Friday, January 31, 2014

Excel VBA tutorial 01: record, edit and run macros

A reason for creating this blog, and which I have left aside too much is Excel and VBA tutorials. This will be the 1st VBA Tutorial and is intended for people like my past colleagues who asked me how they could learn VBA to avoid doing the same manual tasks every day.


In the world of telecom operators, we care about QoS (Quality of Service). We have a lot of antennas & equipment to supervise of which quality fluctuates day by day. In order to monitor the quality of equipment, metrics are recorded. These metrics are very numerous (hundreds or thousands). Here's some example of what we record in order to monitor quality:

  • call attempts
  • call successes
  • call drops
  • etc.

I'm keeping it rather non-technical since the focus of this article is on VBA, not telecoms.

So, in our network, we have more antennas than we can humanly check every day. And in order to improve the network, or prevent its degradation over time, we want to know which antennas (which we call "cells" as in "cellular network") have a lot of dropped calls. We will therefore create a macro that sorts our data so we can see which cells need urgent care.

Developer mode & keyboard shortcuts

First things first: we need to make sure that "Developer" appears in the ribbon menu. It will make life much easier to access macros.

by default, the Developer tab is absent. But we'll see how to bring it up

In Excel's "big button menu", click "Excel Options".

In the "Popular" category, check the checkbox to show the Developer menu. That's it!

If you prefer using keyboard shortcuts, the following ones will be useful:

  • ALT + F11: brings you to the VBA code window
  • ALT + F8: opens the macro menu, letting you choose which macro you want to run or edit

Recording the macro

For our example, we'll assume that we have files containing very basic data:

  • cellid (identifier of the telecom equipment)
  • drops (number of calls interrupted)
  • calls (number of calls initiated)

By default, our file is sorted by cellid, but we want to see it sorted with the highest number of drops at the top.

Now, think of the way you would sort your data to have the highest number of drops at the top! it would take the following operations:

  • select columns A, B, C
  • go to tab menu "Data"
  • select "Sort"
  • do the sorting: sort by drops, sort on Values, order Largest to Smallest

We will do just that but we will record it in a macro. That means we will

  • start Excel's macro recorder
  • do the manual sorting
  • stop Excel's macro recorder
Start the recorder by clicking the following button in the lower left hand corner of your Excel window!
note: if it does not appear in your Excel window, you can also find it in the tab menu "View", ribbon menu "Macros", submenu "Record macro..."

After you click the "OK" button, your next actions will be recorded in the macro entitled "Macro1" (you can change this name now or later). So just click OK.

You'll notice that the button in the lower left hand corner has changed to this:

Now you can do the complete manipulation and press the square button (stop recording macro) when you're done.

Analyzing the recorded code

Now, we want to see the code that has been produced when recording our moves, and understand what it does. That's how we will understand how Excel works and how we can later do changes to the code to suit our needs.

Open the VBA window by going to the tab menu "Developer" and clicking on "Visual basic"... or you can do the same with ALT+F11.

In the modules, find Module1 and double-click on it. Single click is not enough.

You should get the same content as shown here, except you will have different colors. I have changed my colors in order to have a black background that preserves my eyes after long hours of programming.

So let's see the content of the macro:
...that's pretty straightforward. This selects columns A to C.

All the rest is gibberish, but it has the word "sort" in many places, so we can safely think that it's doing the sorting. However, we will notice a few things:

  • it mentions "Sheet1" many times. So if we want to later reuse this macro, we'll have to pay attention to the sheet name.
  • It mentions Key:=Range("B2:B15") as well as Order:=xlDescending. That's obviously the column B (drops) which we are using for sorting data.
  • we see SetRange Range("A1:C15") which is the area containing my data. We see that it is limited to the 15th row. So if someday we have more than 14 rows of data (15 rows minus the header row), the macro might not process data beyond the 15th row... but that can be modified of course.

Change the name of the macro to something meaningful. Maybe it will be like:
Sub SortByDrops()

Checking the result of the macro

Let's go back to the Excel window. Our data is already sorted by drops, so we need to put it in a different order so we can run the macro and check that it does its job.

Sort the data by cellid.

Then open the macro menu (ALT+F8 or from the menu "View", "Macros", "View macros")

We see our macro, so we can simply launch it by pressing the "Run" button.

And voila! You now have your first macro which can sort data.

Further exercise

Now, make a copy of the macro "SortByDrops", which you will name "SortByCellid". With this new macro, we will try and sort data by cellid so that we can easily come back to the initial state of our Excel file.

Modify this new macro by changing

Go back into Excel.

Run this new macro.

Observe the result. It should be "almost" what we were looking for. You can find by yourself what detail is wrong and how to modify this macro to make it perfect.


This is a very basic tutorial. The 2 macros themselves are not very useful but what's very important is that we learned:

  • how to record macros
  • how to check the code and modify it
  • how to run macros 

It might be very crude, but that's truly the starting point for writing VBA macros.

Tuesday, January 28, 2014

Voices of a Distant Star (2002) ★★★★★


I think this is the first OAV that I review on my blog. Certainly, the cartoonish aspect is a turn-off for people who are unfamiliar with Japanese media. In Japanese culture, cartoon is not exclusive to children but it is an art form in itself which can be employed not only for children but also for any genre from thriller movies (Perfect Blue), to adventure (Wings of Honneamise), comedy (Samurai Champloo), action/fighting (Hokuto no Ken),  horror/gore (Elfen Lied), erotica... This OAV is targeted at a teenage and young adult audience and is a romantic psychological drama.


Mikako (a girl) and Noboru (a boy) are 2 junior school friends. Thanks to her excellent scores at school, Mikako successfully enrolls in the army as a mecha pilot and is sent to fight extra-terrestrials discovered in the surrounding of planet Mars. As the chase brings Mikako ever further away from Earth, her messages to Noboru take longer and longer to travel, extending to months and even years between the transmission and the reception.

My verdict

A true jewel, though short: 25 minutes only. Let's tackle the criticisms first! English voices are definitely stereotypes of the whiny girl and the indecisive boy. The character design is a bit simplistic, borderline doujinshi. That's it for criticism! That was fast. Now let's see the good of this movie!

The melancholy and the heart-wrenching feeling of separation in a long-distance relationship are very well transcribed (and I know what I'm talking about). With the time passing, we also perceive the evolution of the teenage characters into adulthood and the evolution of their relationship. The scenes and landscapes are splendid. Even though it's kind of a cheap move to use still backgrounds, it fits the epistolary nature of this story. Mikako's fights are violent verging on a gore side and I think this is a denunciation of the army in general and a factor explaining how the different daily experiences of both characters push them to evolving in different directions. The choice of putting the girl in the fighter role is a good alternative to the stereotypical gender roles in society and it allows both characters to focus on their feelings, while avoiding the nauseating representation of the heroic male worshiped by a stay-home vacuous female. In just 25 minutes, and with very little text, this OAV delivers a very rich scenario. Final verdict: 5 (not distant) stars and an enthusiastic recommendation.

Monday, January 27, 2014

Online dating: the unexpected "Part 2"

A few days ago, I published an article about online dating where I drew on scientific studies and dating sites surveys results to improve your chances of success. Hardly had I published that article that I watched a video discussing other ways to improve your chances, based on a "study" published by Zoosk, a dating website.

After following a few links, I could only find results of a survey presented in a graphic, while news articles refer to, at best, Zoosk's blog. So... journalists are not doing a good job at citing sources.

Let's check the recommendations to improve our profile! I'll just remind you though, that I'm focused on improving my male profile in order to attract the attention of women. I have sorted the results in order of how big the effect is. So don't go correcting your spelling mistakes before you've put that full body shot online!


Full body shot: women want to see your whole body, not just your face. And the benefit is dramatic. You'll get 203% as many messages and you're 33% more likely to receive a response to your outgoing messages.

Be honest: mentions of of divorceseparate or my ex will get you 52% more messages. OK... this one comes as a surprise to me. I mean... of course showing honesty is good, but I thought women don't really want to hear about your past. I guess I'll have to think again.

Be positive: when you use "positive" words like creativeambitiouslaugh, or healthy, you'll get 33% more messages.

Share your hobbies: mentioning your hobbies will get you more responses. Words related to physical exercise (jogging, running, yoga, lifting weights...) will get you 21% more messages, as will words related to intellectual activities (book, read, write...). Music-related words will get you 15% more messages.

Outdoor photo: an outdoor photo will give you a sizable +19% messages.

Use the smart smiley: the smiley with a nose :-) seems to convey more positive emotions than the more recent smiley without a nose :) so use the right one to get 13% more responses or risk using the wrong one and get 66% less responses

Check your spelling: spelling errors will hurt your profile. Modern web browsers and text editors include spell-checking so just pay attention to details and if some words are underlined by a red line, you probably should correct that.


Posing with animals: will get you 53% less messages... Really? This one goes against the findings of OkCupid that I mentioned in my first article. Well... if recommendations are conflicting and if this can hurt your profile as much as 53%, I'd recommend to be on the safe side and leave animals out of the picture.

Including other people in your photos: will get you 42% less messages. Ouch! But that's understandable. Women want to see you. Not your friends. Not your family.

Rush for real-life meeting: if you mention dinner, drinks, or lunch in your first messages, you'll get 35% less messages. This scares women away. Big time.

Spelling mistakes hurt you by 13%.

Selfie: women don't respond well to selfies, and you'll degrade by 8% your chances of getting a response. So don't do it!

Mentioning words that women don't want to hear at the moment: words like baby, beautiful, or cute are not what women are interested in when they discover your profile. The word beautiful is something that they've heard over and over again from thick guys. Plus it's kind of sexist, because if that's all you have to tell her, it's like you're less interested in her other traits. Babies... well, that's supposed to come up in more serious discussions after you've established a decent contact and that you start considering the possibility of a future. No rush!


More advice cannot hurt. Hopefully this is a good complement to my first article. And there's certainly more to discover.

Friday, January 24, 2014

Online dating

TL;DR: if you want to improve your chances with online dating, go check the conclusion!

Some time ago, a friend of mine who's single started a conversation about online dating. Because he had information to share but was also eager to get the tips from other friends.

The essential points he made at first were:

  • Women are very solicited, to the point that men receive a reply to only 1 in 20 messages.
  • Photos are critical to success
  • Your introduction message is important to trigger the will for a woman to contact you or discuss with you
  • If a woman initiated the contact with you, the chances to meet her in real life are high.

Some of these considerations can be reflected upon, using common sense. And some considerations will be best addressed by science!

Image license: CC-BY-NC 2.5 xkcd

Personal considerations

Before addressing the true substance of the subject, I think it's useful to state a few things.

Most important of all: I think a relationship should be honest. What you're looking for should be clear to the other person, and what the other person is looking for should be clear to you. If you're rooting for true love, mindless sex, or if you want to enter a relationship with an open mind but without a clear idea of where it will take you, that should be understood between you and the other person.

This article will be written from my perspective: a straight man looking for true love. The points I'll discuss will probably be just as valid in the case of someone who wants non-committed relationships, but some concerns are gender-specific and women will need to do their own research.

I did have a relationship with a woman I met online, but that was back in the glorious days of ICQ so it was a bit different from the modern dating websites. And I'm not currently dating or using online dating sites, as I'm still recovering from a breakup. But I'll probably put what follows in motion when I'm ready to date again if I don't meet someone through usual everyday life.

If you have a lot of free time, that you're not overwhelmed by sport, family, friends, and dates, then consider opening your profile to meeting women for friendship! Having more friends doesn't hurt, and women have female friends who are single.

Common sense

So... if you get only 1 answer for 20 messages and if you have less chances of success when you initiate contact than when women initiate contact, statistically, you need to be ready to send a lot of messages. Realistically, it would be exhausting to craft a 100% individualized message every time for every woman who attracts your interest. So you'll need to keep standard contact messages that you'll simply copy-paste and tweak here or there according to each woman's profile. Unless you're absolutely starving for a relationship, you're probably searching for women who live in the same area as you. So maybe there's something interesting to say in your standard message about the area you live in, and which could find an echo with women. Or maybe you're a sport addict and you're intent on finding a like-minded person. Then that's gotta go in your standard message. And when you think your message is ready, don't just check if it's ok! Try and put yourself in the shoes of a woman receiving this message, who knows nothing of you and who's looking for a man. Is your message the standard nonsense saying she's beautiful and that she's received 200 times? Your message needs to look like you're a real human person whom she'll like to know and whom she'll like talking to.

Your introduction message needs to stand out from the crowd. It can stand out because of style, because of mystery or because of humor. Your message needs to make women want to know more about you. Ideally, you could (should) ask a female friend to review your introduction. If she says it's bad, then swallow your pride and get back to work! It's like cooking: your female friend won't do it for you but after you've cooked, she can tell you if it's good.

If you get the chance of a response or if a woman initiates contact, then you have a shot sooner or later at meeting her in real life. For obvious reasons, women feel less secure than men when meeting, so the place where you meet needs to be a neutral ground or someplace that she can feel safe. So it must not be very near your place nor very near hers. And it needs to be a somewhat public place like a pub's terrace, restaurant or café, and ideally one of the well-lit places, not the dark pubs with their oppressive atmosphere. And it must not be too noisy, because you it would make it difficult to talk and get to know each other. The place needs to have an easy access to public transport and/or taxis or parking space. With this in mind, you could plan in advance the best place(s) so that you have a ready-made answer when the question comes up. And she might bring a friend for safety's sake.


Science works! When your intuition disagrees with science, just set your intuition aside and stick with what data tells you! For this article, science matters on the subject of photos.

First and quickest source of science is this ScienceDaily article according to which red shirts make you more attractive.

The effect is consistent across cultures, which means it's valid regardless of which country you're from. If you have a scientific mind, just knowing this fact is not good enough and you should be wondering: how big is the effect? Because, if the gain of attractiveness is very small, then we don't really care. From the study itself (PDF file, 184 KB), we see 3 effects measured on scales of 1 to 9, and the amplitude of the benefit for each of these effects is:

  • Perceived attractiveness: +1.5 point
  • Desired sexual behavior: +1.8 point
  • Perceived (social) status: +1.3 point
That's a significant effect!

That study also tells us that being muscular makes you look more attractive, but you certainly knew that already, and it will take longer to improve than your online profile.

Second source of scientific data, we go to OkCupid's article about profile pictures.

The first meaningful thing we learn there is about facial expression on your photo. This can come as a surprise (and therefore we need to thank science again), but the more photos that will get you the more positive response among women require that you:

  • Don't make eye contact with the camera
  • Don't smile
  • Don't make flirty faces

The second thing we learn is about the context of the photo. The best results will be obtained:

  • with an animal
  • or doing something interesting

The "showing off muscles" is reserved for really muscular guys (not me) and could totally ruin things for you.

What does it mean to "do something interesting"? That's up to you. If you're a musician, your "something interesting" is obvious. For others... well... figure it out! Reading? Cooking? Soldering? There's got to be something you do which elicits the reaction "Oh! this guy is doing this stuff which will save me from doing it myself or which I want to share with him".


Publishing this article may ruin my chances when I finally start dating and that the potential woman finds my blog and this article... or on the contrary, it could totally boost my chances by making me appear like a smart Alec with a plan.

Hopefully, this article can be helpful to people who do their research to set the odds in their favor.

Don't feel bad about copy-pasting a standard message with quick tweaks and sending it to many women, because women have the upper hand and if you don't do that, then you'll just waste your time and you'll give up after getting no response at all.

Get a female friend to review your introduction message.

Short recap of what your photo should look like:

  • wearing a red shirt/jersey
  • no eye contact with the camera
  • not smiling
  • with an animal
  • doing something interesting

Science rocks!

Extra science tidbits: the average age for getting married is 3 years younger for women than it is for men. So when you set the minimum and maximum ages in your search, you could try and center the age range around an age 3 years younger than you.

Monday, January 20, 2014

James Bond


Everybody knows James Bond. Even people who don't have a TV, who are not interested in the subject. I knew about James Bond before I watched the movies. I used to think that James Bond is the handsome cool guy who saves the world and gets the girl at the end. And I used to think that James Bond movies are just normal movies, talking about some spy story. That is... I used to think that before I went on a watching spree, a couple of years ago.

Before I break the myth, I have to specify, however, that I'm just a fan of cinema. Not a James Bond fan. So I'm not the kind of person who knows every villain and remembers every twist of every plot of every movie. So if you're a real JB fan, I hope you'll forgive the small mistakes that could occur.

Rating the films

The James Bond series does not always deliver good stuff. So here's the list of movies, with the ratings I give and my recommendation of movies to watch... Maybe you're as curious as I was and you're going to watch the whole thing... suffering a lot in the process, especially with "On her Majesty's secret service". But maybe you want the essential JB story including some of the average films that help with the essential story of JB's life.

So here's the code:
bold green or bold orange = must see
green = good
orange = average
red = bad

1962: ★★★☆☆ Dr. No
1963: ★★★☆☆ From Russia with Love
1964: ★★★★☆ Goldfinger
1965: ★★★☆☆ Thunderball
1967: ★★★☆☆ You Only Live Twice
1969: ★☆☆☆☆ On her Majesty's Secret Service
1971: ★★★★☆ Diamonds are forever
1973: ★★★☆☆ Live and let die
1974: ★★★☆☆ The man with the golden Gun
1977: ★★★☆☆ The spy who loved me
1979: ★★★★☆ Moonraker
1981: ★★★★☆ For your Eyes Only
1983: ★★★☆☆ Octopussy
1985: ★★★☆☆ A view to a kill
1987: ★★★☆☆ The living daylights
1989: ★★☆☆☆ License to kill
1995: ★★☆☆☆ GoldenEye
1997: ★★★☆☆ Tomorrow never dies
1999: ★★★☆☆ The world is not enough
2002: ★★★☆☆ Die another day
2006: ★★★★☆ Casino Royale
2008: ★★★★☆ Quantum of solace
2012: ★★★☆☆ Skyfall

The character

James Bond is loosely called a "spy". But the word "spy" refers to many different kinds of jobs. A person relocating in a foreign country and gathering intelligence is also called a spy, while his activity is very different from JB's. More accurately, James could be called a deniable operative. His job is about action more than intelligence.

Now, the big thing: James Bond is a psychopath. He's focused, self-serving, ruthless. He has sex with women but is emotionally detached from them... Or rather than emotion, it's empathy that he lacks ; a subject I touched on, in my article about the psychopath test. He will have sex with the villain's girlfriend as a mean to an end. He also kills without regret, as in the 1st movie, Dr. No, where at some point (not really a spoiler) he murders a henchman who was not anymore in a threatening position.

The films

James Bond movies are highly formatted. These movies last 2 hours. While your random movie lasts 92 or 97 minutes, formats calculated with television schedules in mind, JB movies have always lasted 2 hours ever since the 1st one in 1962. Even though the 2 hours mark is not strict, the difference will never exceed more than 10 minutes, with a minimum of 1h50 and a maximum of 2h05.

These movies are also cut in 3 acts. There might be 1 single exception to this rule: Skyfall. But all the rest is divided in 3 acts of almost equal length (40 minutes each) that take place in 3 distinct locations, or rather 3 countries.

...and this takes me to an under-appreciated fact about James Bond movies. They're movies about travelling, about discovering countries and their wonders. It's full of beautiful landscapes, exotic architecture or art, and foreign cultures. Next time you watch a JB movie, try and identify the division of the movie in 3 acts, each of which props a different location!

And of course, the obvious, but it still needs a mention: JB movies try and fit the reality of the current geopolitics and take on some of the major topics of geopolitical concern.


