Chelsea Manning Is Back, And Hacking Again, Only This Time For A Bitcoin-Based Privacy Startup

Five years ago, from her prison cell, trans whistleblower Chelsea Manning sketched out a new way to protect online privacy. Now, she is helping an MIT-affiliated cryptographer bring the next generation of privacy software online.

Chelsea Manning’s long blonde hair catches in a cool summer breeze as she turns the corner into Brooklyn’s Starr Bar, a dimly lit counter-cultural haunt in the heart of the hipster enclave of Bushwick. The 33-year-old best known for leaking hundreds of thousands of top-secret government documents to Julian Assange in 2010, then coming out as a transgender woman, walks past a poster depicting sea turtles, humans and geese merging to form the outline of a dove. Beside the image are the words, “Your Nations Cannot Contain Us.”

Dressed in a black suit and wearing a silver Omega watch, she makes her way to a small wooden table illuminated by a shaft of sunlight. She orders a Coke. Contrary to what one might expect, this whistleblower turned trans icon looks uncomfortable in the hip surroundings. A fan reverently approaches her and welcomes her back. “This is my life,” she says after he leaves, expressing gratitude for the well wishes and lamenting the loss of her privacy. “I’m not just famous—I’m in the history books.”

While serving the longest sentence ever doled out to a whistleblower after she used the privacy-protecting Tor Network to anonymously leak 700,000 government documents, she used her time in incarceration to devise a better way to cover the tracks of other online users.

Knowing that the nonprofit Tor Project she used to send files to Wikileaks had become increasingly vulnerable to the prying eyes of intelligence agencies and law enforcement, she sketched out a new way to hide internet traffic using blockchain, the technology behind bitcoin, to build a similar network, without troublesome government funding. The entire plan was hatched in a military prison, on paper.

Fixing the known weaknesses of these networks is about more than just protecting future whistleblowers and criminals. Private networks are also vital for big businesses who want to protect trade secrets. The privacy network industry, including the virtual private networks (VPNs) familiar to many corporate users, generated $29 billion in revenue in 2019 and is expected to triple to $75 billion by 2027.

Manning thinks that not-for-profit efforts like Tor, which relies on U.S. government funding and a worldwide network of volunteers to run its anonymous servers, aren’t robust enough. “Nonprofits are unsustainable,” says Manning casually, sipping from her Coke. “They require constant upholding by large capital funds, by large governments.”

By January 2017, she was 7 years into a 35-year sentence at Fort Leavenworth, home to the likes of former Army Major Nidal Hasan, who killed 14 fellow soldiers in 2009. As President Barack Obama prepared to leave office, he granted Manning an unconditional commutation of her sentence. Newly tasting freedom, she was contacted by Harry Halpin, the 41-year-old mathematician who worked for World Wide Web inventor Tim Berners-Lee at MIT from 2013 to 2016 helping standardize the use of cryptography across Web browsers.

Halpin asked Manning to look for security weaknesses in his new privacy project, which eventually became Nym, a Neuchâtel, Switzerland-based crypto startup. Halpin founded Nym in 2018 to send data anonymously around the Internet using the same blockchain technology underlying Bitcoin. To date, Nym has raised some $8.5 million from a group of crypto investors including Binance, Polychain Capital and NGC Ventures. The firm now employs ten people and is using its latest round of capital to double its team size.

Halpin was impressed by Manning’s technical knowledge. More than just a famous leaker who happened to have access to secret documents, Manning struck Halpin as someone with a deep technological understanding of how governments and big business seek to spy on private messages.

“We’ve very rarely had access to people who really were inside the machine, who can explain what they believe the actual capabilities of these kinds of adversaries are, what kinds of attacks are more likely,” says Halpin. “She’ll help us fix holes in our design.”

Born in Oklahoma on December 17, 1987, Manning had her first exposure to what’s called network traffic analysis in high school. She and her Welsh mother, Susan, had moved to Haverfordwest, Wales, in 2001, when Manning was 13. In a computer class there, in 2003, she first learned to circumvent blocks put in place by the school to prevent students downloading certain files—and got caught pirating music by Linkin Park, Jay-Z and others.

The headmaster had been watching remotely. “It was the first moment where it dawned on me, ‘Oh, this is a thing. You can do this.’ By 2008 Manning’s interest in network traffic analysis first brought her to The Onion Router (Tor), a volunteer network of computers that sits on top of the internet and helps hide a user’s identity. The nonprofit organization leveraged something called “onion routing,” which hides messages beneath layers of encryption.

