck with severe and sustained violations of the law),
• telling their congresspeople that
  • the US shouldn't be turned into an even more repressive police state comparable to Iran, Syria, Muburak-era Egypt... or even China, Russia...
  • it can't even afford even current levels of domestic espionage,
  • it can't provide the neccessary oversight of the millions already hired by the Surveillance State, much less new legions of domestic spooks,
  • it shouldn't be funding "surveillance and disruption" of domestic civil-rights organizations like the ACLU,
  • it shouldn't be targeting its own citizens with disinformation/astroturfing campaigns in English language forums,
  • US/UK based companies shouldn't be selling DPI boxes to the secret police of countries like Libya, Syria, China,
  • US police agencies shouldn't be using spy drones (full/micro/nano-sized versions) to maintain warrantless surveillance of US persons, particularly since few if any victims are suspected of any actual wrongdoing,
  • US police/intell agencies shouldn't have warrantless access to geolocation, travel records, banking records, medical records, and all that, of US persons, and shouldn't be allowed to listen in on emails and phone calls without first obtaining a non-FISA warrant,
  • they want agencies like the FBI to be purely law-enforcement agencies,
  • they want the FBI and DHS to get the heck out of the law-breaking business,
  • in particular, they want an end to CIPAV-style trojaning/keystroke-logging of the computers of US persons; there is nothing a law-enforcement agency can learn this way which they cannot learn better by obtaining a search warrant and seizing the allegedly "offending" computer, and which is the investigative modus operandi stipulated in a little known document called the US Constitution,
  • they want an end to this nonsense about developing offensive cyberwar capabilities (first they went after Iran, next they went after you and I),
  • they want to end the outsourcing of illegal activities by agencies like the FBI to murky private spycos subject to even less oversight than their overlords,
  • they don't want their phone company, ISP, etc. enlisted into the Surveillance State,
  • they demand well-supported answers to hard questions about the effectiveness of (mostly) illegal domestic espionage from 2001-2011 (which I think will prove that further increasing these civil-rights abuses would be not only anti-American but also ineffective),
  • they want enforcement of the anti-trust legislation already on the books, and in particular they want the media conglomerates broken up in the interest of fostering genuine muckraking journalism as a counter to governmental/corporate corruption and abuses.

I feel that I can support all the claims I have made in this thread, but providing links would be a lot of work and in the past, my lists of links have been summarily deleted. But here are a few to get you started, if you are interested in trying to see whether or not my claims are accurate and documented by documents obtained under US FOIA and from leaks of documents which have been admitted to be genuine:

• http://www.aclu.org/technology-and-l...llance-society (if you have no idea why the shibboleth "if you have done nothing wrong, you have nothing to fear" is fallacious, start here),
• http://www.aclu.org/national-security/surveillance
• http://www.aclu.org/spy-files
• http://www.aclu.org/spy-files/spying...ty-state-state
• https://www.eff.org/foia/foia-endpoi...ce-tools-cipav
• https://www.eff.org/foia/social-network-monitoring
• https://www.eff.org/deeplinks/2011/0...mic-monitoring
• https://www.eff.org/deeplinks/2011/0...do-right-thing
• http://www.wired.com/threatlevel/200...aked-cisco-do/
• https://www.eff.org/deeplinks/2010/0...a-surveillance
• http://www.eff.org/issues/nsa-spying
• https://ssd.eff.org/
• http://publicintelligence.net/tag/HBGary/
• http://centerforinvestigativereporti...a039swarwithin
• http://centerforinvestigativereporti...s/surveillance
• http://centerforinvestigativereporti...iciousactivity
• http://epic.org/privacy/fusion/
• http://epic.org/privacy/socialnet/
• http://projects.washingtonpost.com/t...el-analysis/1/
• http://www.law.umaryland.edu/marshal...choice=Privacy
• http://docs.law.gwu.edu/facweb/dsolo...ide/index.html
• http://www.hrw.org/en/world-report-2011#countries
• http://www.statewatch.org/
• http://www.hrw.org/united-states
• http://timshorrock.com/?page_id=141
• http://www.aclu.org/technology-and-l...edical-privacy
• http://www.bigbrotherwatch.org.uk/ (for the UK version of the Surveillance State)

Call me a meddler, but IMO, in their own best interests, Americans should strenuously resist every attempt of the US secret police to make the US look even less like the nation envisioned in the US Constitution and even more like these countries:

