/andygreenberg

►http://www.forbes.com/sites/andygreenberg/2013/08/14/agent-of-intelligence-how-a-deviant-philosopher-built-palantir-a-cia-funded-

Google Glass Face Recognition App Coming This Month, Whether Google Likes It Or Not - Forbes
▻http://www.forbes.com/sites/andygreenberg/2013/12/18/google-glass-face-recognition-app-coming-this-month-whether-google-likes-it-

Since Google Glass first appeared, its potential for facial recognition has been seen either as a privacy nightmare or as one of the headset’s first truly intriguing uses. Google has declared itself in the first camp. Stephen Balaban is in the second, and he’s about to share his vision with Glassheads everywhere, whether Google likes it or not.

#Google_glass #google #reconnaissance_faciale

An NSA Coworker Remembers The Real Edward Snowden : ’A Genius Among Geniuses’ - Forbes
▻http://www.forbes.com/sites/andygreenberg/2013/12/16/an-nsa-coworker-remembers-the-real-edward-snowden-a-genius-among-geniuses
C’est le détail du rubik’s cube qui est le plus délicieux, la quintessence des années 80, ce qui restait à tous ceux qui n’avaient pas droit aux petites consoles de jeu, qui faisaient eux-même l’ordinateur avec leurs mains

Before coming to NSA Hawaii, Snowden had impressed NSA officials by developing a backup system that the NSA had widely implemented in its codebreaking operations .
He also frequently reported security vulnerabilities in NSA software . Many of the bugs were never patched.
Snowden had been brought to Hawaii as a cybersecurity expert working for Dell’s services division but due to a problem with the contract was reassigned to become an administrator for the Microsoft intranet management system known as Sharepoint. Impressed with his technical abilities, Snowden’s managers decided that he was the most qualified candidate to build a new web front-end for one of its projects, despite his contractor status . As his coworker tells it, he was given full administrator privileges, with virtually unlimited access to NSA data . “Big mistake in hindsight,” says Snowden’s former colleague. “ But if you had a guy who could do things nobody else could, and the only problem was that his badge was green instead of blue, what would you do? ”
As further evidence that Snowden didn’t hijack his colleagues’ accounts for his leak, the NSA staffer points to an occasion when Snowden was given a manager’s password so that he could cover for him while he was on vacation. Even then, investigators found no evidence Snowden had misused that staffer’s privileges, and the source says nothing he could have uniquely accessed from the account has shown up in news reports .
Snowden’s superiors were so impressed with his skills that he was at one point offered a position on the elite team of NSA hackers known as Tailored Access Operations. He unexpectedly turned it down and instead joined Booz Allen to work at NSA’s Threat Operation Center .
Another hint of his whistleblower conscience, aside from the telltale hoodie: Snowden kept a copy of the constitution on his desk to cite when arguing against NSA activities he thought might violate it.The source tells me Snowden also once nearly lost his job standing up for a coworker who was being disciplined by a superior .
Snowden often left small, gifts anonymously at colleagues’ desks.
He frequently walked NSA’s halls carrying a Rubik’s cube–the same object he held to identify himself on a Hong Kong street to the journalists who first met with him to publish his leaks.
Snowden’s former colleague says that he or she has slowly come to understand Snowden’s decision to leak the NSA’s files. “ I was shocked and betrayed when I first learned the news, but as more time passes I’m inclined to believe he really is trying to do the right thing and it’s not out of character for him. I don’t agree with his methods, but I understand why he did it ,” he or she says. “I won’t call him a hero, but he’s sure as hell no traitor.”

#snowden

Researcher Says He’s Found Hackable Flaws In Airplanes’ Navigation Systems
▻http://www.forbes.com/sites/andygreenberg/2013/04/10/researcher-says-hes-found-hackable-flaws-in-airplanes-navigation-systems

By hijacking a protocol used to send data to commercial aircraft and exploiting bugs in flight management software built by companies including Honeywell, Thales and Rockwell Collins, Teso told the crowd that he could send radio signals to planes that would cause them to execute arbitrary commands such as changes in direction, altitude, speed, and the pilots’ displays.

“You can use this system to modify approximately everything related to the navigation of the plane,” Teso told me in an phone interview following his talk. “That includes a lot of nasty things.”

Update: Several companies and aviation safety organizations now claim that Teso’s research wouldn’t work on actual airplanes. See their comments below.