Even though some single JB movies are terrible, the overall series is rich, coherent and highly formatted.

As I hope to have shown here, and which you can judge next time you watch one of these movies, there's more than initially meets the eye. Who, among the casual viewers, knew that the series has such a dedication to travels? Who noticed the division in 3 acts of 40 minutes? Who knew that women (and men) admiring the character were falling for a psychopath?

I hope this article was food for thought and that it excited your curiosity.

Thursday, January 16, 2014


Intelligence is a complex subject and a loaded word which encompasses many aspects.

IQ is generally considered to be one measure of intelligence, but it generates a lot of controversy. And I believe a lot of the controversy comes from jealousy towards people who are higher on the scale. Indeed, if you compare your personality to someone with a much lower IQ, you will certainly recognize that IQ tests measure something related to intelligence. But if you compare yourself to someone with a much higher IQ, you instinctively become defensive and start making excuses about how the test is not accurate, not relevant, not a good enough measure. Such was, at least, my initial reaction about IQ.

The least controversial and the most accurate definition of IQ is undoubtedly the tautology "IQ is that which is measured by IQ tests". The average score of IQ is 100 because IQ evaluations are designed so that 100 is the average value.

I was listening to a lecture by Nikos Lygeros about characteristics of extreme intelligence (link to YouTube video in French language). The notion of extreme intelligence is reserved for people with IQs of 170 and up... so I'm not part of that group... and he made a few remarks worthy of note.

When people are separated by 50 or more IQ points, they can't communicate well and probably cannot understand each other because their perceptions will be too much affected by the prism of their different minds.

Because of this, people with extreme IQ cannot easily access to positions of political power because their discourse will not be able to connect with people too far at the bottom end of the IQ spectrum. The greater the gap, the less ability to reach. In fact, groups tend to choose leaders whose IQ is above the average, but not too much above the average.

If we accept Lygeros' statement, the estimated IQ of Neanderthals is 47 points. While the scale is tailored to give an average score of 100 to modern humans, it means that Neanderthals are just a bit further away from the 50 points divide mentioned previously. So by this standard, the average modern human would have a hard time communicating and relating to a Neanderthal.

Now let's look at the upper half of the scale and the difference between average people and extremely intelligent people!  If you take this statement in reverse, it can also give you an idea of the difficulty for 2 people distant on the scale, to relate to each other. And even though this might hit the sweet spot of jealousy mentioned earlier, this gives an idea of the difficulty for an average person and an extremely intelligent person to relate to each other. The divide between them is comparable if not greater in size to the divide between Neanderthal and the average modern man.

Because of this, it can be difficult for extremely intelligent people to integrate into society. One would think that higher intelligence provides the tools to achieve anything, but if these individuals cannot find people with whom they share emotions and understanding, then they're kind of doomed to loneliness. In a recent comment, James Gleick (author of "Chaos", which I recommend) mentioned the aloneness that is common to geniuses like Feynman and Newton.

I think high-IQ societies like Mensa have a role to play in the integration of high-IQ people, even though I don't buy completely what they say about emotions and sensibility of geniuses. I think I'll try and join Mensa someday, so hopefully I'll have more to report on the subject.

Tuesday, January 14, 2014

The war on women

Since the terrible events of September 11th 2001, politics (and by this, I mean "policies") have drifted a lot towards the right wing in many countries. Part of what constitutes the "far right" everywhere in the world is anchored in traditional woman-hating religion.

I consider myself a feminist, even though I take great issue with some feminist militants (not all) whom I think are not just rooting for equality between men and women. So, sooner or later, I will publish an article that doesn't take too kindly to such unreasonable militants who label themselves feminists... but I'll leave such minute arguments aside for today.

The USA is full of religious fundamentalists. It pains me that it is so, but it's like that. 76% of Americans are Christians, many of whom reject the idea of natural selection and think that the Earth was created less than 10,000 years ago. Even more than half of the population would refuse to vote (regardless of policies) for an atheist presidential candidate. So, I'll skip quickly over the cumbersome numerical details, but the fact is: USA is full of Christian equivalents of the Taliban.

Since George W. Bush's rise to power, Christians have become more and more radical. They have no regard whatsoever for their own Constitution, since the separation of Church and State mandated by the 1st Amendment specifically prevents them from establishing theocratic politics. Republicans and Tea Partiers have been fighting women's rights. Nowadays, abortion is becoming more than just impractical. It has become a practical impossibility for some people. Many states are creating unwarranted laws mandating specific though useless equipment, procedures, and standards that abortion clinics cannot meet so that these clinics become unable to operate and disappear.

For a woman to be granted an abortion, some states have mandated medical procedures which are useless and unrelated to the condition of pregnant women, which consists in the insertion of medical devices in their vagina. In other words, women who want to have an abortion need to submit to a form of (statutory) rape. It is rape.

A more recent thing is to force women to look at ultrasounds of the zygote they want to abort. It's psychological abuse. As if the process of abortion itself was not already a psychological burden that women will carry for the rest of their life, states now insist on religious-driven procedures which are useless to the abortion and which will traumatize women.

A more recent thing yet again... Women who want to abort need 2 consultations with at least 24 hours in between these consultations. So if there's no abortion clinic nearer than 300 miles (and such is the case in some areas), they're looking at a looong drive, consultation, motel, waiting, consultation, rape, pyschological abuse, medical intervention, and looong drive back. That's 2 full days away from home and being a victim of sex-obsessed religious fundamentalists... Plus it can also get worse if the doctor refuses to perform the operation out of his religious concerns.

And there's now discussion about putting in place new laws that restrict abortion to raped women and women whose life is endangered by the pregnancy. This would add "rape panels" to the process where a group of people would ponder on rape victims' case to decide whether they believe that it was really rape or not really rape... With religion, there's no reason and no boundary to cruelty or insanity.

That's for the USA.

In Spain, the politicians in power are also planning to roll back abortion rights and restrict them to the only 2 similar cases as mentioned above: rape, and life-threatening conditions. Spain!!! I'm in Europe and we started building a democracy that is still fragile but Europe is supposed to be the beacon of reason and sanity that a few Americans still look up to with teary eyes when they see how their own country is descending into madness.

In the post-911 World, with our politics drifting to the religious extreme right-wing, people have to keep their eyes open and speak up against the suffering that fundamentalists want to impose on women. Could you imagine laws being rolled back to cancel the equal rights of all races? or laws that would reinstate slavery? Well, this is exactly what Spain and the USA are doing. They're demolishing the social progress that made modern countries into happy societies, and they're bringing us back towards the Dark Ages.

Last nail in the coffin: I know little about Spanish politics and I'm more familiar with American politics. If you look at the people who are making these changes so cruel towards women, you'll find panels exclusively composed of white males. It is sometimes said ironically that "feminism is the crazy idea that women are people too". The war on women is real and good men need to affirm their support for women to be able to do what they want with their bodies. Religion is hypothetical at best. Women's condition is very real.

Thursday, January 9, 2014

Windows XP users: time to upgrade NOW

Windows XP was a nice operating system. But like all products, it has to die someday. And that someday is in 3 month. After April 8th 2014, Microsoft won't support Windows XP anymore, which means that it will be open-bar for virus creators to attack people still using WinXP.

And to emphasize that they mean business, Microsoft is also ending its support for its products on WinXP. So, if you MS's antivirus MSE, it will stop protecting your WinXP on April 8th.

You still have 3 months to replace WinXP by Win7 or Win8. It will be a pain in the neck to learn how to use a new operating system, but if you don't, it's like sending an invitation card to hackers to come and visit your emails as well as monitor everything you do on your computer, and giving them your credit card details.

You could see this as a form of fear-mongering, but this is no exaggeration. Microsoft discontinues WinXP and has warned about it for a loooong time. The clock is ticking. 3 months!

Books: converting a non-reader to reading

Books are one of the best things in the world. They can change your life. If you're desperate to hook up your child to books, hopefully this will be of some help.

When I was a kid and a teenager up until 14 years old, I rarely read books, to the dismay of my mother. When I was 8, 9, or 10 years old, she tried to interest me in "The Famous Five" series, to no avail. She did (and still does) have a love for words and reading and she deemed important for her children to read. And she was probably pleased that my elder sister shared her interest for books. But that wasn't my thing at all. I was into comics and the various magazines I was subscribed to, which told me about dinosaurs, tropical snakes, planets, stars, etc... and I was watching way more cartoons and TV series than reasonable.

I did read occasionally some book recommended by a friend, like Barjavel's "Future Times Three".

Tipping point

In the various quiz shows that I had watched, there was a book title that came back regularly so I supposed that it had to be a good one. And it was about science-fiction. So, some day, while discussing with my mother about my lack of reading, I mentioned it to her and told her that if she bought me "Dune" I would read it. She accepted. But instead of buying me "Dune" which is often sold in 2 volumes, she brought me the full series of 7 books... the latter ones being much bigger than the first ones. I am not sure if that was accidental or a Machiavellian move, but it did have positive results, so if your kid says OK for a book, just bring him the full series and play dumb! The beginning of my journey through Dune was tedious. I think it took me a full summer to read the 2 volumes of Dune plus Dune Messiah which completes the first story. 2 months for 3 books is lame, but that's a starting point.

Then I read on the rest of the series. That's when I got into role-playing games, which got me to read rules books. Then I discovered other science-fiction books or series. I also picked up Werber's "Empire of the ants" and "The Thanatonauts". From there, I already had a liking for science-fiction novels which was fed even more by meeting other students who recommended me books they had read. It even happened on some weekend that I picked up a book at breakfast only to finish it by dusk of the same day.


Partly because it took me so long to get through it, I don't recommend Dune as a starting point. Instead, I recommend Roger Zelazny's 1st chronicle of Amber (the first 5 books):

  1. Nine Princes in Amber
  2. The Guns of Avalon
  3. Sign of the Unicorn
  4. The Hand of Oberon
  5. The courts of Chaos
I successfully used this series of novels to introduce my non-reading best friend to reading.


