Mediaboss Marketing

[BJP protest: thats Pannun on the poster]

The critical and most worrying aspect of the Gurmeet Singh Nijjar and Gurpatwant Singh Pannun episodes that no one is paying attention to is just how deeply and extensively the US has penetrated the Indian governments communications network and thoroughly compromised it. It is doubtful if even the most secret discussions in Cabinet meetings and in the Prime Ministers Office are safe from the prying eyes and ears of the US National Security Agency (NSA), leave alone Indian embassies in North America and, perhaps, elsewhere.

NSA operates the largest constellation of satellites in low and high earth orbits, and maintains continuous worldwide electronic surveillance generating tons of elecronic intelligence daily. Only Russia and China have erected formidable electronic/cyber barriers to protect at least the communications networks carrying their most highly classified information and data. The NSA, incidentally, has the highest funding priority of any American intelligence agencies, its budget in hundreds of billions of dollars. The bulk of the analysing is done by CIA, among other intelligence receipients, of the raw NSA data. Incidentally, the largest CIA spend is on analysing incoming NSA and other data and information.

Pressed by the US not to reveal the electronic channels or to compromise the NSA means through which the intercepts were received is, in fact, the reason why the Canadian Prime Minister Justin Trudeau has not onpassed evidence that New Delhi has demanded about the alleged Indian official complicity in the killing of Nijjar. This bit of intelligence was given by the US to Ottawa under the Five Eyes intelligence sharing arrangement. If disclosed it would disclose to the Indian government the weaknesses in the Indian communications system or, much worse, pinpoint the mole inside the Indian High Commission as the source. Canada does not have the technical capability to monitor such communications traffic by itself. The US does, and cued the Trudeau dispensation to the contents of telephone calls the RAW station chief supposedly had with whosoever was on the outside.

It is curious the Modi regime has not denied an Indian government role in the conspiracy that Washington claims to have foiled to do in America a Nijjar to the Khalistani troublemaker Pannun who conveniently enjoys dual citizenship of the US and Canada, leaving him free to do mischief in both countries, and in the UK. Why hasnt Delhi demanded details from the US government as it did from Trudeau? Doesnt GOI want to know just how the US became aware of this supposed plot, and through which channels, and why the Americans are so confident about their accusation? Wheres the evidence? And was it generated by NSA/CIA/DIA or some other agency, or is it, as likely as not, another American mole at work in the Indian embassy on Massachusetts Avenue in Washington?

It is important for Indians to know. After all, it was not very long ago that the Head of RAWs Counter-Intelligence Operations (!!!) a Rabinder Singh (if I recall the name right), was identified as being on CIAs payroll. Before he could be nabbed, he was spirited away by the Americans with not a little help from Indian insiders to Kathmandu, and flown to New York city, where last heard he was reportedly living safe and sound, presumably on the CIAs dime.

In the context of a thoroughly exposed and vulnerable Indian official system, PMO was apprised by the US of what it had by way of irrefutable evidence. It may explain New Delhis cagey response, promising investigation and punitive action regarding the Pannun affair, something Trudeau was unable to draw from Delhi in the Nijjar case.

The more serious issue New Delhi and the Indian public ought to worry about is whether the Indian government has any secrets at all worth leaking? Or, is it taken for granted by Indian agencies that Washington is privy to any and all communications within the government between PMO, RAW and other intelligence units, MEA, Home Ministry, are tapped 24/7/365 (366 in leap years!)? Is this an uncomfortable reality the Indian government has to live with?

Such communications surveillance and monitoring, moreover, is facilitated also by the fact that the entire Indian official network, like the commercial mobile telephony infrastructure, is based fully on imported hardware and, run by foreign software.

This last is a problem a few of us have been futilely squawking about for years, and which SITARA (Science, Indigenous Technology and Advanced Research Accelerator) a pioneering organisation founded and run by retired ambassador Smita Purshottam and engaged in yeoman service to the nation, has majorly flagged. It has repeatedly warned the PMO and other departments of the government at the highest levels, of the national security perils of relying on foreign communications gear with frame embedded bugs and on malware infested imported software.

SITARA has had the occasional success. But, by and large, the various departments and ministries of the government seem unconcerned about the perils of purchasing whole European, Chinese and American systems and associated hardware, and usually Western software driving them, because the inherent dangers are not fully appreciated by those in authority. And this, mind you, despite the availability of safe, protected, indigenous counterpart tech of high quality. This is so eggregiously wrong an attitude and policy it boggles the mind, making one wonder if the government willfully makes itself vulnerable, its atmnirbharta rhetoric so much farce!

