Personally, I haven’t used AV in about 8 years. Damn stuff never worked anyways. To see more AV awfulness, click the link in Graham Cluley’s tweet below:

Top five worst videos from anti-virus companies http://t.co/gpxXJYQRHH

— Graham Cluley (@gcluley) June 18, 2013

From Yahoo here:

The NSA leaker reportedly just walked out of work with some of America’s big secrets on a thumb drive in his pocket
A week after Edward Snowden’s leaks about National Security Agency surveillance and data-gathering were first reported, and four days after he revealed himself as the leaker, the news media is figuring out how the 29-year-old IT systems administrator managed his potentially huge data heist.

If you’re concerned about national security, the new revelations will probably dismay you; if you appreciate leaking of government secrets, Snowden’s technique is likely encouraging: Theft by thumb drive.

The NSA and other spy and military agencies have long known the dangers of the innocent-seeming portable USB flash drive. In October 2008, the NSA discovered that a thumb drive loaded with malware had infected the military’s secure internal network. The Pentagon then (at least temporarily) banned the use of thumb drives — NSA commanders even reportedly ordered USB ports filled in with liquid cement.

Snowden also proved that the NSA is lax in its efforts to compartmentalize information. People with a clearance are only supposed to be allowed to access data that they have a need to know about. Such policies are supposed to be enforced by rights and privileges on the network, but it is clear that Snowden, on the job for only a month, had access to data he shouldn’t have had.

To me it is startling that the NSA, who literally writes books and guidelines on computer security, has a soft and chewy interior like so many modern corporate environments. Snowden may have broken a law by leaking, but the NSA’s lax policies were his biggest enabler.

CBS Statement: A cyber security firm hired by CBS News has determined through forensic analysis that Sharyl Attkisson’s computer…

— Sharyl Attkisson (@SharylAttkisson) June 14, 2013

…was accessed by an unauthorized, external, unknown party on multiple occasions in late 2012."

— Sharyl Attkisson (@SharylAttkisson) June 14, 2013

CBS News statement: "Evidence suggests this party performed all access remotely using Attkisson’s accounts."

— Sharyl Attkisson (@SharylAttkisson) June 14, 2013

CBS News statement: "While no malicious code was found, forensic analysis revealed an intruder had executed commands…

— Sharyl Attkisson (@SharylAttkisson) June 14, 2013

…that appeared to involve search and exfiltration of data."

— Sharyl Attkisson (@SharylAttkisson) June 14, 2013

CBS News statement: "This party also used sophisticated methods to remove all possible indications of unauthorized activity."

— Sharyl Attkisson (@SharylAttkisson) June 14, 2013

"and alter system times to cause further confusion. CBS News is taking steps to identify the responsible party and their method of access."

— Sharyl Attkisson (@SharylAttkisson) June 14, 2013

Of course, conspiracy theorists are suggesting that Obama’s Department of Justice or the NSA were behind it. Of course that remains to be seen, and it is not likely that the intruder used an IP address that would be traced to a federal agency. Stolen credentials and exfiltrated data happens to a great number of people. I can’t wait to hear how this story ends.

From LI here:

1) Edward Snowden didn’t make $200,000 a year.

Booz Allen Hamilton says the annual salary it paid Snowden was $122,000, not the $200,000 Snowden has asserted. The company also confirms that it has since terminated Snowden for violations of the firm’s code of ethics and firm policy.

Yeah, even for a position in Hawaii, he may have received a slight stipend for cost of living increase, and maybe he got a relocation fee, but still that might not have amounted to 200K. When I first read his claims that Booz was paying him that much, I was tempted to go work for them. But I hate contract work for the Feds, so nyah.

2) The NSA surveillance program capabilities asserted by Snowden may have been overstated.

