lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 9 Aug 2012 07:36:11 -0400
From: j f <jf@...co.net>
To: dailydave@...ts.immunityinc.com, full-disclosure@...ts.grok.org.uk
Cc: michael.maness@...axasapps.com, dan.botsch@...axasapps.com,
	jeff.nielsen@...axasapps.com
Subject: Fwd: [TSCM-L] {6221} Domain Awareness System

While this is slightly OT, I'm sure many readers would find it interesting.
Two emails; overview in the first, a bunch of copy/pastes of stratfor
emails in the second. Cheers.


---------- Forwarded message ----------
From: Justin Ferguson <jnferguson@...il.com>
Date: Thu, Aug 9, 2012 at 7:29 AM
Subject: Re: [TSCM-L] {6221} Domain Awareness System
To: tscm-l2006@...glegroups.com
Cc: michael.maness@...axasapps.com, dan.botsch@...axasapps.com,
jeff.nielsen@...axasapps.com


Ah, I forgot a couple details & had some typos; when I said "Ottawa
and Canada", I meant Ottawa and London. I totally forget Austin, et
cetera.

Here's a bunch of links to copy/pastes from stratfor emails detailing
a lot of what I had to say in the prior email. There's like 10+ pages
of hits in the stratfor dumps, so it's not all of it, just what I had
bookmarked while reading into it some.

Cheers.

http://privatepaste.com/c56f6848d2/trapwireCentralizedDatabaseMGMGrandLinkedSystemEtc
centralized database, vegas hotels, linked sites, etc
http://privatepaste.com/e5b7f4a21d/trapwireNYC - NYC circa 2010
http://privatepaste.com/a9bc9274ea/trapwireAustin - Austin
http://privatepaste.com/04eaef4343/trapwireEveryHVTUSCANUK - note the
last paragraph
http://privatepaste.com/90198aa545/trapwireTexasBorder - Texas border circa
2009
http://privatepaste.com/568f0a512a/trapwireWalkTheCatBack - Talking
about images to analyze and walking the cat back
http://privatepaste.com/318e0e652b/trapwireHVTCitizens - Trapwire for
certain citizens that are important, but not USSS important
http://privatepaste.com/670091f5b0/trapwireLondonStockExchange -
London Stock Exchange
http://privatepaste.com/b62ceaf254/trapwireNYCDCVegasLondonOttawaLA -
NYC, DC, Vegas, London, Ottawa, LA
http://privatepaste.com/fba46e24ca/trapwireAustinDPSAllocated1Point8M
- 1.8M for trapwire & equipment from Austin DPS
http://privatepaste.com/caf299c230/trapwireOnDesksOfUSSSMI5LAPDRCMPNYPD
- trapwire on the desks of USSS CP, MI5, RCMP, LAPD CT, NYPD CT
http://privatepaste.com/5a71bac416/trapwireDCMetroNationalParkPoliceEtc
- trapwire DC metro, National Park Police, etc
http://privatepaste.com/e6031c14f6/trapwireLAPD - trapwire LAPD as a
prototype
http://privatepaste.com/febefa287f/trapwirePentagonArmyUSMCNavy -
trapwire Army, Pentagon, USMC, Navy
http://privatepaste.com/58a60bff35/trapwireNSIFBIFtMeadeSevenYears -
Trapwire 7 years circa 2011, National SAR Initiative (NSI), FBIs
eGuardian, Ft. Meade, etc
http://privatepaste.com/f7b7ac02ab/trapwireAmtrackDHSFusionCenters -
Amtrack, DHS fusion centers, DC Metro
http://privatepaste.com/7add918e4c/trapwireBehaviorPatternsToIdentifySurveillance
- "TrapWire is a technology solution predicated upon behavior patterns
in red
zones to identify surveillance. It helps you connect the dots over
time and distance.

http://privatepaste.com/d503851f0c/trapwireSalesforceGoogleDHSInstitute
- salesforce, google, DHS institute
http://privatepaste.com/626712c0fa/trapwireNigerianPresidentialPalace
- Nigerian Presidential Palace
http://privatepaste.com/bf0a0abf67/trapwireScotlandYardDowningWhiteHouseWalMartDell
- Scotland Yard, 10 Downing St, White House, Wal-Mart, Dell