The fact is the Indian government and its myriad agencies, including the Indian military, despite all the evidence, continue to trust Indian technology, talent and industry IMMENSELY LESS than they do foreign tech, countries and suppliers. This despite Indian firms, mostly MSMEs, having developed fantastically advanced communications technologies and algorithms. And this despite being aware of the trouble such procurement policies can cause with all government communications being open secrets to the US and the West, and to China.

Now try conducting a half-way effective foreign policy when the parties you deal with are all in the know of the nuts and bolts of it!

Despite some little awareness of this fatal weakness in some sections of some ministries, the Indian government has NOT holistically addressed it, nor sought comprehensive solutions to zero out the risk . The problem has to be tackled on a warfooting. The government needs to invest massively in the private sector MSMEs and other tech innovators, producers and manufacturers in the country such that the necessary communictions wherewithal is entirely, completely and certifiably of Indian origin.

India, right now, has standout Indian startups that have already invented, patented and produced elements for a potential 6G photonic communications system using light quanta to carry voice, information, and data. They are pleading for investment, and custom from the government, but find themselves beating their heads against a stone wall. And then there are Indian companies, like Reliance Communications, which imported Nokia hardware from Finland in crates for their Jio mobile telephony service and labeled it indigenous, who enjoy the Indian governments largesse!

SITARA has been informing and canvassing with the PMO, Department of telecommunications, et al, for funds for these small tech innovation companies to integrate their various technologies into a prototype system for the GOI departments to test. But the government appears disinterested, apparently stuck in the global-free trade stream of thinking that more advanced countries long ago trashed.

It has compelled many brilliant but frustrated Indian talents to shift their small ventures (that I know of) to Singapore and Silicon Valley, with US firms, like Qualcom, running after them, offering technology development facilities, a de-bureaucratised business ecosystem, investment capital, and undertakings to buy their cutting edge technologies.

In this dismal scene we can be certain of one thing though: Once these technologies are fully developed and mature, they will be offered for worldwide sale in a few short years, and come back to India with the California cachet and the Silicon Valley stamp, whence the Indian government and the Indian military and hundreds of official agencies and units will scamper after them, ready to fork out thousands of billions of Indian taxpayers dollars in hard currency!

Such are the contours of the latest saga of technology development unfolding as tragedy in India.

Like Loading...

Read this article:
The Pannun Affair reveals a penetrated Indian government ... - Bharat Karnad

The victim is safe and being treated at a hospital for multiple bone fractures.

Authorities in the US have rescued a 20-year-old Indian student, who was held captive for months without access to a bathroom, viciously beaten, and forced to work at three homes by his cousin and two other men in an incident described as "absolutely inhumane and unconscionable." The victim, whose name was not disclosed, spent months trapped in three homes in the US state of Missouri.

On Wednesday, police descended upon a home on a rural highway in St Charles County. They later arrested Venkatesh R Sattaru, Sravan Varma Penumetcha and Nikhil Verma Penmatsa, and on Thursday charged them with offences including human trafficking, kidnapping and assault.

Police were dispatched to investigate the home after a concerned citizen became aware of his situation and called 911.

The victim is safe and being treated at a hospital for multiple bone fractures, as well as lacerations and injuries covering his entire body, said prosecutor Joe McCulloch.

Over seven months, the men locked the student in a basement and forced him to sleep on an unfinished floor without access to a bathroom, charges say.

He scavenged for scraps in nearby restaurant dumpsters and was beaten with electrical wire, PVC pipe, metal rods, wooden boards, sticks and a water supply hose for a washing machine, St Louis Post-Dispatch, a major regional newspaper, reported.

It's absolutely inhumane and unconscionable that one human being could treat another human being like this, said McCulloch at a news conference Thursday.

The three defendants are accused of confining and abusing the victim at three different homes owned by Sattaru in Defiance, Dardenne Prairie and O'Fallon, starting in April 2023, according to St Charles County's official website.

Sattaru was identified by investigators as the ringleader and lives in the O'Fallon home with his wife and children.

The main suspect in the case, Sattaru, 35, is additionally charged with human trafficking for the purpose of slavery and contributing to human trafficking through misuse of documentation.

Penumetcha and Penmatsa live in the home where the student was rescued.

Authorities said the student had come to the US from India last year with hopes of studying at Missouri University of Science and Technology in Rolla. Instead, he was taken to Sattaru's homes beginning in April and was forced to begin chores around 4:30 am, work a full day for Sattaru's IT company and then complete a list of evening tasks.

The student told police he regularly got three hours of sleep on a concrete floor in a locked basement where Sattaru monitored him with a surveillance camera, according to court documents.

If the 20-year-old didn't complete the tasks properly, he was severely beaten. Charges say he was forced to strip down naked and was hit all over his body. He was kicked, stomped and lashed, charges say, and his injuries included previous fractures and breaks that did not heal properly.

No one answered the door at Sattaru's home on Thursday afternoon. None of the three men had attorneys listed in court documents.

They beat him with their fists, they stomped on him, they beat him with electrical wiring, with PVC pipes, McCulloch said. They forced him to sleep in an unfinished basement, they starved him, and limited his access to the public and to restrooms. McCulloch commended that citizen for making the rescue possible.

If you see something, say something. We would much rather check it out and find nothing than have an incident like this that's been going on for nearly a year, McCulloch said.

Because the three suspects are wealthy and have political connections in India, McCulloch said they are being held at the St. Charles County Jail without bond.

Neighbours in O'Fallon were shaken by the arrests on Thursday.

Many said they'd had pleasant interactions with the family, waving as they passed on the street or playing with children in the cul-de-sac.

It's shocking, for sure, said Chirag Shah, who lives down the street from Sattaru's home.

And in Defiance, an unincorporated community of less than 100 people known for its wineries, gift shops and position along the Katy Trail, neighbours watched as police flocked to the home beginning Wednesday morning, the paper reported.

Police were told at first by a man in the home that they couldn't come inside, but the 20-year-old eventually came running from the basement. He was trembling uncontrollably, heavily scarred and suffering from bruising and swelling all over his body, charges say. PTI NSA AKJ NSA NSA

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)

Read more from the original source:
"Unconscionable": Indian Student Held Captive, Forced Into Labour In US - NDTV

Recently in an address at the Chief of Defence Intelligence annual conference 2023, National Security Adviser (NSA), Nuhu Ribadu remarked that the six-month-old administration of President Tinubu had inherited a bankrupt country which had resulted in budgetary constraints.

He further told the assembled ranks of defence spooks that it is important for you to know that we have inherited a very difficult situation, literally a bankrupt country, no money, to a point where we can say that all the money we are getting now, were paying back what was taken..

As an insider whose duties are at the nexus of issues of national security, the NSAs assessment of the economy must be taken seriously. Indeed President Tinubu confirmed as much a few days later in Saudi Arabia during a discussion with the Vice-President (country programmes) of the Islamic Development Bank Dr Mansur Mukhtar. Said the President at the occasion, We inherited serious liabilities but also assets from our predecessors, but we have no excuses.

Before the NSAs and President Tinubus statements, some of the presidents men namely Bayo Onanuga Bagudu Atiku, Wale Edun and Yemi Cardoso, had all made similar statements on the state of the economy. From all indications in the coming days and months, more of President Tinubus men will repeat the same mantra as the economy continues on its rapid descent and as the government continues to look out for odds.

But it is instructive that while President Tinubu and his men have continued to wax lyrical about the parlous state of the economy they met upon coming to power, Nigerians however observe that ironically by its actions the administration is exacerbating the situation.

It all started with the ill-considered decision by President Tinubu on his inaugural day to endorse the removal of subsidies on petroleum products and a merger of the exchange rates. As this was coming right on the heels of a debilitating ill-thought-out currency reform programme embarked upon by the previous administration of President Buhari in which millions of Nigerians were subjected to untold and undeserving hardships leading to personal and business bankruptcies, it was difficult for Nigerians to believe that the new administration meant well for the people and the country.

We have seen the effect of these policies in the galloping inflation figures rising up to 27% from the latest figures put out by the National Bureau of Statistics (NBS), and the ever-plummeting value of the naira against major currencies. This has led to continuous hardship on the people.

But what is even more galling for the people is that in the midst of its claims of meeting a bankrupt economy, the Tinubu administration is seen embarking on more of the injurious policies the previous administration did to the economy. Instead of prudent management of resources to reflect the lean times the Tinubu administration is on a profligate and reckless spending binge with what is left of the national commonwealth.

The supplementary budget submitted to the national assembly is a pointer to this fact. In all, a large chunk of the about N1.2 trillion budget is proposed for expenditure on luxuries for the president and the vice president.

With the benefit of what we have seen so far most Nigerians are now of the belief that the renewed hope slogan of the Tinubu administration promises more hardship than hope. The excuses being bandied about by its functionaries are clearly indicative of the fact that the administration is in the middle of a crisis of ideas, capacity and will. It is struggling to extricate itself from the spaghetti of contradictions it had created on the one hand and the quiet but ominous hostility of the Nigerian people on the other hand.

But the facts and reality cannot be hidden. The minister of finance, Wale Edun, recently admitted in a speech at a conference of the Institute of Chartered Directors recently that despite the assumptions that the economic policies embarked upon by the Tinubu administration will attract the favour of Western governments and institutions, Foreign investors have shown a reluctance in investing in the Nigerian economy. Invariably this means that without investors coming in, the naira will continue to weaken against major currencies leading to yet more inflation and attendant consequences on the economy. In its forecast for the Nigerian economy for 2024 and beyond, the Economist Intelligence Unit reports that High inflation, low economic growth and unpopular market reforms present substantial political stability risks. More and more Nigerians will fall into poverty as they will not be able to afford even the most basic of necessities for a decent existence.

As the majority of Nigerians are left to their own devices under the most punishing economic regime ever enacted in the country, the Tinubu administration is increasingly looking distinctively weak and vulnerable. Metaphorically in this context, the Tinubu administration is looking like a rabbit caught in the headlights of an approaching vehicle square and out of odds. Thus the NSAs speech which reads like a desperate plea for understanding and assurance to the armed forces can be viewed in this regard.

Let us face it; President Tinubus economic policies are lacking in the necessary fundamentals to transform the economy. As a result, Nigeria is really transiting on the way to economic and political perdition. The palliatives which the administration presented to cushion the effects of the harsh economic policies have proven to be largely inconsequential to the target groups. And there are no indications that after the first flurry of activities, the administration will be able to sustain it in the coming months.

Indeed the administration has found in the harsh economic policies a cynical tool for weaponization of poverty and as an enabler for political capture. The logic here is that the poorer people are made to be, the more they make themselves amenable to being manipulated politically.

Nigerias economic and political future has never been bleaker. The bandwidth for preventing a social explosion is shrinking by the day. The Tinubu administration must hasten to come to terms with this existential reality before it is too late.

Gadu can be reached via [emailprotected] or 08035355706 (texts only).

Views expressed by contributors are strictly personal and not of TheCable.

View original post here:
Tinubu met a bad economy but he's worsening it | TheCable - TheCable

Filippo Valsorda describes it as a call to arms to help fill in a page of cryptographic history.

The former Cloudflare/Golang cryptographer has announced a $12,288 bounty for finding the seeds of five elliptic curves produced by the NSA in 1999 that have since become an industry standard. Valsorda calls them the elliptic curves that power much of modern cryptography, noting that theyre used, among other things, for the certificates securing millions of websites. Theyve been augmented over the decades with even more utility-enhancing formulas and interfaces.

As Valsorda puts it, Theyre a big deal.

But was there a common English phrase used to create this foundational sequence? Valsorda says its creator left behind a cryptographic mystery, some conspiracy theories, and an historical password cracking challenge. And hes calling on the larger internet community to try to solve it.

Or as Valsorda put it on the social networking service formerly known as Twitter, Do you have a bunch of GPUs and passphrase brute-forcing experience? Crack the NSAs five SHA-1 hashes at the heart of NISTs elliptic curves, solve a cryptographic mystery, and earn $8k (tripled if donated to charity).

You can win half the bounty walking away with $6,144 just by correctly submitting one of the five seeds, according to Valsordas site. (Since Even one would make history.) The other half of the bounty goes to whoever submits all five.

And Valsorda will triple payout amounts if the winner names a U.S. 501(c)(3) charity to receive the money. (We reserve the right to veto charity choices dramatically incompatible with our values, but we wont be jerks about it.)

Thats a $18,432 donation for finding just one of the seeds and a $36,864 donation for finding all five. (Valsorda is putting up some of the money himself aided by generous matchers)

But more importantly? Its a chance to write yourself into the history of cryptography itself

It all started in September, when Steve Weis, who is both a cryptographer and a principal software engineer at Databricks, published a thought-provoking blog post. Weis notes the 1999 parameters are the most widely used elliptic curve cryptography standard (adopted in 2000 by the U.S. Department of Commerces official National Institute of Standards and Technology.)

But Revelations of NSA interference in cryptographic standards like Dual_EC_DRBG led to speculation of whether the NIST curve seeds could have been intentionally chosen with a weakness or backdoor known only to the NSA. The blog post notes at least one person raising this suspicion in a 1999 post to a Usenet discussion group about cryptography, and a more recent paper published in 2015 by math professors Neal Koblitz and Alfred Menezes.

Professor Menezes told Weis hed been given the seeds as early as 1997 by long-time NSA employee Jerry Solinas (known for authoring several cryptography standards). But Weis adds Unfortunately, Dr. Solinas died in early 2023 without publicly saying how the curve seeds were generated. Yet Weis has uncovered some tantalizing clues. One of Solinass contemporaries said that around 2013, Solinas had confided that the seed was something like

SEED = SHA1(Jerry deserves a raise.)

But Solinas had revealed even more, suggesting that the seed mightve been lost even to Solinas himself. After he did the work, his machine was replaced or upgraded, and the actual phrase that he used was lost, Weis writes. When the controversy first came up, Jerry tried every phrase that he could think of that was similar to this, but none matched.

Weis adds that after publishing his blog post, a fourth person came forward saying that in 2013, Dr. Solinas recalled to them that the seed phrase had two names in it, like Give Alice and Bob a raise.' Another source claimed Solinas told them the phrase included an arbitrary number that changed with each block of text encrypted. Since then Weis has even tried requesting any documentation under the Freedom of Information Act. (NIST claimed they had no documentation and the NSA ceased responding.)

This leaves what Weis calls a long shot chance: trying to brute force guess short English phrases and see if any collide with a seed from the specifications.

And of course, this inspired Valsorda

Weis succinctly summarizes whats at stake here. Whenever a controversy about the NSA arises among the cryptographic community, it resurfaces a question that has been open for 25 years: How were the NIST ECDSA curve parameters generated?

Valsorda is skeptical that the NSA repeated its interference the way theyd done with the Dual_EC_DRBG standard (noting that earlier standards compromised design immediately stuck out like a sore thumb and library authors had to be paid to implement it.) Valsordas blog post points out that that incident suggests the NSA is kinda bad at backdoors, not magical. But he believes that because of the speculation, some fear, uncertainty, and doubt persists around the otherwise pretty good NIST curves that would be good to clear up

The effort is continuing. On Oct. 8 Valsorda updated the post to include a link to a massive list of nearly 12,000 potential target hashes that cover 99% of the probability space for each of the prime order curve seeds. Valsorda wrote on Mastodon that the list was based on the hypothesis that maybe instead of increasing a counter, the seed/hash itself was increased until a valid one was found.

And of course, theres been a lively discussion on Valsordas Mastodon feed.

@jerry absolutely deserves a raise.

But mixed in with the comical banter, Valsorda has answered some important questions like the user who asked For the uninformed, the seeds being found wont impact the security of using these curves at all?

Valsordas answer? Nope, if anything it would make them more trustworthy, although most cryptographers I know dont think thats necessary.

Valsorda also explained how standardizing on these curves allowed more speedy and accurate encryption than self-generated curves and lets us write well optimized, safer implementations. While you could try generating your own original encryption parameters, the security margin you get from forcing an attacker to crack a few thousand parameters instead of one is just a dozen bits.

And so back on his personal blog, Valsorda is now cheering on an unseen internet community who may finally solve this long-standing mystery. We dont actually care how you find the seeds, Valsorda wrote. It can be brute forcing, clever guessing, sleuth work tracking down NSA employees (dont get arrested), or even recovering that old backup of when you used to work at NIST. If you dont want us to, we wont ask questions.

May the hashrate be ever in your favor, and lets fill out a page of cryptographic history.

See the original post here:
Crack a 1999 NSA Cryptography Standard and Win a Bounty - The New Stack

A new cybersecurity guidance from the National Security Agency is calling on network defenders of the Department of Defense, Defense Industrial Base and National Security System to implement zero trust security on their information technology devices.

NSA on Thursday published an information sheet recommending device security assessment and enhancement through zero trust principles including real-time inspection, remote access protection and patch management.

The cybersecurity information sheet, or CSI, discusses the device pillar of the ZT framework, which ensures that hardware that is within an environment or connecting to resources undergoes strict location, enumeration, authentication and assessment.

An organizations registered IT hardware and software should be inventoried along with their versions and patch levels. They should also be part of acceptance testing and deprovisioning before retirement.

Agencies must regularly check their devices compliance to internal policies and general standards, and update their configuration and firmware versions if necessary, NSA said. Obsolete encryption could lead to easy accessibility and subsequently data breach.

The CSI is also applicable to non-government organizations that could face threats from sophisticated malicious actors, according to NSA.

Read more here:
NSA Cybersecurity Information Sheet Pushes for Zero Trust Security in DOD Devices - Executive Gov