Bei der Regionalwahl in Katalonien haben die nach Unabhängigkeit von Spanien strebenden Parteien insgesamt die absolute Mehrheit im Parlament gewonnen
Von REDAKTION, 28. September 2015 -
Das Bündnis Junts pel Sí (Gemeinsam fürs Ja) des katalanischen Ministerpräsidenten Artur Mas, dem die katalonische Regierungspartei CDC (Demokratische Konvergenz) und die ECR (Republikanische Linke Kataloniens) angehören, gewann danach am Sonntag 62 der insgesamt 135 Sitze. Die ebenfalls separatistische Linkspartei CUP (Kandidatur der Volkseinheit) kam auf 10 Mandate.
Die liberale, prospanische Partei Ciutadans (Bürger) wurde mit 25 Sitzen die zweitstärkste Kraft im katalanischen Parlament. Im Vergleich zur letzten Regionalwahl 2012 konnte sie vierzehn Sitze hinzugewinnen.
But that’s just not true.
In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it’s called hacking.
Hacking — just like kicking down a door and looking through someone’s stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant.
And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects’ devices. Doing so gives them the same access the suspects have to communications — before they’ve been encrypted, or after they’ve been unencrypted.
Government officials don’t like talking about it — quite possibly because hacking takes considerably more effort than simply asking a telecom provider for records. Robert Litt, general counsel to the Director of National Intelligence, recently referred to potential government hacking as a process of “slow uncertain one-offs.”
But they don’t deny it, either. Hacking is “an avenue to consider and discuss,” Amy Hess, the assistant executive director of the FBI’s Science and Technology branch, said at an encryption debate earlier this month.
The FBI “routinely identifies, evaluates, and tests potential exploits in the interest of cyber security,” bureau spokesperson Christopher Allen wrote in an email.
Hacking In Action
There are still only a few publicly known cases of government hacking, but they include examples of phishing, “watering hole” websites, and physical tampering.
Phishing involves an attacker masquerading as a trustworthy website or service and luring a victim with an email message asking the person to click on a link or update sensitive information.
When a high school student made repeated bomb threats in Lacey, Washington, in 2007 — disguising his identity by routing his web traffic through Italy — FBI agents launched a phishing attack using the bureau’s in-house malware by sending a link to a fake news article to his MySpace inbox. When he clicked, he unknowingly installed the malware, which revealed his identity.
This was controversial and received widespread media attention because of the FBI’s choice of a faked news article as their vector of attack. But it also told us two things about FBI hacking: that the FBI has been using that particular kind of malware attack since at least 2007, and that it took the public until 2014 to find out.
A watering hole attack infects a website with malware, so that anyone who visits it is also infected, potentially allowing the attackers to identify and control the visitor’s devices.
In 2013, as part of a child-porn investigation, the FBI seized a large number of web servers and installed malware that reveals personally identifying information of online visitors to several different popular websites, including an email provider. The sites were “Tor hidden service sites,” or sites that reroute web traffic around the globe to cloak their destination. The FBI snuck in a piece of code on every single website hosted by the Freedom Hosting service, directing information about hacked visitors back to a server in northern Virginia.
This watering hole attack landed a large number of people in the FBI’s trap, most of them innocent people who hadn’t committed any crimes. And the FBI never told them about it, because it never subpoenaed their identities — even though their computers had been compromised.
The earliest reported case of the FBI using physical tampering dates back all the way to 2001, when agents broke in and installed a system to record keystrokes on Nicodemo Scarfo Jr.’s computer as part of their investigation of the American Mafia.
Confidential informants tipped the FBI off to Scarfo, the son of notorious Philly mob boss “Little Nicky,” and his alleged gambling and extortion operations in New Jersey in 1999. The FBI obtained a search warrant to enter his office and look through his computer. When they found an encrypted folder on his desktop, they installed a keystroke logger in order to get his passkey — which turned out to be Little Nicky’s prison identification number.
As Wired first reported in 2007, the FBI has its own brand of malware called the Computer and IP Address Verifier (CIPAV), which can capture information about a machine including browser activity, IP address, operating system details, and other activity. The FBI, for instance, used CIPAV to discover the identity of the teen in Washington making bomb threats.
The Electronic Frontier Foundation obtained documents from the FBI in 2011 revealing more about CIPAV, or the “web bug,” as some agents describe it in internal emails. According to the documents, the FBI and other agencies have widely used the tool since 2001 in cities including Denver, El Paso, Honolulu, Philadelphia, Houston, Cincinnati, and Miami.
In fact, EFF noted at the time: “If the FBI already has endpoint surveillance-based tools for internet wiretapping, it casts serious doubt on law enforcement’s claims of ‘going dark.'”
The FBI also uses non-proprietary hacker tools.