Nowadays, I read a bit of everything: programming languages, geopolitics and economy, spy novels, biology, philosophy, religion... Books are an incredible source of knowledge, and they can be useful to teach oneself in the professional world. But you need the right conditions to start reading.

Friday, January 3, 2014

VisaMapper: where can my passport take me?

Foreword: VisaMapper has been mentioned on a major blog today and as a result, it is slow. But it should be alright tomorrow. And yes! that's where I discovered it.

VisaMapper is a cool website showing the visa conditions for every nationality. Provided that data is up to date, it's a useful tool for travelers.

It will take work, though, to keep everything up to date. With about 200 countries in the world, there are roughly 40,000 combinations of nationality/destination to keep track of. Also, the map is not perfect, missing countries like Luxembourg and Kosovo, not naming correctly the Democratic Republic of Congo, not taking into account the split of Sudan and South Sudan... but these are minor flukes.

Also, what would be precious is a link to the official source of information of visa conditions because when you're a traveler, you want certainty and you don't want to take the risk of being turned down at the airport's check-in or at arrival.

Another idea of future functionality for this website would be to find compatible destinations for couples of different nationalities. I have been in a relationship with a lady of a different nationality and it's kind of stressful to find countries with visa conditions that accommodate both people.

Last but not least

Let's play a little game! Get your map up! Just by looking at the map and the cut of borders, how many countries are you able to name correctly? Before I started travelling, I think I would have got 20 or 30 countries right. Now, I'm around 90. Knowing the location of countries is also helpful to understand international news.

Thursday, January 2, 2014

30th Chaos Communication Congress: Jacob Appelbaum's talk

Every year in Germany, a conference named Chaos Communication Congress is organized where speakers have in common a passion for computers and security.

Jacob Appelbaum, one of the speakers, is an important public figure particularly known for leading the Tor Project and being part of the Cypherpunks (video #1, video #2) together with Wikileaks founder Julian Assange and civil rights organization LQDN founder Jeremie Zimmerman.

He has already spoken in the past about abusive surveillance by governments, which the Tor Project is specifically designed to curtail. But in the very specific context of post-Snowden-revelations, Appelbaum has plenty to talk about (and not enough time).

Here's the video! and since I lent a hand to Corrente for correction of the transcript (not yet reviewed by them), you can find the transcript below.

Note: transcript provided under a CC BY-SA license. Original author:Corrente. Modifications by me.

So recently we heard a little bit about some of the low-end corporate spying that’s often billed as being sort of like the hottest, most important stuff, so the FinFisher of the hacking team VUPEN,  and sort of in that order it becomes more sophisticated and more and more tied in with the National Security Agency. There’s some Freedom of Information Act requests that have gone out that actually show VUPEN being an NSA contractor, writing exploits, that there are some ties there. This sort of covers the sort of, the whole gamut I believe, which is that, you know, you can buy these like little pieces of forensics hardware, and just as a sort of fun thing I bought some of those and then I looked at how they worked and I noticed that this “Mouse Jiggler” you plug it in and the idea is that it like keeps your screen awake. So have any of you seen that at all? This piece of forensics hardware so your screensaver doesn’t activate. So I showed it to one of the System D developers and now when you plug those into a Linux box that runs System D, it automatically locks the screen when it sees a USBID.


So when people talk about free software, free as in freedom, that’s part of what they’re talking about. So there’s some other things which I’m not going to really talk a lot about it because basically this is all bullshit that doesn’t really matter and we can defeat all of that. This is the individualized things we can defend against.

But I want to talk a little bit about how it’s not necessarily the case that because they’re not the most fantastic, they’re the most sophisticated, that therefore we shouldn’t worry about it. This is “Rafael,” I met him when I was in Oslo in Norway for the Oslo Freedom Forum, and basically he asked me to look at his computer because he said, “You know, something seems to be wrong with it. I think that there’s something, you know, slowing it down.” And I said, “Well, I’m not going to find anything. I don’t have any tools.” We were just going to like sit at the computer. And I looked and it has to be the lamest back door I’ve ever found. It was basically a very small program that would just run in a loop and take screenshots. And it failed to upload some of the screenshots, and so there were 8 gigabytes of screenshots in his home directory.


And I said, “I’m sorry to break it to you but I think that you’ve been owned.” And by a complete idiot.”


And he, he, yeah, he was, he was really actually, he felt really violated, and then he told me what he does, which is he’s an investigative journalist who works with top secret documents all the time with extreme, extreme operational security to protect his sources. But when it came to computing, J-school failed him. And as a result, he was compromised pretty badly. He was not using a specialized operating system like Tails, which if you’re a journalist and you’re not using Tails you should probably be using Tails unless you really know what you’re doing. Apple did a pretty good job at revoking this application, and it was, you know, in theory it stopped, but there are lots of samples from the same group and this group that did this is tied to a whole bunch of other attacks across the world, actually, which is why it’s connected up there with Operation Hangover. The scary thing, though, is that this summer, after we’d met, he was actually arrested relating to some of these things. And now, as I understand it, he’s out, but, you know, when you mess with a military dictatorship it messes with you back. So even though that’s one of the lamest back doors, his life is under threat.

So just simple things can cause serious, serious harm to regular people that are working for some kind of truth telling. And that to me is really a big part of my motivation for coming here to talk about what I’m going to talk about next, which is that for every person that we learn about like Rafael, I think there are lots of people we will never learn about, and that’s, to me that’s very scary, and I think we need to bring some transparency, and that’s what we’re going to talk about now. And I really want to emphasize this point. Even though they’re not technically impressive, they are actually still harmful, and that is really a key point to drive home. I mean, some of the back doors that I’ve seen are really not sophisticated, they’re not really that interesting, and in some cases they’re common off-the-shelf purchases between businesses, so it’s like business-to-business exploitation and software development. I feel like that’s really kind of sad, and I also think we can change this. We can turn this around by exposing it.

So, what’s it all about, though? Fundamentally it’s about control, baby, and that is what we’re going to get into. It’s not just about control of machines. What happened with Rafael is about control of people. And fundamentally when we talk about things like internet freedom and we talk about tactical surveillance and strategic surveillance, we’re talking about control of people through the machinery that they use. And this is a really, I think a really kind of, you know – I’m trying to make you laugh a little bit because what I’m going to show you today is wrist-slitting depressing.

So. Part 2, or Act 2 of Part 2.
Basically the NSA, they want to be able to spy on you and they, if they have ten different options for spying on you that you know about, they have 13 ways of doing it and they do all 13. So that’s a pretty scary thing, and basically their goal is to have total surveillance of everything that they are interested in. So there really is no boundary to what they want to do. There is only sometimes a boundary of what they are funded to be able to do and the amount of things they’re able to do at scale. They seem to just do those things without thinking too much about it, and there are specific tactical things where they have to target a group or an individual, and those things seem limited either by budgets or simply by their time. And as we have released today on Der Spiegel’s website, which it should be live – I just checked, it should be live for everyone here – we actually show a whole bunch of details about their budgets as well as the individuals involved with the NSA and the Tailored Access Operations group in terms of numbers. So it should give you a rough idea showing that there was a small period of time in which the internet was really free and we did not have people from the U.S. military that were watching over it and exploiting everyone on it, and now we see every year that the number of people who are hired to break into people’s computers as part of grand operations, those people are growing day by day, actually, and every year there are more and more people that are allocated, and we see this growth. So that’s the goal: Nonattribution, and total surveillance, and they want to do it completely in the dark. The good news is that they can’t. So, now I’m going to show you a bit about it.

But first, before I show you any pictures, I want to sort of give you the big picture from the top down. So there is a planetary strategic surveillance system, and there – well, there are many of them actually. Everything from I think off-planetary surveillance gear, which is probably the National Reconnaissance Office, and there are satellite systems for surveillance like the Keyhole satellites – these are all things most, for the most part we actually know about these things. They’re on wikipedia. But I want to talk a little bit more about the internet side of things because I think that’s really fascinating.

So part of what we are releasing today with Der Spiegel or what has actually been released – just to be clear on the timeline, I’m not disclosing it first, I’m working as an independent journalist summarizing the work that we have already released onto the internet as part of a publication house that went through a very large editorial process in which we redacted all the names of agents and information about those names, including their phone numbers and e-mail addresses.


And I should say that I actually think that the laws here are wrong, because they are in favor of an oppressor who is criminal. So when we redact the names of people who are engaged in criminal activity including drone murder, we are actually not doing the right thing, but I believe that we should comply with the law in order to continue to publish, and I think that’s very important.


We also redacted the names of victims of NSA surveillance, because we think that there’s a balance. Unfortunately there is a serious problem which is that the U.S. government assserts that you don’t have standing to prove that you’ve been surveilled unless we release that kind of information, but we don’t want to release that kind of information in case it could be a legitimate target, and we – I’m really uncomfortable with that term, but let’s say that there is a legitimate target, the most legitimate target, and we didn’t want to make that decision. But we did also want to make sure that we didn’t harm someone, but we also wanted to show concrete examples. So if you look at Der Spiegel stuff on line, we redacted the names even of those who were victimized by the NSA’s oppressive tactics, which I think actually goes further than is necessary, but I believe that it strikes the right balance to ensure continued publication and also to make sure that people are not harmed and that legitimate good things, however rare they may be, they are also not harmed. So if you’ve been targeted by the NSA, and you would have found out today if we had taken a different decision, I’m really sorry, but this is the thing I think that keeps us alive, so this is the choice that I think is the right choice, and I think it’s also the safest choice for everyone.

That said, basically the NSA has a giant dragnet surveillance system that they call TURMOIL. TURMOIL is a passive interception system. The passive interception system essentially spans the whole planet. And who here has heard about the Merkel phone incident? Some of you heard about Chancellor Merkel? So we revealed that in Der Spiegel, and what we found was that they tasked her for surveillance. And I’ll talk a little bit about that later. But basically the way that this works is that they have this huge passive set of sensors and any data that flows past it, they actually look at it. So there was a time in the past where surveillance meant looking at anything at all. And now the NSA tries to basically twist the words of every person who speaks whatever language they’re speaking in, and they try to say that it’s only surveillance if after they collect it and record it to a database and analyze it with machines, only if I think an NSA agent basically looks at it personally and then clicks “I have looked at this” do they call it surveillance.

Fundamentally I really object to that because if I ran a TURMOIL collection system that is passive signals intelligence systems collecting data from the whole planet, everywhere they possibly can, I would go to prison for the rest of my life. That’s the balance, right? Jefferson talks about this. He says, you know, “that which the government is allowed to do but you are not, this is a tyranny.” There are some exceptions to that, but the CFAA in the United States, the Computer Fraud and Abuse Act, you know, it’s so draconian for regular people, and the NSA gets to do something like intercepting 7 billion people all day long with no problems, and the rest of us are not even allowed to experiment for improving the security of our own lives without being put in prison or under threat of serious indictment, and that I think is a really important point. So the TURMOIL system is a surveillance system, and it is a dragnet surveillance system that is a general warrant dragnet surveillance if there ever was one.

And now we shot the British over this when we started our revolution. We called them “general writs of assistance.” These were generalized warrants which we considered to be a tyranny. And TURMOIL is the digital version of a general writ of assistance system. And the general writ of assistance itself is not clear if it even exists because it’s not clear to me that a judge would understand anything that I just said.


Okay, so now we’re going to get scary. So that’s just the passive stuff. There exists another system that’s called TURBINE, and we revealed about this system in the Spiegel publication today as well. So if TURMOIL is Deep  packet inspection, then TURBINE is Deep packet injection. And it is the system that combines together with the thing, with TURMOIL and TURBINE you can create a platform which they have consolidated which they call QFIRE.

QFIRE is essentially a way to programmatically look at things that flow across the internet that they see with TURMOIL and then using TURBINE they’re able to actually inject packets to try to do attacks, and I’ll describe some of those attacks in detail in a moment. But essentially the interesting thing about QFIRE also is that they have a thing that’s called a diode. So if you have for example a large number of systems where you control them, you might say, “Hey, what are you doing on that backbone?” “Hey, what’s going on with these systems?” And they could say, well, you know, we paid for access, we’re doing this, it’s all legal, etcetera.

QFIRE has this really neat little detail which is that they compromise other people’s routers and then redirect through them so that they can beat the speed of light. And how they do that is that they have a passive sensor that’s nearby a thing that they can inject from, and when they see that thing sees a selector that is interesting to them or is doing a thing that they would like to tamper with in some way, then they take a packet, they encapsulate the packet, they send it to the diode, which might be your home router potentially, and then that home router decapsulates that packet and sends it out. And because that is very close to you, and let’s say you’re visiting Yahoo, then the Yahoo packet will not beat you. That is, they will not beat the NSA or GCHQ. So it’s a race condition. And so they basically are able to control this whole system and then localize attacks in that process. So that’s a pretty – pretty scary stuff, actually.

And while it is a digital thing, I think it’s important to understand that this is what Jefferson talked about when he talked about tyranny. This is turnkey tyranny, and it’s not that it’s coming, it’s actually here. It’s just merely a question about whether or not they’ll use it in a way that we think is a good way or not a good way. One of the scariest parts about this is that for this system or these sets of systems to exist, we have been kept vulnerable. So it is the case that if the Chinese, if the Russians, if people here wish to build this system, there’s nothing that stops them. And in fact the NSA has in a literal sense retarded the process by which we would secure the internet because it establishes a hegemony of power, their power in secret to do these things. And in fact I’ve seen evidence that shows that there are so many compromises taking place between the different Five Eyes signals intelligence groups that they actually have lists that explain, “If you see this back door on the system, contact a friendly agency. You’ve just recompromised the machine of another person.”

So when we talk about this, we have to consider that this is designed for at-scale exploitation. And as far as I can tell it’s being used for at-scale exploitation. Which is not really in my mind a targeted particularized type of thing, but rather it’s fishing operations. It’s fishing expeditions. It’s more like fishing crusades, if you will. And in some cases, looking at the evidence, that seems to be what it is. Targeting Muslims, I might add, because that’s what they’re interested in doing.

So that said, that’s the internet, and we get all the way down to the bottom and we get to the closed access operations and offnet. Offnet and closed access operations are pretty scary things, but basically this is what we would call a Black bag job. That’s where these guys, they break into your house, they put something in your computer and they take other things out of your computer.

Here’s an example. First top secret document of the talk so far. This is a closed access operations box. It is basically car metasploit for the NSA, which is an interesting thing. But basically they say that the attack is undetectable and it’s sadly a laptop running free software. It is injecting packets. And they say that they can do this from as far away as eight miles to inject packets, so presumably using this they’re able to exploit a kernel vulnerability of some kind, parsing the 15:47 wireless frames, and, yeah. I’ve heard that they actually put this hardware, from sources inside of the NSA and inside of other intelligence agencies, that they actually put this type of hardware on drones so that they fly them over areas that they’re interested in and they do mass exploitation of people. Now, we don’t have a document to substantiate that part, but we do have this document that actually claims that they’ve done it from up to eight miles away. So that’s a really interesting thing because it tells us that they understand that common wireless cards, probably running Microsoft Windows, which is an American company, that they know about vulnerabilities and they keep them a secret to use them. This is part of a constant theme of sabotaging and undermining American companies and American ingenuity. As an American, while generally not a nationalist, I find this disgusting, especially as someone who writes free software and would like my tax dollars to be spent on improving these things, and when they know about them I don’t want them to keep them a secret because all of us are vulnerable. It’s a really scary thing.


And it just so happens that at my house, myself and many of my friends, when we use wireless devices – Andy knows what I’m talking about, a few other people here – all the time we have errors in certain machines which are set up at the house, in some cases as a honeypot, thanks guys, where kernel panic after kernel panic, exactly in the receive handler of the Linux kernel where you would expect this specific type of thing to take place. So I think that if we talk about the war coming home, we probably will find that this is not just used in places where there’s a literal war on but where they decide that it would be useful, including just parking outside your house.

Now I only have an hour today, so I’m going to have to go through some other stuff pretty quickly. I want to make a couple points clear. This wasn’t clear, even though it was written in the New York Times by my dear friend Laura Poitras, who is totally fantastic by the way, and you are great. But 15 years of data retention –


So the NSA has 15 years of data retention. It’s a really important point to drive home. I joked with Laura when she wrote the New York Times article with James Risen, she should do the math for other people and say 15 years. She said they can do the math on their own; I believe in them. I just want to do the math for you. Fifteen years. That’s scary. I don’t ever remember voting on that. I don’t ever remember even having a public debate about it. And that includes content as well as metadata. So they use this metadata, they search through this metadata retroactively, they do what’s called “tasking” – that is, they find a set of selectors, so that’s a set of unique identifiers – e-mail addresses, cookies, MAC addresses, IMEIs, whatever is useful. Voiceprints potentially, depending on the system. And then they basically pass those selectors for specific activities. So that ties together with some of the attacks which I’ll talk about, but essentially QUANTUM insertion and things that are like QUANTUM insertion, they’re triggered as part of the TURMOIL and TURBINE system and the QFIRE system, and they’re all put together so that they can automate attacking people based on the plain text traffic that transits the internet or based on the source or destination IP addresses.

This is the second top secret document. This is an actual NSA LOLcat for the QUANTUM theory program.


You’ll notice it’s a black cat hiding. Okay. So there are a few people in the audience that are still not terrified enough, and there are a few people that as part of their process for coping with this horrible world that we have found ourselves in, they will say the following: “There’s no way they’ll ever find me. I’m not interesting.” So I just want to dispel that notion and show you a little bit about how they do that. So we mentioned TURMOIL, which is the dragnet surveillance, and TURBINE, which is deep packet injection, and QFIRE, where we tie it all together, and this is an example of something which I think actually demonstrates a crime but I’m not sure, I’m not a lawyer, I’m definitely not your lawyer, and I’m certainly not the NSA’s lawyer. But this is the MARINA system. This is merely one of many systems where they actually have full content as well as metadata. Taken together, they do contact chaining where they find out, you guys are all in the same room with me, which reminds me, let’s see, I’ve got this phone – okay. Good. Turn that off. So now –


You’re welcome.


You have no idea.


But I just wanted to make sure that if there was any question about whether or not you are exempt from needing to do something about this, that that is dispelled.


You see? Cell phone’s on. Great. So. Hey guys. So, the MARINA system is a contact chaining system as well as a system that has data, and in this case what we see is in fact reverse contact and forward contact graphing. So, any lawyers in the audience? If there are American citizens in this database, is reverse targeting like this illegal? Generally? Is it possible that that could be considered illegal? Yeah, so, interesting. If it’s called reverse contact instead of reverse targeting -- yeah, exactly. So, you’ll also notice the, on the right-hand side, webcam photos. So, just in case you’re wondering, in this case this particular target, I suppose that he did not or she did not have a webcam. Good for them. If not, you should follow the EFF’s advice and you should put a little sticker over your webcam. But you’ll also note that they try to find equivalent identifiers. So every time there’s a linkable identifier that you have on the internet, they try to put that and tie it together and contact chain it, and they try to show who you are among all of these different potential identifiers – if you have five e-mail addresses, they would link them together, and then they try to find out who all your friends are.

You’ll also note at the bottom here, log-ins and passwords. So they’re also doing dragnet surveillance in which they extract – the feature set extraction where they know semantically what the login and the password is in a particular protocol, and in this case this guy is lucky, I suppose, and they were not able to get passwords or webcam, but you’ll note that they were able to get his contacts and they were able to see in fact 29, give or take, received messages as well, of which there are these things. Now in this case we have redacted the e-mail and instant messager information, but this is an example of how you can’t hide from these things, and thinking that they won’t find you is a fallacy.

So this is basically the difference between taking one wire and clipping onto it in a particularized suspicious way where they’re really interested, they have a particularized suspicion, they think that someone is a criminal, they think someone has taken some serious steps that are illegal, and instead what they do is they put all of us under surveillance, record all of this data that they possibly can, and then they go looking through it.

Now in the case of Chancellor Merkel, when we revealed NSRL 2002-388, what we showed was that they were spying on Merkel, and by their own admission, three hops away, that’s everyone in the German Parliament and everyone here.

So that’s pretty serious stuff.

It also happens that if you should be visiting certain websites, especially if you’re a Muslim, it is the case that you can be attacked automatically by this system. Right? So that would mean that they would automatically start to break into systems. That’s what they would call untasked targeting. Interesting idea that they call that targeted surveillance. To me that doesn’t really sound too much like targeted surveillance unless what you mean by carpet bombing – you know, I mean it – you know, like, it just doesn’t, it doesn’t strike me right. It’s not my real definition of targeted. It’s not well defined. It’s not that a judge has said, “Yes, this person is clearly someone we should target.” Quite the opposite. This is something where some guy who has a system has decided to deploy it and they do it however they like whenever they would like. And while there are some restrictions, it’s clear that the details about these programs do not trickle up. And even if they do, they do not trickle up in a useful way. So this is important, because members of the U.S. Congress, they have no clue about these things. Literally, in the case of the technology. Ask a Congressman about TCP/IP. Forget it. You can’t even get a meeting with them. I’ve tried. Doesn’t matter. Even if you know the secret interpretation of Section 215 of the PATRIOT Act and you go to Washington, D.C. and you meet with their aides, they still won’t talk to you about it. Part of that is because they don’t have a clue, and another part of it is because they can’t talk about it because they don’t have a political solution. Absent a political solution, it’s very difficult to get someone to admit that there is a problem.

Well, there’s a problem, so we’re going to create a political problem and also talk about some of the solutions.

The Cypherpunks generally have come up with some of the solutions when we talk about encrypting the entire internet. That would end dragnet mass surveillance in a sense, but it will come back in a different sense even with encryption. We need both a marriage of a technical solution and we need a political solution to go with it, and if we don’t have those two things, we will unfortunately be stuck here. But at the moment the NSA, basically, I feel, has more power than anyone in the entire world – any one agency or any one person. So Emperor Alexander, the head of the NSA, really has a lot of power. If they want to right now, they’ll know that the IMEI of this phone is interesting. It’s very warm, which is another funny thing, and they would be able to break into this phone almost certainly and then turn on the microphone, and all without a court.
So that to me is really scary. And I especially dislike the fact that if you were to be building these types of things, they treat you as an opponent if you wish to be able to fulfill the promises that you make to your customers. And as someone who writes security software, I think that’s bullshit.

So. Here’s how they do a bit of it. So there are different programs. So QUANTUMTHEORY, QUANTUMNATION, QUANTUMBOT, QUANTUMCOPPER, and QUANTUMINSERT. You’ve heard of a few of them. I’ll just go through them real quick.

QUANTUMTHEORY essentially has a whole arsenal of zero-day exploits. Then the system deploys what’s called a “SMOTH” or a seasoned moth. And a seasoned moth is an implant which dies after 30 days. So I think that these guys either took a lot of acid or read a lot of Philip K. Dick, potentially both.


And they thought Philip K. Dick wasn’t dystopian enough. Let’s get better at this. And after reading VALIS(note: science-fiction novel), I guess, they went on and they also have as part of QUANTUMNATION what’s called VALIDATOR or COMMONDEER. Now these are first-stage payloads that are done entirely in memory. These exploits essentially are where they look around to see if you have what are called PSPs, and this is to see, like, you know, if you have Tripwire, if you have Aid, if you have some sort of system tool that will detect if an attacker is tampering with files or something like this, like a host intrusion detection system.

So VALIDATOR and COMMONDEER, which, I mean, clearly, the point of COMMONDEER, while it’s misspelled here, it’s not actually – I mean, that’s the name of the program – but the point is to make a pun on commandeering your machine. So, you know, when I think about the U.S. Constitution in particular, we talk about not allowing the quartering of soldiers, and, gosh, you know? Commandeering my computer sounds a lot like a digital version of that, and I find that a little bit confusing, and mostly in that I don’t understand how they get away with it, but part of it is because until right now we didn’t know about it, in public, which is why we’re releasing this in the public interest so that we can have a better debate about whether or not that counts in fact as a part of this type of what I would consider to be tyranny, or perhaps you think it is a measured and reasonable thing. I somehow doubt that.

But in any case, Quantum Bots is where they hijack IRC bots, because, why not, they felt  they would like to do that, and an interesting point is that they could in theory stop a lot of these botnet attacks and they have decided to maintain that capability but they’re not yet doing it except when they feel like doing it for experiments or when they do it to potentially use them. It’s not clear exactly how they use them. But the mere fact of the matter is that that suggests they’re even in fact able to do these types of attacks, they’ve tested these types of attacks against botnets, and that’s the program you should FOIA for. We’ve released a little bit of detail about that today as well.

And Quantum Copper to me is really scary. It’s essentially a thing that can interfere with TC/PIP and it can do things like corrupt file downloads. So if you imagine the Great Firewall of China, so-called, that’s for the whole planet. So if the NSA wanted to tomorrow, they could kill every anonymity system that exists by just forcing everyone who connects to an anonymity system to reset just the same way that the Chinese do right now in China with the Great Firewall of China. So that’s like the NSA builds the equivalent of the Great Firewall of Earth. That’s to me that’s a really scary, heavy-handed thing, and I’m sure they only use it for good (clears throat)


But, yeah. Back here in reality, that to me is a really scary thing, especially because one of the ways that they are able to have this capability, as I mentioned, is these diodes. So what that suggests is that they actually repurpose other people’s machines in order to reposition and to gain a capability inside of an area where they actually have no legitimacy inside of that area. That to me suggests it is not only heavy-handed, that they have probably some tools to do that. You see where I’m going with this.

Well, Quantum insertion, this is also an important point, because this is what was used against Belgacom, this is what’s used by a whole number of unfortunately players in the game where basically what they do is they inject a packet. So you have a TCP connection, Alice wants to talk to Bob, and for some reason Alice and Bob have not heard about TLS. Alice sends an HTTP request to Bob. Bob is Yahoo. NSA loves Yahoo. And basically they inject a packet which will get to Alice before Yahoo is able to respond, right? And the thing is that if that was a TLS connection, the man on the side attack would not succeed. That’s really key. If they were using TLS, the man on the side attack could expect, as far as we understand it at the moment, they could tear down the TLS session but they couldn’t actually actively inject. So that’s a man on the side attack. We can end that attack with TLS. When we deploy TLS everywhere, then we will end that kind of attack.
So there was a joke, you know, when you download .mp3s, you ride with communism – from the’90s, some of you may remember this. When you bareback with the internet, you ride with the NSA.


Or you’re getting a ride. Going for a ride. So the TAO infrastructure, Tailored Access and Operations, some of the FoxAcid URLs are public. FoxAcid is essentially like a watering hole type of attack where you go to a URL, Quantum Insert puts like an I-frame or it puts some code in your web browser, which you then execute, which then causes you to load resources. One of the resources that you load while you’re loading, for example, which is one of their examples, the – you like that, by the way? So, you know, that’s an extremist site. So (coughs) you might have heard about that. A lot of Republicans in the United States read it. Right before they wage illegal imperialist wars. So the point is that you go to a FoxAcid server and it basically does a survey of your box and decides if it can break into it or not, and then it does.
Yep, that’s basically it. And the FoxAcid URLs, a few of them are public. Some of the details about that have been made public about how the structure of the URLs are laid out and so on. An important detail is that they pretend that they’re Apache, but they actually do a really bad job. So they’re like a hacking team, maybe it’s the same guys, I doubt it though, the NSA wouldn’t slum with scumbags like that, but. Basically you can tell, you can find them, because they aren’t really Apache servers. They pretend to be something else.

The other thing is that none of their infrastructure is in the United States. So real quick anonymity question. You have a set of things and you know that a particular attacker never comes from one place. Every country on the planet potentially, but never one place. The one place where most of the internet is. What does that tell you in terms of anonymity. It tells you usually that they’re hiding something about that one place. Maybe there’s a legal requirement for this. It’s not clear to me. But what is totally clear to me is that if you see this type of infrastructure and it is not in the United States, there is a chance, especially today, that it’s the NSA’s Tailored Access and Operations division. And here’s an important point. When the NSA can’t do it, they bring in GCHQ. So, for example, for targeting certain G-mail selectors, they can’t do it. And in the documents we released today, we show that they say, “If you have a partner agreement form and you need to target, there are some additional selectors that become available should you need them. So when we have a limit of an intelligence agency in the United States or if you’re in Germany or something like this, we have to recognize that information is a currency in an unregulated market, and these guys, they trade that information, and one of the ways they trade that is like this. And they love Yahoo. So, little breather?

It’s always good to make fun of the GCHQ with Austin Powers.