Hackers and security researchers have warned for years of vulnerabilities in next-generation air traffic control protocols. But Teso focused on a different protocol called Aircraft Communications Addressing and Report System, (ACARS) a simple data exchange system that has evolved over decades to now include everything from weather data to airline schedules to changes to the plane’s flight management system. (FMS)

Teso says that ACARS still has virtually no authentication features to prevent spoofed commands. But he spent three years reverse engineering the flight navigation software that receives ACARS signals to find bugs that allowed him to send his own commands to the systems, either from a software-defined radio that can be tuned to use ACARS or from a compromised airline system. In his talk, Teso demonstrated an Android application he built that allowed him to redirect a virtual plane with just a tap on a map application running on his Samsung Galaxy phone. “ACARS has no security at all. The airplane has no means to know if the messages it receives are valid or not,” he says. “So they accept them and you can use them to upload data to the airplane that triggers these vulnerabilities. And then it’s game over.”

In his presentation, Teso explained that he experimented on used FMS hardware he bought from eBay and FMS training simulation software that was advertised as containing some or all of the same code as the systems in real planes. In our interview he declined to specify exactly what vulnerabilities he discovered in that code, saying that he has instead contacted the Federal Aviation Administration (FAA) and the European Aviation Safety Administration, (EASA) and is working with the affected aerospace companies to fix the problems.

Meet The Dread Pirate Roberts, The Man Behind Booming Black Market Drug Website #Silk_Road - Forbes
▻http://www.forbes.com/sites/andygreenberg/2013/08/14/meet-the-dread-pirate-roberts-the-man-behind-booming-black-market-drug-websi

“(...) Silk Road has been around two and a half years. We’ve withstood a lot, and it’s not like our enemies are unaware any longer.”

Roberts also has a political agenda: He sees himself not just as an enabler of street-corner pushers but also as a radical libertarian revolutionary carving out an anarchic digital space beyond the reach of the taxation and regulatory powers of the state

#drogue #marché_noir #anonymat #bitcoin #coin #tor

“Silk Road doesn’t really sell drugs. It sells insurance and financial products,” says Carnegie Mellon computer engineering professor Nicolas Christin. “It doesn’t really matter whether you’re selling T-shirts or cocaine. The business model is to commoditize security.”

▻http://silkroadlink.com

How A ’Deviant’ Philosopher Built #Palantir, A CIA-Funded #Data-Mining Juggernaut - Forbes
►http://www.forbes.com/sites/andygreenberg/2013/08/14/agent-of-intelligence-how-a-deviant-philosopher-built-palantir-a-cia-funded-

The biggest problem for Palantir’s business may be just how well its software works: It helps its customers see too much. In the wake of NSA leaker Edward Snowden’s revelations of the agency’s mass surveillance, Palantir’s tools have come to represent privacy advocates’ greatest fears of data-mining technology — Google-level engineering applied directly to government spying. That combination of Big Brother and Big Data has come into focus just as Palantir is emerging as one of the fastest-growing startups in the Valley, threatening to contaminate its first public impressions and render the firm toxic in the eyes of customers and investors just when it needs them most.

“They’re in a scary business,” says Electronic Frontier Foundation attorney Lee Tien. ACLU analyst Jay Stanley has written that Palantir’s software could enable a “true totalitarian nightmare, monitoring the activities of innocent Americans on a mass scale.”

Karp, a social theory Ph.D., doesn’t dodge those concerns. He sees Palantir as the company that can rewrite the rules of the zero-sum game of privacy and security. “I didn’t sign up for the government to know when I smoke a joint or have an affair,” he acknowledges. In a company address he stated, “We have to find places that we protect away from government so that we can all be the unique and interesting and, in my case, somewhat deviant people we’d like to be.”

Palantir has explored work in Saudi Arabia despite the staff’s misgivings about human rights abuses in the kingdom. And for all Karp’s emphasis on values, his apology for the WikiLeaks affair also doesn’t seem to have left much of an impression in his memory. In his address to Palantir engineers in July he sounded defiant: “We’ve never had a scandal that was really our fault.”

AT 4:07 P.M. ON NOV. 14, 2009 Michael Katz-Lacabe was parking his red Toyota Prius in the driveway of his home in the quiet Oakland suburb of San Leandro when a police car drove past. A license plate camera mounted on the squad car silently and routinely snapped a photo of the scene: his off-white, single-floor house, his wilted lawn and rosebushes, and his 5- and 8-year-old daughters jumping out of the car.

Katz-Lacabe, a gray-bearded and shaggy-haired member of the local school board, community activist and blogger, saw the photo only a year later: In 2010 he learned about the San Leandro Police Department’s automatic license plate readers, designed to constantly photograph and track the movements of every car in the city. He filed a public records request for any images that included either of his two cars. The police sent back 112 photos. He found the one of his children most disturbing.

“Who knows how many other people’s kids are captured in these images?” he asks. His concerns go beyond a mere sense of parental protection. “With this technology you can wind back the clock and see where everyone is, if they were parked at the house of someone other than their wife, a medical marijuana clinic, a Planned Parenthood center, a protest.”

... it’s clear that #Alex_Karp does indeed value privacy–his own.

His office, decorated with cardboard effigies of himself built by Palantir staff and a Lego fortress on a coffee table, overlooks Palo Alto’s Alma Street through two-way mirrors. Each pane is fitted with a wired device resembling a white hockey puck. The gadgets, known as acoustic transducers, imperceptibly vibrate the glass with white noise to prevent eavesdropping techniques, such as bouncing lasers off windows to listen to conversations inside.

He’s reminiscing about a more carefree time in his life–years before Palantir–and has put down his Rubik’s cube to better gesticulate. “I had $40,000 in the bank, and no one knew who I was. I loved it. I loved it. I just loved it. I just loved it!” he says, his voice rising and his hands waving above his head. “I would walk around, go into skanky places in Berlin all night. I’d talk to whoever would talk to me, occasionally go home with people, as often as I could. I went to places where people were doing things, smoking things. I just loved it.”

“One of the things I find really hard and view as a massive drag … is that I’m losing my ability to be completely anonymous.”

It’s not easy for a man in Karp’s position to be a deviant in the modern world. And with tools like Palantir in the hands of the government, deviance may not be easy for the rest of us, either. With or without safeguards, the “complete anonymity” Karp savors may be a 20th-century luxury.

Karp lowers his arms, and the enthusiasm drains from his voice: “I have to get over this.”

#surveillance, la préservation de la #vie_privée consideree comme un #luxe

DARPA-Funded Radio HackRF Aims To Be A $300 Wireless Swiss Army Knife For Hackers - Forbes
►http://www.forbes.com/sites/andygreenberg/2012/10/19/darpa-funded-radio-hackrf-aims-to-be-a-300-wireless-swiss-army-knife-for-hac

Like any software-defined #radio, the HackRF can shift between different frequencies as easily as a computer switches between applications–It can both read and transmit signals from 100 megaherz to 6 gigaherz, including frequencies as low as the range used by FM radio up to the gigaherz frequencies used by Wifi or experimental wireless protocols for cars communicating in traffic.

#financement #darpa #hacker

Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)
►http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-

“We wouldn’t share this with Google for even $1 million,” says Bekrar. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.”

Notable dans l’intervention d’Evgueny Morozov : pas de citation de Wikileaks en dépit des Spy Files (historique : ►http://spyfiles.org).
En terme hacktiviste,
– se réfère au travail de Telecomix (Projet Blue Cabinet : ►http://werebuild.eu/wiki/Blue_cabinet) - Telecomix est l’initiative des révélations sur les ventes de Blue Coat à la Syrie voir par ex. l’article dans Forbes : ►http://www.forbes.com/sites/andygreenberg/2011/12/26/meet-telecomix-the-hackers-bent-on-exposing-those-who-censor-and-surveil-the et tweet Telecomix du 31/10 )
– se réfère également à la demande FOIA (Freedom of Information Act) produite par l’Electronic Frontier Foundation (voir ►https://www.eff.org/issues/foia et ►https://www.eff.org/foia/foia-records-problems-electronic-surveillance)

En terme presse a cité Bloomberg, The Washington Post (Bloomberg a récemment révélé la vente de matériel à l’Iran par la firme Allot - ►http://www.bloomberg.com/news/2011-12-24/iran-sales-sink-allot-as-lawmaker-seeks-probe-israel-overnight.html)

Enfin, au titre d’un des exemples cités pour illustrer les pratiques des firmes incriminées, cite la position de Polaris Wireless (qui vend des outils de surveillance par géolocalisation) - cf par exemple un communiqué ici : ►http://www.generation-nt.com/polaris-wireless-declare-expansion-dans-region-emea-suite-newswire-14

Bref une intervention qui positionne bien une part des thématiques abordées au Chaos Congress chaque année, très musclée et froide. A suscité néanmoins moins de retour dans la salle que Rop Gonggrijp il y a un an - peut-être une illustration du passage du thème de l’an dernier « We come in Peace », à cette année... « Behing The Enemy Lines ».