NSA’s ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware

Originally posted on LeakSource:

nsa-ant

12/29/2013

SPIEGEL:

After years of speculation that electronics can be accessed by intelligence agencies through a back door, an internal NSA catalog reveals that such methods already exist for numerous end-user devices.

When it comes to modern firewalls for corporate computer networks, the world’s second largest network equipment manufacturer doesn’t skimp on praising its own work. According to Juniper Networks’ online PR copy, the company’s products are “ideal” for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company’s special computers is “unmatched” and their firewalls are the “best-in-class.” Despite these assurances, though, there is one attacker none of these products can fend off — the United States’ National Security Agency.

Specialists at the intelligence organization succeeded years ago in penetrating the company’s digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has…

View original 954 more words

How to protect your SMS text messages from the NSA

Why

Because the NSA and GCHQ have been revealed to be collecting (and keeping) all text messages we send/receive on our mobile phones: http://www.theguardian.com/world/2014/jan/16/nsa-collects-millions-text-messages-daily-untargeted-global-sweep

If you are thinking “so what? I have nothing to hide“, feel free to share your thoughts in the comments area below. To prove that you really have nothing to hide please also include your full name and home address.

How

Are you using an Android phone? (if you’re not sure, look for a “Google Play” icon somewhere, it looks like this:

Google Play logo

If you’ve got this icon, you are using an Android phone)

  1. Install the free TextSecure app by OpenWhisperSystems.
  2. Tell all your friends with Android phones to do the same.
  3. Open the TextSecure app and setup a very simple password – don’t worry, you will disable it immediately.
  4. Hit the “menu” button -> Settings -> select “Disable Passphrase”
  5. That’s it! Now text your contacts as normal. If any of them happen to be using TextSecure, the app will ask them:
    You have received a message from someone who supports TextSecure encrypted sessions. Would you like to initiate a secure session?
    They should click the “Initiate Exchange” button.
  6. Any messages you send or receive from your TextSecure contacts with whom you have “Initiated Exchange” will now be encrypted and unreadable to the NSA and their friends.

No Android phone? In that case you are out of luck. You cannot currently protect the content of your SMS text messages. Might be time to complain to the phone manufacturer for some built-in privacy features for a change?

The best alternative you have right now, if you have a data plan and can be connected to the Internet most of the time, is to use the free ChatSecure app by The Guardian Project. ChatSecure gives you unlimited instant messages (IM) with your friends. Unlike WhatsApp, Viber, Google Hangouts, Facebook, Skype, Y! messenger etc, ChatSecure can make your messages unreadable to the NSA and their friends. ChatSecure works on Android phones as well as iPhones.

Note: Even when using TextSecure, the NSA (and your mobile service provider) will know who you texted and who texted you. This “metadata” cannot be hidden, it’s just the way the SMS texting service works. The best you can do right now is to hide the content of your text messages, and TextSecure does that very well.

It’s (crypto)party time!

With our advanced free democracies resembling George Orwell’s “1984” more and more (your TV is spying on you, NSA global mass-surveillance, pre-crime repression of free speech  etc), there surely couldn’t be a better time to throw a CryptoParty!

Where?

New Academic Building
Goldsmiths, University of London
New Cross
London SE14 6NW
(OpenStreetMap)

When?

Saturday 30th November, 11am onwards

Cost/audience

The event is free & open to the public. Anyone who worries about the privacy and ultimately freedom of expression of their loved ones should attend.

Great lineup of speakers/presenters – check out the event schedule!

I will be doing a few workshops on mobile device privacy, encrypted Internet phone calls and using a computer without leaving any traces behind.

If you’re around on the 30th, join us for a day of practical tinkering with privacy tools!

…and here are the slide decks of the workshops I ran:

Qubes OS – a secure operating system: http://apapadop.files.wordpress.com/2013/12/qubes1.pdf

TAILS – This session never happened: http://apapadop.files.wordpress.com/2013/12/tails1.pdf

VoIP- Private voice calls: http://apapadop.files.wordpress.com/2013/12/voip1.pdf

Mobile privacy – how to keep your smartphone communications private: http://apapadop.files.wordpress.com/2013/12/mobile5.pdf

OTR – a gentle introduction to chatting Off The Record: http://apapadop.files.wordpress.com/2013/12/otr1.pdf

NSA whistleblower Thomas Drake: “US using the Stasi playbook”

NSA whistleblower Thomas Drake testifying before the European Parliament Committee on Civil Liberties, Justice and Home Affairs on September 30, 2013. The Committee has called an inquiry into NSA Mass Surveillance of EU Citizens.