Okay. Another classified document here. That actual NSA Open Office or Powerpoint clip art of their horrible headquarters that you see in every news story, I can’t wait to see a different photo of the NSA someday, but you’ll notice right here they explain how quantum works. Now SSO is a Special Source Operations site. So you’ve seen U.S. embassies? Usually the U.S. embassy has 34:50 dielectric panels on the roof, that’s what we showed in Berlin, it was called “DAS NEST” on the cover of Der Spiegel. That’s an SSO site. So they see that this type of stuff is taking place, they do an injection and they try to beat the Yahoo packet back. Now another interesting point is that for the Yahoo packet to be beaten, the NSA must impersonate Yahoo. This is a really important detail because what it tells us is that they are essentially conscripting Yahoo and saying that they are Yahoo. So they are impersonating a U.S. company to a U.S. company user and they are not actually supposed to be in this conversation at all. And when they do it, then they of course basically if you’re using Yahoo, you’re definitely going to get owned. So – and I don’t just mean that in that Yahoo is vulnerable, they are, but I mean, people who use Yahoo tend to – maybe it’s a bad generalization, but, you know, they’re not the most security-conscious people on the planet, they don’t keep their computers up to date, I’m guessing, and that’s probably why they love Yahoo so much. They also love, which is some other, I don’t know what that says, it’s like a sociological study of compromise. But that’s an important detail. So the SSO site sniffs and then they do some injection, they redirect you to FoxAcid. That’s your web browser exploitation. They obviously have other exploitation techniques.

Okay. So now. We all know that cellphones are vulnerable. Here’s an example. This is a Base Station that the NSA has that, I think it’s the first time ever anyone’s ever revealed an NSA IMSI catcher So, here it is. Well, actually the second time, because Der Spiegel did it this morning. But you know what I mean.


So they call it Find Fix and Finish targeted handset users. Now, it’s really important to understand. When they say targeting, you would think massive collection, right? Because what are they doing? They’re pretending to be a base station. They want to overpower. They want to basically be the phone that you connect to or the phone system that you connect to. And that means lots of people are going to connect potentially. So it’s not just one targeted user. So hopefully they have it set up that if you need to dial 911 or here in Europe 112 – you know, by the way, if you ever want to find one of these things, try to call different emergency numbers, note which ones are out where, just a little detail. Also note that sometimes if you go to the Ecuadorean embassy you will receive a welcome message from Uganda Telecom.


Because the British, when they deployed the IMSI catcher against Julian Assange at the Ecuadorean embassy, made the mistake of not reconfiguring the spy gear they deployed in Uganda when they deployed it in London.


And this can be yours for only 175,800 U.S. dollars. And this covers GSM and PCS and DCS and a bunch of other stuff. So basically if you use a cell phone, forget it. It doesn’t matter what you’re doing. The exception may be cryptophone and red phone. In fact, I’d like to just give a shoutout to the people who work on free software and software which is actually secure. Like Moxie Marlinspike I’m so sorry I mentioned your name in my talk, but don’t worry, your silence won’t protect you. I think it’s really important to know, Moxie is one the very few people in the world who build technology that is both free and open source and as far as I can tell he refuses to do anything awful. No back doors or anything. And from what I can tell, this proves that we need things like that. This is absolutely necessary. Because they replace the infrastructure we connect to. It’s like replacing the road that we would walk on and adding tons of spy gear. And they do that too. We’ll get to that.

Okay. So I’m going to go a little quick through these because I think it’s better that you go online and you ingest it and I want to have a little bit of time for questions. But basically here’s an example of how even if you disable a thing, the thing is not really disabled. So if you have a wifi card in your computer, the SOMBERKNAVE program, which is another classified document here, they basically repurpose your wifi gear. They say, you’re not using that wifi card? We’re going to scan for wifi nearby. We’re going to exfiltrate data by finding an open wifi network nearby, we’re going to exfiltrate data by finding an open wifi network, and we’re going to jump on it. So they’re actually using other people’s wireless networks in addition to having this stuff in your computer, and this is one of the ways they beat the so-called airgapped target computer.

Okay. So here are some of the software implants. Now, we’re going to name a bunch of companies, because fuck those guys basically for collaborating when they do, and fuck them for leaving us vulnerable when they do.


And I mean that in the most loving way, because some of them are victims, actually. It’s important to note that we don’t yet understand which is which. So it’s important to name them so that they have to go on record, and so that they can say where they are, and so that they can give us enough rope to hang themselves. I really want that to happen because I think it’s important to find out who collaborated and who didn’t collaborate. In order to have truth and reconciliation, we need to start with a little truth.
So, Stuccomontana is basically badBIOS. If you guys have heard about that, I feel very bad for Dragos. He doesn’t really talk to me right now. I think he might be kind of mad. But after I was detained by the U.S. Army, on U.S. soil I might add, they took a phone from me. Now it shouldn’t matter, but they did. They also, I think, went after all my phone records, so they didn’t need to take the phone, but for good measure they just wanted to try to intimidate me, which is exactly the wrong thing to do to me. But as he told the story, after that happened, all of his computers including his Xbox were compromised. And he says, even to this day, that some of those things persist. And he talks about the BIOS. Here’s a document that shows clearly that they actually reflashed the BIOS and they also have other techniques including system management mode related rootkits and that they have persistence inside of the BIOS. This is an incredibly important point. There is evidence that the thing that Dragos talks about, maybe he doesn’t have it, but it really does exist. Now the question is how would he find it? We don’t have the forensics tools yet. We don’t really have the capabilities widely deployed in the community to be able to know that and to be able to find it.

Here’s another one. This one’s called “SWAP.” In this case it replaces the host protected area of the hard drive, and you can see a little graph where the target systems, see the internet, interactive ops, so they’ve got like a guy who is hacking you in real time, the People’s Liberation Army, uh, NSA, and you can see all of these different things about it. Each one of these things, including Sneakernet, these are different programs, most of which we revealed today in Der Spiegel. But you’ll notice that it’s Windows, Linux, FreeBSD and Solaris. How many Al Qaeda people use Solaris, do you suppose?

This tells you a really important point. They are interested in compromising the infrastructure of systems, not just individual people. They want to take control and literally colonize those systems with these implants. And that’s not part of the discussion. People are not talking about that because they don’t know about that yet. But they should. Because in addition to the fact that Sun is a U.S. company, which they are building capabilities against, that to me really, it bothers me. I can’t tell you how much that bothers me. We also see that they’re attacking Microsoft, another U.S. company, and Linux and FreeBSD, where there are a lot of people that building it from all around the world. So they’re attacking not only collective efforts and corporate efforts, but basically every option you can possibly can, from end users down to telecom core things.

Here’s another one, DEITYBOUNCE. This is for Dell, so Dell Power Edge 1850, 2850, 1950, 2950 RAID servers using any of the following BIOS versions. Right. So just in case you’re wondering, hey Dell, why is that? Curious about that. Would love to hear your statements about it.

So if you write YARA sigs (note: sigs=signatures) and you’re interested in looking for NSA malware, look for things that use RC6, so look for the constants that you might find in RC6, and when they run, if they emit UDP traffic – we’ve actually actually seen a sample of this but we were not able to capture it, sadly, but emitting UDP traffic that is encrypted. You know, people that I’ve worked with on things related to this, they’ve even, they’ve had their house black bagged. They’ve had pretty bad stuff happen to them. That’s their story to tell. But one of the interesting details is that after those events occurred, these types of things were seen. Ben has a really bad idea for those guys, I might add, because I wouldn’t have put this slide in if that had not occurred. But if you want to look for it, you’ll find it. I know some people that have looked with YARA sigs and they have in fact found things related to this, so I suspect a lot of malware researchers in the near future are going to have a lot of stuff to say about this particular slide. I’ll leave that to them. I think it’s very important to go looking for these things, especially to find out who is victimized by them.

Here’s an iPhone back door. So DROPOUTJEEP, so you can see right there. So, SMS, contact list retrieval, voice mail, hot microphone, camera capture, cell tower location. Cool. Do you think Apple helped them with that? I don’t know. I hope Apple will clarify that. I think it’s really important that Apple doesn’t.

Here’s a problem. I don’t really believe that Apple didn’t help them. I can’t prove it yet, but they literally claim that any time they target an IOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. I’m not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died that maybe it’s just that they write shitty software. We know that’s true.

[laughter, applause]

Here’s a HVT, high-value target. This is a high-value target being targeted with a back door for Windows CE Thuraya phones. So if you have a Thuraya phone and you’re wondering if it was secure – yeah maybe. Good luck.

Here’s one where they replaced the hard drive firmware. There was a talk at “Om” this year where a guy talked about replacing hard drive firmware. You were onto something. You were really onto something. Whoever you are, you were onto something. Because the NSA has a program here, IRATEMONK, and that’s exactly what they do. They replace the firmware in the hard drive, so it doesn’t matter if you reformat the hard drive, you’re done. The firmware itself can do a whole bunch of stuff.

So. Here are the names of the hard drive companies were it works: Western Digital, Seagate, Maxtor and Samsung, and of course they support FAT, NTFS, EXT3 and UFS. They probably now have support for additional file systems, but this is what we can prove. Please note at the bottom left and the bottom right: Status. Released and deployed. Ready for immediate delivery. And unit cost: Zero dollars. It’s free. You can’t get it. It’s not free as in free software. It’s free as in you’re owned.


I want to give a shoutout to Karsten Nohl and Luca (Note: Luca Melette) for their incredible talk where they showed this exact attack without knowing that they had found it. Right? They say – yeah, absolutely.


Important point. The NSA says that when they know about these things, that nobody will come to harm, no one will be able to find them, they’ll never be able to be exploited by another third party. Karsten found this exact vulnerability. They were able to install a Java applet on the SIM card without user interaction, and it was based on the service provider’s security configuration, which is exactly what the NSA says here, and they talk about attacking the same toolkit inside of the phone, and Karsten found the same vulnerability and attacked it in the wild. This is perfect evidence, not only of how badass Karsten and Luca are, they are, no question, but also about how wrong the NSA is with this balance. Because for every Karsten and Luca, there are hundreds of people who are paid to do this full-time and never tell us about it.