• China: http://www.hrw.org/en/asia/china, http://en.rsf.org/internet-enemie-china,39741.html
• Russia: http://www.hrw.org/europecentral-asia/russia, http://en.rsf.org/surveillance-russia,39766.html
• Iran: http://www.hrw.org/middle-eastn-africa/iran, http://en.rsf.org/internet-enemie-iran,39777.html
• Yemen: http://www.hrw.org/en/middle-eastn-africa/yemen, http://en.rsf.org/report-yemen,165.html
• Libya: http://www.hrw.org/middle-eastn-africa/libya, http://en.rsf.org/surveillance-libya,39717.html
• Syria: http://www.hrw.org/middle-eastn-africa/syria, http://en.rsf.org/internet-enemie-syria,39779.html
• North Korea: http://www.hrw.org/nkorea, http://en.rsf.org/internet-enemie-no...rea,39755.html

Next, you can research for yourself where these countries' secret police obtain their DPI boxes, spydrones, poison gas, and other surveillance/opression technology. You can start here:
http://www.opennet.net/west-censorin...sors-2010-2011
Now look to see which companies make DPI boxes and where they maintain overseas offices. Don't take my word for it, see for yourself!

Some other countries where privacy, civil-rights, and ultimately democracy itself are under assault:

• Australia: http://www.hrw.org/asia/australia, http://en.rsf.org/surveillance-australia,39749.html
• Canada: http://www.hrw.org/americas/canada
• France: http://www.hrw.org/europecentral-asia/france, http://en.rsf.org/surveillance-france,39715.html

To state the obvious: yes, of course I know that abuses in the CANZUS nations (US, UK, Canada, Australia, New Zealand) and France are not yet as severe as in China or Russia, much less the other countries named above. My point is: citizens who live in the first group of nations need to remain vigilant and to vigorously oppose measures which would make these countries more closely resemble nations in the second and third groups.

IMO, Americans who simply give in to the Surveillance State without a struggle are helping to ensure that the streets of the US will someday see scenes like those currently being enacted in Hama and Homs. Is that what you want? I hope not!

So I hope you will reconsider your defeatist attitude and consider joining an organization such as the ACLU.

I know one blogger who follows the cyberwar hype from a standpoint of pointing out the hype. (I know there are others, but this is one I stumbled on), George Smith of the Dick Destiny Blog.

http://dickdestiny.com/blog1/

I have to be all blame-the-victim, but I think a lot of folks who use computers fail to educate themselves on even the basics of security.

Also, I think the news media make themselves easy pickings for the hype, because by-and-large they don't have a clue about networks and how they work.

I second the ACLU. For all they sometimes defend lousy people, they consistently defend good principles and good law.

When I have a paying job, I will donate to those organizations in the hope that they will help slow the inevitable. I do not believe, however, that they can stop the inevitable. I'm quite sure they've been planning this for some time, and it's not just in the US, it is global. Just look around and see that the same measures are being applied globally, and the same words and notions are used. This is the work of an organization with god-like powers, I very much doubt they can be defeated. This is the dawn of the NWO.

@ frankbell:

I also (sometimes) read Dick Destiny Blog!

Bruce Schneier has also often debunked cyberwar hype in his various writings, including I think his own blog.

Agreed, with two reservations:

• I hear that currently many universities offer far greater opportunity for their students to learn a bit (or even more than a bit) about computer/network security, but for those who are trying to play catch-up by self-education, I think that learning about vulnerabilities and how to fix them can be a very considerable challenge--- one which is probably insurmountable by those with limited time or ability,
• broadly defining "sysadmin" as anyone responsible for securing any computer (so the owner of a home PC would be the "sysadmin" for that PC), I tend to feel that individual "sysadmins" are blameworthy to the extent that they leave open security flaws which they have the knowledge, background, and ability to fix. So by that standard the typical small businessperson, who is not a "security expert", lacks the time to try to become one, and who probably doesn't have sufficient financial backing to hire one, shouldn't be held responsible for vulnerabilities they cannot reasonably be expected to fix.

I find that when discussing computer security/privacy issues, it is difficult to maintain the appearance of self-consistency without going on and on about fine distinctions, because these issues are so complicated, in part because the underlying technological issues are often both unfamiliar and complex. So in the interests of brevity I will not attempt to explain why I don't think it is really inconsistent for me to say:

• some of the most vigorous proponents of cyberwarfare
  
  Code:

  echo 'I mention no names' | sed 's/I men/Rich/' | sed 's/tion/ard/' | sed 's/nam/Clar/' | sed 's/es/ke/' | sed 's/no//'

  certainly appear (to me) to be positioning themselves to make billions if they can persuade already cash-strapped governments to ramp up even further their "offensive" and defensive efforts in this area,
• anyone can become a victim of state-sponsored "cracking"/cyberwarfare; my own experience suggests that in 2011 it is quite possible for an ordinary citizen to be targeted by intelligence agencies (foreign or domestic); to mention just one example: according to Google and other sources familiar with the Aurora attacks, the malefactors targeted not only huge "Western" defence firms but also persons whom certain arms of the Chinese government apparently believed to be Chinese dissidents living abroad, or non-Chinese citizens assisting Chinese dissidents. My own experience suggests that posting links to HRW and RSF is like waving a red flag in front of the secret police of the countries named above as chronic abusers of human rights.