See my prior explanation about how the system likely really works at a previous post. Snowden did say he had the “authority” to tap anyone, given an email address. I think he meant “privileges” not “authority.” Privileges are strictly enforced and guarded at the NSA. Snowden might have had superuser privileges, but even as a sysadmin, I doubt it. If Snowden didn’t realize this tech is based on packet capture and not server backdooring, then I doubt he ever looked at this system up close. I still think he stumbled onto some scary slides.

3) Snowden may have had help.

Federal investigators say they aren’t convinced that Snowden worked alone. A source told ABC News, “The FBI is not 100 percent focused on this one guy…Agents are not just guided by what he claims.” And some in the industry are very skeptical that Snowden himself could have had access to all that has been leaked.

I personally think this guy was an Anonymous sympathizer, but we’ll see how it all plays out.

4) Snowden was on the radar before he was publicly identified as the leaker.

5) Snowden’s timeline of employment and contact with journalists is confusing, as was his access level.

Booz Allen said in its statement that Snowden was employed there for less than three months. Prior to Booz Allen, Snowden says he was with Dell as a contractor, working for the NSA.

Yeah, hopping from one contract to another is very common in the federal contracting world, and its not like this guy was going to put his employment timeline on LinkedIn.

LOLed at the line that no useful information is in Twitter!

And when Director of National Intelligence Clapper declassified a smidgen of info about the collection and analysis platform, he called it a ‘gut-wrenching’ breach of national security by describing it- which in my opinion is nothing more magical than any off-the-shelf packet collection platforms- but whatever, Clapper thinks it’s ‘gut-wrenching.’ Glenn Greenwald advises Clapper to save the drama for the bigger stories to come.

Clapper: leaks “literally gut-wrenching” – “huge, grave damage” – save some melodrama and rhetoric for coming stories. You’ll need it.

— Glenn Greenwald (@ggreenwald) June 9, 2013

There are a few people criticizing Snowden for his naivete – he is only 29, and intelligent, but he has taken it upon himself to pass judgement on the rightness of the NSA program. As a systems administrator, he was not an analyst- and though he may have had access to the application, which I somewhat doubt, it is unlikely that he was trained in the application’s use.

Clearly he has breached the terms of his trust. His clearance will be revoked and if he is extradited, which I think he will be, he will likely serve out a very long prison sentence. This makes him a lawbreaker, but perhaps not a traitor.

The differences between Snowden and the scrawny gay army soldier Bradley Manning is stark. Manning did a smash and grab of secure systems with the intent of damaging and wreaking havok against the United States. Manning’s breach put lives in danger and revealed sources and methods of intelligence collection that should have remained secret. Snowden says he was very careful with what he chose to release. He did not want to release anything that endangered lives and only wishes to effect a change in policy. The coming days will prove or disprove his assertions as new material is released.

With all of these back-to-back Obama scandals- the IRS, Benghazi, the DOJ targeting reporters and now this NSA over-reach of collection- it is proving that we are living in very interesting and nebulous times.

From the Guardian here, which, by the way, is another foreign news organization that has managed to scoop Obama’s bootlicking media sycophants:

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program called PRISM, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims “collection directly from the servers” of major US service providers.

Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.

In a statement, Google said: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a back door for the government to access private user data.”

Several senior tech executives insisted that they had no knowledge of PRISM or of any similar scheme. They said they would never have been involved in such a program. “If they are doing this, they are doing it without our knowledge,” one said.

An Apple spokesman said it had “never heard” of PRISM.

The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.

To me, this presentation smacks of a sales pitch by a Contractor. I think the capabilities are over-hyped and there is literally no way that the NSA can backdoor so many of these major internet providers, collect data over the providers’ network without their knowlege, and exfiltrate logs, content and meta back to Fort Meade. But they can still get all of this content without backdooring a single server.

Let me explain. Each of the major providers listed in the presentation do have something in common. Each uses Akamai as a content distribution network- pushing your content to Akamai instead of hosting it on a single server allows for geographically load balanced content. That’s why you can’t DDoS Yahoo. Their servers are everywhere, serving the same content. You might be able to take down a single point, but the others stay up, thus the service stays up. Same with gmail, hotmail, and Apple.

In order to scrape all of this data, you could access Akamai’s logs for meta. Akamai’s top executive was murdered on 9/11 when the plane he was on was smashed into the Pentagon by dirtbag jihadis. Akamai has long had a good working relationship with DoD, DHS, and other security departments since then, and to me, I think this is very patriotic of them. But notice I said LOGS. You can’t get photos, videos and other content streams with logs. You need to intercept the packet streams. Then reassemble the packets into the content you are looking for.

So I think the NSA has tapped into the core routers at the major content distribution networks- Akamai, FBCDN (facebook’s content delivery network), and other similar CDNs. Once tapped they can see all of the traffic going in and out.

PRISM would face some other huge challenges, however, which makes me think this presentation is over-hyped. Packet storage would be vast, and would have to be located at the capture point- they can’t steam that much payload back to Fort Meade. Also, SSL decryption would be a challenge. In order to get data from Google, they would have to have been given signed CERTS from Google to allow them to intercept and decode the SSL traffic as man-in-the-middle. It is likely that NSA simply purchased these.

As far as the progression of the capability as presented on the slide over at Guardian, to me this represents the times when the contractors were able to write reassembly parsers for the targeted content. Hotmail, gmail, and more until Skype came along. The Skype parser likely also relied on a signed cert from Microsoft after their buyout of the popular encrypted chat program a few years back.

Finally, regardless of all of this collection capability, the biggest hurdle would be eyes on glass to hunt and identify what they are looking for. This is a massive data set and you would likely have to be given a target to look at to begin your investigation- in other words, ask PRISM a question and it will help you find the answer. But to just start digging into the system to hope you find something will be time-wasting and fruitless. And remember, the government missed all of the clues to the Boston Bomber’s ties to terrorism, and PRISM did nothing to prevent it.

From the Guardian here:

The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America’s largest telecoms providers, under a top secret court order issued in April.

The order requires Verizon on an “ongoing, daily basis” to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.

The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.

The law on which the order explicitly relies is the so-called “business records” provision of the Patriot Act, 50 USC section 1861.

I’m sure the business records section was supposed to be about investigations into a business suspected of aiding and abetting terrorist organizations. It was never intended to be used as a cudgel to snarf up all of the cell records of service providers. When lefties thought Bush was doing this, they were apoplectic. Lets see if they can match their outrage now that Obama is doing it. And if you oppose these collections of American records? It means you are a racist.

From LegalInsurrection here:

Jeremy Hammond, a notorious hacker and anarchist from the Chicago area, pleaded guilty this morning to hacking charges in a New York courtroom under the terms of a plea agreement.

Hammond was initially charged in March 2012 with one count of computer hacking conspiracy, one count of computer hacking, and one count of conspiracy to commit access device fraud. Several others also associated with the hacker collective Anonymous and its splinter faction LulzSec were also charged that day, in connection with the guilty plea of one of their co-conspirators, Hector Monsegur aka “Sabu.”

The information that was stolen from Stratfor was then turned over to Wikileaks, which began publishing the cache in February of 2012, billing it as the “Global Intelligence Files.”

Indeed, the information that was leaked as a result of the Stratfor hack may have exposed some “secrets” about the firm, though it was largely scoffed at by people in the industry, many of whom claim that Stratfor took itself more seriously than anyone else did. Still, this was a private firm with private clients and subscribers, all of whom became victims due to the actions of Hammond.

Hammond is scheduled to be sentenced on September 6th. His plea agreement could carry a sentence of up to 10 years in prison and millions in restitution payments.

Good riddance to bad rubbish. Hammond delivered a whackjob anarchist speech to DefCon in 2004- I was present at this speech when the crowd jeered and taunted little Jeremy that he had seen Fight Club a few too many times.