Internet shutdown types and taxonomy: tech behind network interference
Our guide explains network interferences to help people prepare for, circumvent, and document 8 different types of internet shutdowns.
EMERGENCY TOOLS
Hyphanet Hyphanet is peer-to-peer network for censorship-resistant and privacy-respecting publishing and communication. Hyphanet makes it easy to publish and follow what others publish with strong privacy protections. Plugins built on its decentralized data store make it very easy to host your own website and provide microblogging and forums, media sharing from files to video-on-demand and decentralized version tracking, blogging and spam resistance without central authority. For an easy start you can join the global Opennet. For maximum privacy, connect to your friends and build a friend-to-friend network independent of and invisible to any centralized server. To access the global network, you either need some friends who also connect to opennet, or use the Shoeshop plugin to build a sneakernet that can even bridge separate friend-to-friend networks when your regional internet itself gets severed from the global information network. The original Freenet.
Internet shutdown types and taxonomy: tech behind network interference
Our guide explains network interferences to help people prepare for, circumvent, and document 8 different types of internet shutdowns.
Digital Security Education
Defending press freedom for the next generation
Help for Digital Defenders
Dangerzone
Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF.
U.S. Press Freedom Tracker - U.S. Press Freedom Tracker
The U.S. Press Freedom Tracker is a project that aims to comprehensively document press freedom incidents in the United States — such as the arrests of journalists, seizures of their equipment, interrogations and searches at the U.S. border, subpoenas to testify about sources, leak prosecutions and physical attacks. The Press Freedom Tracker documents cases across the country, involving national, state and local authorities.
#KeepItOn: fighting internet shutdowns around the world - Access Now , reach out to #KeepItOn Campaign Manager Felicia Anthonio at felicia@accessnow.org.
The #KeepItOn coalition brings together hundreds of civil society organizations and our allies from around the world – in government, international institutions, media, the private sector, and beyond – to fight for an end to internet shutdowns.
Aranya Project Free Open source version of spideroak
Sponsored by Spideroak. Aranya Project has 21 repositories available. Follow their code on GitHub.
Potential Secure Backups
Backblaze Online Computer Backup Free Trial
Never lose a file again. Get started backing up your files in the cloud for free today.
Introducing SecureDrop Protocol
This blog post is a part of a series about our research toward the next generation of the SecureDrop whistleblowing …
GlobaLeaks - Free and Open-Source Whistleblowing Software
Amnesty International used it in Pakistan and Saudi Arabia, in order to facilitate and secure dialogue with the organization’s lawyers and researchers residing within these countries.
The Prosecutor Office at the International Criminal Court (ICC) used it as a secure tool for witnesses to report on international crimes of genocide, of crimes against humanity and of war crimes, in the Libya and Central African Republic II.
Introducing WEBCAT: Web-based Code Assurance and Transparency
In this post, we introduce Web-based Code Assurance and Transparency, a project that supports verifiable in-browser code for single-page browser applications. Along with this post, we are publishing the WEBCAT project repository; follow-up posts will provide more detailed information.
WEBCAT is a multicomponent project; the easiest way to explain it is to start with the end-user experience. When a user visits a website that has enrolled in WEBCAT, before the site can load the content is checked against a signed manifest to ensure that it has not been tampered with
The users we’re trying to protect are engaged in an important, potentially high-stakes activity. Whether it’s using SecureDrop, GlobaLeaks, or another browser-based encryption tool
One use case that WEBCAT supports is that of site administrators self-hosting third-party applications — the backbone of the decentralized web. Self-hosted applications (like SecureDrop!)
WEBCAT is a project that lets application developers or service providers create and update signed artifacts attesting to the code that they are shipping; site owners enroll their domains that run these applications; and end users automatically verify that the code they are served is authentic
A signing script that allows application developers to generate a signed manifest to verify the content they intend to serve to users
An enrollment server to allow site owners to enroll their website
An updater service that builds a list of trusted signers per domain
A Firefox extension, to provide the end user an in-browser integrity checking mechanism, which blocks code that fails integrity checks for enrolled websites and warns the user.