Yes, people who dismiss the ACLU on the basis of nonsense they have heard should look into what they actually do. Everyone, even and perhaps especially non-Americans, should support their work. For example: the ACLU has consistently fought in the courts against a wide range of clearly unconstitutional "directives" by the US executive which flagrantly violate the human rights of non-US citizens.

@ H_TeXMeX_H:

"They"? Are we still talking about the same thing? If you are trying to make a serious argument, you'll need to elaborate it before I can understand the point you are trying to make.

Let me reiterate two points:

• Not only do I believe that the US Surveillance State can be defeated, by political means which are standard in the US, I don't see how proposed vast expansions in the US version can be sustainable, because no government, certainly not the US government, can possibly afford it. So if they go down that road they'll just bankrupt the US government, as per the Soviet example. IOW, I believe that the US Surveillance State will defeat itself if the US Congress don't step in to dismantle it before it (plus a few endless and unwinnable wars) bankrupts the nation.
• I think we all agree that coverups are standard operating procedure in the US and many other countries. But if anyone seriously thinks that US government coverups are impenetrable, I would suggest that history suggests quite the opposite! With a little effort and moral courage, abuses by the US government are often easy to expose, especially if the U.S. Congress holds televised hearings, as happened with the Watergate scandal, the Iran-contra scandal... If the US citizenry supports calls for such hearings, the US version of the Surveillance State will be dismantled. That would be a good thing for the US and for the world.

I mostly agree, but I don't think you're seeing the bigger picture. The s*** is gonna hit the fan soon, so maybe then you will see. I'm sure we can agree that the future includes: extreme poverty, oppression, surveillance, human rights abuse, war, and basically a new dark age. I saw it coming several years ago, and it is getting close.

I am certainly not seeing your point!

You said so much that I will not try to respond to it all.

I didn't mean to imply that a home "sysadmin" needs to understand the finer points of security. I was thinking more in terms of "don't do stupid stuff," such as click on one of those links that tells you are infected and have to install some kind of ransomware (it's run watching them pretend to scan a Linux box and tell you that C:\ is infected), don't go on the internet without a well-reputed anti-virus and firewall, investigate error messages before you panic, and don't believe emails that tell you to log click the link to log into your bank account to validate your information. That is hardly rocket-science.

I will hold up my girlfriend as an example, because she's a fairly typical user. She surfs the web a little, plays some online games (being female, most word games), emails, and does work. She's atypical I guess to this extent--although she has a Facebook account, she seldom uses it and, when she does, it's mostly for chats with her sister in Hungary (she's a Hungarian who's father brought her out after the 1956 Revolution)--no Farmville.

I periodically scan her computer with Adaware and Spybot; they have not yet turned up anything. AVG never finds anything.

Why? Because she thinks before she clicks.

True, and I hope they are teaching all this stuff in schools everywhere.

I don't think we really disagree on anything, just are shifting the emphasis. Of course I agree that not clicking on probable phishing links, etc., is common sense, but would point out that variation within any human population larger than say 20 is much larger than variation between any populations. Some people are by no means dull but are very trusting by nature, and developmentally disabled adults use computers too. And I am sure we have all encountered organizations where well-educated users are officially advised to do something extremely stupid, by sysadmins who are, I guess, over their head. So:

• I tend to feel that most individual users are mostly already doing about as much as can reasonably be expected of that person.
• computers are so complicated that no single sysadmin can be reasonably expected to secure very much these days, I think, and the demand so far outstrips the talent pool that IMO it is unreasonable to expect miracles from sysadmins either. (Education can't help, since one needs the kind of intelligence and talent which only occurs in a small percentage of the human population. Growing the human population could help, but that is infeasible for other reasons.)

So who can we blame? Well, I'm biased, but I'll name those short-sighted executives who wouldn't listen, who refused a decade ago to build security in from the ground floor. We took a system whose idea of security derived from the MIT computing lab and very quickly grew that into a system with three billion users, without fundamentally changing the security model. The result, predictably enough: chaos.

Actually, there is an example of knowledgeable users being officially advised to do something really stupid, and doing it, right in front of us right here in this forum. When any of us surf here, we encounter a pane in the upper right corner which invites us to log in. We all know that username and password are transmitted in the clear, and that this is very easy to sniff by anyone who has a packet sniffer installed in any of dozens of places where they can access the right packet as it passes by. So logging into this forum violates every notion of secure user behavior, yet we all do it, and very few of us even protest that this forum should use encryption to secure logins. Even better, secure all web transactions: https://www.httpsnow.org/. (OK, "secure" in scare quotes, because we all know that SSL is broken. But it would be better than what we have now, which is no security at all.)

Many of us also share personal information in unencrypted posts or profile pages, which can be hazardous. particularly for sysadmins and persons expressing views which some governments might wish to repress. See

• another LQ thread I recently started
• Steve Ragan, "Inside the talk that started a war with Anonymous", Tech Herald, 14 February 2011, http://www.thetechherald.com/article...with-Anonymous

So maybe we should also blame social media magnates, and even ourselves (as knowlegeable users who accept insecure logins).

EDIT: oh, fiddlesticks! I was one of the LQ users who complained, and I just learned by accident that LQ did implement SSL here: try
Someone might have told me! Well, thanks, LQ, better late than never.

Giving up any personal information for CANZUS persons (residents of US, UK, Canada, Australia, New Zealand) is profoundly unsafe in a world in which social media profiles, credit records, calling circle, utility records, ISP account information, family history, property records, voting records, banking records, travel records (municipal, national, international), medical records, emails, voice mail records, content of VOIP calls, search terms, websurfing logs, etc., are readily available without a search warrant to millions of poorly vetted and largely unsupervised "authorized persons", not to mention PIs and hacktivist groups who can probably also gain access to all of that (bearing in mind that small US local police departments are probably not well secured against unauthorized intrusion into "secure" LE databases via their departmental computers). See

• Steve Ragan, "AntiSec: Record-setting document leak targets officers and informants", Tech Herald, 6 August 2011, http://www.thetechherald.com/article...and-informants

P.S.: my attempt to post this encountered what may have been a hijack attempt.

EDIT: that probably would not have happened had I known that LQ apparently does now support https. Has anyone tested this to make sure it is working properly?

I dont hink its just about money myself. Politicians and the #$^#$ scum who pay them (opps, 'donate') see the internet as a way of getting a level of surveillance on the general population that even the old DDR (east german) government could only dream of, at a fraction of the cost.

The internet filter is just the most internationally visible bit as far as australia goes.

If you care anything about australian politics, a good place to see a different 'prong' of this attack is ""Australians for Honest Politics Trust"

To cut a long story short, one the pollies (who is now "leader of the opposition") from the 2 main political parties created a slush fund for attacking a fairly new party, "One Nation". I persoanlly cant stand One Nation, they are mostly a bunch of right wing racists, but the way the attack happened was VERY dirty.

Some links here-

http://www.smh.com.au/specials/abbottaffair/

NWO is soooo 1991-

http://www.youtube.com/watch?v=_CWBTL33MpA

I didnt have you pegged an a 'we cant do anything, just give up' emo H_TeXMeX_H.

If we allow this to happen, there is nobody to blame but ourselves. "Better die on your feet than to live on your knees".

Exactly. Unfortunately, "Western" technology coupled with Stasi mentality has led to the situation we have today.

What does the future have in store for us? The US secret police are currently drooling in glee over the prospect of software which supposedly will know that you might be about to commit thought crime before you yourself are aware of it. And they are salivating over nano spydrones the size of flies. And, unfortunately, much much more.

Amazing how prescient Orwell really was--- I urge everyone to re-read his novel. Operatives of the US Surveillance State appear to have read it, asking "great idea! how can we implement it?"

I do, and thanks for the link.

I have found that a concern for privacy/human rights inevitably draws one into national debates in nations ranging from Australia to Thailand. Of course, some countries don't even pretend to allow discussion of political issues at all, much less controversial issues, like Zimbabwe.

