Ministry of Public Security: anti-terrorism law will not harm free speech of citizens

Chinese Ministry of Public Security Party Committee, the Counter-Terrorism Commissioner Liu Yuejin said recently that from January 1 this year, the official implementation of the "People's Republic of China Anti-Terrorism Act" will not affect network operators and service providers legitimate business activities, there was no use of this provisions do "back door", intellectual property infringement or damage corporate citizens' freedom of speech.

Liu Yuejin said that anti-terrorism legislation fully into account the real problems and practice of the Chinese anti-terrorism efforts in the face of an urgent need to study draws on the provisions of the relevant UN Security Council member states to combat cyber-terrorism legislation and experience the United States, Russia, the European Union, and listen to opinions from all sides, the final regulations, telecommunications operators, Internet service providers should be the public security organs, state security organs according to law to prevent, investigate terrorist activities and the provision of technical interfaces decryption technical support and assistance.

According to reports, the development of information technology, the network has become a terrorist organization and terrorist organization, planning, an important tool for the implementation of activities of terrorist crimes. Violent and terrorist activities in recent years occurred in the vast majority of violent criminals are being spread fear on the idea of ​​network text, audio and video data after the commission of a crime, a number of major cases even outside the Internet planning, directing implementation.

Said Liu Yuejin, enhance network security management, a clear network operators and service providers against cyber-terrorism activities, social responsibilities and obligations is imperative.

Some people think that the provisions of the anti-terrorism law to restrict media coverage of terrorist incidents freedom of the press, Liu Yuejin responded that, in response to the terrorist attacks of the disposal process, the report could lead to inappropriate actions of terrorists acquiring relevant information to victims and to the disposal site adversely affected, and may cause other terrorist tendencies imitation copy, or cause unnecessary social panic.

In order to ensure the smooth progress of the disposal of the public in a timely manner and objective understanding of the situation, the anti-terrorism law terrorist incident, the development of emergency response and the process of information dissemination body, to raise any unit or individual may fabricate, spread false information about terrorist incidents; shall report, dissemination of terrorist activities may cause imitate implementation details; not post terrorist incidents in cruel, inhuman scene; in response to terrorist incidents disposal, in addition to the news media, which is responsible for publishing the work of the governing bodies approved the anti-terrorism information, shall not report staff to deal with the spread of on-site disposal, hostage identity and circumstances of emergency response action and other specific requirements.

In addition, the development of anti-terrorism law in the process, but also give full consideration to the balance between counter-terrorism and human rights. First, the principles set out in counter-terrorism and human rights protection in the General Relations. Second, in the particular system also reflects the principles of human rights protection. Third, involving restriction of personal freedom or property counterpart measures, provides for strict examination and approval authority. Fourth, the emphasis on emergency response for the protection of life and protection of victims.

20 countries involved in the supply chain IS explosive devices Turkey is the largest supplier purchasing

According arms monitoring and research institutes CAR latest report shows, ISIS armed already supply chain worldwide. Now a total of 51 companies from 20 countries around the world involved in the supply chain ISIS explosive devices. These companies manufacturing parts and more than 700 articles, ISIS is used to make a highly improvised explosive destruction.

With electric detonators and detonating fuse from India and Australia;

White Vaseline from Iran;

One of the raw material ammonium nitrate explosives from Turkey;

High-end integrated circuit that controls the bombs from the United States;

Hydrogen peroxide from the Netherlands;

Detonate the bomb with a mobile phone basically Nokia;

As well as China, Brazil, Romania produce aluminum paste.

Because ISIS not have their own plants (occasionally also several air strikes by coalition bombing of) their own there is no way to produce these materials. They only from various countries and channels, with the means of smuggling or smuggling of these products fetched States. Get after these materials, they use these products to make an explosive device attacks, this homemade bomb not only cause harm to innocent people, but also makes the soldiers came to fight ISIS casualties.

So how these things are falling into the hands of ISIS it?