Important detail. See that interdiction phrase right there? Through remote access – in other words, we broke into your computer – or interdiction, in other words, we stole your fucking mail. Now. This is a really important point. We all have heard about these paranoid crazy people talking about people breaking into their houses – that’s happened to me a number of times, motherfuckers, getting you back – it’s really important to understand this process is one that threatens all of us. The sanctity of the postal system has been violated. I mean – whaa, God, it makes me so angry, you know? You can’t even send a letter without being spied on. But even worse that they tamper with it. It’s not enough that the U.S. Postal Service records all of this information and keeps it – that’s not enough. They also have to tamper with the packages! So every time you buy from Amazon, for example, every time you buy anything on the internet, there is the possibility that they will actually take your package and change it. One of the ways that I’ve heard that they change it is that they will actually take the case of your computer and they will injection mold a hardware back door into the case of the computer. So that even if you were to look at the motherboard or have it serviced, you would not see this. Merely it just needs to be in the proximity of the motherboard.

So let’s talk about hardware implants that they will put into your devices. Here’s one. This is called Bulldozer. It’s a PCI bus hardware implant. Pretty scary, doesn’t look so great, but let’s go on a little bit. Okay, here’s one where they actually exploit the BIOS and system management mode. There’s a big graph that shows all of these various different interconnections, which is important. Then they talk about the long-range columns, MRsat, Dsat, NSA means and future capabilities. I think NSA means exists. Future capabilities seems self-explanatory. This hardware implant provides two-way RF communication. Interesting. So you disable all the wireless cards, whatever you need, there you go. They just added a new one in there and you don’t even know. Your system has no clue about it.

Here’s a hardware back door which uses the I²C interface because no one in the history of time other than the NSA probably has ever used it. That’s good to know that finally someone uses I²C for something. Okay, other than fan control. But, look at that. It’s another American company that they are sabotaging. They understand that HP’s servers are vulnerable and they decided instead of explaining that this is a problem, they’d exploit it. And IRONCHEF, through interdiction, is one of the ways that they will do that.
So I want to really harp on this. Now it’s not that I think European companies are worth less. I suspect especially after this talk that won’t be true, in the literal stock sense, but I don’t know. I think it’s really important to understand that they are sabotaging American companies because of the so-called home-field advantage. The problem is that as American who writes software, who wants to build hardware devices, this really chills my expression and it also gives me a problem which is that people say, “Why would I use what you’re doing? You know, what about the NSA.” Man, that really bothers me. I don’t deserve the Huawei taint, and the NSA gives it. And President Obama’s own advisory board that was convened to understand the scope of these things has even agreed with me about this point, that this should not be taking place, that hoarding of zero day exploits cannot simply happen without thought processes that are reasonable and rational and have an economic and social valuing where we really think about the broad scale impact.

Now. I’m going to go on to a little bit more. Here’s where they attack SIM cards. This is MONKEYCALENDAR. So it’s actually the flow chart of how this would work. So in other words, they told you all of the ways in which you should be certainly, you know, looking at this. So if you ever see your handset emitting encrypted SMS that isn’t text secure, you now have a pretty good idea that it might be this.

Here’s another example. If you have a computer in front of you, I highly encourage you to buy the Samsung SGH-X480C – that’s the preferred phone of the NSA for attacking another person’s phone. I’m not exactly sure why, but an important point is, they add the back door, then they send an SMS from a regular phone – what does that tell you? What does that tell you about the exploitation process. It tells you that it’s actually something which is pretty straightforward, pretty easy to do, doesn’t require specialized access to the telecoms once they’ve gotten your phone compromised. That to me suggests that other people might find it, other people might use these techniques.

Okay, here’s a USB hardware implant called COTTONMOUTH. We released this in Der Spiegel today as well. See the little red parts. It will provide a wireless bridge under the target network with the ability to load exploit software.

Here’s a little bit of extra details about that. It actually shows a graph at the bottom, how they do this, how they get around, how they beat the air gap with these things. And they talk a bit about being “GENIE” compliant. So GENIE, and for the rest of these programs, these are like DROPOUTJEEP as part of the CHIMNEYPOOL programs and COTTONMOUTH is part of the rest of these programs over here. These are huge programs where they’re trying to beat a whole bunch of different adversaries. And different capabilities are required. And this is one of the probably I think more interesting ones, but here’s the next revision of it where it’s in a USB plug, not actually in the cable, and, look, 50 units for 200,000 U.S. dollars. It’s really cheap. Do you like my editorializing there, I hope? So, $200,000, okay. And here’s where you look for it, if you happen to have an x-ray machine. Look for an extra chip. And that’s a HOWLERMONKEY radiofrequency transmitter. Well what’s a HOWLERMONKEY? We’ll talk about that in a second, but basically this is for ethernet here, this is the FIREWALK. It can actually do injection bidirectionally on the ethernet controller into the network that it’s sitting on. It doesn’t even have to do things directly to the computer. It can actually inject packets directly into the network, according to the specification sheet which we released today on Der Spiegel’s website. As it says, active injection of ethernet packets under the target network.

Here’s another one from Dell with an actual FLUXBABBITT hardware implant for the Power Edge 2950. This uses the 53:53 JTAG debugging interface of the server. Why did Dell leave a JTAG debugging interface on the servers? Interesting, right? Because it’s like leaving a vulnerability in. Is that a bug door or a back door or just a mistake? Well hopefully they will change these things or at least make it so that if you were to see this you would know that you had some problems. Hopefully Dell will release some information about how to mitigate this advanced persistent threat. Right?

Everything that the U.S. government accused the Chinese of doing, which they are also doing, I believe, we are learning that the U.S. government has been doing to American companies. That to me is really concerning, and we’ve had no public debate about these issues, and in many cases all the technical details are obfuscated away and they’re just completely outside of the purview of discussion. In this case we learn more about Dell and which models.

And here’s the HOWLERMONKEY. These are actually photographs of the NSA implanted chips that they have when they steal your mail. So after they steal your mail they put a chip like this into your computer. So the one, the FIREWALK one, is the ethernet one, and that’s an important one. You probably will notice that these look pretty simple, common off-the-shelf parts.

So. Whew. All right.

Who here is surprised by any of this?

I’m really, really glad to see that you’re not all cynical fuckers and that someone here would admit that they were surprised.

Okay, who here is not surprised?

I’m going to blow your fucking minds.


Okay. We all know about TEMPEST, right? Where the NSA pulls data out of your computer, irradiates stuff and then grab it, right? Everybody who raised their hand and said they’re not surprised, you already knew about TEMPEST, right? Right? Okay. Well, what if I told you that the NSA had a specialized technology for beaming energy into you and to the computer systems around you, would you believe that that was real or would that be paranoid speculation of a crazy person?


Anybody? You cynical guys holding up your hand saying that you’re not surprised by anything, raise your hand if you would be unsurprised by that.

Good. And it’s not the same number. It’s significantly lower. It’s one person. Great.

Here’s what they do with those types of things. That exists, by the way. When I told Julian Assange about this, he said ____, he said, “Hmm. I bet the people who are around Hugo Chavez are going to wonder what caused his cancer.” And I said, “You know, I hadn’t considered that. But you know, I haven’t found any data about human safety about these tools." Has the NSA performed tests where they actually show that radiating people with 1 kilowatt of RF energy at short range is safe? My God!

No, you guys think I’m joking, right? Well, yeah, here it is. This is a continuous wave generator, a continuous wave radar unit. You can detect its use because its use is between 1 and 2 GHz and its band width is up to 45 MHz, user adjustable, 2 watts using an internal amplifier. External amplifier makes it possible to go up to 1 kilowatt.

Just going to let you take that in for a moment. Who’s crazy now?


Now, I’m being told I only have one minute, so I’m going to have to go a little bit quicker. I’m sorry. Here’s why they do it. This is an implant called RAGEMASTER. It’s part of the ANGRYNEIGHBOR family of tools, where they have a small device that they put in line with the cable in your monitor and then they use this radar system to bounce a signal – this is not unlike the great seal bug that Leon Theremin (note: poorly pronounced by Appelbaum, possibly with a mistake on Theremin’s first name) designed for the KGB. So it’s good to know we’ve finally caught up with the KGB, but now with computers. They send the microwave transmission, the continuous wave. It reflects off of this chip and then they use this device to see your monitor. Yep. So there’s the full life cycle. First they radiate you, then you die from cancer, then you... win? Okay, so, here’s the same thing, but this time for keyboards, USB and PS2 keyboards. So the idea is that it’s a data retro-reflector. Here’s another thing, but this one, the “TAWDRYYARD” program is a little bit different. It’s a beacon so this is where probably then they kill you with a drone. That’s pretty scary stuff. They also have this for microphones to gather room bugs for room audio. Notice the bottom. It says all components are common off the shelf and are so non-attributable to the NSA, unless you have this photograph and the product sheet. Happy hunting.


Just to give you another idea, this is a device they use to be able to actively hunt people down. This is a hunting device, right? Handheld finishing tool used for geolocation targeting handsets in the field.
So. Who was not surprised by this? I’m so glad to have finally reached the point where no one raised their hand except that one guy who I think misheard me.


Or you’re brilliant. And please stay in our community and work on open research.
Yeah! And if you work for the NSA, I’d just like to encourage you to leak more documents.


[ ]: Thank you very much, Jake. Thank you. I’m afraid we ran all out of time for the Q&A. I’m very sorry for anyone who wanted to ask questions.

JA: But we do have a press conference. Well, if you guys – you know, I’d say occupy the room for another five minutes, or know that there’s a press conference room that will be opened up where we can all ask as many questions as we want in 30 minutes if you’re interested, and I will basically be available until I’m assassinated to answer questions.

[laughter, applause]

So in the immortal words of Julian Assange, remember, no matter what happens, ever if there’s a videotape of it, it was murder. Thank you.

[ ]: Thank you. Please give a warm round of applause to Jake Appelbaum.

Creative Commons License
Erik Lallemand's blog by Erik Lallemand is licensed under
a Creative Commons Attribution 3.0 Unported License.