web analytics

CORTEX Trojan horse?

Written By: - Date published: 10:35 am, December 11th, 2015 - 16 comments
Categories: Abuse of power, Spying - Tags: , ,

Spying, surveillance and CORTEX are back in the news. By way of background, recall the revelations that emerged just prior to the 2014 election at Dotcom’s flawed “Moment of Truth” (NEW ZEALAND LAUNCHED MASS SURVEILLANCE PROJECT WHILE PUBLICLY DENYING IT). Here’s The Guardian summary:

In trying to confuse and deflect the attention in surveillance tool Speargun, Key hastily released some details of a different tool, CORTEX. This raised many interesting questions. More of CORTEX below.

Round 2 on surveillance occurred earlier this year, with further revelations in the “Snowden Files”, as reported in The Herald by Nicky Hager and Ryan Gallagher, for example Snowden revelations / The price of the Five Eyes club: Mass spying on friendly nations. And let’s not forget David Fisher’s scoop on spying for Tim Groser’s failed WTO job bid, GCSB spies monitored diplomats in line for World Trade Organisation job.

Fast forward to today and CORTEX is back in the news. David Fisher:

GCSB ‘Cortex’ system aimed at ISPs

The “Cortex” system Prime Minister John Key made public to counter claims of mass surveillance of New Zealanders is now being aimed at the internet service providers handling the emails and online data of everyday Kiwis.

But the Government Communications Security Bureau said Kiwis’ Twitter communications were safe, with the “eligible” internet service providers (ISPs) carrying less than 1 per cent of the country’s internet traffic. Of that, it was expected 1 per cent at most of that traffic would contain suspect cyber activity and only 0.01 per cent to 0.5 per cent would be seen by a GCSB analyst alerted by an automated system.

The details were published on the GCSB website ahead of an expected announcement today by Communications Minister Amy Adams of a new cyber security action plan.

The details on the GCSB website say it is carrying out a “malware free networks” pilot with an ISP which could later be rolled out to others. It says it is not compulsory for ISPs to join and ISPs are obliged to tell customers their data is being screened.

However, it also says ISPs are not allowed to name the GCSB as being involved because doing so could give hackers a signpost to valuable targets.

It rejected any suggestion it is “mass surveillance”, saying it had an automated searching function to sniff out malicious traffic.

However, it also conceded that a rare set of circumstances could lead to GCSB staff reading people’s emails. In those cases, “all a GCSB analyst would be looking for in an email is evidence of malicious cyber activity”. …

Some pretty odd comments from the GCSB there, but never mind, it seems clear that new measures will be put in place. So is CORTEX in fact benign malware protection, or is it a Trojan horse for more? I have no way of knowing of course. But these comments in the NBR in September make me ponder:

Early successes for Cortex have included helping a government agency mitigate an attack on several officials’ emails, aiding six significant organisations recover from a newly identified source of cyber attack and detecting large-scale targeting of a nationally significant entity as part of a global campaign by a foreign threat, [acting GCSB director] Jagose said. It also helped an Auckland firm recover from overseas criminal attack, resolved a long-term compromise in a large information technology firm, helped a telecommunications provider respond and strengthen systems after suspicious activity on its network, and assisted private sector firms facing ransomware attacks.

Those claimed successes, if indeed a result of CORTEX, while vague, seem to go well beyond simple malware detection and prevention, and in to quite broad analysis of content.

Given this government’s record of secrecy, lies, and misuse of surveillance, I think we the people would be naive to believe that CORTEX and other aspects of the proposed “cyber security action plan” are anything less than another escalation of the surveillance of New Zealanders.


Final footnote – Key long ago withdrew his promise to resign if there was mass surveillance.

PM won’t give assurance NZers not caught in eavesdropping

Key says he won’t quit if mass collection of Kiwis’ communications proved

NEW ZEALAND PRIME MINISTER RETRACTS VOW TO RESIGN IF MASS SURVEILLANCE IS SHOWN

key-resign-no

16 comments on “CORTEX Trojan horse? ”

  1. ianmac 1

    How can he get away with it? Sad that there is no public vehicle where Cortex implications could be explored, or for that matter that Judith Collins “has been cleared of Dirty Tricks.” (Note that “Native Affairs” has been downsized to 30 minutes so that it can explore topical magazine things like TV at seven.)

    • Lara 1.1

      How can he get away with it?

      Easy.

      A great many Kiwis think that “if you have nothing to hide, you have nothing to fear”.

      And that is the sum total of their understanding of the concept of privacy. And its importance.

      • Hanswurst 1.1.1

        It’s also the reverse engineering of “If you have nothing to hide, you have nothing to fear”. Key appears not to be consumed by fear, ergo he has nothing to hide… at least for those who buy into his laid-back public presentation.

  2. Murray Simmonds 2

    Given the fact that Windows 10 now spies on most of its users, and as of last week, Windows Vista, Windows 7 and Windows 8 do likewise (unless you have succeeded in stopping them from doing so), I can’t see that it makes a helluva lot of difference.

    Except I suppose that Mac Users and Linux users may now come under the spyware-net via Cortex, whereas they’d previously been exempt by virtue of being non-Microsoft users.

    It seems to be one of the many prices that we pay for being connected to the internet. That, plus the fact that we now live in a Global-corporation-controlled world. Pity they aren’t as good at doing something about Global Climate Change as they seem to be at doing things about mass-surveillance.

    • Gareth 2.1

      Windows Vista, 7 & 8 are not suddenly spying on users. If you’ve turned on the Customer Experience Improvement Program, then there are 4 Optional KBs which change what is collected by that program.

      You must have CEIP turned on, and you must be installing Optional updates, not just mandatory and recommended ones, to notice any difference.

      Windows 10 on the other hand, does spy on you to be able to serve personalised ads and whatever else Microsoft comes up with.

      • BLiP 2.1.1

        Its not just “Optional” updates Micro$oft is sneaking onto Windows 7 and 8 . . .

        . . . Yes, in a quite bizarre move Infoworld spotted Microsoft has simultaneously reissued no less than four controversial user tracking patches for Windows 7 and Windows 8. Stranger still in an attempt to get them onto more computers, Microsoft has even reclassified one as ‘Important’ so it will now install automatically on any PCs and laptops running default Windows Update settings (read: the vast majority) . . .

        . . . users of Windows 7 and 8 would be advised to check to see if updates KB 2952664, KB 2976978, KB 2977759, and KB 3035583 have been installed. These dodgy “updates” have been rolling out since at least September and there’s bound to more.

        It should also be remembered that Nicro$oft has been colluding with NSA for years.

      • DH 2.1.2

        That’s not true Gareth. I don’t have CEIP turned on and KB3068708 shows as an important update, not an optional one. I had to uninstall that one and then hide it with the other KBs to stop them being installed.

    • Liberal Realist 2.2

      With ISP involvement CORTEX looks to be network based. They’ll likely be intercepting and filtering raw traffic (packets) sniffing for metadata, hence every subscriber using that ISP will be potentially affected. Malware prevention my arse!

      When you install Windows 10 you can disable most of the invasive privacy settings. You can also disable these settings post install. You’ll lose a few features such as Cortana (Which doesn’t do much in NZ region at present). The weirdest one is ‘Wifi Sense’ which can inadvertently share your Wifi password! WTF!

      Anyway, there is plenty of information out there on how to disable these features for normal users.

      Examples:
      http://www.techrepublic.com/article/windows-10-violates-your-privacy-by-default-heres-how-you-can-protect-yourself/

      http://arstechnica.com/information-technology/2015/08/windows-10-doesnt-offer-much-privacy-by-default-heres-how-to-fix-it/

      If you really want to avoid your privacy being compromised you can make it really difficult for the snoops.

      Whonix is an open source, high privacy architecture OS (linux) that you can run in a virtual machine.

      https://www.whonix.org/

      Some detail on Virtual Machines:

      https://theintercept.com/2015/09/16/getting-hacked-doesnt-bad/

  3. Paul Campbell 3

    It was weird, the GCSB director gave a talk about cortex at Kiwicon today …. Almost no technical content …. I see the working with ISPs to protect from malware is basically a Trojan horse to get deep packet inspection into ISP’s premises … If all ISPs offer this ‘service’ we’ll have no choice but having every network packet we send or receive inspected by the GCSB

  4. BLiP 4

    Encrypting your data yet? Its not as difficult as some might think but be careful, some encryption tools are not up to the task. So . . .

    In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer “secure messaging” products—but are these systems actually secure? We decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto.

    This scorecard represents only the first phase of the campaign. In later phases, we are planning to offer closer examinations of the usability and security of the tools that score the highest here. As such, the results in the scorecard below should not be read as endorsements of individual tools or guarantees of their security; they are merely indications that the projects are on the right track. For practical advice and tutorials on how to protect your online communication against surveillance, check out EFF’s Surveillance . . . Self-Defense guide.

    With National Ltd™’s plans to involve corporations in its mass-surveillance progrom, its not just government we have to protect ourselves from.

  5. Bill 5

    something about lobotomy…

  6. vto 6

    I think the world has accepted that government and spies cannot be trusted one iota, and that all of their internet traffic is under surveillance and is stored.

    As such people’s habits are changing. For example, use cash pretty much all the time now. Cash is also faster, more convenient and easier. If cash had been invented now it would be held up as the next great technology, such are its benefits. Doh.

  7. Murray Simmonds 7

    I posted this link earlier in the week (or was it last week??)

    http://www.forbes.com/sites/gordonkelly/2015/09/06/windows-10-worst-feature-now-installing-on-windows-7-and-windows-8/

    There are several other interesting articles in Forbes magazine, including situations reported where Microsoft automatically installed the Windows 10 upgrade on machines where it wasn’t wanted; they did so WITHOUT the permission of the owners.

    Its well worth checking out those articles in Forbes magazine.

  8. Esoteric Pineapples 8

    I think we can take it as read that the government has the capacity to spy on anyone it wants to. It would be so easy to set up someone you want to bring down. As just one example, set up a false identity on Facebook as an attractive young woman (or using a real one). Develop an online a comproming online sexual relationship. Save the target’s communications and then publically release them. (Probably works mostly with men). Basically the “honeypot” manouvre.
    Someone wants to know my real identity from comments on the Standard? Just hack into the site using survelliance technology to find my email etc. I’ve joined a Facebook page on the Kurds. I take it as read that I run the risk that if I ever go to Turkey my name may pop up when they read my passport as someone undesirable. Protecting your privacy is something that really only applies to not wanting friends, family and the community to know stuff about you. Politically you might as well lay your heart on your sleeve.

Recent Comments

Recent Posts

  • Tokelau Language Week reminds us to stay united and strong
    Staying strong in the face of challenges and being true to our heritage and languages are key to preserving our cultural identity and wellbeing, is the focus of the 2020 Tokelau Language Week. Minister for Pacific Peoples, Aupito William Sio, says this year’s theme, ‘Apoapo tau foe, i nā tāfea ...
    BeehiveBy beehive.govt.nz
    3 days ago
  • NZ announces a third P-3 deployment in support of UN sanctions
    The Government has deployed a Royal New Zealand Air Force P-3K2 Orion (P-3) maritime patrol aircraft to support the implementation of United Nations Security Council (UNSC) resolutions imposing sanctions against North Korea, announced Minister of Foreign Affairs Winston Peters and Minister of Defence Ron Mark. “New Zealand has long supported ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Pacific trade and development agreement a reality
    Pacific regional trade and development agreement PACER Plus will enter into force in 60 days now that the required eight countries have ratified it. Trade and Export Growth Minister David Parker welcomed the announcement that the Cook Islands is the eighth nation to ratify this landmark agreement. “The agreement represents ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Securing a pipeline of teachers
    The Government is changing its approach to teacher recruitment as COVID-19 travel restrictions continue, by boosting a range of initiatives to get more Kiwis into teaching. “When we came into Government, we were faced with a teacher supply crisis,” Education Minister Chris Hipkins said. “Over the past three years, we ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Border exceptions for a small number of international students with visas
    The Government has established a new category that will allow 250 international PhD and postgraduate students to enter New Zealand and continue their studies, in the latest set of border exceptions. “The health, safety and wellbeing of people in New Zealand remains the Government’s top priority. Tight border restrictions remain ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • First COVID-19 vaccine purchase agreement signed
    The Government has signed an agreement to purchase 1.5 million COVID-19 vaccines – enough for 750,000 people – from Pfizer and BioNTech, subject to the vaccine successfully completing all clinical trials and passing regulatory approvals in New Zealand, say Research, Science and Innovation Minister Megan Woods and Health Minister Chris Hipkins. ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • International statement – End-to-end encryption and public safety
    We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security.  It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people, as stated in the 2017 resolution of the ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Ministry of Defence Biodefence Assessment released
    The Ministry of Defence has today released a Defence Assessment examining Defence’s role across the spectrum of biological hazards and threats facing New Zealand. Biodefence: Preparing for a New Era of Biological Hazards and Threats looks at how the NZDF supports other agencies’ biodefence activities, and considers the context of ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • New Approaches to Economic Challenges: Confronting Planetary Emergencies: OECD 9 October 2020
    New Approaches to Economic Challenges: Confronting Planetary Emergencies: OECD 9 October 2020 Hon David Parker’s response following Thomas Piketty and Esther Duflo. Good morning, good afternoon, and good evening, wherever in the world you might be. I first acknowledge the excellent thought provoking speeches of Thomas Piketty and Esther ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Kaipara Moana restoration takes next step
    A Memorandum of Understanding has been signed today at Waihāua Marae between the Crown, local iwi and councils to protect, restore and enhance the mauri of Kaipara Moana in Northland. Environment Minister David Parker signed the document on behalf of the Crown along with representatives from Ngā Maunga Whakahī, Ngāti ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • New Zealand and Uruguay unite on reducing livestock production emissions
    Agriculture Minister Damien O’Connor and Uruguayan Minister of Livestock, Agriculture and Fisheries Carlos María Uriarte have welcomed the launch of a three-year project that will underpin sustainable livestock production in Uruguay, Argentina, and Costa Rica.  The project called ‘Innovation for pasture management’ is led by Uruguay’s National Institute of Agricultural ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • 3100 jobs created through marae upgrades
    Hundreds of marae throughout the country will be upgraded through investments from the Provincial Growth Fund’s refocused post COVID-19 funding to create jobs and put money into the pockets of local tradespeople and businesses, Regional Economic Development Minister Shane Jones and Māori Development Minister Nanaia Mahuta have announced. “A total ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Health volunteers recognised in annual awards
    Health Minister Chris Hipkins has announced 9 teams and 14 individuals are the recipients of this year’s Minister of Health Volunteer Awards.  “The health volunteer awards celebrate and recognise the thousands of dedicated health sector volunteers who give many hours of their time to help other New Zealanders,” Mr Hipkins ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Community COVID-19 Fund supports Pacific recovery
    The Minister for Pacific Peoples, Aupito William Sio says a total of 264 groups and individuals have successfully applied for the Pacific Aotearoa Community COVID-19 Recovery Fund, that will support Pacific communities drive their own COVID-19 recovery strategies, initiatives, and actions. “I am keen to see this Fund support Pacific ...
    BeehiveBy beehive.govt.nz
    3 weeks ago
  • Community benefits from Māori apprenticeships
    Up to 50 Māori apprentices in Wellington will receive paid training to build houses for their local communities, thanks to a $2.75 million investment from the Māori Trades and Training Fund, announced Employment Minister Willie Jackson today. “This funding will enable Ngāti Toa Rangatira Incorporated to provide its Ngā Kaimahi ...
    BeehiveBy beehive.govt.nz
    3 weeks ago
  • Training fund supports Māori jobseekers
    Rapidly growing sectors will benefit from a $990,000 Māori Trades and Training Fund investment which will see Wellington jobseekers supported into work, announced Employment Minister Willie Jackson today. “This funding will enable Sapphire Consultants Ltd. to help up to 45 Māori jobseekers into paid training initiatives over two years through ...
    BeehiveBy beehive.govt.nz
    3 weeks ago
  • Ruakura Inland Port development vital infrastructure for Waikato
    The Government is investing $40 million to develop an inland port at Ruakura which will become a freight super-hub and a future business, research and residential development for the Waikato, Urban Development and Transport Minister Phil Twyford, and Māori Development Minister Nanaia Mahuta announced today. The funding has been has ...
    BeehiveBy beehive.govt.nz
    3 weeks ago
  • Appointments made to Defence Expert Review Group
    Defence Minister Ron Mark announced today the establishment of an Expert Review Group to review a number of aspects of the New Zealand Defence Force’s (NZDF) structure, information management and record-keeping processes.  The Expert Review Group’s work arises out of the first recommendation from the Report of the Government’s Inquiry ...
    BeehiveBy beehive.govt.nz
    3 weeks ago
  • No active community cases of COVID-19
    There are no active community cases of COVID-19 remaining in the country after the last people from the recent outbreak have recovered from the virus, Health Minister Chris Hipkins said today. “This is a big milestone. New Zealanders have once again through their collective actions squashed the virus. The systems ...
    BeehiveBy beehive.govt.nz
    3 weeks ago