Your Source for Leaks Around the World!

Archive for December 21st, 2013|Daily archive page

Disabling Webcam Light in Windows and Mac Computers

In Apple, Archive, Internet, Malware, Microsoft, Surveillance, Technology on December 21, 2013 at 11:20 PM



On our Dell laptop, we find the DLL that comes with the RealTek drivers for our webcam. We quickly zero in on the exported function “TurnOnOffLED()”. We can quickly make a binary edit to this routine, causing it to return immediately without turning on the light.

Almost all webcams, even those inside your laptop’s screen, are USB devices. There is a standard for USB video cameras, the UVC standard. According to this standard, the LED indicator light is controlled by the host software. To hack this on Windows appears to require a filter driver. We are too lazy to write one, which is why we just hacked the DLLs in the demonstration. We believe this is what the FBI has done: a filter driver for the UVC standard would get most webcam products from different vendors, without the FBI having to write a custom hack for each one.



We describe how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops. This enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non-root) application. The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB HumanInterface Device (HID) keyboard which executes code in the host operating system.

To defend against these and related threats, we build an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight’s firmware from user space.

Related Links:

FBI’s Search for ‘Mo,’ Suspect in Bomb Threats, Highlights Use of Malware for Surveillance

U.S. Intellectual Property Commission Report Recommends Malware to Stop Piracy

UPnP Vulnerability Exposes 50 Million Network-Enabled Devices to Be Hacked & Controlled Remotely

FBI Owner of World’s Largest Bitcoin Wallet, 144,000+

In Archive, Bitcoin, FBI, Silk Road on December 21, 2013 at 10:05 PM



Robert McMillan/WIRED:

Who owns the single largest Bitcoin wallet on the internet? The U.S. government.

In September, the FBI shut down the Silk Road online drug marketplace, and it started seizing bitcoins belonging to the Dread Pirate Roberts — the operator of the illicit online marketplace, who they say is an American man named Ross Ulbricht.

The seizure sparked an ongoing public discussion about the future of Bitcoin, the world’s most popular digital currency, but it had an unforeseen side-effect: It made the FBI the holder of the world’s biggest Bitcoin wallet.

The FBI now controls more than 144,000 bitcoins that reside at a bitcoin address that consolidates much of the seized Silk Road bitcoins. Those 144,000 bitcoins are worth $85.2 million at the current exchange rates. Another address, containing Silk Road funds seized earlier by the FBI, contains nearly 30,000 bitcoins ($17.75 million).

That doesn’t make the FBI the world’s largest bitcoin holder. This honor is thought to belong to bitcoin’s shadowy inventor Satoshi Nakamoto, who is estimated to have mined 1 million bitcoins in the currency’s early days. His stash is spread across many wallets. But it does put the federal agency ahead of the Cameron and Tyler Winklevoss, who in July said that they’d cornered about 1 percent of all bitcoins (there are 12 million bitcoins in circulation).


CIA “Family Jewels” Report (1973)

In Archive, CIA on December 21, 2013 at 8:40 PM

h/t to Cryptocomb for searchable format


The “Family Jewels” is the informal name used to refer to a set of reports that detail activities conducted by the United States Central Intelligence Agency. Considered illegal or inappropriate, these actions were conducted over the span of decades, from the 1950s to the mid-1970s.

The reports describe numerous activities conducted by the CIA during the 1950s to 1970s that violated its charter. According to a briefing provided by CIA Director William Colby to the Justice Department on December 31, 1974, these included 18 issues which were of legal concern:[7]