On Thu, Aug 9, 2012 at 6:22 AM, Justin Ferguson <jnferguson@...il.com>
wrote:
> I'm not entirely sure how this is new so to speak, they've had this
> capability for years from the 'trapwire' system (trapwire.com formerly
> abraxas applications-- a subdivision of intelligence contractor
> abraxas and staffed almost exclusively by ex-CIA, see page 137 of
> 'spies for hire').
>
> Per the stratfor email dump, the trapwire system contains
> functionality like facial recognition and is installed at every HVT in
> the continental US, in addition to Ottawa and Canada-- but confirmed
> in LA, NYC, NJ, DC, Las Vegas, et cetera. It's essentially a system
> setup to detect surveillance, so if you've ever taken a picture of
> basically anything 'important' you probably flagged a 'suspicious
> activity report' (SAR). It's logged to a central database and then
> cross-site reports are disseminated. If you're familiar with the 'see
> something say something' or 'iWatch' programs, that's the public
> reporting component, but in the email dumps when explaining similar
> systems they note repeatedly that trapwire has the capability to walk
> the cat back you just need a few pictures of the persons. From the
> emails, what's been enumerated specifically is NY/DC mass transit,
> unspecified sections of LA, London Stock Exchange, Scotland Yard, #10
> Downing, the White House. From googling, we can find that NJ transit,
> all army bases, the department of energy, the marines, et cetera are
> as well. No idea if they got the contract, but they were apparently
> trying to get it into the Nigerian presidential palace as well.
>
> It's not just in public sector areas, it sounds like any big
> corporation that wants in gets to link their CCTV/surveillance systems
> into it as well-- apparently salesforce.com, google, potentially Dell,
> Wal-Mart, & Coca-cola, et cetera are all linked in.
>
> Throughout the email dumps they repeatedly ask for non-attribution and
> you have to google stalk quite a bit to really find much, but this
> magazine has an article on it
>
http://www.cjimagazine.com/archives_PDF/CJI_Magazine_Archive_2006_11-12.pdf
> and what's been released of the stratfor emails contains a lot of
> chatter about it and the parts that haven't been released yet contain
> quite a bit more.
>
> I guess my biggest concern is that the parent company is the company
> that at least used to develop NOC companies/persona's for the agency,
> several members of the executive board also sit on the 'ntrepid
> networks' board-- which produces the software to create online
> persona's/sock puppet accounts as part of Operation Earnest Voice for
> DoD (
http://www.guardian.co.uk/technology/2011/mar/17/us-spy-operation-social-networks
),
> that basically the entire executive staff and regular employee's are
> also ex-agency and I just refuse to believe that the CIA is passing up
> such a golden opportunity to get into the surveillance feeds from
> basically everywhere in the country (and all over London and Ottawa).
>
> That doesn't even include the tie in's to DHS & their fusion centers,
> the secret service accounts, etc etc. If you ask me, it sounds like
> that system is the CIAs version of the Trailblazer project. We'll have
> to wait on FOIA requests to confirm that though. Another interesting
> point is going to be that with foreign links, they (the CIA) have the
> authority to spy on them, but I wonder how they keep clear of FISA &
> their own charter/eo 12333/et cetera. I bet they dont.
>
> I've been kind enough to CC several of the people behind trapwire in
> case they have comments or want to further enlighten us, but I
> wouldn't hold my breath. Hopefully they make sure to thank Mr.
> Burton's big mouth for helping bring this to light.
>
> Best Regards,
>
> Justin N. Ferguson
>
>
>
> On Thu, Aug 9, 2012 at 5:51 AM, Its from Onion <aredandgold@....com>
wrote:
>>
>>
http://newyork.cbslocal.com/2012/08/08/nypd-unveils-crime-and-terror-fighting-domain-awareness-system/
>>
>> NEW YORK (CBSNewYork) – A dramatic new way to track criminals and
potential
>> terrorists was unveiled Wednesday by Mayor Michael Bloomberg and NYPD
>> Commissioner Ray Kelly.
>>
>> It melds cameras, computers and data bases capable of nabbing bad guys
>> before they even know they’re under suspicion.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