Skip to main content


Showing posts from 2017

Fern Hill

Fern Hill, by Dylan Thomas Now as I was young and easy under the apple boughs About the lilting house and happy as the grass was green, The night above the dingle starry, Time let me hail and climb Golden in the heydays of his eyes, And honoured among wagons I was prince of the apple towns And once below a time I lordly had the trees and leaves Trail with daisies and barley Down the rivers of the windfall light.  And as I was green and carefree, famous among the barns About the happy yard and singing as the farm was home, In the sun that is young once only, Time let me play and be Golden in the mercy of his means, And green and golden I was huntsman and herdsman, the calves Sang to my horn, the foxes on the hills barked clear and cold, And the sabbath rang slowly In the pebbles of the holy streams.  All the sun long it was running, it was lovely, the hay Fields high as the house, the tunes from the chimneys, it was air And playing, lovely and watery And fire gr

EVR2EST, I don't know if you say "Ever too est" or what

But it refers to Eagle Vision and ROVER Responsive Exploitation of Space Products for Tactical Use SMDC's EVR2EST, GIIEP quick data supported Super Bowl 50 with situational awareness — USASMDC/ARSTRAT (@ArmySMDC) February 12, 2016 It's satellite imagery, super-high-resolution, mostly used for situational awareness in disaster relief operations. Nothing terribly sensitive here, but it's probably not supposed to be accessible this way. Some of the images, even of disasters, are actually beautiful. This relatively benign product does, however, put the extent of US national technical means in sharp relief. Take a look at the image below, a "Scene" page with satellite images of a Imagery  is organized by Scene and Mission pages -- Mission pages contain multiple scene that overlap or are geographically adjacent, for example, the Washington, DC area. There are three scenes for DC, 2 orthographic regions, shown above as or

Light Breaks Where No Sun Shines

Light Breaks Where No Sun Shines by Dylan Thomas Light breaks where no sun shines; Where no sea runs, the waters of the heart Push in their tides; And, broken ghosts with glow-worms in their heads, The things of light File through the flesh where no flesh decks the bones. A candle in the thighs Warms youth and seed and burns the seeds of age; Where no seed stirs, The fruit of man unwrinkles in the stars, Bright as a fig; Where no wax is, the candle shows its hairs. Dawn breaks behind the eyes; From poles of skull and toe the windy blood Slides like a sea; Nor fenced, nor staked, the gushers of the sky Spout to the rod Divining in a smile the oil of tears. Night in the sockets rounds, Like some pitch moon, the limit of the globes; Day lights the bone; Where no cold is, the skinni

The Sentry Federation -- Bowling for Hawala, is the title I'm sticking with

Project Sentry is a counterterrorism data-mining application used in Afghanistan, this is an ongoing series on the program. This post is just about the software and basic identification of the users, next post we'll get into the kill list. Things added to things, as statistics, civil history, are inventories. Things used as language are inexhaustibly attractive. - Ralph Waldo Emerson,  Representative Men The Sentry Federation The SENTRY project was developed to suit the data ingestion needs of a number of US and international agencies. The main US entities are the DoD, DEA, and Treasury Department, and included are international members of the ISAF in Afghanistan, as well as the Israeli Defence Force -- all stakeholders in the Afghanistan Terror Finance Cell, ATFC. The variety of data sources as well as diverse needs of the ATFC consumers presented a special problem The cell analysts, located in Kabul and Baghram had to "manually manipulate the raw intel

Life hack: Save time spying by integrating wiretaps and facial recognition

Patent #9,565,390 B1 was granted February 7, 2017, and it's the best thing to happen to mass surveillance since the people who've done nothing wrong filter. From the summary: (full text PDF ,  SYSTEMS AND METHODS FOR ENHANCING RECORDED OR INTERCEPTED CALLS USING INFORMATION FROM A FACIAL RECOGNITION ENGINE ) A video stream is received. The video stream can be analyzed in real-time as it is being received or can be recorded and stored for later analysis. Information within the video streams can be extracted and processed by a facial and video content recognition engine and the information derived there from can be stored as metadata. The metadata can be queried for statistical data and/or for business or security analysis. The metadata can be used to enrich the call content of a recorded or intercepted call. The information derived from the video streams can be used to determine whether or not the call should be recorded. The inventor is Ofer Shochet of Tel A