CAR says something like chemical fertilizers (eg ammonium nitrate) aluminum paste and the like, the outlet tube is not very strict, these supply chains can easily be infiltrated ISIS.

Like detonators and other dangerous substances on the outlet tube was quite strict, but many parts of the export licensing system is not perfect, is not sufficient to prevent these items falling into the hands of ISIS.

These companies produce products, will be legally exported to foreign countries (mostly in Turkey) a number of trading companies, ISIS simply let their agents help from these trading companies, "stock", so you can get those bomb-making raw material.

The report notes that there are 13 Turkish companies are involved in the supply chain ISIS explosive device, in which there are eight brokers, they and Brazil, China, India, Russia and other countries have trade.

CAR staff said, "Turkey is the most difficult regulatory and investigative places, sometimes we do not even know how those goods are transported across the border to come here, the Turkish national were an eye, close one eye, which makes we investigated very difficult. "

Investigators tracked down a Lebanese importing company ..... Lebanese official confirmation of these detonators found that import procedures are legitimate .... but do not know how later on to the hands of the ISIS. CAR represents, ISIS is now "semi-industrial" scale in the production of bombs, which ISIS is a bomb-making factory.

Articles making explosive devices, the most surprising is their American-made micro remote control.

Originally it was used in everyday life electronic products, light sensor, or the remote control car keys chip. However, in the hands of ISIS they became key parts making explosive devices. They also found that short-range remote control key parts of the car they love, they are using a mobile phone remote control, which is the most used Nokia 105.

CAR contact during the investigation of these companies involved in the supply chain, and some up to now did not respond, and some responded, but they said he did not know how the product is flowing into the hands of ISIS. "We can only guarantee the product will not be sold to ISIS, but can not guarantee that other customers to buy our products, we will turn sell it."

CAR also said the company did not do anything wrong, at present there is no direct evidence that these companies have business dealings about ISIS. But ISIS can so easily get these products, a variety of Turkish trading company, which became part of the whole in the last part.

Saudi Foreign Minister answered ISIS does not belong to Islam

A reporter asked Saudi Foreign Minister: Speaking before about "Da Ye What" (ISIS) does not belong to Islam, and I quote NATO against you published the article said: Actually ISIS is an Islamic country, and is very Islamization. It does from the Middle East and Europe and attracts thrill seekers who psychotic! However, it is to follow the directions and orders of the rules of Islam. ARTICLE CONTINUES cautioned: this should take measures to deal with related strategies ISIS. What do you think?
Saudi Foreign Minister replied: every religion there are ulterior motives and the mentally ill, and trying to play under the banner of religion. ISIS is Islam, then three K and Christianity is a religion of. Are they not hold high the Holy Cross? They do not act in the name of Christianity do? Is not still believe in the "Christ the Lord" command them to dark-skinned ethnic killings in Africa do? So, we say "three K Party" is the Christian organization? It may also be noted that many other such organizations. There are some in the name of protecting the country or region to engage massacre, the Christians is not detached. The same people also exist in Jewish, but has nothing to do with Judaism. Also present in the Hindu believers, but it does not matter with Hinduism. If anyone argues that ISIS is Islam, then, it is simply absurd.

Islamic faith is the "Koran" to teach, "You have your religion and I have my religion" ( "Koran" 109: 6) You have the freedom you practice your faith, I practice what I have freedom of conscience. In terms of non-interference and mutual tolerance What better expression of it? Islamic faith in: "Where in vain to kill a person, such as kill people; people who save one, such as save people." ( "Koran" 5:32) in terms of expression of kindness and compassion, you still better than this metaphor it? When you see the ISIS said was said from the Islamic classics, do not you read the "Bible" says: "An eye for an eye, a tooth for a tooth ......" If someone doing this today, if you say he is a Christian or Jews do? Therefore, I remind you, a lot of things seem very naive, precisely, is not naive is simply ridiculous! When it comes to ISIS, it seems to represent Islam. This is not so, Islam is a religion, a civilization. Islamic civilization of the Greeks and Romans to protect the history of Western civilization and to create. If there is no Arab-Islamic civilization and Western civilization out of the question! Arab Islamic civilization and Islamic civilization, links European civilization and Chinese civilization, it is worldwide!

I say this show is: Islam is our Chiang civilization, if Islam is extreme or ISIS represent Islam, then Islam will be protected by Aristotle and Socrates, and handed over to the West do? If there is no Islamic civilization, East and West can link? of course not! So, I urge all of you, published articles and statements must be cautious. But be careful there is no reference to the fact that the foundation and articles. thank you all!

US network forces can really blow ISIS Cyber Army

Not long after Defense Secretary Ash Carter prodded his cyber commanders to be more aggressive in the fight against Islamic State, the U.S. ramped up its offensive cyberattacks on the militant group.

According to several U.S. officials, the attacks are targeting the group’s abilities to use social media and the Internet to recruit fighters and inspire followers, U.S. officials told The Associated Press.

U.S. officials confirmed that operations launched out of Fort Meade, Maryland, where the U.S. Cyber Command is based, have focused on disrupting the group’s online activities. The officials said the effort is getting underway as operators try a range of attacks to see what works and what doesn’t. They declined to discuss details, other than to say that the attacks include efforts to prevent the group from distributing propaganda, videos or other types of recruiting and messaging on social media sites such as Twitter, and across the Internet in general.

Other attacks could include attempts to stop insurgents from conducting financial or logistical transactions online.

   

The surge of computer-based military operations by U.S. Cyber Command began shortly after Carter met with commanders at Fort Meade last month.

Several U.S. officials spoke about the cyber campaign on condition of anonymity because they were not authorized to discuss it publicly. Much of the effort is classified.

Carter mentioned the operations briefly Thursday, telling a House Appropriations subcommittee only that Cyber Command is beginning to conduct operations against the Islamic State group. He declined to say more in a public setting.

The more aggressive attacks come after months of pressure from Carter, who has been frustrated with the belief that the Pentagon — and particularly Cyber Command — was losing the war in the cyber domain.

Late last year Carter told cyber commanders they had 30 days to bring him options for how the military could use its cyberwarfare capabilities against the group’s deadly insurgency across Iraq and Syria, and spreading to Libya and Afghanistan. Officials said he told commanders that beefing up cyberwarfare against the Islamic State group was a test for them, and that they should have both the capability and the will to wage the online war.

But the military cyber fight is limited by concerns within the intelligence agencies that blocking the group’s Internet access could hurt intelligence gathering.

Officials said Carter told commanders that he the U.S. to be able to impact Islamic State operations without diminishing the indications or warnings U.S. intelligence officers can glean about what the group is doing.

On Jan. 27, Carter and Marine Gen. Joseph Dunford, chairman of the Joint Chiefs of Staff, went to Fort Meade for an update.

Officials familiar with Carter’s meetings said the secretary was frustrated that as Cyber Command has grown and developed over the past several years, it was still focused on the cyberthreats from nations, such as Iran, Russia and China, rather than building a force to block the communications and propaganda campaigns of Internet-savvy insurgents.

“He was right to say they could be more forward leaning about what they could possibly do against ISIS,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “You could disrupt their support networks, their business networks, their propaganda and recruitment networks.”

However, Lewis added, the U.S. needs to be careful about disrupting the Internet to insure that attacks don’t also affect civilian networks or systems needed for critical infrastructure and other public necessities.

U.S. officials have long been stymied by militants’ ability to use the Internet as a vehicle for inspiring so-called lone wolf attackers in Western nations, radicalized after reading propaganda easily available online.

“Why should they be able to communicate? Why should they be using the Internet?” Carter said during testimony before the defense appropriations subcommittee. “The Internet shouldn’t be used for that purpose.”

He added that the U.S. can conduct cyber operations under the legal authorities associated with the ongoing war against the Islamic State group.

The U.S. has also struggled to defeat high-tech encryption techniques used by Islamic State and other groups to communicate. Experts have been working to find ways to defeat those programs.

Cyber Command is relatively new. Created in 2009, it did not begin operating until October 2010.

Early on, its key focus was on defending military networks, which are probed and attacked millions of times a day. But defense leaders also argued at length over the emerging issues surrounding cyberwarfare and how it should be incorporated.

The Pentagon is building 133 cyber teams by 2018, including 27 that are designed for combat and will work with regional commands to support warfighting operations. There will be 68 teams assigned to defend Defense Department networks and systems, 13 that would respond to major cyberattacks against the U.S. and 25 support teams.

Alipay "privacy door" and "hundreds of thousands reward"

Recently, once exposure "12306 leak" user typcn in twitter in the documents, said: Alipay Android version exists theft of user privacy, the "Alipay Android version every X minutes (server specified) will open the camera to take pictures in the background, recording X seconds and then uploaded to the server, but also there are contacts, call history, near the base station and WiFi and other information. "

typcn to send a Twitter say it, sparked heated debate. typcn The argument has been confirmed by follow-up and a large number of users. Some netizens provide pictures, exposed the process Alipay photographed. Of course, there are users that Alipay there was no incentive to do so, taking pictures without any real benefit for the recording Alipay is. Some users questioned typcn failed to come up with substantive evidence.

February 23, aspect by Alipay official microblogging comment on that individual's social platform "Alipay for Android privacy door" topic, did not elaborate with "argument", wear a "privacy door" hat, plus a variety of techniques noun packaging, may indeed lead to misunderstanding and fear of ordinary users. Alipay permissions apply only to business needs, and do not collect additional information and background operation, but will not infringe, disclose any information about user privacy.

Just the majority of users believe that this incident died down this time, February 24, Ali Baba, a senior security experts situ determination of a response to "Do BB, grading over 100,000 cash to take it," turn this event to introduce another climax .

Yun Shu, the industry's leading security experts. In 2005 joined the Green League, the 2006 starting Yahoo in 2008, joined Alibaba Group, Alibaba is currently a senior security experts.

The first reaction is ridiculous and pathetic. There is no substantive evidence that he saw a little superficial, then use plain simple logic to speculate, and finally to express language to attract attention. In such a computer professional disciplines inside, there is no doubt this thing is ridiculous. However, there are a large number of users convinced, also said the country may allow Alipay so dry, feel deep sorrow.

"Do BB, grading over 100,000 cash take it," A penny saved is in what kind of situation to write?

At that time already know almost pan fried, not only in the discussion called "Secretly Recorded or Photographed a few" problem, Tomorrow, "dedication blessing", "costs of electricity", "mutual Start" and other things all mixed together said.

Faced with the angry crowd, I do not have a technical explanation, because the public do not understand, so I try to use simple logic to demonstrate. The first is the legal risk, I still believe that no one company dare risked endangering national security to risk jail to do this totally unproductive thing in the world. The second is Ali is not without competitors, 360, Tencent, Baidu Ali which one do not want to seize the handle, there is a similar problem to analyze and they will not sue it? But did not play any effect, I do not think we talk about technology, it is begging the question. So I want to destroy Huanglong, addressing the root causes of the problem, let everyone know who put forward the argument is not professional, work attitude, and the way the arguments themselves are not correct, and that is directly sponsored technical challenges, I am willing to pay more Great price, for each other relatively small price, this asymmetric bet to make everyone understand that argument is wrong.

In fact, not long ago, it was forced to publicly slander Alipay user's purchase history, was also a lot of people follow voting with their feet, followed by booing. Later, I understand that they made a mistake. But a few months later, the same thing once again, the same view is wrong, unprofessional argument, anger and irrational people. This is known as the senior elite know almost happened! So, in a very angry at the situation, he wrote the article. I believe that they have someone in the analysis, and I am looking forward to a professional analysis.

Finally, I am now recognized GCD say, people know the truth of blabla. In many cases, people are like, like sardines, but I can not do anything, can not change anything.

You said in response to the computer is a technical subject, but in this incident, and there is no substantial evidence, but there are friends, said, "Alipay has about 1/4 of the code is dynamically loaded, Alipay libs inside so file , but it was not dynamic library, it is a a complete aPK, or some so remote from his server load, but in fact those so files are all apk, apk has a complete structure, drawable, dex have, these apk dynamically inserted into the main program execution. this highly dynamic process, the possibility of evidence have been caught close to zero, "and how do you respond?

Response is simple, then again, the early Gansha go? If you really want to expose a truth, is it not a good sample should quietly saved with a digital signature, the professional and detailed analysis, professional analysis report and submit it? Or that there is no technical but want to have a big news, so can not wait to scrawl? Secondly, a professional security researcher, you told me something dynamic loading analysis can not? When I do this a few years that technology, even the dynamic loading of horses have not seen it? Analysis of those things is how?

User question: Alipay in a statement or evade the "Start (and regular) application to use the camera, recording privilege" because, under normal circumstances, to apply for permission at the user clicks, the use of related functions App will apply the relevant authority (eg, click scan code will apply when using the camera permission), Alipay is why in the case of pre-application permissions the user does not operate? And apply a high frequency?

This is also very simple, write code SB chant. It estimated to be thinking about the brain Xiudou user, first apply for permission to have a good result garbage mess cook.

For the content of the other technical personnel, although the authenticity has not been verified, there is no wonder why we do not believe that this would be so real to confirm the contents, and almost one-sided?

Three reasons mixed together. Alipay Ali is a well some things are not good enough, not sufficient for the majority of users to consider. For example, many users mentioned another wake-up, start card, living area and the like, accumulated grievances. The second herd, join in the fun, from the booing. The third is to help some companies engage in a practice of PR.

Whether IT era, or the era of big data, and the times or DT, user data security has been the focus, how do you think a reasonable application of the user's data?

Like Apple did, the courage and against the government. Finds such a truth: "the user's data is stored in the user's location is not necessarily there, but ownership is only part of the user."

For now, do you think Ali products to users what you think irregularities, irrational logic?

My own trial process, whether or Alipay nails, start very card. Followed by some very good experience, for example, Alipay payment code, the collection code every time thinking for a long time, there is something else, such as the living area and the like. Overall, the user experience is still a long way to go.

No matter what purpose, what do you think this incident is the fuse?

Fuse not know.

This article was published, the company whether your response statement? What kind of impact this article I have for you?

The company does not have any sound to convey to me because this is my personal behavior. I seem to have boarded the company's internal search hot list, but fortunately this is not the first time that I used to.

Why do I always get out of these things, there is no relationship with the company values, with my personal values ​​related. That is to see the wrong, I am going to criticize. I scolded colleagues in the microblogging, but also within the company vice president scolded. I think the technical people would like this, no matter who it is, how high position, regardless of the company disputes inclusive cooperation, I just the truth.

Seriously, if Alipay photographed a few minutes, I'll resign, never into Ali. If someone says a few micro-channel photographed once, as I will stand up and tell them impossible.

So far, if someone has already challenged the hundreds of thousands of your bounty of it?

not yet. But I know if someone is doing the analysis, but they are not for the money, they are rich. They are the technology itself.

Tor Is Less Anonymous Than You Think

The Tor network has been getting a lot of attention lately. About two weeks ago, the number of users on the anonymous network mysteriously doubled, hitting a record high. No one is sure why. Maybe the uptick is from people downloading The Pirate Bay’s new Tor-powered browser? Maybe a result of recent web censorship by the Russian government? Or maybe it's because more people are wising up to the fact that the US government can monitor their every online move?

Unfortunately, the privacy-minded web denizens turning to Tor to protect their anonymity should think twice. So says a new report from the US Naval Research Laboratory and Georgetown University in Washington DC called "Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries." 

Computer scientists took the most thorough look to date at the vulnerability of the Tor network and found it's far less secure than most people believe. In fact, it’s not very hard to reveal the majority of users’ identities if an attacker is willing to put in the time and effort, according to the Register. And it’s even easier for groups that wield a lot of control over the internet, like corporations, intelligence agencies, or countries.

The fact that Tor isn't 100 percent anonymous is no shocker. The Tor Project admits as much on its website, and for years hackers have known of Tor’s traffic correlation problem. Essentially, even though connections are encrypted once you're in the onion network, it's possible for snoopers to see where traffic enters and exits the network, and from there, it's possible to connect the dots and identify the user and the user's destination.

WHAT IT BOILS DOWN TO IS BAD NEWS FOR THE MORE IMPORTANT USES OF THE DARK NET.

What's interesting about this study is its focus on realistic possible attacks from groups that control one or many internet routers. To get technical for a minute: Information travels through the encrypted layers of the Tor network through Internet Exchange Points (IXPs) or autonomous systems (ASes) that control multiple routers, such as ISPs. Since attackers can theoretically see exit or entrance traffic on any of the routers they control, logically, the more points of control, the faster and easier it is to expose users' identity.  

Hypothetically, a state-sponsored cyberattacker could control all of the routers in the country. I'd venture to guess the study, which was part funded by DARPA, is interested in exploring potential cyberattacks from foreign governments. That said, US intelligence agencies certainly have more than a few routers at their exposure. "Such an adversary is highly relevant in today’s setting in which many large organizations control multiple ASes or IXPs,” the researchers wrote. (I reached out to the study authors to find out who this could be possible for, and will update when I hear back.)

What it boils down to is bad news for the more important uses of the dark net: political dissidents hiding from state censorship, journalists protecting sources, whistleblowers trying to escape exposure, or savvy citizens avoiding government surveillance.

What’s worse, not only can the NSA identify a Tor user if it so desired, it could be more likely to target you if you’re using Tor or other encryption services, because your unknown location could be outside the US, a secret document published by the Guardian revealed.

The FBI’s big child porn bust this summer also raised some suspicion from privacy advocates over how easy it is for the Feds to infiltrate Tor. The FBI managed to crack the anonymous network by injecting malware into the browser, in order to identify what it called “the "largest child porn facilitator on the planet.” In the process, the malware revealed the IP addresses of hundreds of users.

So, how bad is the security risk? The study found that even if an attacker had no control routers, 80 percent of Tor users could be de-anonymized within six months. With control of one AS, nearly 100 percent of users were likely to be uncovered, within three months. With two, it could take just one day.

"These results are somewhat gloomy for the current security of the Tor network," researchers wrote, adding that "Current users of Tor should carefully consider if it meets their security needs."

To quantify the risk, the researchers used a Tor path simulator (now on github) and used algorithms to map out the likely interference points on paths throughout the network. The study, which will be presented in November at the Conference on Computer and Communications Security in Berlin, found that the longer a user stays on the network, the higher the chance of exposure.

Screenshot of daily directly connecting Tor users, via Tor Project

Information traveling through the Tor network is bounced around all over the place before emerging at its end destination. Instead of taking a direct route from source to destination, data packets take a random pathway through several relays—individual nodes that don’t know the complete path of the route, so at any single point an observer can’t tell where the data came from or where it's going. There are some 3,000 of these connection and redistribution points around the world. 

“The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you," the Tor Project explains. The data then exits the network at a random exit relay before hitting the destination.

In that way, the recent surge of new Tor users, whatever the reason, could do a lot to boost security. The more people on the network, the more volunteers there are to host a relay or exit relay, the harder it is for a would-be attacker to trace and expose the identity of an individual user.

Wenzhou lawyers Zhang Kai published case truth: instigating illegal gatherings