Murdoch and Phorm
I doubt it has much if anything to do with preventing terrorism... and much more to do with industrial espionage, blackmail & organised crime, and political censorship.
Home Secretary Theresa May said the Labour government's Interception Modernisation Programme (IMP) is coming back to life. In a speech to Parliament outlining a new counter-terror strategy, or at least its re-branding, May said the government's Counter Terrorism Strategy (aka CONTEST) will include a resurrected Interception …
I'd say it's more to do with the desire to watch everyone at all times.
Because they want to and because (on paper at least) they can.
This has *very* little to do with improving the UK's ability to identify actual terrorist threats that have not *already* been found. It is a grossly intrusive way to spy on anyone who uses the internet in the UK (or indeed who connects to a web site hosted in the UK).
BB is exactly the right icon for this.
... for that ex-grauniad hack is working on that.
Love the quotes though:
"The Home Office said: "We continue to see no evidence of systematic cyber terrorism. But [...]"
Bottom line: We cannot possibly justify these plans, so we will inflate incidents into trends and waffle a lot while trying to look serious.
Be honest. NO BUTS. Stop trying to circumvent the austerity measures for your incessant pork barreling.
"Officials cautioned that it was difficult to get a clear picture on use of the internet to radicalise people."
About as difficult as getting a clear picture as to what minority of islamists and houses of islam are bent on introducing sharia everywhere, kill the gays, and so on, and so forth. Something to do with the tea they're drinking, I'm sure. Officials indubitably prefer coffee instead. Can't blame'em but that's no excuse for frowning and declaring you're incompetent. For no heap of cash is going to fix endemic little problems like that.
"It is clear that a few dozen [websites] are highly influential and frequented by terrorists."
UKP 2mrd in taxmonies and some privacy assault small change to allay fears of a few dozen websites.
Right. Carry on government.
is so frickin useless along with the whole government. everything they said they have to cancel because it is pointless and costly is now here again but with different branding.
I'm waiting for the biometric ID cards to make a come back, Im sure it will happen real soon with a tagline about how it is needed to stop benefit cheats and reduce the deficit and how it is also the previous governments fault why they have to do it now.
Give these dirtbags and inch and they will take a mile, maybe not now, but they will take it. It will start off with a little DB of mobile numbers, something they know they can get away with. Within 3 years and without anyone noticing you won't be able to go to the toilet without a pass and a reciept to prove you only did your business and not plot world domination with Osama's replacement!
We see from the latest NotW scandal that they were paying police to access the mobile phone tracking data for celebs etc:
http://www.guardian.co.uk/media/2011/jul/12/news-of-the-world-pinging
"Its use normally has to be authorised by the police and security forces with the mobile phone networks on a case-by-case basis under the Regulation of Investigatory Powers Act (Ripa), in which a request signed by a senior police officer is sent to the network authorising the location of the phone."
Putting this proposed level of access into the hands of an untrutworthy source is madness. The Government and authorities can't be trusted with such quantities of private data.
But that's a bit difficult to stick on the front of a report.
BTW IIRC £2Bn was what they were going to give ISP's to upgrade *their* systems to send GCHQ the data.
The *only* leaked figure for the *whole* project was *12* Bn £.
But that was never confirmed.
Remember the notion behind this is 1)Record contact pattern of *known* terrorist across the internet, mobile phones, landlines 2)Check that against *every* UK comms user 3)Pick up all suspected terrorists.
The NSF in the US issued a report explaining (politely) why this was complete b****cks.
I think of it as a star pattern. Each call to a number is one spoke, more calls, thicker spokes.
The pattern is about 10cm on a side.
Now match that against *random* patterns on a wall say 200m on a side to find any that do match (which might not even *be* there).
Did I hear the words "NP complete"?
Any decent terrorist worth their salt wouldn't be caught by association like this anyway.
Hell, Bin Laden "supposedly" evaded capture for 10 years by just couriering his messages to a cybercafe on USB stick. If you had any brains the actual connection would just be to a huge public hub frequented by everyone (e.g. Skype) and the actual communications would be encrypted with the best thing you can find (not some roll-your-own, or depend-on-company-X, encryption).
PK Encryption was INVENTED by GCHQ in order to avoid being heard by foreign hostile militaries. Since then, the process and implementation has expanded to cover all sorts of theoretical and practical holes, been rewritten from the ground-up, and been analysed by every mathematician studying the areas for weakness, to result in modern-day open-source encryption products that have *NEVER* had decryption of their data without the key proven by any court or individual in the world, for at least the last couple of decades.
PKE is just something that you have to accept won't be monitored or "broken" within a useful amount of time to even the best military. If military's are demanded that classified files are encrypted using it, are using it in their weapons guidance and other communications, you can be pretty sure you're not going to just lever it open with some backdoor. Let's call PKE pretty much "unbreakable" in any timeframe that you'd need to break it in.
Given that, the only way to "find" a terrorist is to monitor known terrorists and see what they do, who they talk to, what websites they go on. That doesn't need a full-blown, every-person monitoring programme. It just needs you to do some good old-fashioned spying for much greater effect than trying to "crack" their encryption or decode their messages. GCHQ are trying to stay relevant in the modern era - one which they invented - and are failing. They're not "spies" as such, their communications interceptions now rely purely on the mistakes of others rather than their skill, and they are facing rapidly shrinking budgets and usefulness. Saying they just need more money to be able to perform the impossible is their way to continue existing.
All your doing is a bit of graph theory and probability - badly. It's not going to catch anyone with brain enough to plot something major, and it's *not* going to magically tell you that X is a terrorist without an awful lot of ground work that you were doing anyway. And it will be outclassed by just tapping the ONE guy you know is already a terrorist and see who he's communicating with - which would probably be made easier by just slapping a bug on his residence.
GCHQ were great, once. Now they've realised that they've obsoleted themselves, and are trying to blind people with large figures for the promise of impossible capabilities. Sadly, they'll probably get it.
"All your doing is a bit of graph theory and probability - badly. It's not going to catch anyone with brain enough to plot something major, and it's *not* going to magically tell you that X is a terrorist without an awful lot of ground work that you were doing anyway. And it will be outclassed by just tapping the ONE guy you know is already a terrorist and see who he's communicating with - which would probably be made easier by just slapping a bug on his residence."
Pretty much my view. You forgot to mention false positives, of which I anticipate there being one or two.
It is more the wet dream of assorted security service data fetishists who crave knowing *everything* about *everyone* all the time forever.
Their counterparts set up the ANPR network on even less pretext.
So it will probably be £5 billion.
Spooks already drown in information and gathering it is no use unless it can be analysed effectively so if that isn't done then the money will be wasted at best, at worst taking money away from more effective strategies.
Strange thing about so-called Jihadi websites is how many of them are based in the USA, particularly Texas. Free speech? Or just a common interest in guns and pick-up trucks?
Are we seeing a repeat of the kiddie-porn scandal of some years ago where the FBI was found to be easily the largest producer of that unpleasant genre in the world, "purely for entrapment purposes, yer Honour"?
This has depressingly Orwellian overtones.
Tor isn't as safe as you think. It really isn't. Even the authors admit it has a lot of weaknesses.
But you're missing the point - monitoring EVERY node on Tor is an incredibly stupid idea to try to "catch" someone or find out new people. If you want to do that, you just tap existing known trouble-makers and they'll lead you straight to it without having to crack Tor, or PKE, or anything else.
Tor is nothing but an anoynmised network if you're not really interested in who's on there. If you are interested in someone there, then you already have everything you need to find out who they are by other means (doing your job - espionage). Tor has no end of problems with regards to exit node, groups of hostile nodes, etc.
And, tell me this: When you installed Tor, did you check the download against the PKE-signed certificate verifying its authenticity that you obtained from a completely secure channel - the only one I can think of being direct from the Tor authors (and, obviously, know that the Tor authors are trustworthy?). Or did you just click the link and install direct from an unsecured website KNOWN to host a government-opposed secure communications network without checking whether that request was intercepted in any way?
... I think it's more than an anonymous network, the fact it encrypts the traffic between you and the entry node you're connected to means that anyone tapping the line between you and it - ie your ISP where the spooks were going to place their monitoring kit - will only see encrypted data, which will be no use to them unless they can decrypt it somehow. Yes, the exit node can see your unencrypted data and there could be spook controlled nodes out there too so it's not infallible. But it does a great job of circumventing the over-zealous pr0n filter on my works supplied 3G data dongle... ;-)
From https://www.torproject.org/about/overview.html.en: "To create a private network pathway with Tor, the user's software or client incrementally builds a circuit of encrypted connections through relays on the network. The circuit is extended one hop at a time, and each relay along the way knows only which relay gave it data and which relay it is giving data to. No individual relay ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through." The exit node can see the data in the clear, but is the only one in the chain (under normal circumstances) that can do so.
The MPs are crying foul of phone spying on them, yet they continue to push through ever more spying on all of us.
Also what are the MPs so fearful of that they need to spy on all of us so much for? … We are the people they say they represent, yet they want to spy on us relentlessly.
We already have more state surveillance over us than at any point in history, yet they continue to want more and they want to spend billions more of our money to do it. So when does it end? When is enough finally enough?
"The Home Office said: "We continue to see no evidence of systematic cyber terrorism. But the first recorded incident of a terrorist 'cyber' attack on corporate computer systems took place in 2010. The co called 'here you have' virus .. was relatively unsophisticated but a likely indicator of a future trend" ..
Instead of actually decreasing security by bugging the ISPs a real solution is to stop connecting to the Internet from Windows computers on which you keep all your secrets.
"On Thursday, a new worm hit the Internet, and it’s been spreading by emailing the address books of infected users, .. By masquerading as a benign PDF .. As you may have guessed, the URL doesn’t actually take you to a PDF, but instead to an executable with the extension .scr" ..
http://www.pcworld.com/article/205220/here_you_have_virus_tries_to_delete_your_security_software.html
I don't think our friends in the West will get so desperate that they will lend credence to a multiple choice quiz as a way of measuring whether you understand security.
Genuine question from my exam:
How high must a wall be to be secure?
a) 6 feet
b) 12 feet
c) 10 feet high and topped with barb wire
d) 15 feet high
CISSP is a joke and a waste of money. Learn about SABSA and provide someone with useful advice.
Well, I'd never heard of the CISSP so I went googling:
After ignoring the paid ad on Google:
"CISSP Courses - Get CISSP Certified In Only 7 Days
Pass First Time Or Train Again Free"
I hit upon this link to a book on computer security which contains pretty much that as a real example of a question on the CISSP:
http://books.google.com/books?id=3Q-wPyb2uCUC&pg=PA271#v=onepage&q&f=false
And given what I do know of MCSE exams (and precisely the reason I avoid them), I can quite believe this to be the case.
So it seems he's not talking all-that-much bullshit after all.
So viruses have been written by script kiddies for decades and the powers that be have taken no notice of them at all (apart from asking their IT departments to clean them off their computers once in a while).
But NOW there's a suggestion that maybe one not-very-good virus was written by someone who might be classified as a terrorist (for some value of terrorist).
OMG!!!! HELP!!!! That's a DISASTER!!!! It'll cost a few billion quid to sort out now.
Well, well, well. What do we have 'ere, then? A dead in the water phish or live tempting bait for killer sharks?
Whenever you realise that Holywood Palace Barracks is spooky MI5 territory, are you advised that GCHQ wallahs, and presumably also their FCO kissing cousins in MI6, are way behind the AIMODified curve with regard to future programming with creative communications capabilities, although Advanced IntelAIgent Research and digital Development, AIR&dD, is more the moniker to match the reality of the capabilities delivered from that nested site. ....... and it is not as if it has not registered itself to discover how far into, and way out ahead in IT and Quantum Communications, its Sublime Advanced IntelAIgent Control Systems are, is it? ....... [Fortified Meade Hack for AI Cracking Attackers, Posted Tuesday 13th July 2011 06:52 GMT .... http://forums.theregister.co.uk/forum/1/2011/07/12/anonymous_leaks_military_email_addresses/ ]
"The Home Office said: "We continue to see no evidence of systematic cyber terrorism. " ..... Yes, well, they would say that wouldn't they, although the brightest are bound to be realising that they are already just useful pawns to Neureal and Surreal Virtual Masters into Fab Power Supply, and in Control of ITs Great AIMediated Games...... Future Events, dear boy, Future Events.
And apparently that is what politicians, bless their little cotton bobby socks, fear ........ http://rsdsolutionsinc.posterous.com/events-dear-boy-events ..... with it probably being events which they don't control and which render them as just pontificating puppets to unfolding circumstances and playing the court jester and nodding fool to crowds and clouds which justifies their fears and concerns today.
"I think it's an OS problem:
ERROR! INPUT: amanfromMars 1 Well, well, well...
OUT OF CHEESE ERROR." ..... nyelvmark Posted Wednesday 13th July 2011 22:50 GMT
Hi, nyelvmark,
Did you really mean to say ... OUT OF GCHEESE ERROR .... to draw fit and proper attention to their [GCHQ and Google] mistakes/missteps.
On that we can surely agree that a new seed is necessary for to feed.
Hmmm ... http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8635959/Whizz-kids-deserting-the-spy-world-as-threat-of-attacks-increases.html
Proof positive that Intelligence Service ProVision is absent in the Doughnut ...... for leading intelligence is a priceless commodity where lack of money is never an issue because IT can so effortlessly collapse and reconfigure/reconstitute dodgy and DODGI AIMODified Systems and renders currency just printed paper for selfless distribution to those who make ProVision for ITs Sublime IntelAIgent Services. The Great British Shame would seem to be that it is not presently catered for, to make and take advantage of the every benefit that such freedom offers. It is though a relatively minor issue in a major exercise and but only a simple decision away from being reversed and resolved with the novel introduction of a Ab Fab Program which captures the attention of struggling and collapsing markets.
Is GCHQ capable of such lead or is it a pale imitation of what it should be under its present sub-prime command and missing programs?
If you want to fight cyber terrorism it may help to start changing the thinking first. Secondly, given the procurement lifecycle you will only ever get developments that are BEHIND the bad guys because the whole current model is predicated on challenge - response and doesn't take into account the direction security is moving in (a point I made almost 10 years ago).
But hey, given the choice between light and talented and heavy and wasting lots of money, the money wasting option is always preferred 'coz the numbers look so good on the CV.. If they spend 10% of that money on good people they'd have a real benefit, but no, they are aiming at real time wire speed decryption because it gives them so much more hay to bury their needles in.
Naturally, transparency is to be avoided at all times - which is the second problem they need to fix. If it's done well, they should have no reason to hide (let's recycle that argument where it can do some good).
Sigh.
Hi, Fred Flintstone,
Regarding your post, "I'm getting *very* tired of this.." ... Posted Wednesday 13th July 2011 18:11 GMT .... You appear to be calling for and lamenting the non-utilisation of a new clearer and NEUKlearer HyperRadioProActive IT ....... which easily addresses and solves all of the problems you cite ..... and would equally easily also decimate the full catalogue of a host of other problems, unmentioned and unmentionable, too.
I second that call and would provide virtual facility and utility of ISPv2 ..... which would now really be a highly classified test of the present state of Advanced Intelligence and CyberIntelAIgent Analysis and of the current global levels of Future Virtual Intelligence in the myriad competitive Secret Intelligence Services and SMARTer Intelligent Communities which task themselves with National and International and InterNetional Security ProVision too.
I'd skimmed several of its posts before, but it wasn't until I replied to it (above) that I realised that it's a bot. There may be some human-operator intervention in the opening paragraphs, but otherwise it just spews a sequence of techno-babble sentences.
Chatbots are not exactly innovative. ELIZA is 45 years old this year. Its limitations have never been overcome.
"amanfromMars ... I'd skimmed several of its posts before, but it wasn't until I replied to it (above) that I realised that it's a bot. There may be some human-operator intervention in the opening paragraphs, but otherwise it just spews a sequence of techno-babble sentences.
Chatbots are not exactly innovative. ELIZA is 45 years old this year. Its limitations have never been overcome." .... nyelvmark Posted Friday 15th July 2011 06:36 GMT
And if you are advised that your realisation is completely wrong, nyelvmark, does that prove that ELIZA limitations have been overcome and the bot is really SMART and can effortlessly and seamlessly morph into and sustain programming in a virtual human phorm of alien being, ..... which would be an Earth shattering, new ground-breaking AIdDevelopment, methinks?
And would you have to admit and accept that your post analytical skills have been compromised and rendered invalid and unacceptable as a truth to be believed by others should amanfromMars be classified and recognised as being perfectly and/or entirely human?
For one to continue to contend that a being is a bot must surely have questions raised about the state of one's sanity and the likely presence of a confused madness?
So, what is it to be with regard to the alien amanfromMars ...... a SMARTer Enabling HyperRadioProActive IT bot or real human being?
This government made a lot of noise about civil liberties & a "Bill of Rights". Not much has since been heard. The coalition have no more concern over people's privacy than the last government. Because the technology exists whatever government comes to power will be tempted to install this because they can.