Hat tip to Government Accountability Project

Thank you to the European Parliament and the Civil Liberties, Justice and Home Affairs Committee for inviting me to speak before your critically important public hearings – and the challenge you collectively face regarding the National Security Agency’s surveillance programs and their impact on your respective member countries as well as the privacy of citizens in my country and yours.
The fundamental issue before your Committee is a foreign government (often in league with the intelligence apparatus of other countries as well as cooperating internet, phone and data service providers), spying on you under the guise of protecting its own interests in the name of national security – a convenient constraint of monitoring and control especially when conducted in secret – outside the purview of law and public debate – while subverting your sovereignty.

I used to fly as a crypto-linguist on RC-135 reconnaissance aircraft in the greater European theater during the latter years of the Cold War. My primary target of interest was East Germany. The Stasi became monstrously efficient using surveillance to enable their pathological need ‘to know everything’ – their very operating motto. However, I never imagined that the US would use the Stasi playbook as the template for its own state sponsored surveillance regime and turning not only its own citizens into virtual persons of interest, but also millions of citizens in the rest of the world. Do we really want to become subject to and subjects of a secret surveillance state?

In a surveillance state everybody is suspicious and laws protecting privacy and citizen sovereignty are regarded as inconvenient truths bypassed in the name of keeping the rest of us safe and secure as justification for the wanton and surreptitious bulk copy collection and unbridled access to vast amounts of data about our lives. Unfortunately, this surveillance regime has now grown into a globe girdling system that has gone far beyond prosecuting terrorism and other international crimes and wrongdoing.
Your Committee faces the challenge of dealing with a secret hidden shadow surveillance state dissolving the very heart of freedom and liberty and our respective citizen rights and using this power to expand sovereign-free zones – even when it undermines the very fabric of society, breaks trust between nations and endangers the very mechanisms we use for commerce and trade.
This exceptionalism gives rise to an ends justifying the means mentality in violating the sovereignty of other nations and citizens far beyond the real threats we do face from those who would cause us real harm, but often exaggerating those very threats in public for access to all of our data behind the scenes.

When national security services are more than willing to deliberately compromise the very information technology services and protocols that so many citizens as well as commercial and private enterprises rely upon and enjoy for legitimate confidentiality, data protection, and security in order to conduct their day to day business, it becomes very difficult to maintain trust in those systems.

Nothing less than the very sovereignty of our citizens and states are at stake in the face of an unfettered surveillance state apparatus.
From the recent disclosures of Edward Snowden, the US government has routinely violated on a vast industrial scale the Constitutional protections afforded its own citizens, while also disregarding the internal integrity of other states and the fundamental rights of non-US citizens.

I know. Because I was eyewitness to the very foundations of a persistent surveillance state expanded in the deepest of secrecy right after 9/11. I was there at the beginning.
While a senior official at the National Security Agency, I found out about the use of a top secret domestic electronic eavesdropping program that collected and accessed vast amounts of digital data (including phone numbers, e-mail addresses, financial transactions and more), turning the US into the equivalent of a foreign nation for the purposes of blanket dragnet surveillance and data mining – blatantly abandoning and unchaining itself from the Constitution and a 23 year legal regime enacted due to earlier violations of citizen rights by US government’s use and abuse of national instruments of power against Americans in the 60s and 70s.
These secret surveillance programs were born during the first few critical weeks and months following 9/11, as the result of willful decisions made by the highest levels of the US government. Such shortcuts and end-runs were not necessary, as lawful alternatives existed that would have vastly improved US intelligence capability with the best of American ingenuity and innovation, while fundamentally protecting the privacy of citizens at the same time.
I raised the gravest of concerns through internal channels, spoke directly with the NSA Office of the General Counsel, and then became a material witness and whistleblower for two 9/11 congressional investigations in 2002, and then exposing massive fraud, waste, abuse and mismanagement at NSA during a multi-year Department of Defense Office of Inspector General audit from 2003-2005 regarding a multi-billion dollar NSA flagship intelligence collection program under development that was far more costly and far less effective in supporting critical intelligence requirements than a readily available and privacy protecting alternative.
I followed all the rules as a whistleblower until it fundamentally conflicted with my oath to uphold and defend the Constitution, and made a fateful choice in 2006 to exercise my First Amendment rights and went to the press with critical information about which the public had a right to know regarding the fraud, waste and abuse as well as the secret and unconstitutional surveillance programs.
However, rather than address the illegality and wrongdoing, the government made me a target of a huge federal criminal “leak investigation” into the exposure of the secret surveillance programs and subjected me to severe retaliation, reprisal and retribution that started with forcing me out from my job as a career public servant. I was subsequently blacklisted, no longer had a stream of income, while simultaneously incurring substantial attorney fees and other huge costs, necessitating a second mortgage on my house, emptying of my bank accounts, including retirement and savings. And that was just the beginning.
What I experienced as a whistleblower sends the most chilling of messages about what the government can and will do when one speaks truth to and of power—a direct form of political repression and censorship.
And yet once exposed, these unconstitutional detours were (and still are) predictably justified by often vague and undefined claims of national security, while aided and abetted by shameless fear mongering on the part of the government.

And yet we are now in an era where sharing issues of significant concern in the public interest, which do not in any way compromise national security, are often now considered criminal acts of espionage aided and abetted by reporters and the press – yet anathema to a free, open and democratic society.
I did everything I could to defend the inalienable rights of all U.S. citizens and the sovereignty of the individual which were so egregiously violated and abused by my own government—when there was no reason to do so at all, except as an excuse to go to the proverbial ‘dark side’ by exercising unaccountable, irresponsible and “off the books” unilateral executive power in secret.
I blew the whistle because I saw grave injustice, illegality and wrongdoing occurring within the National Security Agency. I was subsequently placed under intense physical and electronic surveillance, raided by the FBI in 2007 and two and half years later under the Obama Administration criminally charged under a 10 felony count indictment including five under the Espionage Act, facing 35 years in prison. The extraordinary charges that were leveled against me by the US Department of Justice are symptomatic of the rising power of the national security state since 9/11 and a direct assault on freedom of speech, thought, innovation, and privacy.
The government found out everything they could about me and turned me into an Enemy of the State. I became the first whistleblower prosecuted in the decades since Daniel Ellsberg, under the draconian World War I-era Espionage Act, a law meant to go after spies, not whistleblowers.
Having the secret ability to collect and analyze data with few if any substantial constraints – especially on people, is seductively powerful – and when done without the person’s permission and in secret against their will – is the ultimate form of control over others.

When government surveillance of this magnitude hides behind the veil of secrecy, when it professes openness and transparency while practicing opaqueness and deceit, that’s when citizens need to become very aware and wary of what the future might hold – when their very liberties are eroded and even taken away in the name of national security — without their consent.
The fear engendered through the invocation of threats (real and imagined), creates a climate where rights are ignored as the unifying cause for obsessing over national security and the use of fear by the government to control the public and private agenda.
My criminal case is direct evidence of an out of control and ‘off the books’ government that is increasingly alien to the Constitution and democracy at home and abroad. The rise in this form of a contrary alien form of government assuming the shape of a national security state under surveillance evidences the all too distinct and historically familiar characteristics of an alarming ‘soft tyranny’ and is an anathema to all forms of democracy.
As Montesquieu wrote, “No tyranny is more cruel than that which is practiced in the shadow of the law and with the trappings of justice: that is, one would drown the unfortunate by the very plank by which he would hope to be saved.”
One could make the case that the government chose to make me (and others) targets as part of a much broader campaign against whistleblowers in order to send the strongest possible message about what the government can and will do to suppress dissent and speech it doesn’t like.
And yet the United States’ brutal and unrelenting crackdown on whistleblowers is outdone by the magnitude of what it is now trying to hide or continue as a result of the Snowden disclosures. NSA is not just eavesdropping on all Americans and building the architecture for a police state in the US, it has created the largest set of mass surveillance programs in the history of the world, while covertly weakening Internet security and privacy for everyone on the planet. Without privacy and robust data protections under the law, no real individual citizen sovereignty within a state and society is possible.

NSA is doing this deliberately, systematically, and in secret. Even if we take NSA at its word—its intention to only target persons suspected of terrorism as it relates to foreign intelligence— they’re clearly now collecting and storing as much of our communications as possible.
NSA has inverted and perverted the heart of the democratic paradigm in which the government acts in public and our personal lives are private. Now everyone’s personal and private lives and associated transaction and data history becomes the equivalent of secret government property, held for years as pre-crime data just in case it is needed in the future – secret dossiers of the State – while attempts to expose the government are met with the heavy hand of criminal prosecution.

The words of US Senator Frank Church during the hearings he conducted on the abuses of national security power in the 1970s are worthy of reminding us what can happen when a state sponsored surveillance regime is used as the excuse to keep us safe at the expense of liberty and freedom.
“If a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of government to know. Such is the capacity of technology.”

People in America and around the world should not have to worry about protecting themselves from an unhinged United States government, unchained from its own Constitution, but worry they must. And the government should not, under the guise of protecting its own citizenry, conduct mass dragnet surveillance in secret, let alone the rest of the entire world while publicly crushing anyone who tries to expose it.
I respectfully suggest that your Committee duly examine the critical need for transparency and legal accountability to enforce fundamental and vitally precious citizen rights to speech and association while protecting those who expose government malfeasance and wrongdoing as well as providing for robust protections against unwarranted “search and seizure” by any foreign power, state surveillance agency or corporate entity.
I hope that your Committee will consider a European Union-wide law that all EU-to EU Internet links and nodes must be encrypted, with open source encryption technology made available for the widest possible use wherever practical, while also audited by the EU.

What we see now revealed on a global scale creates the power of mass- surveillance and eludes effective control by current data and privacy protection regulations.
How do your member states protect themselves from the predations of the surveillance regime?

There is a distinct need for policies that prohibit third party countries and commercial concerns from accessing and compromising personal data, while also covering vendors and suppliers of IT systems and products.
There is also the need to put in place the power to prosecute and hold accountable those transnational companies and entities from secretly compromising the very infrastructure that society depends on for business and trade – even considering the need for a comprehensive data protection treaty between member states and the US.
‘Prism-proofing’ your member state Internet hosting and service providers is now critical given how data is not so much broken into as it is taken and renditioned by the surveillance state.
It is the constant possibility of the unequal gaze and reality of surveillance and observation (real or imagined) that stultifies society, renders creativity mute, and erodes our freedom with the acid served up by the potent brew of secrecy and surveillance for the sake of security while forsaking our liberties as the price we must pay. I fundamentally reject this dystopian premise given what happened to me.

In conclusion, I was fortunate that I did not end up in an actual prison for coming out of the system and speaking truth to and of power – a dangerous act of civil disobedience and individuality for sure in these times.

The last thing a free and open society needs is a digital fence around us – with the barbed wire of surveillance not only keeping track of our comings and goings, yet now increasingly wanting to know what we think and feel – the very essence of who we are and share as human beings.

How to send and receive encrypted emails in Windows

Why use encrypted email?

It’s simple: the government is reading your emails. Edward Snowden’s revelations make this a plain truth. If you are not an American citizen it’s a little bit worse, because at least two governments are reading your emails: yours, and the American government.

There are many plugins/addons/guides out there that claim to “encrypt” your email, so that “nobody can read it”. Most of those are nonsense. There is currently only one well-known way of encrypting emails so that only the intended recipient will read them. That is the OpenPGP protocol. So if you’re not using the commercial PGP product, the free GnuPG product, or another well-known product that follows the OpenPGP protocol, your emails can still be read by the government.

But if you’ve been following the news you will wonder “Hang on – if OpenPGP is secure, why did a bunch of prominent Internet security experts like the Silent Circle board decide to shut down their Silent Mail service (which used OpenPGP)?” The answer is that OpenPGP is based on cryptographic keys. And Silent Mail tried to manage your keys for you, which made Silent Circle vulnerable to the law – as the law in most countries states that government agencies can force companies to disclose such secrets.

Therefore, the problem was key concentration. If Silent Circle holds all the keys, the FBI slaps them with a few subpoenas and grabs all of our secret keys. Heck, Silent Circle can not even tell us about it – by law!

So, OpenPGP is still considered trustworthy as a technology – what doesn’t work is concentrating key management, because by law the government can grab all secret keys, which will allow them to read all encrypted emails we’ve sent using those keys.

But what if we just manage our own keys? The government would not legally compel all of its citizens – directly, on a one-by-one basis – to give up their secrets. That would be much less politically palatable than a program like PRISM, where they just suck out the data from our service providers (Google, Yahoo!, Microsoft, Apple etc).

Using OpenPGP and managing our own keys, then, is the best we can do right now. Let me show you how.

Note: This tutorial will focus on making using encrypted emails as easy as possible. We will propose settings that are optimised for convenience, not security. If you are a journalist, an activist, a politician or anyone who needs a setup as secure as possible, let me know in the comments and I will propose more secure but inevitably slightly less convenient settings.

Setting up encrypted email

For this example, I will use a free Gmail account and setup access from my Windows 7 computer. Note that this method is not Gmail specific. It will work for any email account out there.

Get GnuPG

Installing GnuPG will allow your email program to encrypt your emails.

  1. Download Gpg4win from http://gpg4win.org/download.html
  2. Run the gpg4win-(version).exe installer to install the software, ensuring that GPA is selected for installation as well:
    00 - ensure GPA is installed

Get Thunderbird

Thunderbird is the email application we will use to send and receive emails. We can’t just use GMail’s webpage for encrypted emails – it will become cumbersome in the long run.

  1. Download Thunderbird from https://www.mozilla.org/thunderbird
  2. Run “Thunderbird Setup (version).exe” to install Thunderbird on your computer.

Connect Thunderbird with your email account

As soon as setup is finished and Thunderbird launches, you are asked whether you’d like a new email address. Let’s skip this for now and go with your existing email address.

02 TB first run - new mail address

(For this example I will use the Gmail account jdoe18293@gmail.com)

Fill in your name, email address and Gmail password.

03 TB account details

Thunderbird checks for the settings of your email provider

04 looking up ISP DB

…and, in the case of a well-known service as Gmail, finds the right settings:

05 found ISP DB

If everything works and the dialog disapears with no errors, great. If not, verify that whichever access method you choose (POP or IMAP), is supported and enabled for your account. For our example (Gmail), follow these instructions to enable IMAP.

If you see the following window, with your email account on the top left, you have configured Thunderbird correctly. Congratulations!

06 TB first run page

Get the encryption addon (EnigMail)

Click on the “menu” icon on the top right and then “Addons“.

07 getting to addons

Search for “enigmail” and install the addon.

08 finding enigmail

Click on “Restart Now” – this will only restart Thunderbird, not your computer.

10 thunderbird restart required

After Thunderbird has restarted, close the Add Ons tab – you’re done with this.

11 after addons installation and restart need to close tab

Create your encryption keys

Go to Options -> OpenPGP -> Setup Wizard

12 openpgp menu enigmail setup wizard

Go through the wizard, adjusting only the following settings:

In the “Signing” step of the wizard choose “No, I want to create per-recipient rules for emails that need to be signed“.

14 - do not sign by default

In the “No OpenPGP Key Found” step of the wizard choose “I want to create a new key pair for signing and encrypting my email

17 create new keypair

In the “Create Key” step, choose the passphrase that will be required to read or send encrypted emails.

Note: Choose something that is easy to type and not too long. (remember, we’re optimising for usability here)

Good passphrase: “This is my favourite song!”

Bad passphrase: 9x$Z4;Fq (why?)

18 assign passphrase

When the wizard completes, you will be prompted to generate a revocation certificate. This is a good idea – it’s like an insurance policy for when you lose your key:

20 generate revocation cert prompt

Save this file on your Desktop for now – you can decide where to store it permanently (away from your computer! – e.g. on a CDROM or a USB stick you keep in a safe place) later.

21 save rev cert somewhere safe

Your passphrase is needed to generate the revocation certificate:

22 - need passphrase

… at which point you are done!

Congratulations, you have created cryptographic keys and setup your email program to use them!

Sending email

You can only exchange encrypted emails with people who also use OpenPGP. Before you can send people encrypted email, you need to make your public key available to the world, otherwise your recipients will not be able to read your emails.

Publishing your public key

Open Thunderbird and click on its “options” button. Then OpenPGP -> Key Management.

01 - key management

Tick “Display All Keys by Default”:

02 display all keys

Now click on your name (John Doe) to select your keys and go to Keyserver -> Upload Public Keys

03 upload public keys

In the next prompt just click OK:

04 upload to pool

Congratulations – you have published your public keys on the keyservers. Now anyone using OpenPGP can send you encrypted and signed email, and people can read the encrypted emails you send them!

Sending your first encrypted email

Let’s email our friend Bob. He also has a Gmail account and his Gmail address is anon7889@gmail.com

To start composing a new message in Thunderbird you click the “Write” button:

05 hit write button

This brings up a new email window, where you can address and type your message.

07 - composed new message to recipient

Notice the pen and the key icons in the lower right corner? They are greyed-out, i.e. inactive, i.e. you are currently not signing (pen) or encrypting (key) your message.

Let’s click on the key icon to enable message encryption – the icon becomes colourful (gold), which means encryption has been activated:

08 - message marked to be encrypted

Let’s attempt to send this message – click the “Send” button. You have just asked Thunderbird to encrypt this message for Bob (anon7889@gmail.com) – but Thunderbird hasn’t got Bob’s public key! And this is how public key encryption works – you need to have people’s public keys before you can encrypt stuff for them – and only them – to read. Therefore, Thunderbird complains that your recipient has not been found (in your OpenPGP keyring):

09 recipients not found

Click “Download missing keys” to look for Bob’s key on the keyservers – dedicated computers that host people’s keys.

10 import public key from keyserver

Just hit OK to allow Thunderbird to look for Bob’s public key online.

And lo! Bob’s public key is there. Just tick it and click OK to import Bob’s key on your keyring. You only need to do this once.

11 found public keys

If all went well, Thunderbird lets you know the import was successful:

12 import success

Great, now you have Bob’s key. You have a new greyed-out line with Bob’s email address. Tick the box of that line and click on “Create per-recipient rule(s)“.

13 got key

Here you will tell Thunderbird to always use this key to sign and encrypt your emails to Bob.

Click on “Select Key(s)…“:

14 create recipoient rule

…and make sure the line with Bob’s address is selected before clicking OK:

15 select key (preselected) for rule

Now tell Thunderbird to always sign and encrypt your messages to Bob by changing these fields to “Always“:

tb_defaults

Clicking “OK” closes this window and immediately prompts you for your passphrase, as you’re just about to cryptographically sign a message to somebody – that requires access to your secret key, which can only be accessed with the passphrase you setup earlier:

17 prompted for passphrase

As soon as you hit “OK” with that passphrase – oh my! Look at all this gibberish – that’s encrypted text, otherwise called “ciphertext”. This is what the spooks will now see. This is what Google will store. This is what Bob will see as well, but because he has the right private key, he will be able to decrypt this ciphertext into your plaintext email message.

See, it doesn’t matter that Google and the spooks can still read your email, because now it looks like gibberish, and it can only be decrypted and read by your intended recipients (in this case, Bob). You can use this method to communicate in private with anyone in the world, as long as they use OpenPGP too.

ciphertext

Congratulations! You have just sent you first cryptographically signed and encrypted message, using the most robust encryption technology known to mankind: OpenPGP.

Sending your second, third… 1000’th email

Things are much simpler now that you’ve done all the hard work in advance. All you need to do is compose an email to Bob. Thunderbird will automatically sign and encrypt your message with the right key, so that only Bob can read it. Pretty slick.

18 second email - pre-selected encrypt + sign

Notice the blue “+” next to the pen and the key? That means your message to Bob will be automatically

  • signed – so that Bob knows the message came from you and it has not been altered in any way) and
  • encrypted – so that no one else but Bob can read its contents.

Enjoy your private chats with Bob!

Receiving email

Receiving OpenPGP encrypted email is not a problem – you just need to provide your passphrase and you will be able to read the message.

False claims by Avast! antivirus

It’s particularly disturbing when products that are supposed to protect you, actually mislead you into a false sense of safety, hence endangering you.

Take this bold claim by the otherwise quite good free antivirus software Avast!

avast claims

Here, Avast! directly claim that nobody can listen in on your Voice over IP (VoIP) calls (like Skype or Viber) if you use the Avast! VPN service.

This is patently false.

There is absolutely no way of stopping the government from getting the content of your VoIP calls directly from Microsoft (Skype), or Viber themselves.

All a VPN (Virtual Private Network) service can achieve is thinly disguise your physical location when you connect to the Internet.

Advanced networking with QubesOS: VPN proxyVM

According to http://theinvisiblethings.blogspot.co.uk/2011/09/playing-with-qubes-networking-for-fun.html we can setup multiple ways for our AppVMs to reach the Internet.

AppVMs can:

  • have direct access to the Internet
  • be forced to go through a Tor proxy, tunnelling all their traffic through the Tor network
  • be forced to go through a VPN proxy, tunnelling all their traffic through the VPN.

The beauty of this setup is that once we have our proxyVMs setup, we don’t need to worry about the configuration of any network-level data leaks of the AppVMs that use the proxies.

Example: setting up a Tor proxyVM and then assigning this as the netvm of 5 different AppVMs will force all network traffic from all 5 AppVMs through the Tor network, with no configuration/awareness in the AppVMs themselves! This setup is covered quite well already in http://qubes-os.org/trac/wiki/UserDoc/TorVM

Creating the setup

How to setup a “workvpn” proxyVM that allows us to tunnel any “work” related AppVMs we have through work’s (in this case Cisco) VPN gateway as shown here:

QubesOS advanced network setup

  1. From Qubes Manager: VM -> Create AppVM
  2. Name: workvpn. Select the ProxyVM radio button and OK.
  3. In a couple of seconds your new VM is created. Go to the “K” menu and fire up a terminal in your new workvpn VM.
  4. Create the file vpn.conf with the following contents, substituting your VPN provider’s values:
    Xauth username xxxxxxxxxxxxxxxxxxx
    IPSec gateway xxxxxxxxxxxxx.xxxxxxx.xxx
    IPSec ID xxxxxxxxxxxxxxxxxx
    IPSec secret xxxxxxxxxxxxxxxxxxxx
  5. Create the file start_vpn.sh with the following contents:
    #!/bin/bash
    sudo /usr/sbin/vpnc /home/user/vpn.conf
    sleep 2
    sudo /usr/lib/qubes/qubes_setup_dnat_to_ns
  6. Create the file stop_vpn.sh with the following contents:
    #!/bin/bash
    sudo /usr/sbin/vpnc-disconnect
    sleep 2
    sudo /usr/lib/qubes/qubes_setup_dnat_to_ns
  7. Make both scripts executable:
    chmod +x *.sh
  8. Now tell your work-related AppVMs to use workvpn as their network VM. To do this, right-click on the AppVMs in Qubes VM Manager and select “VM Settings”. In the “Basic” tab ensure that “NetVM” is set to “workvpn”
  9. You’re all set.

Using this setup

When you fire up any of your AppVMs that need to use the VPN, workvpn will automatically start. You will then need to fire up a terminal in workvpn and type

./start_vpn.sh

(of course after the first time you can just hit the “up” arrow and the command will be there for you)
This will connect you to your work’s VPN and allow all AppVMs that use this as their netvm to seamlessly talk to internal work systems, while leaving the rest of your QubesOS AppVMs unaffected, reaching the Internet either directly or through Tor.

The Battle for Your Digital Soul

apapadop:

Silent Circle’s CEO takes a rather optimist view on the state of the cryptowars. If only we could reasonably assume that the all-star team of technologists he mentions are incorruptible by the full weight of the nexus of global government/corporate complex, we should see the sunny side of things too.
Yes, learning at least part of the truth due to Snowden is a reason to celebrate – we now know what is done in our name. But what we have learned is so sobering and matches our most dystopian projections so well, at the same time generating so little outrage around the world, that I still cannot be optimistic about a better future.

Originally posted on Silent Circle Blog:

There have been so many disclosures, revelations and speculations since Snowden fled and the media trickled out one tantalizing slide after the next- that it’s hard not to get overwhelmed. It’s hard not to get angry.

Now that the sheer scope and massive worldwide surveillance of the NSA has come to light over the last few months, it seems as if a veritable cloud of “Privacy Depression” has set in lately among citizens and the technology community at large. Adding to that hot mess is the willing complicity of the tech giants, backbone providers and hardware manufactures. Fuel to the fire.

Yes, there are some feigning outrage, some with true concern, and others calling for heads-on-a-platter while western intelligence agencies and big technology firms hunker down and hope it all goes away. It won’t. It’s only going to get worse for them and the government.

Through the great work of…

View original 1,022 more words