CIA money behind Wi-Fi Positioning System (WPS)

How amazing would it be if you could walk into a fast food restaurant and order that mid-morning bacon taco meal with Mountain Dew Big Gulp from your mobile device?  Just imagine… as you approach the restaurant, a menu pops up on your screen, the phone makes suggestions and helps you super-size your order, before you even set foot inside!

Is there anything the IPad won't do?

This advertiser’s wet dream is about to become reality, thanks to WPS (Wi-Fi Positioning System) infrastructure pioneered by CIA front company Skyhook (formerly Quarterscope) and currently being implemented by several other intelligence-connected companies, including Google, Apple, and Navizon (which is supplying data to Microsoft).

WPS geolocates wireless network devices using a database of known wireless access points, such as in coffee shops.  Since at least 2004, WPS companies like Skyhook and Google have been war-driving for access point data.  More about the technical aspects of this later.

How did you conclude that Skyhook is an intelligence front company?

Follow the money.

In 2008 former CIA director George Tenet became Managing Director of Allen & Company, an investment bank that provided funding for Skyhook’s WPS development and Google’s IPO (Initial Public Offering) in 2004, while he was still director of the CIA.

Skyhook was also funded by shadowy investment firm Alliance Capital.  Frank Savage, Alliance Capital’s former board chairman, also served on the board of Lockheed Martin and Enron. Alliance was Enron’s largest shareholder.

Regardless of where the seed money came from, you can now buy this WPS data commercially.  The military industrial complex churns out new tracking and identification technologies, corporations exploit them, and ever-increasing amounts of personal data are exchanged on private networks which intelligence agencies can snoop on at will with their NSA Internet vacuum cleaners.

What exactly is WPS and how does it work?

Nearly every modern network connected device (phone, computer network card, cable modem, wireless router, bluetooth headset, etc), has a unique number called a MAC address (Media Access Control, not Apple) built in.

Even if a mobile device doesn’t obtain an IP address when connecting to wi-fi, merely conducting a normal SSID (Session ID) scan will result in the mobile obtaining the MAC of the access point, and may (during active scanning) result in sending the mobile’ MAC address  to the access point.  Access points embed their MAC addresses in beacon frames, which wireless devices scan for.

Here is the relevant thing you need to know about MAC addresses: they are unique and can identify any network connected device, wired or wireless, bluetooth, 802.11, etc.  The good news is you can change a device’s MAC address.†  The bad news is, that doesn’t really matter because that new number can be immediately correlated with your voice print and other biometric signatures in realtime by the mobile device (see Iphone trojan link below)

WPS is not generally used alone for geolocation. Hybrid systems including GPS (Global Positioning System) and cell triangulation are more commonly used to geolocate mobile devices. the advantage of adding WPS is that you can be located anywhere there’s a known wi-fi, such as inside buildings where GPS signals may not be strong, and you can be triangulated fairly accurately (depending on the type of radio hardware in the mobile device) using a large number of access points.  How often have you been in an urban setting and seen 10 or 20 or more access points in the list?  If the exact location of those access points are known, they can all be used together to triangulate the mobile more precisely.

So my phone trades MAC addresses with a restaurant’s Wi-Fi. They show me the daily specials.   Aren’t there potential benefits to something like this?

Yes, there are many potential benefits to advertisers, law enforcement, and intelligence agencies who want to track masses of people.  WPS is going to dovetail beautifully with the NSA’s Main Core and Apple’s new biometric Iphone trojan.

The only potential benefit to you is that you will not have to speak to the person behind the counter and your latté will be ready faster.

Intelligence agencies and DARPA are creating an AI surveillance cloud right before our eyes.  Don’t think that because you don’t have an Iphone means the 3 people sitting around you haven’t had their trojans activated to identify your voice print and snoop on your conversation.

We already know how this ends.  You better not be reading qbit.cc either or you’re going on their shit list!

† But why is it that on Apple OSX 10.4 you can’t change the MAC address of your wireless card even as root?  It simply fails with no error and keeps the original MAC address.  I will find the answer to this question.

A fundamental problem with biometric authentication

Wouldn’t it be great if you could just sit down at your computer and have it recognize you?  Remembering usernames and passwords to authenticate you to various computer resources can be quite a pain.