Directory disclosure vulnerability in facial recognition software

There are at least a dozen, most likely many more, Embedded Facial Recognition Systems online on the World Wide Web with a basic software flaw that allows anyone without credentials to browse the /images directory, download log files, and view enrolled images. I was able to locate the systems on Shodan searching for - html:facial html:recognition html:embedded country:"US" - and once on the log-in pages, simply inspecting the page source revealed the path to the background image. Navigating one directory up revealed the directory listing, and I was able to navigate to the folder "logs" and download .bmp files of faces enrolled in the system, as well as system files. It's probably none of my business but I'm one of those people who needs to know what the fuck — Kenneth Lipp (@kennethlipp) May 6, 2017 Many of the systems seem to be on dedicated IP blocks (inferred from searching Shodan for the IP's AS

Ranger and Bonker , Predator Drones

Update: Okay, so that drone video? It was from February, most likely...and it's on a demo server for a DOD supplier. Security through obscurity. — Sean Gallagher 📦🐭 (@thepacketrat) May 5, 2017 You can see the wakes of small boats like a formation of contrails from thousands of feet above -- the next moment the screen flashes and there's a jet-skier astride a bouncing craft leaving behind it a rivulet of foam. As of noon today this full motion video, FMV, feeding from a camera aboard a MQ-1 Predator circling Choctawhatchee Bay in the Gulf of Mexico, was accessible to anyone with the IP address. The webpage exclaims "Welcome to FMV!" next to three agency logos, the National Reconnaissance Office, the Aerospace Data Facility-East, and the Washington Innovation Center of the Combat Information Center. Yester'eve as I agoogle browsed, and did see what fish would bite on Shodan, as is my wont, I searched the latter for three letters and ended up watching


The passwords to access the National Guard online GEOINT platform for three exercises planned in 2017  - Ardent Sentry, Vibrant Response, and Vital Archer - were uploaded in a presentation on a Sharepoint site, and indexed by Google. APAN is a Sharepoint platform used by the military and NGOs (I've written about it here) They just can't button this Sharepoint down, most links now redirect to login, but even new docs are still being cached by Google — Kenneth Lipp (@kennethlipp) April 22, 2017 Since my tweet yesterday Google has removed the page from its cache.

Who will help me bake this bread

UPDATE: Had to /UPDATE I've been doing this for a long, long time -- Googling, more or less, that is, searching the internet for documents, mostly about surveillance and public safety, but really covering a broad range of subjects. Sometimes when you're experimenting with a search you don't have subject-matter in mind at all, or rather, subject matter isn't reflected in any key words. Having done this for double-long, time-wise, I have collected easily terabytes of data, and probably currently have 1 TB of this material on my machines -- perhaps 50 gigabytes is of use or interest, after removing repeats and garbage files. Some of it is pretty sensitive, some I know is classified, and there remain many whole directory trees that may contain Top Secret information for all I know, I have not gotten around to parsing the corpus. I've already posted an invitation to researchers of all stripes to dig in to the documents -- I know some of this is im

Modern 9-11 Systems are a Real-Time Surveillance Bonanza. Bonanza

Tower triangulation is old news. Law enforcement can now receive real time updates on your near exact coordinates via email with various carrier technologies like NELOS, PCMD, and RTT, all thanks to next generation 9-11 services. The above image is an alert sent by AT&T of subscriber data from a serving mobile location center, SMLC. AT&T's technology is called NELOS , Network Event LOcation Service. PCMD , Per Call Data Measurement, is Sprint's method of providing approximate GPS location to law enforcement, and Verizon has the Real Time Tool, RTT (not to be confused with Round Trip Time, a measurement used in cell tower triangulation). Handy quick reference here. This cellular spiderweb was created to allow service providers to locate 9-11 callers using mobile phones.  But, as described in a product guide for the Pen-link call intercept software, "instead of delivering the data to a call center, the carrier delivers the data to the requesting

