"Attacks against civilian targets in Pakistan’s cities have also fed popular support for communications surveillance and other efforts to register and monitor the civilian population, including national databases and mandatory SIM card registration", says the report. Pakistan requires universal SIM card registration by fingerprint, and maintains a national biometric ID database.
US invasion of Afghanistan in 2002, according to data reported by South Asia Terrorism Portal (SATP). What is happening in the country now follows a familiar pattern seen elsewhere in the world: Faced with growing terror threat, people are willing to trade privacy for security.
Like the US National Security Agency (NSA) surveillance program, the Pakistani effort includes both voice and data communications. Over 70 per cent of the country's population uses mobile phones, and an estimated 11 per cent of the population has internet access, the report says. This makes surveillance in Pakistan advanced and comprehensive as there are currently 50 operational internet providers and five mobile phone operators. Pakistan government has acquired technology and purchased equipment for surveillance from local as well as some foreign companies such as Ericsson, Alcatel, Huawei, SS8 and Utimaco. Here's an excerpt from the report:
"In June 2013, the Inter-Services Intelligence (ISI), Pakistan’s best known intelligence agency, sought to develop a mass surveillance system by directly tapping the main fibreoptic cables entering Pakistan that carried most of the nation’s network communication data. The confidential request for proposals outlines a “Targeted IP Monitoring System and COE [Common Operations Environments]” that aimed to capture and store approximately 660 gigabits of internet protocol (IP) traffic per second under ISI control. This system would make available virtually all of the nation’s domestic and international communications data for scrutiny, the most significant expansion of the government’s capacity to conduct mass surveillance to date. The total intake of data every second sought by Pakistan in the proposal document would rival some of the world’s most powerful surveillance programmes, including the UK’s ‘Tempora’ and US’ ‘Upstream’ programmes. What the ISI wanted to build, according to the request for proposals, was a complete surveillance system that would capture mobile communications data, including Wi-Fi, all broadband internet traffic, and any data transmitted over 3G. According to the documents, the interception activities were to be “seamless” and “must not be detectable or visible to the subscriber”.
|Source: South Asia Terrorism Portal|
Pakistan has seen a significant decline in terror-related deaths in the last two years. Civilian death toll has declined from 3001 in 2013 to 1781 in 2014 and 577 so far this year, according to SATP. It's attributed mainly to the launch of Pakistan Army's Operation Zarb e Azb against militants in 2013. It is believed that increased electronic surveillance has probably contributed to at least some of this success in reducing death toll.
Pakistan's Biometric Registration Database
Operation Zarb e Azb Launch
Ex Indian Spy Documents RAW's Successes in Pakistan
Intelligence Failures in Preventing Daily Carnage in Pakistan
What If Musharraf Had Said NO to US After 911?
Pakistani Computer Scientist Fights Terror
Pakistani Killer Drones to Support Anti-Terror Campaign
3G 4G Rollout Spurs Data Services Boom in Pakistan
Fiber Optic Connectivity in Pakistan
not something to be proud of
#US #NSA used #malware to spy on #Pakistani civilian, military leadership. #Pakistan #NSAhack #Snowden
The United States' clandestine National Security Agency (NSA) allegedly spied on top civil-military leadership in Pakistan using malware, The Intercept reported.
Malware SECONDDATE allegedly built by the NSA was used by agency hackers to breach "targets in Pakistan’s National Telecommunications Corporation’s (NTC) VIP Division", which contained documents pertaining to "the backbone of Pakistan’s Green Line communications network" used by "civilian and military leadership", according to an April 2013 presentation document obtained by The Intercept.
The file appears to be a 'top secret' presentation originating from the NSA's SigDev division.
SECONDDATE is described as a tool that intercepts web requests and redirects browsers on target computers to an NSA web server. The server then infects the web requests with malware.
The malware server, also known as FOXACID, has been described in earlier leaks made by former NSA contractor Edward Snowden.
SECONDDATE, however, is just one method the NSA allegedly uses to redirect a target's browser to the FOXACID server. Others involve exploiting bugs in commonly used email providers by sending spam or malicious links that lead to the server, The Intercept said.
Another document obtained by The Intercept, an NSA Special Source Operations division newsletter describes how agency software other than SECONDDATE was used to repeatedly direct targets in Pakistan to the FOXACID servers to infect target computers.
The Intercept confirmed the "authenticity" of the SECONDDATE malware by means of a data leak reportedly made by Snowden.