IT help desks across the world see a constant stream of password reset requests due to forgotten passwords, but this is precisely the appeal that password authentication has over biometric authentication.  You can change your password and hold a multitude of different user accounts without necessarily revealing your identity.

Biometrics, meaning measurements (metrics) of the biology (you)– fingerprint, iris, retina, face recognition, voice recognition, brain wave, DNA, or any number of features that are unique to individuals, can be used for identification.  Biometric authentication has one fatal security flaw however that prevents using it in high security systems: Individuals can’t change their biometrics.  Once an attacker gets your fingerprint, iris, retina scan, voice print or other hash in a standardized format, they can use it to impersonate you.

Here are some ways biometric authentication can be defeated, unless used in conjunction with a password.  This is obviously for informational purposes only, as a security assessment of these technologies. I don’t recommend you do any of these things.

Fingerprint readers [Difficulty: moderate]
Pull someone’s fingerprint off a used beverage glass or can.  CNC machine or create a photoresist mold of said fingerprint from a scan of the print, or from a fingerprint hash obtained from an existing authentication database.  Cast it in silicone.  Attacker wears the cast over her fingertip, spoofing the victim’s print.

Iris scanners [Difficulty: moderate]
Shoot a high res photo of someone’s iris or obtain the raw biometric hash from an existing system.  Create a contact lens with this image printed on it.

Retina scanners [Difficulty: hard]
Because the retina is on the back of the eye, it’s not something that could be easily “skimmed” in public.  In the sci-fi novel Snow Crash (Neal Stephenson), there were laser iris scanners that could scan an iris from a distance.  Even though that technology doesn’t exist yet, one could use an existing hash of the retina scan to create a combination contact lens with a hologram of the retina and the victim’s iris print built into one.  This holographic technology already exists and is only getting cheaper.

Voice print [Difficulty: moderate]
Voice print authentications systems use various algorithms to match a user’s voice to a known “voice print” hash or pre-recorded phrase.  A shotgun microphone can remotely record the sound of a person logging in, or phrases can be pieced together using phonemes (short sounds) taken from pre-recorded samples of the victim’s voice.  The voice can be played back over a speaker to the authentication system.  There are two-factor voice print systems that ask the user to read a dynamically generated word, but again using sample based techniques, it’s possible to synthesize a person’s voice dynamically.

DNA reader [Difficulty: hard]
The only way one could defeat current DNA sequencing technology would be by stealing some tissue (or pre-cloning it) from the victim, which would be used to spoof their identity. DNA sequencing is too slow and expensive to be used for authentication currently, however recent microfluidic lab-on-chip technologies have provided dramatic speed increases.

In any of these systems, if it’s physically accessible, one can bypass the scanner input subsystem and pass the raw, forged sensor data to the host software. If one already has the hash data from an existing database, no snooping or device fabrication is required.

Let’s just keep one thing in mind about biometrics.  We’re talking about identification, not authentication. If, as a society, we ever decide to rely solely on biometrics for authentication, we will have an epidemic of identity theft.  You can easily come up with a new password, completely independent of your identity. There’s no practical way to change your biometric data.

Say we live in a society that relies on biometrics for authentication to sensitive resources, and a criminal does actually steal your biometric data, they could wreak absolute havoc in your life.  Since you can’t change it, more and more criminals could use your identity as your biometric hash spreads thru the underground networks, the way social security numbers do today.

Let me tell you, identity theft is real.  I once got a phone bill for over $1000 due to identity theft.  Took me 6 months to clear that mess up.  Passwords are a pain but a strong password is the only thing standing between you and having your phone disconnected over fraudulent charges.

Also if you don’t have one, you should get a paper shredder.

Think your wireless encryption is secure? [updated]

$17/ 20 min to crack WPA, the current standard for wireless encryption, and WEP is so weak you don’t even need a distributed cracker.

Just thought I’d share this reminder with you that for sending anything sensitive over wireless, always make sure you’re connecting to secure services using application level encryption (SSH, SSL, TLS, etc) in addition to the weaker wireless encryption.

