
Is 'Promis' Software Spying On Canadian Spies? 73
Legolas-Greenleaf writes: "The Royal Canadian Mounted Police are currently conducting an investigation into a software package called 'Promis,' used by the government, that allegedly contains a backdoor. According to Inslaw Inc. (original makers of Promis), the American and Israeli intelligence services pirated this software package, and resold a hacked version allowing them access. This software is possibly running in some of the RCMP's databases. The Canadian newspaper The Globe and Mail has a story on it here, and CNN has a story on it here." The whole thing reads a bit like a Monty Python sketch: a months-long investigation based on sketchy allegations from 1993, claiming some very interesting just-among-pals bureaucratic copyright violations. Hmmm. A handful of Canadian quarters says it's not an open-source product.
You young 'uns these days... (Score:3)
http://www.wired.com/wired/arch ive/1.01/inslaw.html [wired.com]
America... Control... AGAIN?!?! (Score:1)
NO!!!
That'd NEVER happen!
I mean they tried to stop high bit encryption BECAUSE THEY COULD NOT CRACK IT!!
What if the Canadians had evil terrorists that were planning...
ooo, Aren't you glad that America was watching??
This would not surprise me (in light of recent happenings) and really, I think it's a great invasion of privacy...
But then again, I'll wait for it to be proven.
- There is no work, there is no work...
- Damn, it worked for Neo!
-
Re:Another example of free-software's superiority (Score:1)
Source code for some major business applications is available, but of course for a scheme like this an attacker would choose one for which source code was not available, or for which it was not easily available (such as having a large additional fee). Or the tampered binary might be distributed and would only be effective until a recompile was done -- assuming an uncontaminated compiler.
Then there's the problem of how this rumored information would be leaked outside a site without being detected by network staff.
In an partially related note, the amusing Canadian-invasion silliness Canadian Bacon is on the Comedy Central cable channel today.
Re:Trust us...we're the government! (Score:1)
Assuming that the Carnivore code itself has been examined for security holes, how do we know that it hasn't been linked to a hacked library.
Also, I imaging that you could modifiy gcc or any other compiler or interpreter to add certain back-doors to code as it is interpreted or compiled.
doesn't add up (Score:2)
This story sounds very fishy. There are just too many oddities:
Come on...
Firewalls, IDS (Score:1)
No matter where you get your software, be it open source or not, you should take basic security measures (even in Cananda
Re:Why RCMP databases? (Score:1)
I can understand why countries do this to their allies, there are entire cadres of spies from their allies that every country tolerates because they understand everybody needs to doublecheck these sorts of things. The list of countries that have died from the double dealings of their allies is long and goes back to the dawn of time.
DB
Peace (Score:2)
Re:Why do we care? (Score:1)
http://www.csis-scrs.gc.ca/eng/ backgrnd/back1e.html [csis-scrs.gc.ca]
the reason why the USA and Isreal would be interested in it is because the CSIS database would contain info about the possible whereabouts of US Criminals in Canada, etc., etc.
They would also have access to extradition hearings and things of the sort, which I believe (IANAL) is a violation of Internation Law.
Here [thestar.com]'s another story on the topic that should be interesting for all you conspiracy theorists.
Re:Why do we care? (Score:1)
I Object! (Score:1)
I object to that statement. Although there are many similarities between Canada and the U.S., Canada is NOT an extension of the U.S.. We are quite a seperate nation. We maintain good terms, trading deals and such but we are not just another state in all but name.
With that off of my chest. One question, how come it's alright for governments to pirate software but not individuals?? I really need my own government.
Re:Why RCMP databases? (Score:2)
according to the various news stories, CSIS did an audit of their systems years ago, and found they were not running said product in question.
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
Re:Canadian Quarters (Score:2)
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
Re:You young 'uns these days... (Score:1)
Interestingly enough, that article (from the first issue) contains the following phrase:
Can anyone explain that? Was Wired an entity for two years before their first issue?Herbie J.
Re:John Prescott (Score:1)
http:// www.uk.emb.gov.au/BRITISH_GOVERNMENT/biographies/p rescott_detail.htm [emb.gov.au]
and this, but I don't think it's related:
http://www.ukacts.com/act/z/john-prescott.h tm [ukacts.com]
Anyway it sounds like this Rt Hon John Prescott is an MP and involved with transportation and is probably a right honorable fuckup, if he's like any politician in God's Own Land [usflag.org].
Re:Blame Canada (Score:2)
Re:*What* sensitive data? (Score:2)
Sure, the US likes to show it's power.. but there are LOTS of things the US military (and government) is up to that NOBODY knows about.
