According to Wired.com [1](a technology-focused magazine), an employee of the Department of Defense now faces felony hacking charges after viewing parts of a classified system that he was not supposed to. Brian Keith Montgomery worked on a covert program in geo-spatial intelligence. Geo-spatial intelligence, also called GEOINT in military circles, is the exploitation and analysis of geographic and spatial information such as maps for operational intelligence purposes. When you map out the wireless hotspots in your area, you're doing GEOINT.

According to the court documents, Montgomery accessed classified information that wasn't relevant to his job. The classified information in question? Files and intelligence from the 902nd Military Intelligence Battalion which in the past was involved in spying on anti-war protesters[2]. This battalion is stationed in Fort Meade, Maryland best known as the NSA's not-so-secret hideout. According to a military website [3] "The 902nd Military Intelligence Group conducts counterintelligence activities to protect the U.S. Army, selected Department of Defense forces and agencies, classified information and technologies by detecting, identifying, neutralizing and exploiting foreign intelligence services and transnational terrorist threats." Like anti-war protesters?

Interestingly enough it looks like he might have just stumbled upon this information in the course of diagnosing/testing the system and that the charges might be an over-reaction from a superior as the Wired article quietly suggests. According to an affidavit submitted in support of an arrest warrant, he acknowledges accessing the information but said that he did not see the warning message telling him he was not allowed access. In other words, he is using the "I stumbled upon it" defense. While the affidavit gives scant details about the classified system, one could equivocate the accusations to accidentally clicking on the wrong link. Given the battalions history of being caught red-handed spying on American citizens, Montgomery might have been working to whistleblow on their current operations -- but that's not all.

This story comes on the heels of the outing of John Towery[4], a paid spy for the US Army who illegally infiltrated anti-war groups for years in the Tacoma and Olympia, WA areas such as Port Militarization Resistance and Students for a Democratic Society. According to prominent law professors, lawyers in the ACLU, and lawyers in the National Lawyer's Guild, this spying violated a host of laws and rights including the Posse Comitatus Act, the first amendment rights of protesters, and the fourth amendment rights of protesters. Was Montgomery looking to blow the roof off another military spying story?

For those looking to find out, there's some good information about the 902nd's operations at http://thewall.civiblog.org/rsf/big_brother_talons_on_you.html but the most interesting facts will certainly come out through this case. Whistleblowers should contact WIKILEAKS.

1. http://www.wired.com/threatlevel/2009/09/montgomery/
2. http://www.msnbc.msn.com/id/10481600/
3. http://www.inscom.army.mil/MSC/Default902nd.aspx?text=off&size=12pt
4. http://www.johntowery.com

From: HackaDay

Cell phone privacy modification

Recently I read an article on CNET that came as quite a surprise to me. The gist of the article is that the FBI, with the cooperation of the telco, can and does remotely activate the microphone on cell phones. This is done by exploiting the firmware upgrade feature of the phones and can be done even if a phone is turned off. Although none of my conversations would likely be of great interest to the FBI, I am still not overly happy about this development. I figure that if people continue to turn a blind eye to such things it will eventually be more and more routine to see things like this, this, this, this, this, this, and this. So, partly out of protest and partly because I will take any excuse to pick up the soldering iron, I decided to take matters into my own hands.

Conventional telephones (landlines) can not be exploited in this way because when they are not in use the microphone is physically disconnected from the phone line by the hookswitch. This behavior was easy to replicate in my cell phone using a reed switch. Luckily there were a couple of extra solder pads on the PCB that were electrically connected to the microphone and a nearby expansion port (never used) that could be removed to make some extra space. The reed switch is connected in parallel with the microphone and shorts it out when a magnet is brought into proximity. The magnet is mounted on the opposite half of the clamshell in a hole drilled using a step bit. Normally the microphone should not be energized when the phone is not in use so shorting it out will not cause any drain on the battery.

For more info click Here!

I just got a cell phone after years of staying away from them, i'm considering this mod for sure!

UPDATE: We recieved the following reply from cryptome:

Sorry, nobody stoppered Cryptome on Towery, and no under-rugging -- sloth, sure. Several links at our page head to Towery, etc. were superceded; a change from listing offsite links at the page bottom. The story got continuing coverage elsewhere. Two persons wrote on July 27 that Wikileaks offered the WAJAC spying doc, and that also got wide play via Wikileaks' PR stream (copied to us) so no need for another host. Still, don't trust what we say, ever, in cahoots pandemicly

Cryptome.org, the site run by crypto-anarchist John Young that publishes thousands of censored, classified, and secret documents seems to have tried to sweep an issue under the rug: that of informant John Towery infiltrating anti-war groups in Olympia/Tacoma, WA. This story has been covered by major media outlets including Democracy Now! and the New York Times, so what is Cryptome so afraid of?

According to the Cryptome website, "Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance—open, secret and classified documents—but not limited to those". The John Towery story certainly sounds like it fits within these guidelines. Furthermore, the Cryptome website states that content will only be removed if forced by a US Court Order.

One could speculate that the feds paid a visit to Young's residence, but in the past these types of encounters have been widely publicized and haven't resulted in content being taken down. Furthermore, the administrator of the website JohnTowery.com, which has acted as a clearinghouse for information published on the US Army informant that was undercover for over two years, states that they haven't received any visits from anybody in law enforcement, let alone somebody who could force them to take down content. On the same token, nobody in Olympia has received any visits from three letter agencies. Seattle Indymedia, Democracy Now, Portland Indymedia, JohnTowery.com, and numerous other websites host the pictures of the informant that have disappeared off of Cryptome as well as a lot of other information on the story itself.

But the story gets deeper. After the pictures and information about the informant disappeared from Cryptome, a few days later a news clipping and a link to the johntowery.com website appeared only to disappear yet again today.

So what does this tell us about Cryptome? Not much, but it might tell us something about the John Towery story that we already knew: it's a huge fucking deal.

If you want to ask cryptome about this incident, you can contact them at cryptome{at}earthlink.net

The ACLU has uncovered documents via the Freedom Of Information Act that detail how the FBI has been using their "Triggerfish" program to track and monitor cell phones without the aid of telephone companies or warrants.  

Triggerfish is a fake cell phone tower that intercepts phone calls, keeps MIN (phone number) ESN (electronic serial number) and location information, and then forwards the call to the actual cellphone tower.  I really hope one of these things turns up on ebay ;)

According to the ars technica and the ACLU:

"Triggerfish can be deployed 'without the user knowing about it, and without involving the cell phone provider.' That may be significant because the legal rulings requiring law enforcement to meet a high 'probable cause' standard before acquiring cell location records have, thus far, pertained to requests for information from providers, pursuant to statutes such as the Communications Assistance for Law Enforcement Act (CALEA) and the Stored Communications Act."

And according to the FBI's Electronic Surveillance Manual (attached below):

Although section 2703(d) generally applies only to stored
communications, nothing in that section requires that the
provider possess the records at the time the order is executed.
Moreover, use of such an order does not improperly evade the
intent of the CALEA prohibition. Section 2703(d) court orders
provide greater privacy protection and accountability than
pen/trap orders by requiring (1) a greater factual showing by law
enforcement and (2) an independent review of the facts by a
court.  Indeed, the very language of the CALEA prohibition -
limiting its application to information acquired solely pursuant
to the authority for pen registers and trap and trace devices" -
indicates that Congress intended that the government be able to
obtain this information using some other legal process.
 

This indicates that the FBI intends to use this to subvert the normal proccess of obtaining a warrant that would be needed for a normal "trap and trace" phone tap.

You can read the ACLU's uncovered documents at: http://www.aclu.org/freespeech/gen/37748res20081112.html

You can download the FBI's electronic surveillance manual at: http://www.hackbloc.org/~flatline/elec-sur-manual.pdf