Some older services and applications may want you to transmit sensitive data unencrypted and not support encryption natively.  If for some reason you have to work with one of these applications, you can secure the TCP connection using an SSH tunnel.

SSH (Secure Shell) tunnels can be used to secure any service as long as the client can connect to a Secure Shell on the remote network.

I recently wrote a shell script to automatically tunnel an insecure VNC remote desktop connection through SSH, and launch my remote desktop viewer, which then connects locally to the SSH tunnel instead of directly to the remote VNC service.

My local SSH client establishes the secure tunnel to the remote SSH server (residing somewhere on the application server’s side of the Internet, or on the app server itself).  The remote SSH server then forwards the insecure traffic to the proper remote TCP port- SMTP, POP3, FTP, Telnet, or whatever insecure service you want to use.

Thus the data connection is entirely encrypted, and this is transparent to the application so no plugins are required. Simply create the SSH tunnel, connect your application to localhost instead of the remote host, and SSH routes the traffic securely thru the tunnel.

To create an SSH tunnel in a Unix shell script (my VNC example here) you would do something like:

ssh -fgCN -i $identity -L 5902:$tunnelhost:5900 $rmtuser@$tunnelhost &

Where $identity is the public key identity file (generally ~/.ssh/id_dsa), $tunnelhost is the remote SSH server, and $rmtuser is the remote username.  5902 is the local port to connect to and 5900 is the remote service port.

The & forks it into the background and, then you can then connect your VNC client to TCP port 5902 on localhost.

This is an incredibly powerful tool to protect your privacy.  Research “SSH tunneling” if you’re interested in learning more.

SSH is a network terminal server system like Telnet, except with encryption options, public key login, tunneling, and other fun stuff.  This is just scratching the surface of what can be done with it.

Bill would mandate back scatter x-ray scanners in airports by 2013

BSC

Some of you have heard me rant in person about how the new back x-ray scatter scanners (*that can’t be good for your dna*) will become MANDATORY nationwide by 2013.  I was able to confidently state this because I have read internal memos from government/private individuals with A LOT of money invested in making every airport buy a ton of these machines.  To this argument, many of you responded “they aren’t mandatory, you can choose a standard pat down if you like instead.”  First of all, it’s not standard for everyone to be patted down!  INNOCENT UNTIL PROVEN GUILTY!  NOT GUILTY UNTIL PROVEN INNOCENT!  Then some of you responded that “well it’s only for international flights.”  To which I said yes for now, thats part of the acclimation process.  Once everyone stops complaining about them internationaly, they’ll introduce them domesticaly.

I’d like to call your attention to the new bill [pdf] introduced to the Senate, which once again proves my statements to be accurate if just slightly ahead of the curve.

Securing Aircraft From Explosives Responsibly: Advanced Imaging Recognition (“SAFER AIR”) Act, would require all commercial airports in the US to use full-body scanners as their primary screening method by no later than 2013.

“all primary screening of passengers shall be conducted using advanced imaging technology or another advanced technology

a device that creates a visual image of an individual showing the surface of the skin and revealing other objects on the body as applicable

includes devices using backscatter x-rays or millimeter waves and devices referred to as ‘whole-body imaging technology’ or ‘body scanning’.

those technologies will be deployed at each airport checkpoint in the United States by 2013″

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” -4th Amendment, Bill of Rights, US Constitution

DON’T BE A SUCKER!

must … delete …. facebook profile [udpated]

Facebook came after my time, and I learned better before getting entirely sucked into that. Ok scratch that.  I had a change of heart recently on this issue. I created a facebook app just for qbit.cc.  I don’t like using it for personal stuff but it can be useful for networking.

Friendster and Myspace were scary enough but Facebook’s ever-changing privacy agreement and DARPA/CIA connections have taken social data mining to a new level.  It would hardly be a surprise if every last bit of private data in all all our social network profiles were being integrated into Main Core.

When pondering the privacy implications of social networking, I envision a scenario where an Orwellian pre-crime system has determined that you are at risk of committing a crime, or some non-crime that you have “committed” in the past (blogging) retroactively becomes a crime, and the government uses private info from your social network sites to hunt you down.

