Skip to main content

Posts

Showing posts from 2017

Fern Hill

Fern Hill, by Dylan Thomas
Now as I was young and easy under the apple boughs
About the lilting house and happy as the grass was green,
The night above the dingle starry,
Time let me hail and climb
Golden in the heydays of his eyes,
And honoured among wagons I was prince of the apple towns
And once below a time I lordly had the trees and leaves
Trail with daisies and barley
Down the rivers of the windfall light. 
And as I was green and carefree, famous among the barns
About the happy yard and singing as the farm was home,
In the sun that is young once only,
Time let me play and be
Golden in the mercy of his means,
And green and golden I was huntsman and herdsman, the calves
Sang to my horn, the foxes on the hills barked clear and cold,
And the sabbath rang slowly
In the pebbles of the holy streams. 
All the sun long it was running, it was lovely, the hay
Fields high as the house, the tunes from the chimneys, it was air
And playing, lovely and watery
And fire green as grass.
And nightly unde…

EVR2EST, I don't know if you say "Ever too est" or what

But it refers to Eagle Vision and ROVER Responsive Exploitation of Space Products for Tactical Use

SMDC's EVR2EST, GIIEP quick data supported Super Bowl 50 with situational awareness https://t.co/hAi1h2CsfE — USASMDC/ARSTRAT (@ArmySMDC) February 12, 2016
It's satellite imagery, super-high-resolution, mostly used for situational awareness in disaster relief operations.

Nothing terribly sensitive here, but it's probably not supposed to be accessible this way. Some of the images, even of disasters, are actually beautiful.

This relatively benign product does, however, put the extent of US national technical means in sharp relief.

Take a look at the image below, a "Scene" page with satellite images of a




Imagery  is organized by Scene and Mission pages -- Mission pages contain multiple scene that overlap or are geographically adjacent, for example, the Washington, DC area.

There are three scenes for DC, 2 orthographic regions, shown above as orange-yellow polygons. If …

Light Breaks Where No Sun Shines

Light Breaks Where No Sun Shines


by Dylan Thomas




Light breaks where no sun shines; Where no sea runs, the waters of the heart Push in their tides; And, broken ghosts with glow-worms in their heads, The things of light File through the flesh where no flesh decks the bones. A candle in the thighs Warms youth and seed and burns the seeds of age; Where no seed stirs, The fruit of man unwrinkles in the stars, Bright as a fig; Where no wax is, the candle shows its hairs. Dawn breaks behind the eyes; From poles of skull and toe the windy blood Slides like a sea; Nor fenced, nor staked, the gushers of the sky Spout to the rod Divining in a smile the oil of tears. Night in the sockets rounds, Like some pitch moon, the limit of the globes; Day lights the bone; Where no cold is, the skinning gales unpin The winter’s rob…

Life hack: Save time spying by integrating wiretaps and facial recognition

Patent #9,565,390 B1 was granted February 7, 2017, and it's the best thing to happen to mass surveillance since the people who've done nothing wrong filter.
From the summary: (full text PDFSYSTEMS AND METHODS FOR ENHANCING RECORDED OR INTERCEPTED CALLS USING INFORMATION FROM A FACIAL RECOGNITION ENGINE)
A video stream is received. The video stream can be analyzed in real-time as it is being received or can be recorded and stored for later analysis. Information within the video streams can be extracted and processed by a facial and video content recognition engine and the information derived there from can be stored as metadata. The metadata can be queried for statistical data and/or for business or security analysis.
The metadata can be used to enrich the call content of a recorded or intercepted call. The information derived from the video streams can be used to determine whether or not the call should be recorded.

The inventor is Ofer Shochet of Tel Aviv and the patent is as…

Directory disclosure vulnerability in facial recognition software

There are at least a dozen, most likely many more, Embedded Facial Recognition Systems online on the World Wide Web with a basic software flaw that allows anyone without credentials to browse the /images directory, download log files, and view enrolled images.

I was able to locate the systems on Shodan searching for - html:facial html:recognition html:embedded country:"US" - and once on the log-in pages, simply inspecting the page source revealed the path to the background image.








Navigating one directory up revealed the directory listing, and I was able to navigate to the folder "logs" and download .bmp files of faces enrolled in the system, as well as system files.



It's probably none of my business but I'm one of those people who needs to know what the fuck pic.twitter.com/F453dsf67x — Kenneth Lipp (@kennethlipp) May 6, 2017 Many of the systems seem to be on dedicated IP blocks (inferred from searching Shodan for the IP's ASN, net:"xx.xx.xx.0/24&…

Ranger and Bonker , Predator Drones

Update:
Okay, so that drone video? It was from February, most likely...and it's on a demo server for a DOD supplier. Security through obscurity. — Sean Gallagher 📦🐭 (@thepacketrat) May 5, 2017
You can see the wakes of small boats like a formation of contrails from thousands of feet above -- the next moment the screen flashes and there's a jet-skier astride a bouncing craft leaving behind it a rivulet of foam.

As of noon today this full motion video, FMV, feeding from a camera aboard a MQ-1 Predator circling Choctawhatchee Bay in the Gulf of Mexico, was accessible to anyone with the IP address. The webpage exclaims "Welcome to FMV!" next to three agency logos, the National Reconnaissance Office, the Aerospace Data Facility-East, and the Washington Innovation Center of the Combat Information Center.

Yester'eve as I agoogle browsed, and did see what fish would bite on Shodan, as is my wont, I searched the latter for three letters and ended up watching jet-skiers …

JFC

The passwords to access the National Guard online GEOINT platform for three exercises planned in 2017  - Ardent Sentry, Vibrant Response, and Vital Archer - were uploaded in a presentation on a Sharepoint site, and indexed by Google.

APAN is a Sharepoint platform used by the military and NGOs (I've written about it here)
They just can't button this Sharepoint down, most links now redirect to login, but even new docs are still being cached by Google pic.twitter.com/pcbPTHQf53 — Kenneth Lipp (@kennethlipp) April 22, 2017 Since my tweet yesterday Google has removed the page from its cache.

Who will help me bake this bread

UPDATE:

Had to

/UPDATE

I've been doing this for a long, long time -- Googling, more or less, that is, searching the internet for documents, mostly about surveillance and public safety, but really covering a broad range of subjects. Sometimes when you're experimenting with a search you don't have subject-matter in mind at all, or rather, subject matter isn't reflected in any key words.
Having done this for double-long, time-wise, I have collected easily terabytes of data, and probably currently have 1 TB of this material on my machines -- perhaps 50 gigabytes is of use or interest, after removing repeats and garbage files.
Some of it is pretty sensitive, some I know is classified, and there remain many whole directory trees that may contain Top Secret information for all I know, I have not gotten around to parsing the corpus.
I've already posted an invitation to researchers of all stripes to dig in to the documents -- I know some of this is important, and I can'…

Modern 9-11 Systems are a Real-Time Surveillance Bonanza. Bonanaza

Tower triangulation is old news. Law enforcement can now receive real time updates on your near exact coordinates via email with various carrier technologies like NELOS, PCMD, and RTT, all thanks to next generation 9-11 services.
The above image is an alert sent by AT&T of subscriber data from a serving mobile location center, SMLC. AT&T's technology is called NELOS, Network Event LOcation Service.
PCMD, Per Call Data Measurement, is Sprint's method of providing approximate GPS location to law enforcement, and Verizon has the Real Time Tool, RTT (not to be confused with Round Trip Time, a measurement used in cell tower triangulation). Handy quick reference here.
This cellular spiderweb was created to allow service providers to locate 9-11 callers using mobile phones. 
But, as described in a product guide for the Pen-link call intercept software, "instead of delivering the data to a call center, the carrier delivers the data to the requesting law enforcement agency…

Invitation to Dig - Defense and Intelligence Contractors

I've been collecting documents for about 5 years now, I have more information of public interest in my possession than I can ever personally parse let alone publish on, and I want to share the corpus with interested researchers, journalists, and transparency enthusiasts.
To begin I'll be sharing a large, partially-structured directory of contracting documents from two multi-million dollar vendors to the Pentagon, DHS, and other government firms(Stanley, Excalibur). The documents vary in nature from printed internet bid pages to spreadsheets containing names and passwords for various industry and government portals.

I've browsed the directory and written on a few items, but I can't describe its total contents well because I just haven't gotten around to looking through all of it.

Anyone interested in perusing the files -- the directory can be viewed in the image above so that one can get a sense of the contents -- comment here or email kenneth@networkedinference.com



Cellular Data Analysis - This goes out to you, and you, and you

This presentation on cell phone data analysis is very detailed - a few items included by the presenter are trade secrets.
Throw your AT&T smartphone into the ocean - reveals your location much more accurately than tower triangulation (feet as opposed to miles). pic.twitter.com/siagkkkHqE — Kenneth Lipp (@kennethlipp) March 22, 2017 I exported the PPT as a video, which I'll be doing much more of, and given this year's obvious significance, set the clip to Kick in the Door by the Notorious B.I.G.

In shootouts, stay low and keep firing.


NY-Bulgarian IMSI Catching -- Our mom wouldn't buy us a Stingray

This post is mostly a document dump, around 100 files from two domains -- Secintel.com and the even more low-key Cellularintercept.com, both of which are owned by HSS Development.

HSS Development Inc, of White Plains, New York, London, and Sofia, Bulgaria "manufactures and provides Engineered System Solutions for Government groups and Law Enforcement Agencies
through strategic partners [my emphasis for later] in the areas of Security and Surveillance," according to the company's organization profile.

Moody's and D&B list only two company principals, Executive Director Chris Decker and
"Homeland Security Strategies Maggie Ward"  [no position].

However, if you download all of the documents from the two websites and extract/analyze the metadata, you find several more names, Decker and Ward are missing.



The profile says HSS specializes in "designing as well as consulting on security technology solutions, with an analytical approach to problem solving o…

Somebody help me figure out WTF this is

I'm not sure what to think of this -- it's too remarkable to ignore but I'm at an impasse after a few weeks of occasional digging, I'm hoping you gentle and wise citizens can help me track it down.
Mete Akinci is a Turkish political strategist, and according to the website of the Moravian Aerospace Cluster, owner and CEO of Trizub Consultancy and Strategies, LLC, of Ukraine, "Partners Official US Mil Adviser to TRUMP TEAM (Candidate Adviser to Donald J. TRUMP)."



A number for Akinci is the same as a business of that name registered in Kyiv
Both an Ahmet and Mete Akinci are named as principals of a company registered in the UK, APM Consultancy and Services, Ltd. 
​"TRIZUB" also spelled TRYZUB (translates 'trident') is a far right Ukrainian paramilitary faction that now makes up, with others, the Pravy Sektor, the Right Sector, the main anti-Euro force behind the Kyiv revolt. The trident is also common in Ukrainian iconography - a trident is …

Your Data Footprint Flying into the United States

This is where data for each passenger flying to the United States on KLM Royal Dutch Airlines is sent prior to entry.

virtuallythere.com

travelport.com

checkmytrip.com

Amadeus Revenue Integrity

ARC

ResMon

ATS-P

APIS

ESTA

TSDB

TECS

BPETS

No-fly list

Expanded Selectee List

Selectee List

DNBL

CCD

DHS Watchlist Service

EID III

NIIS

SEACATS

ADIS

BCI

klm.com

GES

COP

CEAC

ENFORCE

SEVIS

ACE

ACS

AES

SSA

eGIS

IDENT

NICB

TSA Pre√ list

TSA Pre√ disqualification list

TSA Pre√ risk assessments

Operation Stonegarden, Strong Safety, Border Star, Secure Texas...Crystal Taco....

The Texas border with Mexico is the largest of any state’s and sees a commensurate number of illegal northbound crossings.
The state of Texas is by no means under blanket coverage, its expanses are simply too vast, but it does host an extensive multilayered network of surveillance and security infrastructure, and local law enforcement conducts multiple ongoing operations with federal and DoD partners for surveillance, interdiction, and border enforcement. Texas has Operations! Rio Grande sector has overwhelming majority of Texas crossings -- Stonegarden, + other Ops, Secure Texas, Border Star pic.twitter.com/fbvLLXCeyu — Kenneth Lipp (@kennethlipp) February 23, 2017
Operation Stonegarden, which funds border security initiatives in all US states with international borders
'07: 28 immigrants in Chaparral, NM, including 11 schoolchildren, detained in 1 day of Operation Stonegarden; local nuns offered sanctuary. pic.twitter.com/3tI49QAdoO — Kenneth Lipp (@kennethlipp) February 22, 20…