Each message is only decipherable by a different member of the network, which routes the message to the next router, ensuring that only the sender and receiver can decipher it all. Ironically, the network colloquially known as the “Dark Web,” used by Manning to send classified documents to WikiLeaks, was developed by the U.S. government to protect spies and other government agents operating online.

At around the same time Manning discovered Tor, she joined the U.S. Army. As a young intelligence analyst her job was to sort through classified databases in search of tactical patterns. After becoming disillusioned with what she learned about the fighting in Iraq and Afghanistan, she plugged into her computer, put in her headphones, and loaded a CD with music from another of her favorite musicians, Lady Gaga.

Instead of listening to the album, though, she erased it and downloaded what would eventually be known as the largest single leak in U.S. history, ranging from sensitive diplomatic cables to video showing U.S. soldiers killing civilians, including two Reuters journalists.

In prison she studied carpentry, but she never stopped exploring her earlier vocation. “I’m a certified carpenter,” she says. “But when I wasn’t doing that, I would read a lot of cryptography papers.” In 2016, she was visited in prison by Yan Zhu, a physicist from MIT who would later go on to become chief security officer of Brave, a privacy-protecting internet browser that pays users in cryptocurrency in exchange for agreeing to see ads.

She and Zhu were concerned with vulnerabilities they saw in Tor, including its dependence on the goodwill of governments and academic institutions. In 2020 53% of its $5 million funding came from the U.S. government and 27% came from other Western governments, tax-subsidized nonprofits, foundations and companies. Worse, in their opinion, the technology being developed to break privacy was being funded at a higher rate than the technology to protect it.

“As the Dark Web, or Tor and VPN and all these other services became more prolific, the tools to do traffic analysis had dramatically improved,” says Manning. “And there’s sort of been a cold war that’s been going on between the Tor project developers, and a number of state actors and large internet service providers.” In 2014, the FBI learned how to decipher Tor data. By 2020 a single user reportedly controlled enough Tor nodes to steal bitcoin transactions initiated over the network.

Using two lined pieces of composition paper from the prison commissary, Manning drew a schematic for Zhu of what she called Tor Plus. Instead of just encrypting the data she proposed to inject the information equivalent of noise into network communications. In the margins of the document she even postulated that blockchain, the technology popularized by bitcoin, could play a role.

Then, this February Halpin woke her up late one night with an encrypted text message asking her to take a look at a paper describing Nym. Developed completely separately from Manning’s jailhouse sketch, the paper detailed an almost identical system disguising real messages with white noise. A hybrid of the decentralized Tor that relies on donor support and a corporate-owned VPN that requires trusting a company, this network promised the best of both worlds.

Organized as a for-profit enterprise, Nym would pay people and organizations running the network in cryptocurrency. “The next day I cleared my schedule,” she says. By July she’d signed a contract with Nym to run a security audit that could eventually include a closer look at the code, the math and the defensive scenarios against government attacks.

Unlike Tor, which uses the onion router to obscure data sent on a shared network, Nym uses what’s called a mix network, or mixnet, that not only shuffles the data, but also alternates the methods by which the data is shuffled, making it nearly impossible to reassemble.

“Imagine you have a deck of cards,” says Manning. “What’s really unique here is that what’s being done is that you are taking essentially a deck of cards, and you are taking a bunch of other decks of cards, and you are shuffling those decks of cards as well.”

And, as it, turns out, not every government is comfortable using a privacy network largely funded by the U.S. government. Despite Halpin’s commitment to build a network that doesn’t require government funding to operate, in July Nym accepted a €200,000 grant from the European Commission to help get it off the ground.


“Knowing that Wikileaks had become increasingly vulnerable to prying eyes from intelligence agencies and law enforcement, she sketched out a new way to hide internet traffic using blockchain, the technology behind bitcoin.”


“The problem is that there was never a financial model that made any sense to build this technology,” says Halpin. “There was no interest from users, venture capital and big companies. And now you’re seeing what we consider a once-in-a-lifetime alignment of the stars, where there’s interest in privacy from venture capital. There’s an interest in privacy for users.

There’s interest in privacy from companies. And most of the interest from the venture capital side and the company side and the user side has been driven by cryptocurrency. And this was not the case even five years ago.”Even Tor itself is exploring how to use blockchain to create the next generation of its software. After receiving 26% of its total donations in cryptocurrency last year, the Tor Project received a $670,000 grant from advocates of the Zcash cryptocurrency and sold a non-fungible token (NFT) representing the first .onion address for $2 million in May, 2021.

Now, Tor cofounder Nick Mathewson says the Seattle-based nonprofit is exploring some of the same techniques developed by cryptocurrency companies to create Tor credentials that let users develop a reputation without revealing their identity. What he calls an “anonymous blacklistable credential.”

“If you’ve got a website, and somebody does something you don’t like, you can ban them,” says Mathewson. “You can ban the person who did that activity without ever finding out what other activities they did or figuring out whom you banned.”

Though Mathewson is interested in the possibility of using blockchain to upgrade Tor itself, he warns that making for-profit privacy infrastructure could lead to more money being spent on marketing than product development. “Our mission is to encourage the use of privacy technology,” says Mathewson. “I don’t really care whether that privacy tool is the one I made or not.”

Ironically, the same cryptocurrency culture Halpin says brought so much attention from investors, deterred Manning from getting involved earlier. Though she counts herself among the earliest bitcoin adopters, claiming to have mined cryptocurrency shortly after Satoshi Nakomoto activated it in 2009, she sold her bitcoin last year for decidedly nonmonetary reasons.

“I am not a fan of the culture around blockchain and cryptocurrency,” she says. “There’s a lot of large personalities that are very out there, like your Elon Musks and whatnot,” she says. “And it‘s very, like, ‘Oh, we’re going to get rich off of blockchain.’ It’s very nouveau riche. Like a new-yuppies-bro-culture that’s surrounded it. It has gotten a little bit better in some corners. But I think that culture is what I’m talking about. It’s like Gordon Gekko, but blockchain.”

Michael del Castillo

By: Michael del Castillo

Source: Chelsea Manning Is Back, And Hacking Again, Only This Time For A Bitcoin-Based Privacy Startup

.

Related Contents:

On the Malleability of Bitcoin Transactions

Cryptocurrency thefts, fraud hit $1.2 billion in first quarter: report

Cryptocurrency Anti-Money Laundering Report

Hackers Steal $60 Million From Japanese Crypto Exchange Zaif

More than $90 million in cryptocurrency stolen after a top Japanese exchange is hacked

Major issues resulting in lost or stuck funds

$300m in cryptocurrency’ accidentally lost forever due to bug

The Multi-sig Hack: A Postmortem

Smart contracts vulnerabilities: a call for blockchain software engineering

Ethereum Fork Could Help Restore Frozen Parity Cryptocurrency

Police steamroll 1,000 bitcoin mines after ‘electricity theft’ prompts power outages

Sandwell Bitcoin mine found stealing electricity

Mac OS X Trojan steals processing power to produce Bitcoins

The Hacker News The Hacker News +1,440,833 ThAlleged Skynet Botnet creator arrested in Germany

When bitcoins go bad: 4 stories of fraud, hacking, and digital currencies

Bitstamp exchange hacked, $5M worth of bitcoin stolen

Teen Hacker and Crew of ‘Evil Geniuses’ Accused of $24 Million Crypto Theft

All About Bitcoin Mining: Road To Riches Or Fool’s Gold

US police force pay bitcoin ransom in Cryptolocker malware scam

Watch out! Mac malware spread disguised as cracked versions of Angry Birds……

Hack Brief: Hackers Stole $40 Million from Binance Cryptocurrency Exchange

5 Reasons Why You Should Care About iOS 15

Surprisingly, last week is the first in a while that Apple Beta Program participants didn’t see a new build of iOS 15. Public Beta 8 was released two weeks ago, with the anticipation that the golden master would be released to testers a week after.

That didn’t happen. Instead, all signs point to the golden master being released this week in conjunction with the Apple iPhone event happening tomorrow, September 14. It might even skip “golden master” altogether and go straight to public release later this week.

So soon, everyone will get their hands on iOS 15. Some of the tentpole features, like the updated Maps app, redesigned Safari, and “all new” Notifications are either underwhelming or controversial. Plus one of its biggest features, Shareplay, which lets you share your media during FaceTime calls, is sidelined till iOS 15.1. So why should you care about the latest OS from Apple?

Here are five things that you’ll actually use that make iOS 15 worth getting excited about.

1. iCloud+ Makes Browsing More Secure

OK, boring stuff out of the way first. Everyone says they want to be more secure but no one actually cares. They share their email. They reuse passwords. They connect to any WiFi hotspot, even if its name is “H4CK3R-4-LYFE.”

Apple’s iOS has had strong password suggestions for a while now, but iOS 15 goes even further to keep you from your own worst habits. iCloud+ has a Private Relay feature that acts like a virtual private network (VPN). Basically, it hides the location of where you’re connecting  to the internet and who you are, even from Apple. You can’t use it like a regular VPN to spoof a location (say, if you’re trying to convince Netflix you’re in a different global region). But if you’re advanced enough to be doing that, you probably don’t need Private Relay to begin with. This feature is for those who want to be safer online but don’t want to mess with the nuts and bolts.

Hide My Email is the iCloud+ feature that you’ll actually notice and use. Rather than provide your real email to every random form and newsletter on the internet, this will let you mask your email with a fake address that’s then routed to your iCloud email address.

2. It’s Easier To Find Things Shared With You

“Oh, I’ve seen that trailer. My buddy shared it with me. One sec.”

Scroll, scroll, scroll

“Hmm. Maybe not him? Maybe my brother?”

Scroll, scroll, scroll

“Not him either. Huh. Um. I know I’ve got it. Hold on…”

Sound like a familiar scenario? With so many links, photos, and videos being shared with us on a daily basis, it’s easy to lose track of just what we’ve received and from whom. That’s why the persistent Shared With Me category in iOS 15 is an absolute gift. Now, there’s a whole list of shared links available when opening a new tab in Safari. Looking for pictures?

The Photos app has a shared category as well. Same with the TV and Music apps. Granted, the last two probably won’t see as much use but it’s still nice to have a convenient list of things that you want to check out in the app where you’ll most likely use it.

Speaking of sharing, if you frequently share multiple photos in Messages, they’re now organized in an aesthetically-pleasing stack. It’s a minor, but welcome, change.

3. Photos Are Way Better

The Photos app gets some major quality of life improvements in iOS 15. The auto-generated memories are better and seem to surface more of the images you care about. They can also use real music from your Music app! Now if you want to use Queen’s “You’re My Best Friend” for that memory about your dog, you can, rather than being stuck with generic upbeat instrumental music.

Photos are smarter as well, letting you dive deep into images and identify things like animals, plants, locations, and people. Plus you can finally copy text from images! No more flipping back and forth between an image and Safari to enter the name of that weird restaurant that you took a picture of. Select the text in the image, then copy, paste, and search. It’s especially useful for those acquaintances that love to send you screenshots of web pages rather than the actual web page address.

4. Anyone Can Join FaceTime Calls

FaceTime is a lot of fun but until now it’s been an Apple-only affair. With iOS 15 you can create a share link that lets anyone join your FaceTime call from their browser, no matter what device they’re on. Of course, if you’re joining that FaceTime call from an iOS device, there are all kinds of new enhancements to calls – better audio, video, and, eventually, real-time screen sharing. It’s like Zoom, but more focused on the social. If you prefer to do your FaceTime calls via Memoji, you’ll appreciate the new clothing options (among other new customizations).

5. Focus Lets You Instantly Transform Your Phone

Do Not Disturb and Sleep Mode were wonderful innovations that helped us wrest time back from our phones. The new Focus mode is like that, but with even more utility. Now, instead of just silencing notifications, you can create an entire home screen just for that mode.

Want to have a Fitness mode that surfaces weather, workout, and health widgets, plus your fitness and music apps? Create it and when you activate the Fitness focus mode, your phone will transform. You can also set it to let people know that you’re working out (or driving or whatever). And while there are several different types recommended, you can also make your own. It’s an easy way to embrace task-based layouts.

And this is just the tip of the iceberg. There are even more features coming to your phones when iOS 15 is released to the public later this week. Be sure to tune in to the Apple keynote tomorrow to check out the iOS 15 release announcement (and all the new iPhones!).

Follow me on Twitter or LinkedIn. Check out my website.

I’ve been writing about technology, gadgets, and pop culture back before Apple had even thought of the iPhone. I’ve seen the rise and fall (and rise again) of Apple. I’ve watched c-beams glitter in the dark near the Tannhäuser Gate… In addition to Forbes.com, I am a contributor at TheRoarbots.com. As a technical writer, I specialize in deciphering the undecipherable, untangling the kraken-like documentation tangles that software companies find themselves in, and teaching users how to successfully navigate their products on the other side. I also enjoy playing in superheroic worlds of my own creation (you can find out more about my fiction endeavors at AnthonyKarcz.com). You can find me on Twitter (@sunstreaker84), Facebook, and Google . If there’s something you want to see me tackle, drop me an email at: anthonyATanthonykarczDOTcom.

Source: 5 Reasons Why You Should Care About iOS 15

.

Related Contents:

Apple Releases iOS 14.8 and iPadOS 14.8 With Security Updates

Apple Seeds Eighth Betas of iOS and iPadOS 15 to Developers

Charting The Explosive Growth of the App Store

Scott Forstall, the Sorcerer’s Apprentice at Apple

Watch Steve Jobs Unveil the First iPhone 10 Years Ago Today

The original iPhone announcement annotated: Steve Jobs’ genius meets Genius

Apple: “we plan to have an iPhone SDK in developers’ hands in February

Nine Years of Apple’s iOS SDK generated $60 billion, 1.4 million jobs

Live from Apple’s iPhone SDK press conference

Jobs: App Store launching with 500 iPhone applications, 25% free

iPhone App Store breezes past 500 million downloads

App Store officially passes 100,000 app mark”. Macworld. International Data Group

Apple App Store Hits 650,000 Apps: 250,000 Designed For iPad, $5.5B Paid Out To Devs

There are now 1 million iPad apps

Developing for Android vs developing for iOS – in 5 rounds

iOS 14 compatible devices list: Will you be able to install it on your iPhone today

Widgets – System Capabilities – iOS – Human Interface Guidelines – Apple Developer

How to find your notifications and respond when you’re ready

How Functional Animation Helps Improve User Experience

App Store now requires developers to use official API to request app ratings, disallows custom prompts

Apple’s Revolutionary App Store Downloads Top One Billion in Just Nine Months

A Study on Icon Arrangement by Smartphone Users

Crypto-shredding using effaceable storage in iOS on stanford.edu

Apple has revoked Facebook’s enterprise developer certificates after sideload violations

Apple has sold more than 800 million iOS devices, 130 million new iOS users in the last year

Android and iOS Squeeze the Competition, Swelling to 96.3% of the Smartphone Operating System Market for Both 4Q14 and CY14

Strategy Analytics: Android Captures Record 88 Percent Share of Global Smartphone Shipments

Cybercriminals Are Coming for Your Business. Here Are 5 Simple Ways to Keep Them Out

Now, more than ever, is a crucial moment to button up cyber security measures at your company. Small businesses were easy prey for cybercriminals during the pandemic. A shift to remote work meant hackers had their pick of unsecured home networks and devices. Now, even though many businesses have moved back to in-office work, it’s likely they’ll still be targeted by hackers. Savvy thieves often see small businesses as a “Trojan Horse” to the larger businesses with which they partner.

Panelists at a Chamber of Commerce event on Thursday shared tips on what businesses need to keep in mind in order to protect their data and assets from cyberattacks.

Ransomware comes in via email and can hide for several days.

Some cyberattacks will do damage instantly, taking down all of your systems and locking you out. But some, such as ransomware emails, require more time to take root.

“So maybe an employee clicks on an email that goes through their device, and they send that email to somebody else that hits another application or device. It can really be in your system for several days before you notice it,” said Tara Holt, senior product marketing manager at Iron Mountain. The delayed timeline is crucial to keep in mind as you work to nail down when and how a breach occurred.

Backup critical data, both on- and off-site.

Holt and other cybersecurity experts encourage businesses to store a backup of your most critical data as a second line of defense. This should be both off-site and online. Your business may still be able to operate during a cyberattack, even in a limited context, if there’s a backup handy.

Make sure payment processors are PCI compliant.

An overlooked area of cybersecurity is your third-party payment processor. Businesses that make hundreds of transactions per day must ensure that security standards are in place to prevent theft. Most merchants that accept credit cards must adhere to the Payment Card Industry Data Security Standard, or PCI.

A few credit card companies allow merchants that are not PCI compliant, but tread carefully with them — you’ll likely be stuck with the bill in the event of a breach. “If you get a breach, and you’re not PCI compliant, it’s a minimum of $80,000 apiece and MasterCard will have to charge you, because they’re going to have to resubmit new cards for those people whose cards may have also been compromised,” said Renee VanHeel, president of Pay It Forward Processing.

You can pay the ransom, but don’t expect to get your data back.

While taking cybercriminals at their word is always a risky undertaking, when it comes to ransomware, few crooks are honest players. Businesses that pay ransoms must deal with the very likely possibility that any data they get back will either be incomplete or corrupt.

An estimated 92 percent of victims who pay the requested ransom don’t get their data back, according to a 2021 Sophos State of Ransomware report.

Use a “zero-trust network” and multi-factor authentication.

Chances are, your team probably needs a refresher on what makes a strong, unique password, which can go a long way toward securing your systems. Best practices include combining three or more unrelated words — proper nouns are good — with numbers or special characters separating them.

Requiring the use of VPNs is also key. Saïd Eastman, CEO of JobsInTheUS, says his company uses both an internal VPN and a third-party VPN for customers. “We do that because we believe it’s important for us to provide a secure environment for our employees to get in to do their jobs, but also a place for our customers,” he said.

Holt also suggests that businesses create what is called a “zero-trust network” that authenticates users every time they log-in. Multi-factor authentication, where users must enter a passcode that is sent to their phone or email, is another good safeguard.

“Adding in as many different layers of security as you can can really be that first step to protect you,” said Holt.

%d bloggers like this: