==Phrack Inc.== Volume 0x0f, Issue 0x45, Phile #0x03 of 0x10 |=-----------------------------------------------------------------------=| |=------------------------=[ Phrack World News ]=------------------------=| |=-----------------------------------------------------------------------=| |=-----------------------=[ by the Phrack staff ]=-----------------------=| |=-------------------------=[ staff@phrack.org ]=------------------------=| |=-----------------------------------------------------------------------=| Wow, 4 years have passed! One of the possible positive outcomes of slow- paced releases of Phrack is that Phrack World News gives us the opportunity to look back on a few years worth of happenings and ponder about the bigger picture for a moment. First of all: Snowden. It feels like ages ago now, but, for anyone living under a rock, in 2013 Edward Snowden [1] leveraged his position working at the United States National Security Agency to copy and later leak [2] classified documents on NSA's global surveillance operations. If the very previous issue of PWN [3] prophetically warned about the massification of surveillance as a threat to our civil liberties, the Snowden leaks only proved what hackers and conspiracy theorists had believed and proclaimed for a long time: the US government unlawfully spies on its own citizens as well as everyone else's. While it is probably futile to believe that the social and political reactions to the Snowden leaks have had any meaningful impact on the NSA's operations, the disclosed information is an invaluable resource to validate that governments will go a long way to collect intelligence as broadly and deeply as they can. The leaks have shown that the tactics employed by NSA ranged from the widespread tapping of phone (e.g. voice, SMS) and network traffic to more punctilious methods such as the intercept and tampering of export computer and network equipment to insert spying implants. This does not mean, of course, that we have global surveillance "figured out". In fact, quite to the contrary, it should be expected that many of these techniques have been revamped by now, and that many more are to follow, as a natural step in the continuous endeavor for stealthiness. As such, any effort, technical or otherwise, to safeguard your privacy is more valid than ever. But indeed, it seems that some of the efforts on designing and implementing better crypto systems paid off and governments are starting to have their monitoring and investigative capabilities limited by evolving security. One indication of that is the growing insistence of various nations on the mind -boggling hopelessly insane push for crypto backdoors [4]. The sad and unfortunate wave of terrorism the world has been dealing with is repeatedly and shamelessly used to support the lobbying for less information security. Another (at the moment) ongoing instance of this is the significant dispute between the FBI and Apple [5], which refuses to provide the FBI with a way to bypass the lock screen of a terrorist's (and everyone else's) iPhone. And sure enough the controversies involving governments and information security do not stop there. In the past few years we have seen some nations being more frank about their offensive capabilities [6] or sometimes industry-sourced intelligence [7] combined with publicity on more impactful attacks [8] helped demonstrate that hacking is increasingly a bigger deal for nation-states. All of this action is (or has been posed as) a driving force behind moves such as adding "cyber weapons" to the terms of the Wassenaar agreement [9], an initiative that, if not carefully formulated, will turn out to be not only utterly ineffective but also extremely harmful for the practice of security research and, in consequence, to the progressive development of information security in general. Plus, other recent breaches, such as Gamma [10] and Hacking Team [11], tell us that even government-affiliated organizations are freely operating without respecting UN embargoes and international regulations anyway - ironically, it was hackers and the security community that exposed them, and not law enforcement. So, who is the law working for? Lastly, and with a heart heavier than any of the topics above could ever cause us, Phrack would like to say goodbye to a few illustrious members of our community that have sadly passed away. Since it's been 4 years we are not going to attempt to list out every instance, however we can easily say that as a community we have lost some incredibly talented, charismatic and fantastic people, and we feel the loss greatly. Live free, - The Phrack Staff [1] - https://en.wikipedia.org/wiki/Edward_Snowden [2] - http://www.businessinsider.com/snowden-leaks-timeline-2014-6 [3] - http://phrack.org/issues/68/3.html [4] - http://www.theguardian.com/technology/2015/nov/18/ us-europe-reignite-debate-back-door-encryption-paris-attacks [5] - http://www.wired.com/2016/02/apple-brief-fbi-response-iphone/ [6] - http://www.wired.com/2016/01/ nsa-hacker-chief-explains-how-to-keep-him-out-of-your-system/ [7] - http://www.wired.com/2013/02/chinese-army-linked-to-hacks/ [8] - http://arstechnica.com/security/2015/06/ why-the-biggest-government-hack-ever-got-past-opm-dhs-and-nsa/ [9] - http://blog.erratasec.com/2015/05/some-notes-about-wassenaar.html [10] - http://www.zdnet.com/article/ top-govt-spyware-company-hacked-gammas-finfisher-leaked/ [11] - http://www.wired.com/2015/07/ hacking-team-breach-shows-global-spying-firm-run-amok/ |=[ EOF ]=---------------------------------------------------------------=|