As an example, I have followed the controversy in Australia over transit cards. Did you know that the databases which track the movements of transit riders in Brisbane and other cities is apparently operated by a US spyco? Specfically, while current and accurate information is not easily obtained, as of a few year ago, when I researched this issue, I believe that the Brisbane database, and other aspects of the fare collection system, is maintained by Cubic Transportation Systems Inc. (CTS), a San Diego based subsidiary of US defense giant Cubic Corp. In 2011, Cubic was the 75th largest US Federal contractor with some 278 million annually in contracts. It claims to be
Cubic Transportation Systems claims it is
Another Cubic subsidiary, Cubic Defense Applications, Inc., also headquartered in San Diego, but with a major establishment in the NSA's Crystal City research park, where it works on "intelligence analysis" and "psychological operations", among other things. See http://projects.washingtonpost.com/t...lications-inc/


It can be a bit difficult to follow the trail of who runs surveillance in transit systems, since as you know transit conglomerates tend to be public-private partnerships which continually change their names, and several transitcard giants have reorganized due in part to bad publicity and in part to financial losses due to their many failures worldwide to even get the fares paid. Also, the public-private partnerships are often secretive about what companies they work with, and often harrass security researchers who uncover serious shortcomings. To name just one recent example:

• Elinor Mills, "Journalist faces charges over transit card flaw reports", Cnet News, 1 August 2011

However, as you probably know, Cubic stepped in when one Australian transit card project suffered an epic fail and the previous company was fired. The name of the villain in the story by Elinor Mills, Trans Link Systems, may ring a bell with some Aussies.

The CTS blurb mentions "call centre services" (that's outsourcing to you and I!). One reason why so many call centers use VOIP is allegedly that the content of incoming calls is easier for companies like Cubic to digitize, analyze (spectrographically and also for keywords) and serve up to data centers operated by intelligence agencies. Apparently it is easier for them to claim they are doing this legally without a warrant if they use VOIP. But if the population knew what is going on, I suspect that a popular outcry would induce national legislatures to try to put a stop to it.

In threads like this LQ thread, I have tried to make the Linux community aware of the far-reaching significance of the HBGary leaks. In one of the emails which Aaron Barr sent which was leaked in HBGary breach, he expressed jocose regret that he had not yet been able to locate the "missile coordinates" of Anonymous members. This remark may seem less amusing if you know that before joining HBGary, Barr worked at Northrup Grumman, which manufactures a number of drones for the US military, including

• MQ-8B Fire Scout (one is apparently stationed in Webster Field, MD and may be tasked with spying on Washington, DC)
• RQ-4 Global Hawk
• Euro Hawk (a variant of the Global Hawk used by the Bundeswehr)

and is actively involved in trying to sell microdrones to riot police forces around the world.

Something to think about when you watch recent footage from the mean streets of Syria.

Earlier in the thread, I said that I believe that the news story cited in one of many which originate in a publicity campaign by the U.S. Surveillance State, which wishes to further expand its warrantless intrusions into the private lives of all US persons (and everyone else). A concurrent campaign consists of stories offering a feel-good profile of a recruitment drive at DEFCON (as I write, being held in Las Vegas, Nevada, USA). I'd urge any DEFCON attendees approached by the NSA to carefully consider the implications of the fact that joining the bad guys (the secret police) is like joining the Mafia: if things don't work out the way you hoped, you can't just quit and go back to working for the good guys (the independent security researchers, excluding informants). And depending upon how deeply you get drawn into activities like assasinations which violate international law, you could one day wind up in the dock in the International Criminal Court in the Hague. Something to think about: who would want to be cellmates with Ratko Mladic?

Peufelon, I see no disagreement between us at all. I was speaking more about sensible user practices; you were speaking about sensible network practices. We need both. And I commend your attempts to bring more public awareness to these issue. You might find this podcast interesting.

Your point about social networks is well-made. Persons develop a personal relationship with their computers and forget that the internet is a public place. Any information you place there should be information you expect may become public; it should not be anything you would not mind being public.

I have posted a lot of pictures on Facebook. None of them are of my family or friends--it is not my place to share their stuff--most of my pix are of scenery.

I was trading emails today with a friend of mine who found a bogus charge for some SMS service slammed on her cell phone bill.

Her cell phone provider promptly revoked the charge without question and, in the course of the conversation, told her that one of the most unsafe things persons can do is put their cell phone numbers on Facebook (which she doesn't, by the way). The phone slammers cruise FB and grab the numbers, then slam the accounts.

By the way, Peufelon, check my profile. You might recognize my website.

You're right, I'm not usually one to give up, and in the past I was more like you. Maybe I have become weak, or gone mad, or maybe I just understand more of what is going on and was has happened. Either way, I certainly will not be around when they implement their Orwellian system. I'll run to somewhere where they won't find me for a long time.

I don't really see much hope, because I see how people are. They are sheep. I can't imagine being able to convince the sheep that their master will have them on the chopping block soon, and for them to do something or help out. I think all they will say is their usual 'baaaaaa a a aa'