And the same can be said for Canada. We're smaller, so we have to be smarter.
Because I'm Canadian... (Score:1)
Hey don't get any funny ideas you Bisons... Oh Canada ah something something er was that in french?
Well they _do_ "always get their man"... (Score:1)
(The irony of this joke is that until rather recently the RCMP had an active program to root out closeted homosexuals in their ranks. They used a "Fruit Machine" that measured skin galvanic response to gay porn images! I kid you not.)
the world's least competent spy agency (OT) (Score:1)
Re:Another example of free-software's superiority (Score:2)
A Dick and a Bush .. You know somebody's gonna get screwed.
Re:Trust us...we're the government! (Score:1)
I'm not suggesting that these back doors exist, but who knows, we already have found one back door that Microsoft has created. Who's to say they haven't created others? The same applies to all other software vendors too.
I would hope that software that will be used to store sensitive data would release the source for review by the perspective buyer. If they refused then would you really want to use the product anyways? What does the software company have to hide? Just as the subject says, "Trust us...we're the government!"
Re:*What* sensitive data? (Score:1)
We spy on you. You spy on us. "They" spy on both of us. More importantly we also share a huge amount of information. China wants nuclear secrets. Who says the US has to be the only one using the so-called backdoor?
Of course, its the RCMP. Nuff said.
Re:Why RCMP databases? (Score:2)
Keep in mind that this is a government whose agents smash in unlocked doors when conducting a raid. Asking for and getting a tape with the stuff for free would be no fun whatsoever. It also doesn't employ the dozens or hundreds of people that doing it the hard way does.
But which way fishy? (Score:1)
Yeh, fishy, yet why is it showing up now anyway, huh? Moreover, what how much credibility do these functionaries have?
The Canadian account: A U.S. government independent counsel in 1993 found no credible evidence to support Inslaw's allegations. The counsel, retired judge Nicholas Bua, said the company relied on witnesses who had credibility problems, including a former computer expert who is serving a sentence on drug charges and an Israeli who changed his story. (CNN omits this.)
Yeh, this is one of those cases where a lot folks wound-up sleeping with the fishes and surprise, a lot of other folks decided to change their story (so as to not sleep with the fishs? Nah..)
A site quoted earlier with extensive details on the case has a veneer of credibility, until it starts to fold in the CIA, contras, Jimmy Hoffa, murders of native Americans, ex-green berets, etc. Pins the wack-o-meter.
But in what way does mentioning "CIA, contras, Jimmy Hoffa, murders of native Americans, ex-green berets..." discredit them? Three or four of these conspiracies were documented by the mainstream media. Oliver North copped to a bunch and Hoffa hasn't been found. Does a simple interest in documented conspiracies prove someone has no credibility?
Moreover, there are a lot conspiracy theories out there, yes? Some folks collect all, some folks collect the most credible. None of this really say much about the actual credibility of the events. This "guilt by association" has the quality of fog discrediting without slightest need for facts or arguments.
Most everything seems to stem from statements by one guy, a Michael J.Riconoscuito (the one with drug charges). If you think he's a nut, as the independent counsel did, then we can all move along.
No, he's just the only survivor. And guess who what authority prosecuted him for the "drug charges"?
Complex software shouldn't be that easy to pirate and ..
Well who knows, in sense it's nice to get daylight on the topic since credible evidence seems to show numerous folks lost their lives or were ruined over this. Spy Magazine and Covert Action Quarterly were the most credible sources supporting the general allegacions.
Since it's a "spooky" affair, exactly what-all happened is going to be hidden, duh. Just remember, the world of government mainframes moves much, MUCH more slowly than the PC world. It took social security ten years to fix their Y2K problems.
Re:the C14 or the N$4? :) (Score:1)
no it's not a reason! (Score:1)
For more information about PROMIS (Score:1)
Promis marketed by Big 5 CPA firm? (Score:1)
Re:You young 'uns these days... (Score:1)
Probably an overzealous subeditor changed "I have spent two years..."
I do know that Louis Rossetto (sp?) had been trying for a while to get some financial backing for the magazine, but I don't think that he was all that partial to investigative journalism while he was waiting...
There is a book in german on it (Score:1)
Book details: Egmont R. Koch, Jochen Sperber: Die Datenmafia. Computerspionage und neue Informationskartelle. Rowohl TB 1996. ISBN 3449602474. DM 16,90.
this might be stretching it a bit, but consider it (Score:1)
Re:Sensitive data sucks (Score:1)
That's easy it is all going to Shawinigin (sp?) Quebec!!
For those out of the know Shawinigin is where the Prime Minister is from. So far he has moved where our tax forms go there, spent $20M on a conference center, built a golf course etc etc.
Re:Why do we care? (Score:1)
Never trust unless you can gut it. (Score:1)
If the drek ain't open to a government agency which DEPENDS on security.. what kind of MORONS run the joint?
Us geeks and hackers.. At least the ones WITHOUT criminal records should talk to various national security orgs and get cushy Unix admin jobs. (And maybe a peek at who killed JFK...?
Or at least code.
Re:Another example of free-software's superiority (Score:1)
Re:Yet another reason for everyone to open source (Score:1)
unless you're running some interpreted version of lynx off of a basic that you toggled in by hand onto your altair, you're USING binaries.
I'm not buying this... (Score:3)
From the Globe and Mail:
The allegations are not new. They were investigated and dismissed nine years ago by the Canadian Security Intelligence Service..
and
A U.S. government independent counsel in 1993 found no credible evidence to support Inslaw's allegations. The counsel, retired judge Nicholas Bua, said the company relied on witnesses who had credibility problems, including a former computer expert who is serving a sentence on drug charges and an Israeli who changed his story.
And neither article mentions any shred of evidence that the allegation is true. And, at least as the stories present it, it doesn't even make sense. US and Israeli agencies sell this to other intelligence agencies. Accomplishing what? Or is the idea that governments were unknowingly buying the modified version?
-----------
holy shit! (Score:2)
i'm not surprised the US is doing it...i'm surprised they appear to have gotten caught. Remember, in political circles...spying is just considered a cost of friendship. We're spying on all our allies, and they're all spying on us.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
Re:Can we blame it on the British? (Score:1)
Re:Yet another reason for everyone to open source (Score:2)
But, if you mean Open-Source as in available for _anyone_ then I'm not convinced that would be a good idea at all, for the simple reason that not many people (other than other governments) would be interested in it. Any flaws found would not be reported (and fixed) simply because the people that found the flaws would take advantage of them for spying purposes. In this case Open-Source would be a liability, not an aid.
This case isn't so much about the benefits of OS (sorry to all the zealots) as it is about the perils of incompetence and corruption.
Bomb a Baldwin for fun and sport (Score:2)
Re:Trust us...we're the government! (Score:1)
It turns out that the US government might have actually just pirated the code from a guy down there, and added the backdoors before selling it to the CSIS.. does this surprize ANY of you?
Re:Canadian Quarters (Score:1)
Catch me on the street and I'd give you a US paper doller for a looney, somehow I haven't seen one yet.
And I do know how to spell ferrite. Just not reliably.
Re:This is yet another example of why (Score:1)
Sure open source works, there's probably a lot more working open source software out there then you realize. And it sounds to me like this isn't really open source, or not intended to be open source. There's also a lot of "closed source" programs that don't work like they should. *cough cough* Micro *cough cough* soft *cough cough*.. Hmm.. seems that I'm allergic to something.
Re:Trust us...we're the government! (Score:2)
"Makes you wonder what kind of "back-doors" may have been build into Carnivore, and who in our government has access to them. "
Also makes you wonder what OTHER governments might have access to Carnivore. Having such monitoring devices doesn't just put people at risk from mean people in our Gov, but also mean people in other Govs who might manage to access the equipment too.
Of course they're spying. (Score:1)
But let's just forget the fact that the US has more tanks in ONE military base than we have full-time military personel :)
Re:Canadian Quarters (Score:1)
Re:Yet another reason for everyone to open source (Score:2)
Having said that. I still agree. Especially when your an intelligence service. It doesn't necessarily have to be open source, but if they're buying software that will use sensitive data and such I would defiantly ask for the source and have a good look at it. Even more so if I'm buying it from a company in another country.
Hostile code discovered (Score:1)
seineew era seitnuom naidanaC
Re:Canadian Quarters (Score:1)
Network & physical access? (Score:1)
If the conspiracy buffs want to have fun then ask the better question of access. Does the US or Israel have a mole within the RCMP with physical access to the classified computer? My name is Joe and I got root! I don't know what kind of network crypto is used in Canada. Is it American or Israeli technology? If so, then this might mean that there is a back-door in the crypto-boxes. This would be more "interesting" than a back-door in some data-base package. Then again it wouldn't be too hard to intercept and break Canadian secure transmissions since all their sentences end with the word, "eh".
Sorry for the cheap shot.:-) Canadians are okay. I still remember that Canadian diplomats risked their own safety to get some American diplomats out of Iran twenty years ago.