I’m having a “Turn on, tune in, drop out” hippie moment.  For those of you saying “I’ve got nothing to hide, thus no reason to worry about having my private info on social networks.”  I wish I could tell you a story about being caught up in some drama, thru no fault of my own, and having my Myspace profile analyzed by a cop posing as a reporter.  But I’m no longer naiive enough to post private things in public places.

I’ve got nothing to hide… therefore the government has got no f’ing business accessing my private information.

Related:
Report: Facebook caught sharing secret data with advertisers (Ars Technica)

Fourth Amendment to the United States Constitution (Wikipedia)

New speed cameras trap motorists from space

Satellites could track motorists from space if trials prove successful Photo: AFP

The cameras, which combine number plate reading technology with a global positioning satellite receiver, are similar to those used in roadworks.

The AA said it believed the new system could cover a network of streets as opposed to a straight line, and was “probably geared up to zones in residential areas.”

The Home Office is testing the cameras at two sites, one in Southwark, London, and the other A374 between Antony and Torpoint in Cornwall.

The `SpeedSpike’ system, which calculates average speed between any two points in the network, has been developed by PIPS Technology Ltd, an American-owned company with a base in Hampshire.

Details of the trials are contained in a House of Commons report. The company said in its evidence that the cameras enabled “number plate capture in all weather conditions, 24 hours a day”. It also referred to the system’s “low cost” and ease of installation.

The system could be used for “main road enforcement for congestion reduction and speed enforcement”, and could help to “eliminate rat-runs” and cut speeds outside schools, it added. It could also reduce the need for speed humps.

The development of speed cameras has raised concerns about expanding state surveillance.

The Home Office said it was unable to comment on the trials because of “commercial confidentiality”.

The AA said it would watch the system “carefully” but it did not believe there was anything sinister. “It is a natural evolution of the technology that is out there,” a spokesman said.

You aren’t required to answer all the census questions

From BSC

On the envelope of your Census, it will say your response is required by law.  This is a trick!!  The only question you are obligated to answer based on the US Constitution, is the number of people residing at your address.  All of the other questions are not required.  You can even see the trick, if you look at the first question, which asks how many people live at the house.  It is in its own seperate blue box, though nothing else indicates that the first question is the only required question.  The rest are unconstitutional so do not answer them!  I provide the following legal examples of a response and links to the articles in the constitution.

To Whom it May Concern,

Pursuant to Article I, Section 2, Clause 3 of the Constitution, the only information you are empowered to request is the total number of occupants at this address. My “name, sex, age, date of birth, race, ethnicity, telephone number, relationship and housing tenure” have absolutely nothing to do with apportioning direct taxes or determining the number of representatives in the House of Representatives. Therefore, neither Congress nor the Census Bureau have the constitutional authority to make that information request a component of the enumeration outlined in Article I, Section 2, Clause 3. In addition, I cannot be subject to a fine for basing my conduct on the Constitution because that document trumps laws passed by Congress.

Interstate Commerce Commission v. Brimson, 154 U.S. 447, 479 (May 26, 1894)

“Neither branch of the legislative department [House of Representatives or Senate], still less any merely administrative body [such as the Census Bureau], established by congress, possesses, or can be invested with, a general power of making inquiry into the private affairs of the citizen. Kilbourn v. Thompson, 103 U.S. 168, 190. We said in Boyd v. U.S., 116 U. S. 616, 630, 6 Sup. Ct. 524,―and it cannot be too often repeated,―that the principles that embody the essence of constitutional liberty and security forbid all invasions on the part of government and it’s employees of the sanctity of a man’s home and the privacies of his life. As said by Mr. Justice Field in Re Pacific Ry. Commission, 32 Fed. 241, 250, ‘of all the rights of the citizen, few are of greater importance or more essential to his peace and happiness than the right of personal security, and that involves, not merely protection of his person from assault, but exemption of his private affairs, books, and papers from inspection and scrutiny of others. Without the enjoyment of this right, all others would lose half their value.’”

Note: This United States Supreme Court case has never been overturned.

Respectfully,

A Citizen of the United States of America

http://topics.law.cornell.edu/constitution/articlei

Representatives and direct taxes shall be apportioned among the several states which may be included within this union, according to their respective numbers, which shall be determined by adding to the whole number of free persons, including those bound to service for a term of years, and excluding Indians not taxed, three fifths of all other Persons. The actual Enumeration shall be made within three years after the first meeting of the Congress of the United States, and within every subsequent term of ten years, in such manner as they shall by law direct. The number of Representatives shall not exceed one for every thirty thousand, but each state shall have at least one Representative

Qwest CEO imprisoned in retaliation for failure to cut surveillance deal with NSA

(WMR) — WMR has learned from sources who worked in senior positions for the telecommunications company Qwest that its former chairman and CEO, Joseph Nacchio, was threatened with retaliation after he refused to participate in an unconstitutional and illegal National Security Agency (NSA) wiretapping program after he met with NSA officials on February 27, 2001, some six months before the 9/11 attacks. Nacchio refused to turn over customer records without a court order — something NSA did not possess at the time it made its request.

After Nacchio refused NSA’s request on the grounds that it was illegal, sources close to Nacchio reported his legal problems with the Department of Justice and the Securities and Exchange Commission began in earnest. First, Qwest lost out on several lucrative federal government contracts and second, Nacchio was indicted and convicted in 2007 of 19 counts of insider stock trading. Nacchio was sentenced to six years in the Schuykill federal prison camp in Minersville, Pennsylvania, where he is now assigned prisoner number 33973-013.

In January, US District Judge Marcia Krieger of the 10th Circuit Court in Denver denied Nacchio’s motion for a new trial. Krieger was nominated for the federal bench by President George W. Bush on September 10, 2001. The September 10 date is significant – it was then clear that Nacchio was not going to be a player in the NSA and FBI illegal surveillance programs and it was the day before the Bush administration would sweep aside the First and Fourth Amendments to the Constitution in the wake of the 9/11 attacks. Qwest is headquartered in Denver.

The illegal NSA surveillance program, once known by its highly-classified code-name STELLAR WIND, was revealed by AT&T employee Mark Klein, who divulged NSA’s “secret room” on the 6th floor at AT&T’s central office on Folsom Street in San Francisco. The “secret room” was next door to the 4ESS phone switch. According to AT&T documents, NSA had direct wiretaps on key Internet circuits on the floor above. NSA’s operation conducted vacuum-cleaner copying of the data stream of the Internet, which included e-mail, web browsing, VOIP phone calls (e.g., Skype) and all the other common Internet services. There is informed speculation that because of an aggressive AT&T internal campaign to transfer all its old long-distance traffic to fiber lines, traditional phone calls that passed through the 4ESS switch were likely transferred to the Internet circuits, making phone calls also very likely subject to NSA eavesdropping.

AT&T and Verizon agreed to participate in the STELLAR WIND program.

Even though there is ample evidence that the federal government engaged in massive prosecutorial misconduct in retaliation for Nacchio’s refusal to participate in STELLAR WIND and associated FBI surveillance programs, the Supreme Court refused to review the case against the former Qwest chief. The Supreme Court also denied Nacchio bail pending his appeal, a clear attempt by the most corrupt Supreme Court in American history to prevent Nacchio from airing the NSA’s dirty laundry about domestic wiretapping and pressure on telecommunication firms’ senior corporate officials.

Qwest shareholders and retirees blamed Nacchio for their financial losses, however, it is now clear that the NSA and the Bush administration targeted Qwest for retribution after its top boss refused to cooperate in the illegal domestic wiretap programs of the NSA and FBI.

Qwest founder, railroad and oil magnate Philip Anschutz, a conservative Christian who owns The Examiner chain of metro region newspapers and several entertainment firms and professional sports teams, testified on Nacchio’s behalf.

The news of NSA’s threats of retaliation against Nacchio will come as little comfort to those NSA employees, including the jailed ex-NSA analyst Ken Ford, Jr., on similar trumped up charges. If someone as wealthy and powerful as Nacchio could be brought down by the illegal domestic joint targeting operations carried out by the NSA, FBI, and corrupt Justice Department prosecutors, those rank-and-file NSA employees who have blown the whistle on NSA’s illegal operations stand little chance of having their “day in court.”

WMR has been told by NSA insiders that if the full extent of NSA’s illegal operations became public, the American people would go into a “state of shock.”