Skip to main content

Posts

Showing posts from May, 2017

The Sentry Federation -- Bowling for Hawala, is the title I'm sticking with

Project Sentry is a counterterrorism data-mining application used in Afghanistan, this is an ongoing series on the program. This post is just about the software and basic identification of the users, next post we'll get into the kill list. Things added to things, as statistics, civil history, are inventories. Things used as language are inexhaustibly attractive. - Ralph Waldo Emerson,  Representative Men The Sentry Federation The SENTRY project was developed to suit the data ingestion needs of a number of US and international agencies. The main US entities are the DoD, DEA, and Treasury Department, and included are international members of the ISAF in Afghanistan, as well as the Israeli Defence Force -- all stakeholders in the Afghanistan Terror Finance Cell, ATFC. The variety of data sources as well as diverse needs of the ATFC consumers presented a special problem The cell analysts, located in Kabul and Baghram had to "manually manipulate the raw intel...

Life hack: Save time spying by integrating wiretaps and facial recognition

Patent #9,565,390 B1 was granted February 7, 2017, and it's the best thing to happen to mass surveillance since the people who've done nothing wrong filter. From the summary: (full text PDF ,  SYSTEMS AND METHODS FOR ENHANCING RECORDED OR INTERCEPTED CALLS USING INFORMATION FROM A FACIAL RECOGNITION ENGINE ) A video stream is received. The video stream can be analyzed in real-time as it is being received or can be recorded and stored for later analysis. Information within the video streams can be extracted and processed by a facial and video content recognition engine and the information derived there from can be stored as metadata. The metadata can be queried for statistical data and/or for business or security analysis. The metadata can be used to enrich the call content of a recorded or intercepted call. The information derived from the video streams can be used to determine whether or not the call should be recorded. The inventor is Ofer Shochet of Tel A...

Directory disclosure vulnerability in facial recognition software

There are at least a dozen, most likely many more, Embedded Facial Recognition Systems online on the World Wide Web with a basic software flaw that allows anyone without credentials to browse the /images directory, download log files, and view enrolled images. I was able to locate the systems on Shodan searching for - html:facial html:recognition html:embedded country:"US" - and once on the log-in pages, simply inspecting the page source revealed the path to the background image. Navigating one directory up revealed the directory listing, and I was able to navigate to the folder "logs" and download .bmp files of faces enrolled in the system, as well as system files. It's probably none of my business but I'm one of those people who needs to know what the fuck pic.twitter.com/F453dsf67x — Kenneth Lipp (@kennethlipp) May 6, 2017 Many of the systems seem to be on dedicated IP blocks (inferred from searching Shodan for the IP's AS...

Ranger and Bonker , Predator Drones

Update: Okay, so that drone video? It was from February, most likely...and it's on a demo server for a DOD supplier. Security through obscurity. — Sean Gallagher 📦🐭 (@thepacketrat) May 5, 2017 You can see the wakes of small boats like a formation of contrails from thousands of feet above -- the next moment the screen flashes and there's a jet-skier astride a bouncing craft leaving behind it a rivulet of foam. As of noon today this full motion video, FMV, feeding from a camera aboard a MQ-1 Predator circling Choctawhatchee Bay in the Gulf of Mexico, was accessible to anyone with the IP address. The webpage exclaims "Welcome to FMV!" next to three agency logos, the National Reconnaissance Office, the Aerospace Data Facility-East, and the Washington Innovation Center of the Combat Information Center. Yester'eve as I agoogle browsed, and did see what fish would bite on Shodan, as is my wont, I searched the latter for three letters and ended up watching...