Invitation to Dig - Defense and Intelligence Contractors

I've been collecting documents for about 5 years now, I have more information of public interest in my possession than I can ever personally parse let alone publish on, and I want to share the corpus with interested researchers, journalists, and transparency enthusiasts. To begin I'll be sharing a large, partially-structured directory of contracting documents from two multi-million dollar vendors to the Pentagon, DHS, and other government firms(Stanley, Excalibur). The documents vary in nature from printed internet bid pages to spreadsheets containing names and passwords for various industry and government portals. I've browsed the directory and written on a few items, but I can't describe its total contents well because I just haven't gotten around to looking through all of it. Anyone interested in perusing the files -- the directory can be viewed in the image above so that one can get a sense of the contents -- comment here or email kenneth@networkedinferen

Cellular Data Analysis - This goes out to you, and you, and you

This presentation on cell phone data analysis is very detailed - a few items included by the presenter are trade secrets. Throw your AT&T smartphone into the ocean - reveals your location much more accurately than tower triangulation (feet as opposed to miles). — Kenneth Lipp (@kennethlipp) March 22, 2017 I exported the PPT as a video, which I'll be doing much more of, and given this year's obvious significance, set the clip to Kick in the Door by the Notorious B.I.G. In shootouts, stay low and keep firing.

NY-Bulgarian IMSI Catching -- Our mom wouldn't buy us a Stingray

Actual patent This post is mostly a document dump, around 100 files from two domains -- and the even more low-key, both of which are owned by HSS Development. HSS Development Inc, of White Plains, New York, London, and Sofia, Bulgaria "manufactures and provides Engineered System Solutions for Government groups and Law Enforcement Agencies through strategic partners [my emphasis for later] in the areas of Security and Surveillance," according to the company's organization profile. Moody's and D&B list only two company principals, Executive Director Chris Decker and "Homeland Security Strategies Maggie Ward"  [no position]. However, if you download all of the documents from the two websites and extract/analyze the metadata, you find several more names, Decker and Ward are missing. The profile says HSS specializes in "designing as well as consulting on security technology solutions, with an analyt

Somebody help me figure out WTF this is

I'm not sure what to think of this -- it's too remarkable to ignore but I'm at an impasse after a few weeks of occasional digging, I'm hoping you gentle and wise citizens can help me track it down. Mete Akinci is a Turkish political strategist, and according to the website of the Moravian Aerospace Cluster , owner and CEO of Trizub Consultancy and Strategies, LLC, of Ukraine, "Partners Official US Mil Adviser to TRUMP TEAM (Candidate Adviser to Donald J. TRUMP)." A number for Akinci is the same as a business of that name registered in Kyiv .  Both an Ahmet and Mete Akinci are named as principals of a company registered in the UK, APM Consultancy and Services, Ltd.  ​"TRIZUB" also spelled TRYZUB (translates 'trident') is a far right Ukrainian paramilitary faction that now makes up, with others, the Pravy Sektor, the Right Sector, the main anti-Euro force behind the Kyiv revolt. The trident is also common in Ukrain

Your Data Footprint Flying into the United States

This is where data for each passenger flying to the United States on KLM Royal Dutch Airlines is sent prior to entry. Amadeus Revenue Integrity ARC ResMon ATS-P APIS ESTA TSDB TECS BPETS No-fly list Expanded Selectee List Selectee List DNBL CCD DHS Watchlist Service EID III NIIS SEACATS ADIS BCI GES COP CEAC ENFORCE SEVIS ACE ACS AES SSA eGIS IDENT NICB TSA Pre√ list TSA Pre√ disqualification list TSA Pre√ risk assessments

Operation Stonegarden, Strong Safety, Border Star, Secure Texas...Crystal Taco....

Page 4   Texas Regional Advisory Council, 29 April 2016 The Texas border with Mexico is the largest of any state’s and sees a commensurate number of illegal northbound crossings. The state of Texas is by no means under blanket coverage, its expanses are simply too vast, but it does host an extensive multilayered network of surveillance and security infrastructure, and local law enforcement conducts multiple ongoing operations with federal and DoD partners for surveillance, interdiction, and border enforcement. Texas has Operations! Rio Grande sector has overwhelming majority of Texas crossings -- Stonegarden, + other Ops, Secure Texas, Border Star — Kenneth Lipp (@kennethlipp) February 23, 2017 Operation Stonegarden, which funds border security initiatives in all US states with international borders '07: 28 immigrants in Chaparral, NM, including 11 schoolchildren, detained in 1 day of Operation Stonegarden; local nuns offered sanctuar