We’ll have more to say in the weeks and months to come. In the meantime, we welcome your feedback: you can write to us at <securedrop@freedom.press> (PGP-encrypted), or find us on GitHub.
Directory
SecureDrop
Secure CommsSutty
Sutty crea sitios seguros, veloces y visibles para organizaciones, colectivas y activistas
CONGRESS lobby appIdentikey
Censorship Resistant Tech
Simple Hosting - Gandi.net
Web hosting for websites and web applications of all sizes. Try your first instance of any size for free for 10 days with a free Gandi account. No credit card required.
Cape Shop
Cape Shop
Canada eSIM | Prepaid Canada data | aloSIM
Looking for Canada data? No matter where you are in the Great White North, a Canada eSIM can keep you online without Wi-Fi.
eSIM for Canada
Buy a prepaid eSIM for Canada with instant delivery. Stay connected without roaming fees. Easy & fast.
Inside DOGE’s Takeover of the Social Security Administration
DOGE has ignored urgently needed reforms and upgrades at the Social Security Administration, according to dozens of insiders and 15 hours of candid interviews with the former acting chief of the agency, who admits he sometimes made things worse.
On Feb. 10, on the third floor of the Social Security Administration’s Baltimore-area headquarters, Leland Dudek unfurled a 4-foot-wide roll of paper that extended to 20 feet in length. It was a visual guide that the agency had kept for years to explain Social Security’s many technological systems and processes. The paper was covered in flow charts, arrows and text so minuscule you almost needed a magnifying glass to read it. Dudek called it Social Security’s “Dead Sea Scroll.”
Dudek and a fellow Social Security Administration bureaucrat taped the scroll across a wall of a windowless executive office. This was where a team from the new Department of Government Efficiency was going to set up shop.
Even today, thousands of its physical records are stored in former limestone mines in Missouri and Pennsylvania. Its core software dates back to the early 1980s, and only a few programmers remain who understand the intricacies of its more than 60 million lines of code.
Several times over those first few days, Akash Bobba, a 21-year-old coder who’d been the first of them to arrive, held his face close to Dudek’s scroll, tracing connections between the agency’s venerable IT systems with his index finger. Bobba asked: “Who would know about this part of the architecture?”
Their senior leaders had already written out goals on a whiteboard. At the top: Find fraud. Quickly.
acting commissioner of the Social Security Administration, a position he held through May.
DOGE, he said, began acting like “a bunch of people who didn’t know what they were doing, with ideas of how government should run — thinking it should work like a McDonald’s or a bank — screaming all the time.”
Key DOGE team members have transitioned to permanent jobs at the SSA, including as the agency’s top technology officials. The 19-year-old whose self-anointed moniker — “Big Balls” — has made him one of the most memorable DOGErs joined the agency this summer.
The DOGE philosophy has been embraced by the SSA’s commissioner, Frank Bisignano, who was confirmed by the Senate in May.
For all the controversy DOGE has generated, its time at the Social Security Administration has not amounted to looming armageddon, as some Democrats warn.
while squandering the chance for systemic change at an agency that genuinely needs it.
They could have worked to modernize Social Security’s legacy software, the current and former staffers say. They could have tried to streamline the stupefying volume of documentation that many Social Security beneficiaries have to provide. They could have built search tools to help staff navigate the agency’s 60,000 pages of policies.
They did none of these things.
Dudek, a midlevel bureaucrat with blunt confidence and a preference for his own ideas, had failed in his one past attempt to manage a small team within the SSA, leading him and his supervisors to conclude he shouldn’t oversee others. Despite that, Trump made him the boss of 57,500 people as acting commissioner of the agency this spring.
Dudek asked people he knew at big tech companies for introductions to potential DOGE members
And unlike Michelle King, the acting agency chief at the time, Dudek was willing to speed up the new-hire training process to give DOGE access to virtually all of the SSA’s databases
“I confess,” he posted. “I helped DOGE understand SSA. … I confess. I … circumvented the chain of command to connect DOGE with the people who get stuff done.
Between February and May, when Dudek’s tenure ended, his erratic rhetoric and decisions routinely made front-page news. He was often portrayed as a DOGE patsy, perhaps even a fool. But in his interviews with ProPublica this summer, he revealed himself to be a much more complex figure, a disappointed believer in DOGE’s potential, who maintains he did what he could to protect Social Security’s mission under duress.
Yet Dudek had barely settled in as commissioner when Bobba unintentionally sparked a national misinformation firestorm: A table he created appeared as a screenshot in a grossly misleading Musk tweet about “vampires” over the age of 100 allegedly collecting Social Security checks.
Bobba had sorted people with a Social Security number by age and found more than 12 million over 120 years old still listed in the agency’s data.
Dudek watched in horror as Trump then shared the same statistics with both houses of Congress and a national television audience, claiming the numbers proved “shocking levels of incompetence and probable fraud in the Social Security program for our seniors
Inside the SSA, the DOGE team tried to find proof of the fraud that Musk and Trump had proclaimed, but it didn’t seem to know how to go about it, jumping from tactic to tactic
” It was the senior leaders who were issuing orders without heeding what the young DOGErs were learning.
Michelle Kowalski, an analyst who has since departed the agency, was instructed to take one of the DOGE people, Cole Killian, through earnings data and historical records to analyze the cases of extremely old people whose deaths had not been recorded in Social Security data. She found herself having to explain to him, again and again, that many of these people were born before states reported births and deaths to the federal government and decades before the advent of electronic record keeping. In the early days of the agency, some people didn’t even know their birthdays.
But he usually kept his camera turned off during video meetings. When he finally turned it on for one call, the face she saw seemed like that of a teenager.
Kowalski was exasperated by having to answer to such inexperience
Employees at headquarters took their time walking past the glass-walled conference room where DOGE staffers had set up, glaring in at them as they worked among stacks of laptops that they used for assignments at different agencies.
He decided to move the DOGE operatives to a more secluded area of the campus and assigned an armed security detail to protect them.
And he sent out insulting full-staff emails pressuring career employees to retire.
“There’s Lee, and then there’s Leland-performingly-Dudek.”)
which could in turn give him credibility as he kept trying to push them toward the real issues at Social Security.
Its demands usually came through Coulter, the DOGE lead with the Harvard and hedge fund background
“I really think it would be helpful if you were to do this tomorrow,” Coulter would say to Dudek about eliminating an entire division of the SSA or cutting more staff
Coulter would call a few hours later on the encrypted-messaging app Signal to ask, “You really aren’t catching on, are you?” and “Do you know how many times I’ve defended you?”
Coulter, who has been working for DOGE at NASA i
But instead of facilitating this effort at greater efficiency, Coulter told Dudek to close the office
Such was the case with the issue of phone fraud. Knowing that the DOGErs would perk up at the mention of anything fraud-related, Dudek and other officials made a point of explaining that they’d been working on an initiative to block bots that had been calling the agency.
The plans included running all phone-based requests for bank account changes against a Treasury Department database of suspicious accounts and analyzing such calls to verify whether they were being made from the vicinity of the address
he White House instructed Dudek to end all claims and direct-deposit transactions by phone.
Beneficiaries would have to verify their own identities by using an often-confusing web portal or by traveling to a field office to do it in person. For millions of elderly or disabled people, these were daunting or impossible options.
“Well, Lee, you just fired that team,” one official answered, referring to the Office of Transformation. (Dudek said he asked this question on purpose to make sure DOGE heard the answer.)
Over the course of six weeks under Dudek, the phone policy zigged and zagged a half dozen times — for example, the SSA adopted, then abandoned, a three-day waiting period to conduct an algorithmic fraud check on all calls — before finally ending up nearly where it began. Transactions could be carried out by phone again.