  • Confinement of a KGB defector, Yuri Ivanovich Nosenko, that “might be regarded as a violation of the kidnapping laws.”
  • Wiretapping of two syndicated columnists, Robert Allen and Paul Scott (see also Project Mockingbird)[7]
  • Physical surveillance of investigative journalist and muckraker Jack Anderson and his associates, including Les Whitten of the Washington Post and future Fox News Channel anchor and managing editor Brit Hume. Jack Anderson had written two articles on CIA-backed assassination attempts on Cuban leader Fidel Castro
  • Physical surveillance of then-Washington Post reporter Michael Getler, who was later an ombudsman for the Washington Post and PBS
  • Break-in at the home of a former CIA employee
  • Break-in at the office of a former defector
  • Warrantless entry into the apartment of a former CIA employee
  • Opening of mail to and from the Soviet Union from 1953 to 1973 (including letters associated with actress Jane Fonda) (project SRPOINTER/HTLINGUAL at JFK airport)
  • Opening of mail to and from the People’s Republic of China from 1969 to 1972 (project SRPOINTER/HTLINGUAL at JFK airport – see also Project SHAMROCK by the NSA)
  • Funding of behavior modification research on unwitting US citizens, including unscientific, non-consensual human experiments.[8] (see also Project MKULTRA concerning LSD experiments)
  • Assassination plots against Cuban President Fidel Castro; Congolese leader Patrice Lumumba; President Rafael Trujillo of the Dominican Republic; and René Schneider, Commander-in-chief of the Chilean Army. All of these plots were said to be unsuccessful ones.[9]
  • Surveillance of dissident groups between 1967 and 1971 (see Project RESISTANCEProject MERRIMAC and Operation CHAOS)
  • Surveillance of a particular Latin American female, and of US citizens in Detroit
  • Surveillance of former CIA officer and Agency critic, Victor Marchetti, author of the book, The CIA and the Cult of Intelligence, published in 1974.
  • Amassing of files on 9,900-plus US citizens related to the antiwar movement (see Project RESISTANCEProject MERRIMAC and Operation CHAOS)
  • Polygraph experiments with the sheriff of San Mateo County, California
  • Fake CIA identification documents that might violate state laws
  • Testing of electronic equipment on US telephone circuits

The documents also include Watergate-related items (p. 350-351) as well as a joint USAIDOPS operation concerning training foreign police in bomb-making, sabotage, etc. (one quotes Dan Mitrione,[10] responsible for the Office of Public Safety in Uruguay.

They also highlight equipment support to local police, which could have been considered illegal under the National Security Act of 1947 (page 6).

The Family Jewels also document the infiltration and surveillance of the Bureau of Narcotics and Dangerous Drugs (BNDD), the predecessor to the DEA, on requests of the BNDD’s director in order to root out corruption from among its ranks.

The CIA also surveilled black nationalism in the Caribbean and in the US, producing two memorandums in 1969 and 1970 (p. 188). It focused primarily on Stokely Carmichael‘s visits to the Caribbean Islands, and concluded that there was no “evidence of important links between militant blacks in the US and the Caribbean.” A copy of these reports “was inadvertently sent to the FBI.”

After FBI director John Edgar Hoover‘s public statement that “the Black Panthers are supported by terrorist organizations,” the CIA responded in December 1970 that they “found no indication of any relationship between the Fedayeen and the Black Panthers.” (p. 283)

Apart from surveilling student activism in the US (in particular the Students for a Democratic Society, SDS), the CIA also had surveys in 19 countries, from Argentina to Yugoslavia (p. 191).

The CIA requested to the Department of Agriculture (USDA) “the establishment of a two-acre plot of opium poppies at a USDA research site in Washington, to be used for tests of photo-recognition of opium poppies” (p. 246). The agency was then investigating into multi-spectral sensors (p. 254 and 257).

Some pages are also dedicated to the Pentagon Papers (p. 288 sq.), leaked in 1971 by Daniel Ellsberg who became the subject of focused attention.

Some commentators, including David Corn and Amy Zegart, noted that one key ‘jewel’ had been redacted and remained classified.[13][14]

“The No. 1 jewel of the CIA’s Office of Security is probably a pretty good one–especially since the second jewel in this list is the Roselli/Castro assassination program,” said Thomas Blanton, director of the National Security Archive.

