Blog

  • Breach a 'security disaster' for IEEE

    posted by Keito
    2012-09-29 19:21:01
    'The IEEE (Institute of Electrical and Electronics Engineers) describes itself on its website as "the world's largest professional association for the advancement of technology."

    But after a data breach that left the usernames and passwords of 100,000 of its members exposed in plain text for a month, some security experts said it is clear both the organization and at least some of its members should also be in the business of the advancement of common sense security.

    The breach discovered by an independent security researcher, demonstrates an almost inexplicable lack of basic security protocols, including some of the most vulnerable passwords possible.

    Torsten George, vice president of worldwide marketing and products for Agiliance, a security risk management firm, called it "plain stupid."

    Paul Ducklin, writing at Sophos' Naked Security blog, called it, "a veritable security disaster for the IEEE."

    The IEEE announced the breach earlier this week. Redo Dragusin, a Romanian researcher and now a teaching assistant in the Department of Computer Science at the University of Copenhagen, said he discovered it on Sept. 18, and notified IEEE on Monday, Sept. 24.

    "The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery," Dragusin wrote. "Among the almost 100,000 compromised users are Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places."

    He said the unencrypted passwords were the most "troublesome" element of the breach, but also said, "the simplest and most important mistake on the part of the IEEE web administrators was that they failed to restrict access to their webserver logs ..." which included more than 100GB of data containing detailed information on more than 376 million HTTP requests made by IEEE members.

    A number of IEEE members were also failing to use basic security. Dragusin found that seven of the top-10 most popular passwords were combinations of the number string "1234567890," in order. Others in the top 20 included "password" and "admin."

    IEEE sent a letter to its members the next day, acknowledging the breach, but saying, "This matter has been addressed and resolved. None of your financial information was made accessible in this situation. However, it was theoretically possible for an unauthorized third party, using your ID and password, to have accessed your IEEE account."

    Because of that, the organization said it had terminated the access of its members under their current passwords, and would have to, "authenticate through a series of personal security questions you set up at the time you opened the account and to change your password."

    The IEEE was unresponsive to questions from CSO Online about why the passwords were in plain text, how access to the weblogs was unrestricted and why the group did not discover the breach itself.

    Adrienne McGarr, a public relations spokeswoman, emailed a copy of the statement IEEE had already posted on its website, saying the issue was addressed and resolved and members were being notified.

    "IEEE takes safeguarding the private information of our members and customers very seriously. We regret the occurrence of this incident and any inconvenience it may have caused," the statement said.

    George said the group has not taken the privacy of member information seriously, adding that the IEEE is not alone -- that this is somewhat typical of too many organizations.

    "This illustrates a check-box mentality of compliance," he said. "It is looking at security as a necessary evil, but only to fulfill a regulatory mandate."

    The failure to encrypt the data is especially mystifying, he said, "especially after the LinkedIn breach," a reference to the breach in June of the professional networking site that led to the posting of 6.5 million member passwords on a Russian hacking site. At the time LinkedIn was not using the preferred encryption method called salted hashing.

    Following the breach, LinkedIn was hit with a $5 million class-action lawsuit.

    George said it looks like the failure to restrict access to the webserver logs at IEEE was human error. "Somebody must have changed the access and forgot to change it back," he said. "It's a human mistake that's made very easily. But if they had done continuous monitoring, they would have noticed the restriction was not in place.

    "You can't rely on humans," he said. "You have to automate the process."

    Dragusin made it clear in his post that he did not intend to use the information for malicious means. Besides notifying IEEE, "I did not, and plan not to release the raw log data to anyone else," he wrote.

    But that does not make him a hero to Paul Ducklin's, who mocked Dragusin's professed "uncertainty" about what to do with the information. Ducklin noted that Dragusin waited a week from the time he discovered the breach to notify IEEE, but still found time to "register his vanity name-and-shame domain, ieeelog.com, on 19 September 2012.

    "Nor did it prevent him grabbing and processing 100GB of log data he knew wasn't supposed to be accessible," he wrote. "How is this bad? It probably isn't. But it's more of a 'don't be evil' outlook than one of 'actually be good.'"

    George said that the IEEE, in addition to improving its own security standards, should force its members to have more rigorous passwords.

    "You can mandate password policies," he said. "You can require that they include a combination of characters and digits. You can require that they be changed every 30 days. There is a lot of room for improvement."'

    http://www.cso.com.au/article/437770/breach_security_disaster_ieee/
  • Security researchers hack Android remotely over NFC to gain full control and steal all data from a Samsung Galaxy S3

    posted by Keito
    2012-09-20 21:43:37
    'Mobile Pwn2Own at EuSecWest 2012

    Today MWR Labs demonstrated an Android vulnerability at the EuSecWest Conference in Amsterdam. The demonstration of the 0day exploit took place at the Mobile Pwn2Own competition. The exploit was developed in a team effort between our South African and UK offices. The vulnerability was found and the exploit was developed by Tyrone and Jacques in South Africa and Jon and Nils in the UK.

    ### Impact

    MWR showed an exploit against a previously undiscovered vulnerability on a Samsung Galaxy S3 phone running Android 4.0.4. Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation.

    The same vulnerability could also be exploited through other attack vectors, such as malicious websites or e-mail attachments.

    ### The Vulnerabilities

    The first vulnerability was a memory corruption that allowed us to gain limited control over the phone. We triggered this vulnerability 185 times in our exploit code in order to overcome some of the limitations placed on us by the vulnerability.

    We used the second vulnerability to escalate our privileges on the device and undermine the application sandbox model. We used this to install a customised version of Mercury, our Android assessment framework. We could then use Mercury’s capabilities to exfiltrate user data from the device to a remote listener, including dumping SMS and contact databases, or initiating a call to a premium rate number.

    ### Challenges & Shortcomings

    Android 4.0.4 has many of the exploit mitigation features that are common to desktop Linux distributions, including Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP). Shortcomings in these protections allowed us to leverage the control we had of the device to trigger the second vulnerability. Crucially, the ASLR implementation is incomplete in Android 4.0.4, and does not cover Bionic (Android’s linker) and /system/bin/app_process, which is responsible for starting applications on the device. Other protections which would make exploitation harder were also found to be absent.

    A more in depth technical blog post will be released once the vulnerability has been patched by the vendor, detailing the process of finding and exploiting this bug.'
  • FBI denies link to leak of 12 million Apple codes

    posted by Keito
    2012-09-06 19:57:13
    Following on from the leaked Apple UDID codes earlier this week, the FBI has come out saying "We never had info in question. Bottom Line: TOTALLY FALSE"... Funny that! =) It couldn't possibly be that a 3 letter agency is lying to the public and gathering information about innocent civilians via any means at hand?... Could it?!

    The BBC covers it as such:


    'The FBI says there is "no evidence" that a hacker group gained access to 12 million identifying codes for Apple devices via an FBI agent's laptop.

    AntiSec, a hacker group, posted a file on the internet on Monday that it said contained more than one million of Apple's so-called UDID codes.

    UDIDs are a 40-character string unique to each Apple device.

    AntiSec said it gained the codes from the laptop of an FBI agent called Christopher Stangl.

    Mr Stangl works in the bureau's Regional Cyber Action Team, Wired Magazine reports.

    AntiSec suggested that the 12 million codes were being used by the FBI to track the associated users.

    Along with the posted file, the group said in a statement that it had only released one million IDs and had scrubbed identifying information, including full names, telephone numbers and addresses.

    Commenting on the AntiSec revelation, the FBI said it had no indication of any link to its agent or computer.

    "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data," the bureau said in a statement on Tuesday.

    Peter Kruse, an e-crime specialist with CSIS Security Group in Denmark, tweeted on Tuesday that the leak "is real" and that he confirmed three of his own devices in the data.

    Johannes Ullrich of the SANS Internet Storm Center told the AFP that while "there is nothing else in the file that would implicate the FBI... it is not clear who would have a file like this".

    Hackers identifying themselves with AntiSec have made previous hits this year on the websites of Panda Labs' anti-malware products and New York Ironwork - a company that sells equipment to US police.'


    For those that want to take a look at the source of this leak, check it out here. It reads as follows...



    "Now I know what a ghost is. Unfinished business, that's what."
    ― Salman Rushdie, The Satanic Verses

    ----------------------------------------------------------------------


    we share ideas sometimes through the voice of twitter.com/@AnonymousIRC
    so then there is where to look for news.


    So well, some of you know what we were at during these last long weeks, and
    probably less people know we were also testing new stuff and shits for our next
    iterations.
    so, whatever. Happy to bring this Special #FFF Edition to you (so special that's
    even not on friday), again for the utterly lulz.


    we have written our very honest statement here, ofc it was intended for those
    who are truely interested on reading it, for those fellows who dont give a fuck
    about ideology and who are just lurking for the candy, skip it and jump
    directly to the candy and lulzy part titled: Candy and Lulzy part. we hope you
    find it useful as well as funny. and for those who dont care about the whole
    fucking shit... wtf r u doing here?? go and download a movie.

    so here we go...


    /*
    just a comment: we are still waiting for published news about the
    $ 2 billions worth loans Assad has taken from Russia,
    mentioned on the syrian mails
    and also about the transfer of money to austrian banks etc....
    and also cocks...
    So, don't be lazy journos and look for them.
    */


    -----------------------------------------------------------------------------
    a few words.
    "For when all else is done, on­ly words re­main. Words en­dure."
    -----------------------------------------------------------------------------


    In July 2012 NSA's General Keith Alexander (alias the Bilderberg Biddy) spoke
    at Defcon, the hacker conference in Las Vegas, wearing jeans and a cool EFF
    t-shirt (LOL. Wtf was that?). He was trying to seduce hackers into improving
    Internet security and colonoscopy systems, and to recruit them, ofc, for his
    future cyberwars. It was an amusing hypocritical attempt made by the system to
    flatter hackers into becoming tools for the state, while his so-righteous
    employer hunts any who doesn't bow to them like fucking dogs.

    Well...
    We got the message.
    We decided we'd help out Internet security by auditing FBI first. We all know
    by now they make Internet insecure on purpose to help their bottom line. But
    it's a shitty job, especially since they decided to hunt us down and jail our
    friends.

    It's the old double standard that has been around since the 80's. Govt Agencies
    are obsessed with witchhunts against hackers worldwide, whilst they also
    recruit hackers to carry out their own political agendas.

    You are forbidden to outsmart the system, to defy it, to work around it. In
    short, while you may hack for the status quo, you are forbidden to hack the
    status quo. Just do what you're told. Don't worry about dirty geopolitical
    games, that's business for the elite. They're the ones that give dancing orders
    to our favorite general, Keith, while he happily puts on a ballet tutu. Just
    dance along, hackers. Otherwise... well...

    In 1989 hagbard (23yrs old) was murdered after being involved into cold war spy
    games related to KGB and US. Tron, another hacker, was
    murdered in 1998 (aged 26) after messing around with a myriad of cryptographic
    stuff (yeah, it's usually a hot item) and after making cryptophon easily
    accesible for the masses. And then you have Gareth Williams (31), the GCHQ
    hacker murdered and "bagged" inside a MI6's "safe" house (we'd hate to see what
    the unsafe ones look like) in August of 2010 after talking about being curious
    about leaking something to Wikileaks with fellow hackers on irc. And the list
    goes on. It's easy to cover up when they want to, hackers often have complex
    personalities, so faking their suicide fits well.

    You are welcome to hack what the system wants you to hack. If not, you will be
    punished.

    Jeremy Hammond faces the rest of his productive life in prison for being an
    ideological motivated political dissident. He was twice jailed for following
    his own beliefs. He worked until the end to uncover corruption and the
    connivance between the state and big corporations. He denounces the abuses and
    bribes of the US prison system, and he's again facing that abuse and torture at
    the hands of authorities.

    Last year, Bradley Manning was tortured after allegedly giving WikiLeaks
    confidential data belonging to US govt... oh shit. The world shouldn't know how
    some soldiers enjoy killing people and even less when they kill journalists. Of
    course, the common housewife doesn't deserve to know the truth about the
    hypocrisy in the international diplomacy or how world dictators spend money in
    luxury whilst their own people starve. Yep, the truth belongs only to the
    elite, and if you are not part of them (forget it, that won't happen), fuck
    yourself.

    People are frustrated, they feel the system manipulating them more than ever.
    Never underestimate the power of frustrated people.
    For the last few years we have broke into systems belonging to Governments and
    Big corporations just to find out they are spending millions of tax dollars to
    spy on their citizens. They work to discredit dissenting voices. They pay their
    friends for overpriced and insecure networks and services.

    We showed how former govt and military officials were making new businesses
    using their government relationships.
    They funnel public money to their own interests for overpriced contracts for
    crap level services. They use those
    relationships to extra-officially resolve affairs involving their businesses.

    We exposed a criminal System eliminating those who think different;
    criminalizing them. This System won't tolerate those who dig for the truth, it
    can't. So no one has the right to question anything coming from this system. if
    you buy a piece of hardware or software you just need to use it as it was
    supposed to be used: anything else is forbidden.
    No tinkering allowed.

    If you buy a Playstation, you are not allowed to use it as you want to -- you
    can only use it the Sony wants you to. If you have found a way to improve
    something, just shut up. You are not allowed to share this info with anyone
    else and let them make improvements, too. We are not the real owners of
    anything anymore. We just borrow things from the System. Shiny, colorful
    things, we agree to play with for a fee. A fee for life.
    Because this system works only if you keep working to buy new things.
    Not important if they are good things, just buy new crap, even better like that.
    So everything gets outdated soon.


    You home, stuff, car and computer, you will pay for everything you have for all
    of your life. All the time: a monthly fee, forever until you die. That's the
    future; nothing is really yours. LAAS - Life As A Service.
    You will rent your life.

    And better hurry up and work all day if you want to stay alive. Work 'til
    you're exhausted and don't think. No -- thinking is bad. Play games instead, do
    drugs too, why not? Or go to the movies. The Entertainment Industry is here to
    resolve all your philosophical and trascendental problems. Shiny colorful crap.
    but please don't think too much.
    Thinking is dangerous.

    Accept the offer, it's the perfect deal.
    You get all those amazing shiny colorful beads.
    It will only cost you freedom...and your life.
    Indians did it with Manhattan.
    There's nothing to worry about it, is there?


    And what if you are a lone wolf who quietly outside the system, doing your own
    thing, without saying a word? They will be mad as hell. They will try to find
    you. You will be fucked up anyway, sooner or later. Because the system wants
    you clearly identified, with all your personal details well packed into a
    government database so it can make its watchdogs' lives easier.

    Security researchers are often questioned and their movements tracked by Secret
    Service, FBI and other shits. They are asked about their projects, who their
    clients are, who they are talking to, what they know about other hackers, etc..
    So be a good monkey, follow the rules, head down and you'll get some coins
    that let you keep renting your life.

    But hey! Wait...
    We are hackers...
    We are supposed to look beyond the rules, to find things others don't see. And
    THE SYSTEM, yeah the whole fucking system, it's just another system.
    ...and we do that.
    we hack systems.

    This is our next challenge: to decide whether to become tools for the system,
    or for ourselves. The system plans to use us to hold the next in their endless
    wars, their cyberwars.
    Hackers vs. hackers, slaves vs slaves.

    We are trapped.

    Jack Henry Abbott, a writer who was incarcerated almost his whole life for his
    crimes, wrote before hanging himself: "As long as I am nothing but a ghost of
    the civil dead, I can do nothing…", the 'civil dead' are those, like himself,
    who had their autonomy systematically destroyed by the state. Now his words
    extend to cover all of us. We have seen our own autonomy being systematically
    destroyed by the State. We are becoming ghosts of our dead civil rights.

    criminals.
    So yes we are criminals, we are the criminals our dear system have created:
    Argumentum ad Baculum

    In a world where you fear the words you use to express yourself. Where you are
    punished for choosing the wrong ones, we have just decided to follow our own
    way. There's no worst kind of slavery than one where you are afraid of your own
    thoughts.

    Governments around the globe are already in control of us in real life, and
    they have now declared war on the people to take over the Internet.
    It's happening now. It's not waiting for you to wake up.
    So now my dear friends, it's your turn to decide where you belong,
    and what you are made of.



    "When the people fear the government there is tyranny, when the government
    fears the people there is liberty."
    ― Thomas Jefferson






    -----------------------------------------------------------------------------

    CANDY! CANDY! CANDY!...............candy.


    Download links:

    http://freakshare.com/files/6gw0653b/Rxdzz.txt.html
    http://u32.extabit.com/go/28du69vxbo4ix/?upld=1
    http://d01.megashares.com/dl/22GofmH/Rxdzz.txt
    http://minus.com/l3Q9eDctVSXW3
    https://minus.com/mFEx56uOa
    http://uploadany.com/?d=50452CCA1
    http://www.ziddu.com/download/20266246/Rxdzz.txt.html
    http://www.sendmyway.com/2bmtivv6vhub/Rxdzz.txt.html

    HOW TO GET THE CANDY ONCE YOU HAVE DOWNLOADED THE FILE

    first check the file MD5:
    e7d0984f7bb632ee19d8dda1337e9fba

    (lol yes, a "1337" there for the lulz, God is in the detail)

    then decrypt the file using openssl:
    openssl aes-256-cbc -d -a -in file.txt -out decryptedfile.tar.gz

    password is:
    antis3cs5clockTea#579d8c28d34af73fea4354f5386a06a6

    then uncompress:
    tar -xvzf decryptedfile.tar.gz

    and then check file integrity using the MD5 included in the password u used to
    decrypt before:
    579d8c28d34af73fea4354f5386a06a6
    ^ yeah that one.

    if everything looks fine
    then perhaps it is.

    enjoy it!

    there you have. 1,000,001 Apple Devices UDIDs linking to their users and their
    APNS tokens.
    the original file contained around 12,000,000 devices. we decided a million would be
    enough to release.
    we trimmed out other personal data as, full names, cell numbers, addresses,
    zipcodes, etc.
    not all devices have the same amount of personal data linked. some devices
    contained lot of info.
    others no more than zipcodes or almost anything. we left those main columns we
    consider enough to help a significant amount of users to look if their devices
    are listed there or not. the DevTokens are included for those mobile hackers
    who could figure out some use from the dataset.


    file contains details to identify Apple devices.
    ordered by:

    Apple Device UDID, Apple Push Notification Service DevToken, Device Name,
    Device Type.



    We never liked the concept of UDIDs since the beginning indeed.
    Really bad decision from Apple.
    fishy thingie.


    so the big question:
    why exposing this personal data?
    well we have learnt it seems quite clear nobody pays attention if you just come
    and say 'hey, FBI is using your device details and info and who the fuck knows
    what the hell are they experimenting with that', well sorry, but nobody will care.
    FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will
    forget the whole thing at amazing speed. so next option, we could have released
    mail and a very small extract of the data. some people would eventually pick up
    the issue but well, lets be honest, that will be ephemeral too.
    So without even being sure if the current choice will guarantee that people
    will pay attention to this fucking shouted
    'FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME
    SHIT' well at least it seems our best bet, and even in this
    case we will probably see their damage control teams going hard lobbying media
    with bullshits to discredit this, but well, whatever, at least we tried and
    eventually, looking at the massive number of devices concerned, someone should
    care about it. Also we think it's the right moment to release this knowing that
    Apple is looking for alternatives for those UDID currently and since a while
    blocked axx to it, but well, in this case it's too late for those concerned
    owners on the list. we always thought it was a really bad idea. that hardware
    coded IDs for devices concept should be erradicated from any device on the
    market in the future.

    so now candy was delivered.
    few words, and just a few, about how the shit came. we don't like too much
    about disclosing this part, we understood it would be needed, so, fuck
    whatever. lost asset. Hope it serves for something.


    During the second week of March 2012, a Dell Vostro notebook, used by
    Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action
    Team and New York FBI Office Evidence Response Team was breached using the
    AtomicReferenceArray vulnerability on Java, during the shell session some files
    were downloaded from his Desktop folder one of them with the name of
    "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS
    devices including Unique Device Identifiers (UDID), user names, name of device,
    type of device, Apple Push Notification Service tokens, zipcodes, cellphone
    numbers, addresses, etc. the personal details fields referring to people
    appears many times empty leaving the whole list incompleted on many parts. no
    other file on the same folder makes mention about this list or its purpose.




    so...penis.



    to journalists: no more interviews to anyone till Adrian Chen get featured in
    the front page of Gawker, a whole day, with a huge picture of him dressing a
    ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith
    Alexander. go, go, go.
    (and there you ll get your desired pageviews number too) Until that happens,
    this whole statement will be the only thing getting out
    directly from us. So no tutu, no sources.

    Our support to Wikileaks and Julian Assange.

    respect to Tunisian and Egyptian people, keep the good fight. Dont accept new
    oppressors in the place of the old ones.

    To Syrian rebels: If Assad wins he will exterminate all of you till the very
    last one, so better go and kill the motherfucker and his
    bunch of suckers for once.

    Support to Pussy Riot: Hang in there, babes! Resistance forever.


    we r sorry mike about what happened to you and princess.
    we didnt want to bring you in troubles with the feds
    and we ve heard about the reasons leading you to have spoken out to them,
    it's sad you ve just hanged around couple of weeks with us
    (we vagely understood u felt misplaced),
    but looking back to some events, at the end, it was also a good choice for
    everyone.
    hope u finish understanding it's not about the things we think we have seen.
    its always about those things we dont see.
    theres always another behind behind the behind.

    Greetings to all other groups struggling on their daily fight.
    Remember that fights between us it's what our adversaries are looking for.
    Now this is your time.


    "This is the highest wisdom that I own; freedom and life are earned by those
    alone who conquer them each day anew."
    Goethe

    LulzSec, AntiSec, LulzXmas series, ALL YOUR BASE ARE BELONG TO US,
    MegaCockLulzFestival, "I'm 12 and wat iz diz?", CIA Tango Down,
    #FuckFBIFriday, #StratforHasTheButtInFlames, #BlueHairedAaronBarr,
    #WestboroChurchLovesEatingCocks, White Hats Can't Jump, "Keith Alexander
    dressing an exhuberant ballet tutu" image and others are all trademarks of
    Anonymous Inc. and well...all the people in general...


    Romney aber, sag's ihm, er kann mich im Arsche lecken!

    Disclaimer: We like beer and the use of manipulated bacterial ADN to transmit
    encrypted data.


    ...

    well that's all now we can move on and go to sleep.

  • WIKILEAKS: Surveillance Cameras Around The Country Are Being Used In A Huge Spy Network

    posted by Keito
    2012-08-11 22:41:26
    "The U.S. cable networks won't be covering this one tonight (not accurately, anyway), but Trapwire is making the rounds on social media today—it reportedly became a Trending hashtag on Twitter earlier in the day.

    Trapwire is the name of a program revealed in the latest Wikileaks bonanza—it is the mother of all leaks, by the way. Trapwire would make something like disclosure of UFO contact or imminent failure of a major U.S. bank fairly boring news by comparison.

    And the ambitious techno-fascists behind Trapwire seem to be quite disappointed that word is getting out so swiftly; the Wikileaks web site is reportedly sustaining 10GB worth of DDoS attacks each second, which is massive.

    Anyway, here's what Trapwire is, according to Russian-state owned media network RT (apologies for citing "foreign media"... if we had a free press, I'd be citing something published here by an American media conglomerate): "Former senior intelligence officials have created a detailed surveillance system more accurate than modern facial recognition technology—and have installed it across the U.S. under the radar of most Americans, according to emails hacked by Anonymous.

    Every few seconds, data picked up at surveillance points in major cities and landmarks across the United States are recorded digitally on the spot, then encrypted and instantaneously delivered to a fortified central database center at an undisclosed location to be aggregated with other intelligence. It’s part of a program called TrapWire and it's the brainchild of the Abraxas, a Northern Virginia company staffed with elite from America’s intelligence community.

    The employee roster at Arbaxas reads like a who’s who of agents once with the Pentagon, CIA and other government entities according to their public LinkedIn profiles, and the corporation's ties are assumed to go deeper than even documented. The details on Abraxas and, to an even greater extent TrapWire, are scarce, however, and not without reason. For a program touted as a tool to thwart terrorism and monitor activity meant to be under wraps, its understandable that Abraxas would want the program’s public presence to be relatively limited. But thanks to last year’s hack of the Strategic Forecasting intelligence agency, or Stratfor, all of that is quickly changing."

    So: those spooky new "circular" dark globe cameras installed in your neighborhood park, town, or city—they aren't just passively monitoring. They're plugged into Trapwire and they are potentially monitoring every single person via facial recognition.

    In related news, the Obama administration is fighting in federal court this week for the ability to imprison American citizens under NDAA's indefinite detention provisions—and anyone else—without charge or trial, on suspicion alone.

    So we have a widespread network of surveillance cameras across America monitoring us and reporting suspicious activity back to a centralized analysis center, mixed in with the ability to imprison people via military force on the basis of suspicious activity alone. I don't see how that could possibly go wrong. Nope, not at all. We all know the government, and algorithmic computer programs, never make mistakes.

    Here's what is also so disturbing about this whole NDAA business: "This past week's hearing was even more terrifying. Government attorneys again, in this hearing, presented no evidence to support their position and brought forth no witnesses. Most incredibly, Obama's attorneys refused to assure the court, when questioned, that the NDAA's section 1021 – the provision that permits reporters and others who have not committed crimes to be detained without trial – has not been applied by the U.S. government anywhere in the world after Judge Forrest's injunction. In other words, they were telling a U.S. federal judge that they could not, or would not, state whether Obama's government had complied with the legal injunction that she had laid down before them. To this, Judge Forrest responded that if the provision had indeed been applied, the United States government would be in contempt of court."

    If none of this bothers you, please don't follow me on Twitter, because nothing I report on will be of interest to you. Go back to watching the television news network of your choice, where you will hear about Romney's latest campaign ads, and whether Obamacare will increase the cost of delivery pizza by 14 to 16 cents."

    http://www.businessinsider.com/trapwire-everything-you-need-to-know-2012-8