...and... (Score:1)
A security guard, who linked the CIA with the execution style murder of one Indian and two other men who objected to the tribe's manufacturing of weapons, chemical and biological warfare devices and the conversion of INSLAW''s sensitive software, fled to Sonoma and Lake counties right after the murders. The security guard's secret hiding places were sanctioned by the Riverside County District Attorney's Office and the state Department of Justice. The security guard testified in a video-taped interview about the murders and named names. The video-taping was taken by the Riverside County District Attorney's Office after a Cabazon Indian and his two companions were found slain. The security guard's testimony to the DA's Office revealed that he was the bag man who carried $10,000 from the Indian Reservation in Indio to the top of an aerial tram in Palm Springs. The $10,000 was "hit" money. According to the testimony, several ex-Green Berets, then employed as firemen in the City of Chicago, executed the three Indians.
(Anyone else ever been to the Cabazon reservation? That chemical and biological weapons facility must either be in the basement of the outlet mall or hidden behind a Joshua tree.)
Nichols, who has been linked to Jimmy Hoffa and assassination attempts of Fidel Castro and Salvador AllendZ, has strong Mafia ties. He has been convicted of soliciting murder.
Riconoscuito told the Grand Jury that with the equipment he could produce information about various operations which developed extremely sensitive military applications from highly advanced technology, such as:
-----------
Re:Canadian Quarters (Score:2)
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
Mounted police secret technology (Score:1)
Soon, American tanks will be replaced by 50-ton armored horses with laser eyes and the ability to break the sound barrier...
Israel will fill their already-strong air force with autonomous Pegasi, equipped with heavy machine guns and manure bombs...
The Palestinians better not mess with themanymore.
Fsck this hard drive! Although it probably won't work...
foo = bar/*myPtr;
Blame Canada (Score:2)
Read the Risks Forum; EFF on INSLAW (Score:2)
Searching for "Promis" yields US Congress Report on INSLAW Case [ncl.ac.uk]
The mentioned article on Apple's FTP site doesn't appear to be there anymore, but doing an FTP search on lycos revealed that there's a lot of INSLAW stuff at the Electronic Frontier Foundation [eff.org]. You can repeat the search yourself with this link. [eff.org]
While you're there, why don't you stop in and Join the EFF? [eff.org] It will only take you a few minutes, cost a few bucks (you can give what you're comfortable with) and it will help with the DVD case as well as bringing justice to bear on the folks that stole and hacked the Promis code.
the C14 or the N$4? :) (Score:1)
Re:I Object! (Score:1)
Public-Domain Version? (Score:2)
I've been hearing this story for 10 years. Parts of it have never made sense. But it doesn't go away. But then again, the Area 51 story is complete hooey and it doesn't go away, either.
Bruce
Canadian top secrets (Score:2)
Yes yes, I know I have seen X-men one too many times.
The Inslaw vs. USA case was thrown out (Score:5)
LOTS of details on the case:
http://www.sonic.net/sentinel/gvcon7.html [sonic.net]
- Isaac =)
Re:Sensitive data sucks (Score:2)
However, if you permit your government to do secret things, then by their nature, those very things must be kept secret from you as well. IT's a catch 22.
We could always rule that the government is forbidden from having anything that's 'top secret', and that any citizen is allowed to know anything the government is doing.. but would that really work?
Yet another reason for everyone to open source (Score:2)
Check what you're running, top secret intelligent dudes.
Just a lesson to be learned.
Trust us...we're the government! (Score:2)
Hmmm...
Our government writes a software package with a built-in security flaw and sees that it is deployed within the Canadian government. In spite of this, we should trust them when they want to deploy a software package within our borders?
Makes you wonder what kind of "back-doors" may have been build into Carnivore, and who in our government has access to them.
Re:The whole story (Score:1)
Canadian Quarters (Score:3)
A handful of Canadian quarters says it's not an open-source product.
Were these Canadian quarters a reliable source?
Why RCMP databases? (Score:1)
They could have saved themselves a lot of time and effort had they realized that the RCMP provides this information on request.
Yes, they could have just asked for it.
---
Where can the word be found, where can the word resound? Not here, there is not enough silence.
Is this Echelon? (Score:1)
Seriously - if this software was pirated, altered and deployed at strategic sites, was it orchestrated by the US Justice Department, or are we staring Echelon in the face?
My god! (Score:1)
----
Oh my god, Bear is driving! How can this be?
Another example of free-software's superiority (Score:2)
This should provide a good rebutal to the silly 'I wouldn't want to run an operating system where just anyone can edit the source!' comment that was made last week.
Why do we care? (Score:2)
Is Canada planning on invading Isreal?
Does Canada pose a threat to the US of A?
Will this affect the supply of Canada Dry in the US?
The Octopus (Score:1)