Throughout this saga, Dudek was still getting calls from White House officials — most often from Katie Miller, DOGE’s spokesperson and the wife of Stephen Miller
Frank Bisignano, in the oval office with President Donald Trump, was confirmed as commissioner of the Social Security Administration in May.
Yet, like DOGE, he appears to have embraced the appearance of efficiency rather than efficiency itself. He has repeatedly told staff that Social Security should be run more like Amazon, with AI handling more customer interactions
Bisignano has also fixated on how much time it takes to reach an agent on the SSA’s 800 number. In a July press release, he claimed that the average was down to six minutes, an 80% reduction from 2024. He achieved this in part by reassigning 1,000 field office employees to phone duty. That means initial calls are getting answered faster, but there are significantly fewer staff members available to handle complex, in-person cases.
Fed Whistleblowers
DIGITAL SECURITY HELPLINE - Access Now
Our Helpline provides 24/7 free of charge technical support for journalists, activists, and human rights defenders
Resources - Access Now
Resources Access Now’s team of policy experts, advocates, and technologists are finding solutions to help everyone protect themselves from digital threats
Forensic Methodology Report: How to catch NSO Group’s Pegasus
NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither of these statements are true. This report accompanies the release of the Pegasus Project, a collaborative investigation that involves more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories with technical support of Amnesty International’s Security Lab. Amnesty International’s Security Lab has performed in-depth forensic analysis of numerous mobile devices from human rights defenders (HRDs) and journalists around the world. This research has uncovered widespread, persistent and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware.
In our October 2019 report, we detail how we determined these redirections to be the result of network injection attacks performed either through tactical devices, such as rogue cell towers, or through dedicated equipment placed at the mobile operator.
free247downloads[.]com
, but also when using other apps.
WebKit local storage, IndexedDB folders, and more.
Safari’s Session Resource logs provide additional traces that do not consistently appear in Safari’s browsing history.
Maati Monjib visited https://yahoo.fr, and a network injection forcefully redirected the browser to documentpro[.]org before further redirecting to free247downloads[.]com and proceed with the exploitation.
iOS maintains records of process executions and their respective network usage in two SQLite database files called “DataUsage.sqlite” and “netusage.sqlite”
network usage databases contained records of a suspicious process called “bh”.
leveraged a vulnerability in the iOS JavaScriptCore Binary (jsc) to achieve code execution on the device
persistence on the device after reboot
“bh.c – Loads API functions that relate to the decompression of next stage payloads and their proper placement on the victim’s iPhone by using functions such as BZ2_bzDecompress, chmod, and malloc
herefore, we suspect that “bh” might stand for “BridgeHead”, which is likely the internal name assigned by NSO Group to this component of their toolkit.
The bh process first appeared on Omar Radi’s phone on 11 February 2019. This occurred 10 seconds after an IndexedDB file was created by the Pegasus Installation Server
At around the same time the file com.apple.CrashReporter.plist file was written in /private/var/root/Library/Preferences/, likely to disable reporting of crash logs back to Apple.
roleaboutd and msgacntd processes are a later stage of the Pegasus spyware which was loaded after a successful exploitation and privilege escalation with the BridgeHead payload.
Network injection is an effective and cost-efficient attack vector for domestic use especially in countries with leverage over mobile operators
iOS keeps a record of Apple IDs seen by each installed application in a plist file located at /private/var/mobile/Library/Preferences/com.apple.identityservices.idstatuscache.plist
spy phone
aadnk/whisper-webui · Getting quite a bit of "Thank you for watching!" during silence
With the VAD enabled, I've noticed that I'm getting quite a bit of "Thank you for watching!". This is not as noticeable without the VAD.
Cell Phone Extraction Software | Access Mobile Device Evidence with Cellebrite Premium
Premium, the leading cell phone data extraction software, legally unlock, decrypt, and extract critical digital evidence from the widest range of all mobile devices.
Cellebrite Inseyets Powered by UFED | Access & Extract Mobile Device Data
Explore the innovative features of Cellebrite Inseyets powered by UFED, revolutionizing the way of forensic examiners extract and access cell phone data.