Snowden released a classified top-secret agency draft manual for implanting malware which instructs NSA operators to track their use of a malware programme through a 16-character string ─ the same string which appears in the SECONDDATE code leaked by a group called ShadowBrokers.
ShadowBrokers last week announced that SECONDDATE was part of a group of NSA-built 'cyber weapons' that it was auctioning off.
Although it is unclear how the code for the software leaked and was obtained by ShadowBrokers, The Intercept claims "the malware is covered with NSA's virtual fingerprints and clearly originates from the agency".
The ShadowBrokers auction of SECONDDATE is the first time any full copies of NSA software have been made available to the public.
"The person or persons who stole this information might have used them against us," Johns Hopkins University cryptographer Matthew Green said on the dangers of such software becoming available to the public.
Speaking to The Intercept, Green said that such exploits could be used to target anyone using a vulnerable router. "This is the equivalent of leaving lockpicking tools lying around a high school cafeteria. It’s worse, in fact, because many of these exploits are not available through any other means, so they’re just now coming to the attention of the firewall and router manufacturers that need to fix them, as well as the customers that are vulnerable."
The Intercept has in the past published a number of reports from documents released by Snowden. The site’s editors include Glenn Greenwald, who won a Pulitzer Prize for his work in reporting on the whistleblower’s revelations.
#Aadhaar, #India’s massive new ID system, suffers high failure rate. Failing to deliver for people http://www.wsj.com/articles/snags-multiply-in-indias-digital-id-rollout-1484237128 … via @WSJ
The government began building the system, called Aadhaar, or “foundation,” with great fanfare in 2009, led by a team of pioneering technology entrepreneurs. Since then, almost 90% of India’s population has been enrolled in what is now the world’s largest biometric data set.
Prime Minister Narendra Modi, who set aside early skepticism and warmed up to the Aadhaar project after taking power in 2014, is betting that it can help India address critical problems such as poverty and corruption, while also saving money for the government.
But the technology is colliding with the rickety reality of India, where many people live off the grid or have fingerprints compromised by manual labor or age.
An Aadhaar ID is intended to be a great convenience, replacing the multitude of paperwork required by banks, merchants and government agencies. The benefits are only just beginning, backers say, as the biometric IDs are linked to programs and services.
But in rural areas, home to hundreds of millions of impoverished Indians dependent on subsidies, the impact of technical disruptions has already been evident.
After walking for two hours across rough underbrush in Rajasthan to get kerosene for the month, Hanja Devi left empty-handed because the machine couldn’t match her fingerprint with her Aadhaar number.
The new system hasn’t eliminated attempts at fraud. In August, police in Rajasthan accused two shop managers of linking their fingerprints to a multitude of cards and stealing for months the rations of dozens of clients.
As for trouble connecting to the registry, better infrastructure, including steadier internet connections, will eventually also help, Mr. Pandey said.
For now, Mr. Prakash has found a way to cope without climbing trees. After scouring the village, he set up a shack in a spot with enough bandwidth to allow his fingerprint scanner to work.
It is hardly efficient. He issues receipts in the morning at the shack, then goes back to his shop to hand out the grains. Customers have to line up twice, sometimes for hours.
Mr. Prakash has applied to the government to operate without biometric identification, but his request was turned down, he said. “They said: ‘You have to keep trying.’ ”
#Pakistan CTD gets #4G system to trace #smartphone calls across #Sindh
The Sindh police have finally acquired the multimillion-rupee 4G mobile phone call locator system, the technology that had once been in the exclusive use of the intelligence agencies, and handed it over to the Counter Terrorism Department (CTD), which will put it at the disposal of all wings of the police department, it emerged on Saturday.
Officials said the CTD had been chosen by the top brass to run the system as the department handled the most heinous crimes committed by hardened criminals and militants.
“In fact, the Sindh police have acquired two 4G mobile phone call locators, which have been handed over to the CTD for use in the entire province. The police have been using the technology for more than two years but the latest one is a modern [gadget] to trace smartphone communications,” said a police source.
In 2013 the Sindh police had acquired two sets of the system and initially the Special Branch was told to run it, which also facilitated investigation of cases by other arms of the department, said the source. Officials said that those previous sets were capable of meeting requirements of 2G and 3G mobile phones.
“As the name suggests, the caller locator will allow police investigators to spot the exact location from where a mobile phone call is being made,” said the source.
It all began in 2010 when the Sindh police had planned to use the system but they had to shelve it after opposition from the country’s powerful intelligence apparatus. In line with the past practice, police heavily depended on the intelligence agencies when they needed to locate mobile phone calls, especially those made in high-profile cases of kidnapping for ransom and extortion.
The Peshawar police had gained the technology years ago. Moreover, the Sindh government and business community also supported the move to end once and for all police investigators’ oft-repeated excuse that they could not effectively deal with organised gangs in the absence of modern technology.
“The CTD SSP has been appointed focal person for the entire department who could be approached by any unit of the Karachi police with a request for the use of the system,” said an official.
“CTD officials have undergone training in the use of the equipment. Whenever they receive a request from any unit or section of the law-enforcement agency, they move with the equipment to the required location to offer the service.”
He said the use of modern technology would quash the excuse often extended by the law-enforcement agency for its failure in certain cases because of lack of such equipment and it would also enhance its investigation capability.
“The sets acquired by the police have been locally designed and developed. [The technology] has been effectively used for tracing criminals and kidnappers in the interior of Sindh where several groups were busted using the technology,” he added.
#NSA's spying on #Trump's #Russia links are showing how #America's Deep State really works. #FlynnResignation
America's intelligence agencies aren’t operating outside the law – they’re using the vast power they’ve acquired within it.
BY MARC AMBINDER
We know now that the FBI and the NSA, under their Executive Order 12333 authority and using the Foreign Intelligence Surveillance Act as statutory cover, were actively monitoring the phone calls and reading text messages sent to and from the Russian ambassador to the United States, Sergey Kislyak.Although the monitoring of any specific individual is classified TOP SECRET, and cannot be released to foreigners, the existence of this monitoring in general is something of an open secret, and Kislyak probably suspected he was under surveillance.But a welter of laws, many of them tweaked after the Snowden revelations, govern the distribution of any information that is acquired by such surveillance. And this is where it’s highly relevant that this scandal was started by the public leaking of information about Mike Flynn’s involvement in the monitoring of Kisylak.The way it’s supposed to work is that any time a “U.S. person” — government speak for a U.S. citizen, lawful permanent resident, even a U.S. company, located here or abroad — finds his or her communications caught up in Kislyak’s, the entire surveillance empire, which was designed for speed and efficiency, and which, we now know, is hard to manage, grinds to a halt. That’s a good thing. Even before Snowden, of course, the FBI would “minimize” the U.S. end of a conversation if analysts determined that the calls had no relevance to a legitimate intelligence gathering purpose. A late night call to order pizza would fall into this category.But if the analyst listening to Kislyak’s call hears someone identify himself as an agent of the U.S. government — “Hi! It’s Mike Flynn” certainly qualifies — a number of things have to happen, according to the government’s own rulesAt this stage, the actual audio of the call and any transcript would be considered “Raw FISA-acquired information,” and its distribution would be highly restricted. At the NSA, not more than 40 or so analysts or senior managers would be read into the classification sub-sub compartment that contains it, called RAGTIME-A,B,C D or P, where each letter stands for one of five different categories of foreign intelligence.For anything out of the ordinary — and this qualifies — the head of the National Security Division would be notified, and he or she would bring the raw FISA transcript to FBI Director James Comey or his deputy. Then, the director and his deputy would determine whether to keep the part of the communication that contained Flynn’s words. The NSA has its own procedures for determining whether to destroy or retain the U.S. half of an intercepted communication.In this case, there were three sets of communications between Flynn and Kislyak, at least one of which is a text message. The first occurs on Dec. 18. The last occurs on Dec. 30, a day after sanctions were levied against people that the Russian ambassador knew — namely, spies posing as diplomats.The factors FBI Director Comey and his deputy would have had to consider in this case are complex
Exclusive: CPEC master plan revealed
One of the oldest priorities for the Chinese government since talks on CPEC began is fibreoptic connectivity between China and Pakistan. An MoU for such a link was signed in July 2013, at a time when CPEC appeared to be little more than a road link between Kashgar and Gwadar. But the plan reveals that the link goes far beyond a simple fibreoptic set up.
China has various reasons for wanting a terrestrial fibreoptic link with Pakistan, including its own limited number of submarine landing stations and international gateway exchanges which can serve as a bottleneck to future growth of internet traffic. This is especially true for the western provinces. “Moreover, China’s telecom services to Africa need to be transferred in Europe, so there is certain hidden danger of the overall security” says the plan. Pakistan has four submarine cables to handle its internet traffic, but only one landing station, which raises security risks as well.
So the plan envisages a terrestrial cable across the Khunjerab pass to Islamabad, and a submarine landing station in Gwadar, linked to Sukkur. From there, the backbone will link the two in Islamabad, as well as all major cities in Pakistan.
The expanded bandwidth that will open up will enable terrestrial broadcast of digital HD television, called Digital Television Terrestrial Multimedia Broadcasting (DTMB). This is envisioned as more than just a technological contribution. It is a “cultural transmission carrier. The future cooperation between Chinese and Pakistani media will be beneficial to disseminating Chinese culture in Pakistan, further enhancing mutual understanding between the two peoples and the traditional friendship between the two countries.” The plan says nothing about how the system will be used to control the content of broadcast media, nor does it say anything more about “the future cooperation between Chinese and Pakistani media”.
It also seeks to create an electronic monitoring and control system for the border in Khunjerab, as well as run a “safe cities” project. The safe city project will deploy explosive detectors and scanners to “cover major roads, case-prone areas and crowded places…in urban areas to conduct real-time monitoring and 24 hour video recording.” Signals gathered from the surveillance system will be transmitted to a command centre, but the plan says nothing about who will staff the command centre, what sort of signs they will look for, and who will provide the response.
“There is a plan to build a pilot safe city in Peshawar, which faces a fairly severe security situation in northwestern Pakistan” the plan says, following which the program will be extended to major cities such as Islamabad, Lahore and Karachi, hinting that the feeds will be shared eventually, and perhaps even recorded.
Belt and Road means big data
and facial recognition, too
China is exporting the same social control
technology it employs to monitor its own population.
The first exports are across the border into what Chinese Premier Li Keqiang considers the BRI’ s flagship project: the US$63 billion China-Pakistan Economic Corridor (CPEC). Pakistan is no easy country for the BRI to pass through, given its chronic civil unrest and endemic societal turbulence. China is to a certain degree trapped, given Pakistan’s centrality to the BRI, making security within the CPEC crucial.
China is supporting numerous “safe city” projects to improve security within Pakistan’s major urban centres by providing soft, low interest-rate loans and urging the involvment of Chinese state-owned enterprises (SOEs). Safe-city projects have effectively installed much of the Xinjiang digital security system across numerous Pakistani cities, including Islamabad, Peshawar, Lahore, Quetta, Karachi and Gwadar.
An example is Lahore’s Huawei-built safe city, which uses some 8000 high-grade CCTV cameras, 4G wireless connectivity, facial recognition, automated vehicle number plate recognition, multiple tracking options, integrated communication platforms, geographic information systems and specialised apps for use by security personnel. This system is controlled through a large, 10,000 square-metre integrated command, control and communication centre that uses artificial intelligence, big data and cloud computing technology.
Along with digitising Pakistani city security, Chinese SOEs are also deeply involved in improving digital connectivity between the two countries through a cross-border fibre-optic cable link. Internet traffic is routed through China, with talk of adopting Chinese internet regulations and installing a Chinese-style national internet firewall. Such connectivity effectively makes Pakistan an outlier of the Chinese domestic network.
The Xinjiang technologies are also finding use in Africa. CloudWalk, a Guangzhou-based tech startup that has received considerable Chinese government finance, has a strategic cooperation framework agreement with Zimbabwe to build a national facial recognition program. The agreement as part of the BRI is intended primarily to improve security and law enforcement. Movement through Zimbabwe’s airports, railways, and bus stations will be monitored using a facial-recognition database integrated with biometric technology.
The CloudWalk agreement is the first Chinese artificial intelligence project in Africa. The extant Xinjiang facial-recognition database is extensive but inappropriate for an African population. Machine learning using a large local database is essential to optimise the Chinese artificial intelligence software for the Zimbabwean urban environment. Accordingly, as part of the agreement, Zimbabwe will send facial data on millions of its citizens as captured by CCTV cameras to CloudWalk so it can improve its artificial intelligence systems capabilities.
In far western China, the Xinjiang Uygur Autonomous Region is both a BRI cornerstone, with three major transit routes intersecting, and a major centre for testing new security technologies. Security is being digitised and automated through large-scale urban surveillance networks, big data, artificial intelligence, facial recognition, biometrics, ubiquitous GPS tracking and smartphone spyware. These Xinjiang digital security technologies are now being exported commercially.
Post a Comment