Wired reported in 2014 that the FBI has turned to a popular hacker app called Metasploit, which publishes security flaws. In 2012, the FBI’s “Operation Torpedo” used the app to monitor users of the Tor network. Metasploit is a sort of one-stop shop for putting together hacking code, complete with fresh exploits and payloads. Metasploit revealed that the Flash plug-in connected to the Internet directly instead of opening the secretive Tor browser, and developed code that revealed a user’s real IP address. The FBI used a watering hole attack through child porn websites to install the code on users’ computers.
Federal and local agencies have also consulted with outside contractors, including the controversial Italian firm Hacking Team, to develop and deploy malicious code. The FBI asked Hacking Team in 2012 to help it monitor Tor users. Hacking Team then updated its “Remote Control System” malware to do that.
And as the Washington Post recently reported, an Obama administration working group exploring possible approaches tech companies might use to let law enforcement unlock encrypted communications came up with one that involves the targeted installation of malware — through automatic updates.
“Virtually all consumer devices include the capability to remotely download and install updates to their operating system and applications,” the task force wrote. Law enforcement would use “lawful process” to force tech companies to “use their remote update capability to insert law enforcement software into a targeted device.” That malware would then “enable far-reaching access to and control of the targeted device.”
The Post did not report who came up with that idea, or whether it was already in use.
And little is known about how much access the agency has to the extensive hacking capabilities developed by other government agencies, especially the National Security Agency.
The NSA has a separate program, revealed by documents provided by whistleblower Edward Snowden, that aims to hack into computers on a massive scale—automating processes to help decide which attack method to use to get into millions of computers.
The NSA has safeguards on its programs ostensibly designed to protect against hacking into Americans’ computers, but it’s unclear how those protocols work in practice.
And the national security complex has invested in malware, or “offensive” cybersecurity, on a massive scale according to a 2013 Reuters report, in order to infiltrate computer systems overseas. Most famously, the government developed the Stuxnet virus, which was deployed to disrupt Iran’s nuclear systems.
The Time a Judge Said No
All the known cases of the FBI implementing hacking techniques so far have dealt with obtaining information about the location of a device, what programs are running, and its owner—metadata, rather than actual content of messages.
Only once, at least in the public view, has the FBI plainly asked a judge to let it hack everything: photos, messages, e-mails, and more. And they were told no.
In that case, a hacker infiltrated a Texas resident’s e-mail and got his bank information. The hacker used anonymizing software that made it look like he was in Southeast Asia. The FBI applied for a warrant to search the computer in a number of extremely intrusive ways, including continuous monitoring for 30 days, surreptitiously taking pictures through the computer’s webcam, obtaining photographs and logs of Internet use, and more. The judge denied the FBI’s request because the agency didn’t know where the computer was, a violation of Rule 41 of the Federal Rules of Criminal Procedure, and because the request was not specific enough to satisfy the Fourth Amendment.
It’s unclear whether or not the FBI has ever succeeded in securing a warrant to hack in such an intrusive way. But it does demonstrate that the FBI has the ability, or at least the confidence, to try.
In other warrant requests to use what they call “Network Investigative Techniques”, the FBI has listed things they want to access, including the computer’s IP address or the computer’s time zone information, and finished off the list by asking for “other similar identifying information on the activating computer that may assist in identifying the computer, its location, other information about the computer, and the user of the computer may be accessed by the NIT.”
The FBI does not go into details about what this other information might be.
Better Than a Back Door
Although it would seem self-evident that law enforcement shouldn’t hack into someone’s computer without a warrant, the FBI has internally debated whether that’s true, according to Jonathan Mayer, a PhD candidate in computer science at Stanford University and author of a recent academic paper titled Constitutional Malware.
Mayer analyzed the few public examples of law enforcement hacking he was able to find, most of them from the FBI and DEA: five public court orders and four judicial opinions.
He also looked through declassified FBI documents and found that officials there have “theorized that the Fourth Amendment does not apply” when investigators “algorithmically constrain the information that they retrieve from a hacked device, ensuring they receive only data that is—in isolation—constitutionally unprotected,” such as a name. Sometimes the FBI deploys malware on a device in order to find out who it belongs to.
Mayer said that in internal e-mails, federal investigators argued that targeted hacking might not constitute a search, and hinted at past times when officials may have hacked without getting a warrant first.
“I believe that hacking can be a legitimate and effective law enforcement technique,” Mayer concluded in his paper. “But appropriate procedural protections are vital, and present practices leave much room for improvement.”
“The FBI is extremely close-mouthed” about how often they hack, Steven Bellovin, a computer science professor at Columbia, told the Intercept. Bellovin co-wrote a lengthy paper about law enforcement use of malware in investigation
In the paper Bellovin co-authored with fellow scholars Matt Blaze, Sandy Clark, and Susan Landau, the authors write that, compared to say the “installation of global wiretapping capabilities in the infrastructure,” hacking is “significantly more difficult—more labor intensive, more expensive, and more logistically complex”—which makes it harder to conduct “against all members of a large population.” They consider that a good thing.
And they argue that hacking is a much better solution for law enforcement than weakening encryption with back doors. This way, they write, law enforcement is motivated to find holes in security, rather than mandating a new one that weakens an already imperfect security system.
The post The Big Secret That Makes the FBI’s Anti-Encryption Campaign a Big Lie appeared first on The Intercept.
House Speaker John Boehner’s surprise resignation on Friday was reason to celebrate for members of his own caucus who often complained that he let corporate lobbyists exercise undue influence over Congress.
But for lobbyists, Boehner’s announcement was a reason to mourn.
“We are grateful for Speaker Boehner’s leadership in so many areas,” said Chip Bowling, the chief lobbyist for the corn growers industry. “Speaker Boehner’s departure will leave a hole, to be sure,” said John Engler, a lobbyist who represents the chief executive officers of major American corporations.
Other lobbyists used social media to express grief and salute Boehner’s tenure as Speaker of the House:
A statement from former Sen. Norm Coleman, R-Minn., who now lobbies on behalf of the Saudi Arabian government, was Tweeted by the Congressional Leadership Fund, a Super PAC that works to elect House Republicans:
CLF Chairman @normcoleman: "History will conclude that John Boehner’s leadership as Speaker of the House was an unparalleled success."
— CLF (@CLFSuperPAC) September 25, 2015
Kelly Johnston, a lobbyist for the Campbell Soup Company:
Two thoughts about @SpeakerBoehner's announcement. 1) I will miss him, thank him for his leadership under tough circumstances. (1/2)
— Kelly Johnston (@johnston_kelly) September 25, 2015
David Schnittger, a former Boehner aide who now lobbies on behalf of Goldman Sachs, Medtronic, and Royal Dutch Shell, among others:
John Boehner will hand over the gavel of the speakership the way he accepted it: with humility, gratitude, and a love of God and country.
— David Schnittger (@OhSchnitt) September 25, 2015
Gary Shapiro, the president and chief lobbyist for the Consumer Electronics Association:
Boehner resigning. Sad. Decent honorable man in a near impossible job.
— Gary Shapiro (@GaryShapiro) September 25, 2015
Myer Marks, a government affairs consultant:
It has always been pleasure working with Boehner over the years. He will be missed on Capitol Hill. These new… http://t.co/18fzacNbLZ
— Meyer Marks (@Marks4Maryland) September 26, 2015
Lobbyists enjoy access to establishment politicians of both major parties. But Boehner leaves behind a career that is marked by a particularly extreme coziness with K Street.
He was once caught handing out tobacco industry campaign checks on the House floor before a vote on tobacco legislation.
In 2009, Boehner slowed down House proceedings to allegedly attend the “Boehner Beach Party,” an annual event hosted by lobbyists. Before he became Speaker, Boehner served as the House GOP contact for regular meetings with lobbyists and convened a weekly meeting with lobbyists called the “Thursday Group.”
And for a period of time, Boehner rented a Capitol Hill apartment from a lobbyist.
As he raised millions from corporate political action committees, Boehner encouraged lobbyists to have a direct influence over the policy process. Under Speaker Boehner, the reverse revolving door became a blur, with more and more corporate lobbyists hired to manage the day-to-day business of key congressional committees and to serve as senior staff.
Boehner at one point called on bank lobbyists to be more aggressive when dealing with congressional staff, declaring: “Don’t let those little punk staffers take advantage of you.”
Even with a Boehner exit, lobbyists probably will not despair. House Majority Leader Rep. Kevin McCarthy, R-Calif., whose chief of staff is a former lobbyist and who is also known for his ties to the lobbying establishment, is expected to replace Boehner.
Speaking to Roll Call, John Feehery, a former GOP aide who now lobbies, was nonchalant about the shift. Boehner “had a very close relationship with K Street — that’s just kind of how it is,” Feehery said, adding, “McCarthy’s got a lot of good contacts on K Street, too.”
The post Lobbyists Mourn House Speaker John Boehner’s Departure appeared first on The Intercept.
Unedited, full-length videos of Islamic State beheadings are difficult to find online. YouTube has taken most down, for instance. The first notable video was recorded more than a decade ago, in May 2004, by Abu Musab al-Zarqawi, the subject of Joby Warrick’s chilling new book, Black Flags: The Rise of ISIS. The victim was Nick Berg, a twenty-six year old entrepreneur searching out opportunities in post-invasion Iraq. Zarqawi stands behind him, dressed in black with a black mask, reading a manifesto in rapid-fire Arabic. Symbolically clad in an orange jumpsuit, just weeks after the Abu Ghraib scandal broke, Berg kneels awkwardly on the floor. He has a docile, even resigned look on his face, unaware it seems of what will happen in the next five minutes and thirty-seven seconds captured by a grainy, now obsolete handheld camera.
The camera was obsolete but the images prototyped a new breed of warfare. Perhaps that’s why Berg looks so calm in the seconds before Zarqawi descends on his neck with a saw-bladed knife: he likely didn’t understand the significance of the orange jumpsuit, or the black flags hung behind him with the shahadah—There is no god but God. Muhammad is the messenger of God—lashed in Arabic calligraphy. When I first saw this video, I didn’t understand their significance either. I was twenty-four, two years younger than Berg, and a Marine second lieutenant scheduled to deploy the next month to Fallujah, the city where Zarqawi made the recording. Gathering around an office computer in Camp Lejeune with a few other lieutenants, we watched the beheading with a calm resignation. Like Berg, we were unaware of all that was to come, not only on the screen but also in Iraq.
The Islamic State’s antecedents exist in Zarqawi’s story. To understand the Islamic State’s recent blitzkrieg through the Middle East, one must understand the years of toil and near defeat that defined Zarqawi and his organization, Al Qaeda in Iraq. “He had a hero complex and guilt complex,” Warrick writes, recounting a character profile of Zarqawi conducted by Jordanian intelligence. “He wanted to be a hero and saw himself as a hero, even when he was a thug. But it was the guilt that made him so extreme.” That extremism, as manifested by severe acts of violence, proves to be one of Warrick’s central questions and one of the central questions many of us in the west have about the Islamic State: What inspires their ultra-violent, theatrical tactics?
A concept bandied about among Marine Corps leaders at the time I left for Iraq was that of a “Strategic Corporal.” The idea was that in this age of interconnectivity, the tactical actions of the most junior leaders, corporals, could have outsized strategic implications. Marine leaders used the term as a positive, but the Abu Ghraib scandal demonstrated the opposite: how choices made by a few junior soldiers could undermine an entire war effort. Zarqawi intuited the power of imagery. The orange jump suit worn by Nick Berg was not just a reference to the excesses at Abu Ghraib and Guantanamo Bay—it was a sign that Zarqawi understood the visual stage upon which he was stepping. Choreographed and disseminated correctly, a single execution could have a far greater impact than anyone had expected.
Zarqawi’s rise did not occur in a vacuum. Disastrous U.S. and Jordanian policies—grouping Islamic radicals together in prisons, dismantling the Iraqi Army, disenfranchising Sunni tribal leaders—enabled his ascent. After the U.S.-led invasion of Afghanistan, Zarqawi fled to northern Iraq, where Saddam Hussein’s secular, Ba’athist regime, though holding limited control of the region, still took active measures to root out Islamist radicals which it saw as a threat. Yet Colin Powell, in his U.N. speech justifying the invasion of Iraq, made Zarqawi’s presence in the north central to his arguments, alleging that his presence proved the Iraqi regime had granted al-Qaeda a sanctuary. Of this tenuous logic, Warrick writes, “It was like claiming that America’s twenty-second president, Grover Cleveland, had ‘harbored’ Geronimo, the famed Apache chieftain of the frontier West who attacked settlers and Blue Coats from his base along the U.S.-Mexican border.”
Pointing out the mistakes of the Iraq war is easy and Warrick only does so in service of his analysis of Zarqawi, steering away from a re-hashing of the last ten years so that his book might inform the conversation over the next ten. If the Islamic State’s acts of extreme violence seem incomprehensible to most, Warrick’s gripping chronicle of Zarqawi’s life lays bare not only his evolution into a fanatic but the logic of such fanaticism. It’s a logic rooted in economic and social disparities, decades of oppression by western-backed autocrats, all fueled by a religiosity that grants its adherents a place in an Islamic narrative of conquest and liberation reaching back more than one thousand years. Though westerners might be uncomfortable with this logic, it is one we must understand if such ideologies are going to be countered in Iraq, Syria, north Africa, and even Europe and the United States.
Since the Berg video, many more videos have appeared and certainly there will be many more. I also imagine they will begin to mean less and less as western audiences become inured to such images, no matter how ghastly. I also imagine members of the Islamic State, al-Qaeda and other groups will adapt their tactics accordingly. In 2002 the U.S. routed al-Qaeda in the mountains of Afghanistan. After al-Qaeda regrouped, the chief of intelligence for the Joint Special Operations Command, Michael Flynn, noted, “They got better because they saw how they were defeated.” Let’s hope the same can one day be said about our current efforts in the region.
Caption: Posters in Baghdad showing Al-Qaeda in Iraq leader Abu Musab al-Zarqawi, 2005.