1000+ GCHQ/NSA Targets in 60 Countries; Includes Allies, Aid Groups, Businesses

In Archive, GCHQ, NSA, NSA Files, Surveillance on December 21, 2013 at 3:10 PM

“GCHQ Bude” via Secret-Bases (click image for hi-res)



Secret documents reveal more than 1,000 targets of American and British surveillance in recent years, including the office of an Israeli prime minister, German government buildings in Berlin and overseas, African leaders and family members, representatives of United Nations agencies, a European Union official involved in antitrust battles with American technology businesses, heads of international aid organizations, foreign energy companies, and many more.

The names and details are the latest revelations to come from documents leaked by the whistleblower Edward Snowden.

Many of the reports, written by British teams specializing in Sigint, shorthand for “signals intelligence,” are called “Bude Sigint Development Reports,” referring to a British spy campus on the Cornwall coast, a key listening facility that receives substantial funding from the NSA to undertake shared transatlantic surveillance operations. Her Majesty’s agents have been working at the site, where 29 satellite antennas are aimed skyward, for decades. The Cornwall intelligence base, once part of the Echelon global signals intelligence network, was previously known as “Morwenstow.” Today the site is known as “GCHQ Bude.”

In addition to its geographical conditions, which are ideal for monitoring important communications satellites, Bude has another site-specific advantage: Important undersea cables land at nearby Widemouth Bay. One of the cables, called TAT-14, begins at German telecommunications company Deutsche Telekom’s undersea cable terminal in the East Frisia region of northern Germany.

According to the documents, the GCHQ Bude station listed phone numbers from the German government network in Berlin in its target base as well as those of German embassies, including the one in Rwanda. That, at least, was the case in 2009, the year the document in question was created. Other documents indicate that the British, at least intermittently, kept tabs on entire country-to-country satellite communication links, like “Germany-Georgia” and “Germany-Turkey,” for example, of certain providers.

One GCHQ document, drafted in January 2009, makes clear that the agencies were targeting an email address listed as belonging to another important American ally – the “Israeli prime minister”. Ehud Olmert was in office at the time.

Three further Israeli targets appeared on GCHQ documents, including another email address understood to have been used to send messages between the then Israeli defence minister, Ehud Barak, and his chief of staff, Yoni Koren.

Prominent names that appear in the GCHQ documents include Joaquín Almunia, a Spaniard who is vice-president of the European commission with responsibility for competition policy.

The French companies Total, the oil and gas giant, and Thales, an electronics, logistics and transportation outfit, appear as targets, as do a French ambassador, and “Estonian Skype security team.”

The lists also contain African leaders, their family members, ambassadors and businesspeople.

Names listed in the GCHQ documents including Mohamed Ibn Chambas, the current African Union-United Nations joint special representative for Darfur, as well as multiple African heads of state.

Imboden, from the non-profit Ideas Centre in Geneva, and Solomon Asamoah, deputy head of the Africa Finance Corporation, also appeared on GCHQ’s lists.

The papers show GCHQ, in collaboration with America’s National Security Agency (NSA), was targeting organisations such as the United Nations development programme, the UN’s children’s charity Unicef and Médecins du Monde, a French organisation that provides doctors and medical volunteers to conflict zones. The head of the Economic Community of West African States (Ecowas) also appears in the documents, along with text messages he sent to colleagues.

They also include representatives of international organizations, such as those of United Nations agencies like the Food and Agriculture Organization (FAO) and the UN Institute for Disarmament Research (UNIDIR). A noticeably large number of diplomatic missions to the United Nations in Geneva are also listed.

More obvious intelligence targets are also listed, though in smaller numbers, including people identified as “Israeli grey arms dealer,” “Taleban ministry of refugee affairs” and “various entities in Beijing.” Some of those included are described as possible members of Al Qaeda, and as suspected extremists or jihadists.

In all, communications from more than 60 countries were targeted in this particular operation.

Security Industry Pioneer RSA Paid $10 Million to Use Backdoored NSA Algorithm in Crypto Software

In Archive, Encryption, NSA, Technology on December 21, 2013 at 1:23 PM



Joseph Menn/Reuters:

As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.


RSA Response to Media Claims Regarding NSA Relationship

%d bloggers like this: