Site will be messed up for a bit as I work on things/break them.
DNL

US Agencies Are Buying Your “Private” Internet Data

US Law enforcement agencies and military have been buying “petabytes” of American citizens’ internet data, according to a letter to the Office of the Inspector General.

According to a letter from Senator Ron Wyden (D-Oregon) to the Office of the Inspector General (OIG), the U.S. military and law enforcement agencies are buying up to ‘93% of the internet’ from the data broker Team Cymru.

The letter from Senator Wyden’s office:

I write to request that you investigate the Departments of Homeland Security (DHS), Defense (DOD) and Justice’s (DOJ) warrantless purchase and use of records revealing the websites Americans have accessed online.

For several years, I have been investigating the government’s purchase of Americans’ data, including location records and web browsing records. This investigation has confirmed that ‘multiple government agencies are purchasing Americans’ data without judicial authorization, including the Defense Intelligence Agency and Customs and Border Protection (CBP)–the latter of which is now being investigated for this practice by the DHS Inspector General.

While I have been able to make public important details about government agencies’ purchase of location data, my efforts to probe and shed light on the government’s purchase of internet browsing records have been frustrated by the Pentagon. On May 31, 2021, I wrote to the. Secretary of Defense to request that DOD provide me — without any restrictions on public release — written answers to questions regarding DOD’s purchase of Americans’ data. DOD had previously provided answers to my questions, which it marked Controlled Unclassified Information (CUI), on March 13, 2021. On August 2, 2021, the Under Secretary of Defense for Intelligence and Security responded to my written request, declining to remove the CUI restrictions on DOD’s answers to my question about intenet browsing records.

A picture of What is Augury?

What is Augury?

After DOD refused to release this information without restrictions, my staff learned that public contract information had been posted online, showing that multiple DoD agencies purchased data from data brokers that reveal internet browsing history: The Defense Counterintelligence and Security Agency spent more than $2 million purchasing access to netflow data, and the Defense Intelligence Agency purchased Domain Name System data. My office asked DOD to re-review their decision to maintain the CUI restrictions on the written answers DOD had previously provided, in light of these public contracts. DOD yet again refused, on May 25, 2022.

In addition, my office was recently contacted by a whistleblower who described a series of formal complaints they filed up and down their chain of command, as well as to the DOD Inspector General and the Defense Intelligence Agency, regarding the warrantless purchase and use of netflow data by the Naval Criminal Investigative Service (NCIS). According to the ‘whistleblower, NCIS is purchasing access to data, which includes netflow records and some ‘communications content, from Team Cymru,a data broker whose data sales I have previously investigated. Public contracting records also corroborate that NCIS has a contract for Augury, ‘which is the name of a subscription service offered by Team Cymru, which includes access to netflow data.

Public contracting records confirm that the Augury tool provides access to “petabytes” of network data “from over 550 collection points worldwide” and “is updated with at least 100 billion new records each day.” The contracting records also confirm that Augury provides access to email data (“IMAP/POP/SMTP peap data”) and data about web browser activity (“cookie usage,” “UserAgent data” and “URLs accessed”).

Contracting records state that the government contractor, Argonne Ridge Group, is the “only known source”of this data. Public records confirm that Team Cymru and Argonne Ridge Group have the same corporate address and have overlapping corporate officers. Government contracting records also confirm that in addition to NCIS, Argonne Ridge Group has contracts with U.S. Cyber Command, the Army, the Federal Bureau of Investigation and the U.S. Secret Service.

‘The whistleblower has informed my office that their complaint was forwarded by the DOD Inspector General to the Navy Inspector General. However, it appears from public contracting records that the government’s purchase of internet metadata, from just one data broker, goes far beyond the Navy. To that end, I request that your offices investigate the warrantless purchase and use of Americans’ internet browsing records by the agencies under your jurisdictions. Your independent oversight must ensure that the government’s surveillance activities are consistent with the Supreme Court’s Carpenter decision and safeguard Americans’ Fourth Amendment rights.

Here is the description of Augury included in the U.S. government procurement record:

The NAVSUP Fleet Logistics Center (FLC) Norfolk, Philadelphia Office intends to acquire, on an other than full and open competitive basis from Argonne Ridge Group, Inc., a subscription to Augury for fifteen (15) individually assigned accounts and data collection for 20 signatures in support of the Naval Criminal Investigative Service (NCIS), Quantico, VA. The subscription will provide for web-based access to an online repository of petabytes of current and historical network data to include BGP Origin ASN/BGP Peer ASN/BGP Prefix, DNS, NMAP scans, Pastebin archives, Botnet data, IMAP, POP, and STMP pcap data, RDP/FTP pcap data, and x509 Certs. The network data includes data from over 550 collection points worldwide, to include collection points in Europe, the Middle East, North/South America, Africa and Asia, and is updated with at least 100 billion new records each day. All IP addresses are geo-located with its domain and IP address ownership identified.

The service includes mapping IPv4 IP addresses to BGP prefixes and ASNs and is based on feeds from at least fifty BGP peers updated hourly. The tool provides the ability to identify a specific IP, an ASN (or ASNs), or an entire country to evaluate what routes have been announced or withdrawn, and by whom. Results are exportable in JSON, Excel, XML, and CSV file formats. The service also identifies compromised devices and botnet families based on network scanning activity and track malware infestations.

Data available includes:

  • DNS history (forward and reverse)
  • Operating system fingerprinting
  • IRC keyword analysis
  • NMAP scans
  • Pastebin archived data
  • Banners on networked devices
  • Beaconing activity
  • Cookie usage
  • UserAgent data
  • Extracted file information
  • IMAP/POP/SMTP pcap data
  • RDP/FTP pcap data
  • URLs accessed
  • x509 Certs

Senator Wyden found that U.S. law enforcement agencies are also buying access to Team Cymru’s tool. The FBI, the Secret Service, Border Patrol, etc. Enjoy your protection from unconstitutional search and seizure, lmao.

This site, cosive.com, used to describe the tool. The description has been replaced with “AUGURY HAS BEEN REPLACED BY PURE SIGNAL™ RECON Please note that Team Cymru Augury has been replaced by Team Cymru Pure Signal™ Recon.” However, an archived version of the website describes the tool.

Team Cymru’s Augury is a data analyst’s portal, providing an intuitive query tool for direct access to 50+ different categories of insight, including passive DNS, network traffic, and observed attacks.

This is the same tool that Team Cymru’s own analysts have developed for their attributive investigations, including selective filtering and post processing. It also allows API access to batch and schedule searches, with email notification. Typical use cases are network defence, cyber threat intelligence, digital forensics, and cyber analytics.

Augury provides access to our unparalleled insight, spanning data categories such as:

  • Internet Traffic Intelligence
  • Botnet and Controller Intelligence
  • Malware Intelligence
  • Miscreant Communications
  • DNS/SMTP/Web Intelligence
  • Indicators of Compromise (IOC)
  • Device Intelligence and Behaviors
  • Darkweb Activity

And also:

AUGURY IS THE VISIBILITY INTO 93% OF INTERNET TRAFFIC

In a Motherboard article, Joseph Cox wrote:

The Augury platform makes a wide array of different types of internet data available to its users, according to online procurement records. These types of data include packet capture data (PCAP) related to email, remote desktop, and file sharing protocols. PCAP generally refers to a full capture of data, and encompasses very detailed information about network activity. PCAP data includes the request sent from one server to another, and the response from that server too.

How is this company getting PCAP data?

30 Comments
It's Called We Engage In A Mild Amount of Tomfoolery
39476b86
cf2ce6b0 Sat, Sep 24, 2022

dnl is tough on crime

1a039536
a46a2210 Sat, Sep 24, 2022

Snowden psyop normalized this.
Also forget the 5-14-109 eye agreements, the US is cooperating with China and Russia.

Also reported the URL slug to the ADL. Enjoy, you antisemite.

bebe6bda
8e827110 Sat, Sep 24, 2022

I will pray for your salvation

a213cdfb
e67a7d30 Sat, Sep 24, 2022

@1a039536

if someone said some negative fact about some race, he is a racist. but if someone did the same think about the jews, he is an antisemite! ayo semites! aren’t you a race? are you humans? reptiles? what are you? the chosen people.

3b49a988
640e1490 Sat, Sep 24, 2022

Answer me this, DNL.

If you hate mass surveillance, and the Jews so much, why does every comment made on the .onion go through Cloudflared clearnet site, hmm?

233901a0
671487b0 Sat, Sep 24, 2022

I do not have hate in my heart for anyone.

7895a7b9
322439f0 Sat, Sep 24, 2022

TO: 233901a0

I’ll contact my boys at the ADL to have this misunderstanding sorted out ASAP.

So why do comments made on the .onion go through the Cloudflared clearnet website? I’m sure my comment, exit node and user agent will go straight into Team Cymru’s collection to be purchased using my tax dollars.

466f530e
61c32110 Sat, Sep 24, 2022

to: 7895a7b9

They aren’t you dipshit. Besides, your user agent will reveal nothing if you’re using the official tor browser like you should be. And unless you’re being a dumbfuck surfing clearnet with your TOR browser then you won’t have an exit node to speak of tahat visible for anyone.

2ea65175
2a1fcf00 Sat, Sep 24, 2022

to: 466f530e

the onion site makes a direct request to the clearnet site in the browser when you comment. you will always have a exit node when using tor. only when you use the clearnet your exit node ip is shown. so cloudflare can see the exit node ip when you comment

@dnl you going to fix this?

f064f6a7
c51570e0 Sun, Sep 25, 2022

to: 466f530e

  1. Right mouse click -> Inspect -> Network Tab
  2. Make a comment.
  3. See a POST request go through the (((Cloudflared))) clearnet website.
  4. Be identified by the NSA.

b7ade46f
25f70310 Sun, Sep 25, 2022

If Team Cymru CEO was a black person, would writing about his engagement in global surveillance to be considered racist instead of antisemitic?

688ced45
fe4906a0 Sun, Sep 25, 2022

Tor was developed by the us military, so you can rest assured the theory is sound. Your ISP can see you are using TOR, depending on where you live they may not care or you could also be using a vpn to cover your tor activity. You run the risk of connecting to a compromised node, not necessarily a government one, perhaps hackers too, but ya, the likelihood of connecting to 3 compromised nodes at the same time, controlled by the same entity is obviously very low. You could could get exploited by some crazy zero day that hasn’t been patched or you were to lazy to update your browser and more obvious vulnerability was exploited. Correlation attack or installing compromised browser software. Or my personally favorite, knowingly disclosing personal information while using tor

c1d5109c
3e567bd0 Sat, Sep 24, 2022

6.8 million jews approved this message!

2f84f91d
9d0862b0 Sun, Sep 25, 2022

Which part was plagiarized? Are news an intellectual property?

b040d642
0f4fe5d0 Sat, Sep 24, 2022

OP wrote this shit after reading the story about the same shit from vice, even plagiarized half this article from the vice article

0017b447
a3dc2b20 Sun, Sep 25, 2022

test but dude could someone please explain to me the dnl Jewish reference, dnl is Muslim last I checked, so much time wasted over skin pigmentation and religious beliefs that are unverifiable. Personally I’m more concerned with financial things that are verifiable, instead of trivial disputes of race and religion when the ones starting this discussions are likely the folks also showing up above the comments section on here for engaging in what you could call: an exceptional amount of tom foolery, if you know what I’m sigidy-sayin my boy.

ac458a0f
6b0065d0 Sun, Sep 25, 2022

WHEN YOU KNOW HOW EVIL JEWISH MEN AND WOMEN HAVE BEEN OVER THE PAST 3000 YEARS, THE RAPE, THE TORTURE, THE PSYCHOLOGICAL TORMENT ….NO OTHER RACE HAS BEEN UNAFFECTED BY JEW MAGIC! SAVE YOUR CHILDREN, YOUR WOMEN FROM FROM RAPE AND SAVE YOUR RACE FROM GENOCIDE

4de188c6
62350030 Sun, Sep 25, 2022

Okay borat, no shitting in the garden in front of McDonalds

f1e74ccb
66a9c700 Sun, Sep 25, 2022

Obviously three-letter agencies around the globe are spying on you, CIA, FSB, MSS, …

They are called spy agencies after all. They keep their operations secret because most of them are immoral / illegal / scandalous.

For now, using Tails / Whonix as your main OS seems to offer the best protection. Hopefully, at least it can prevent them from spying on your browsing history.

I would assume all information I provided to businesses are in the hand of three-letter agencies.

Perhaps the politically-smart move is to use the fear of being spied by foreign spy agencies to advocate for more privacy for all. At least US is a democracy for now. Advocacy is not possible in many countries.

8682a771
903623f0 Mon, Sep 26, 2022

aw poopdollar

56bb9651
a97a5d10 Mon, Sep 26, 2022

i am once again asking for your financial support

38c3ed35
42f7ee90 Tue, Sep 27, 2022

I like to lick the skin of chickens and horses.

ae51ea50
b81ccdc0 Wed, Sep 28, 2022

is updated with at least 100 billion new records each day. All IP addresses are geo-located with its domain and IP address ownership identified.
Welp.

New comments are disabled after ten days in an attempt to limit spam.