Spookware: NSA, DHS, and Narus

We spent a day filming last week on the floor of the trade show at the RSA Conference in San Francisco. The world’s largest (and smallest) Internet and information security vendors pitch new products, make deals and give away lots of schwag.

QuickTime PlayerScreenSnapz025 QuickTime PlayerScreenSnapz026QuickTime PlayerScreenSnapz030

Amidst this carnival-like atmosphere we came across a few surprises, such as booths for the National Security Agency (NSA), Narus (a subsidiary of Boeing that makes surveillance software), and the Department of Homeland Security. That’s where we had fun running into Dark Tagent (Jeff Moss), founder of BlackHat, the annual Las Vegas information security gathering, who was also visiting the DHS booth.

QuickTime PlayerScreenSnapz020

Dark Tagent (aka Jeff Moss)

We learned a couple of interesting things at the NSA booth such as why they rely on commercial software vendors (more efficient) and how to apply for a job at the NSA’s new Bluffdale facility in Utah.

QuickTime PlayerScreenSnapz024

Shhh. Who might be listening?

At the Narus booth a representative said they’re still selling products to the Egyptian government. He also said a VPN (virtual private network) is not a protection against surveillance using Narus software. However, Narus admits it cannot break Tor, a popular system used by activists, journalists and law enforcement that provides anonymity online.

QuickTime PlayerScreenSnapz037

Narus surveillance software is still being sold to Egypt.

In the next post we visit Blue Coat and Stonesoft, two major players in online surveillance.

Part II: Hacking Team vs. Jacob Appelbaum

After last Tuesday’s RSA Conference panel on cyber-surveillance wrapped up the fireworks continued off-site at a nearby hotel. Big thanks to Jen from Rapid7 who helped produce the “after-party” which we filmed in its entirety.

Alberto (L) and Eric Rabe (R) of Hacking team.

Alberto (L) and Eric Rabe (R) of Hacking Team.

Our breakfast club included Eric Rabe and Alberto of Hacking Team, Jacob Appelbaum of Tor, Kurt Opsahl of the Electronic Frontier Foundation, Claudio Guarnieri of the Honeynet Project, and Bloomberg reporter Michael Riley.

It was a surprise that Rabe and Alberto of HT would subject themselves to even more vociferous challenges by Appelbaum, Guarnieri and Opsahl. Made us wonder why they showed up. Is HT trying to burnish its image? Make overtures to the human rights community? Show the security industry its respectable?

The conversation continued where the panel left off: use of HT’s commercial surveillance tools by repressive regimes such as the UAE and Morocco, corporate responsibility for end-uses, the ethics of selling intrusion tools to questionable governments.

As Appelbaum said, “Everyone thinks they’re doing the right thing.”

QuickTime PlayerScreenSnapz010

“No one thinks they’re doing the wrong thing,” Jacob Appelbaum said.

To which Rabe replied, “Who’s going to be the decider… you, EFF?”

A discussion between Opsahl and Rabe actually seemed to start finding some common ground between HT’s and EFF’s positions — that HT would be open to some form of government regulation.

QuickTime PlayerScreenSnapz011

Eric Rabe, Hacking Team and Kurt Opsahl, EFF. Would new regulations help control cyber-surveillance software?

We’ll be watching to see if that discussion continues.


Hacking Team vs. Jacob Appelbaum

It was quite a show in room 130 at the Moscone Center last Tuesday morning during the RSA Conference panel on state-sponsored surveillance malware. There was a rare appearance by Eric Rabe, an American representative of the Italian company, Hacking Team. HT is a notorious supplier of espionage tools to governments worldwide, including repressive regimes. Human rights activists in Morocco and the UAE report being harmed as a result. Read more in this New York Times blogpost by reporter Nicole Perloth about Hacking Team and Morgan Marquis-Boire’s investigations.

Jacob Appelbaum, a core member of the Tor circumvention project and a frequent target of US law enforcement agencies, demanded answers about HT’s activities. Joining Jacob in asking the hard questions was Kurt Opsahl, senior attorney at the Electronic Frontier Foundation, and Claudio Guarnieri of the Honeynet Project and Rapid7. Bloomberg reporter Michael Riley heroically steered the discussion. Filling out the group was Dale Beauchamp from the Department of Homeland Security, who was badgered by questioners about a host of domestic spying issues.

Unfortunately RSA would not let us film the event.

The panel.

The panel.

Check out these articles just published about the panel. Funny how it has not yet been covered by any U.S. press.

Der Spiegel (German), Tech Week Europe

Mikko Hypponen, one of the characters in our film, and one of the world’s top security analysts, told us this session was the best part of the entire week-long RSA Conference.

Mikko tweets the panel.

Mikko tweets the panel.

Following the formal panel session we repaired to a nearby hotel for more fireworks, which we could film. The next blog post reveals what happened.

We Film EFF Getting Prestigious Award

SC Magazine generously let us film their gala awards dinner last Tuesday night at the InterContinental Hotel in San Francisco. Eva Galperin, and her colleague Seth Schoen of the Electronic Frontier Foundation, won the prestigious Editor’s Award. The event was Black Tie, $400/plate, and chock full of security industry big-wig’s. So no wonder Eva may have felt a little out of place! Regardless, recognition for EFF’s galant work advocating for Internet freedom is well-deserved along with her ongoing campaign to protect human rights activists — especially in Syria — from the dangers of cyber-surveillance.

No, they didn't arrive in this stretch.

No, they didn’t arrive in this stretch.

QuickTime PlayerScreenSnapz005

L-R: SC Magazine Editor Illena Armstrong, Eva, Seth, and event MC.


Busy Week of Filming

We did several days of filming starting a week ago at the B-Sides hacker gathering in San Francisco. Filmed Morgan Marquis-Boire and Bill Marczak making their presentation about cyber-surveillance. And Eva Galperin of EFF in conversations with among others, Kevin Mitnick — hacker, author, and convicted criminal. There was a confrontation of sorts outside on the sidewalk in which @backtracesec, a B-Sides presenter in a lab coat, charged the San Francisco Noisebridge hacker space with hosting “known informants.” Morgan identified HIM as informing on Anonymous. The hacker world. Always a circus. Below are some snaps.

Bill and Morgan break it down about Narus (Boeing), maker of surveillance software.

Bill and Morgan break it down about Narus (Boeing), maker of surveillance software.

Bill (L), Morgan (R)

Bill (L), Morgan (R)


QuickTime PlayerScreenSnapz022

“You got to be kidding.”

QuickTime PlayerScreenSnapz021

“Jacob Appelbaum, bullshit…”

L-R: ___, Kevin Mitnick, and Eva Galperin

L-R: Garland Glessner, Kevin Mitnick, and Eva Galperin. If you look closely you’ll see the cameraman in the mirror.

Filming at B-Sides and RSA This Week

This is a big week in San Francisco for Internet security professionals, journalists and companies. The annual RSA Conference draws thousands from around the world. And we’ll be there, filming on-and-off. We kicked it off yesterday at the B-Sides event. We filmed some of the folks we’ve been following the last few months, and met lots of great new people from the international hacking community. Tomorrow we will be filming at the SC Magazine awards gala (can’t divulge who or what right now). And more as the week goes on.

Meanwhile, we were honored to see a drink named after our film in the bar yesterday.

Here's to filmmaking!

Here’s to filmmaking!

Back from Beirut and Istanbul

I just completed filming in Beirut and Istanbul with fine hard work from my dedicated crew: Joan Churchill (camera), Alan Barker (sound) and Walker (co-producer). Filming real life, as it were, is always an art. Trying to do that in places that are unfamiliar, with jet lag, and complicated access issues made it a challenging shoot. There were happy accidents along with missed opportunities. The way it rolls with this kind of film.

Without going into a lot of detail (never scoop yourself!) I can say that the film has found a new focus. Compelling characters deal with threats from malware, cyber-surveillance and other forms of Internet badness — particularly on social networks — that have life-and-death consequences. Especially in Syria where the regime is waging cyberwar to match the civil war on the ground. And where Facebook is both a critically important tool for communications and information, and also a platform which the regime regularly uses to compromise activists and members of the opposition.

We are now spending much of our time filming within a global community of passionately committed activists, organizers, analysts, exiles and investigators who work to keep the Internet safe to help achieve human rights and social change. It’s a privilege to get to know them. And an honor that they trust us with doing this film.

Down the street from dinner, Beirut.

Down the street from dinner, Beirut.

Crew at work in Beirut.

Crew at work in Beirut.

Filming in Tunisia and the SF Bay Area

Charles traveled to the Circumvention Tech Summit in Tunis, Tunisia, Nov. 26-28 for a “…dialog between internet freedom developers, community activists, and individuals interested in improving the tools and training available for circumventing internet censorship and surveillance,” as conference organizers OpenITP describe it. Participants included tech-activists from Syria where using encryption and circumvention technologies can mean the difference between life and death. In Tunis Charles met key people and did some initial filming. Plans are underway for a return trip to the region at a later date.

Immediately on Charles’ return, with able assistance from Walker (co-producer), Joan Churchill (cinematographer) and Alan Barker (sound recordist) we spent two days filming in the Bay Area: at Stanford University where Morgan Marquis-Boire and Bill Marczak presented a talk, “Cash Rules Everything Around Me: The Commercialization of Online Spying”; at the Electronic Frontier Foundation with Eva Galperin, International Freedom of Expression Coordinator; and with Bill Marczak, computer forensics analyst and co-founder of Bahrain Watch, as he began analyzing new malware targetting journalists and activists in Bahrain.

Here’s a piece about Morgan and Bill’s work from the New York Times. And a great overview of this direction in our filming, in BloombergBusinessweek.

All-in-all this is an exciting new thrust for the film. More later.

Production Notes

We are actively engaged following two different story threads that we hope to soon be filming. We cannot say too much about either of them right now. Very sensitive. Suffice to say each involves attacks emanating from abroad. One involves state-sponsored attacks that compromise users of a very popular e-mail program. The second story is breaking on the other side of the globe and relates to a large-scale fraud utilizing a ubiquitous social network. Stay tuned for updates.

Filmed at DEF CON

We recently returned from DEF CON and Black Hat in Las Vegas, two of the world’s largest annual gatherings of hackers and security professionals.

We shot great interviews with Mikko Hypponen, Bruce Schneier, Cory Doctorow, and James Bamford. We met a plethora of amazing people from the community and established some terrific new connections. We spent quality time with old friends, journalists Brian Krebs and Joe Menn.

Here are some pix.