Group items tagged

According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency's elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA's TAO group is able to divert shipping deliveries to its own "secret workshops" in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access. While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it's a unique look at the agency's collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it's a USB "hardware implant" that secretly provides the NSA with remote access to the compromised machine.

The NSA cannot know in advance which tiny fraction of 1 percent of the records it may need, so it collects and keeps as many as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection.

NSA defends the program by saying that it uses the location data to find "unknown associates of known intelligence targets." Basically, it's tracking where everyone goes, just in case people end up spending time with people the NSA deems as being terrorists.

Elsewhere in the article, they quote NSA officials repeatedly saying that the program is "tuned to be looking outside the United States," but not saying it only collects info outside the US. Also, they make clear, once a person leaves the US, the NSA no longer believes the 4th Amendment applies to them, so their location is fair game in this giant database.. Asked for specific numbers, an NSA person said:

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

Documents provided by NSA whistleblower Edward Snowden show that the government worked in secret to exploit a new internet surveillance law enacted in the wake of revelations of illegal domestic spying to initiate a new metadata collection program that appeared designed to collect information about the communications of New Zealanders.

Snowden explained that “at the NSA, I routinely came across the communications of New Zealanders in my work with a mass surveillance tool we share with GCSB, called ‘X KEYSCORE.”" He further detailed that “the GCSB provides mass surveillance data into XKEYSCORE. They also provide access to the communications of millions of New Zealanders to the NSA at facilities such as the GCSB facility in Waihopai, and the Prime Minister is personally aware of this fact.”

Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.

between 2008 and 2010

But, the bigger issue is that without presenting any actual evidence on these situations, it's impossible to know whether or not the NSA really needed this massive data collection to stop those "potential" plots. As we've already seen, in the one case where the NSA has said the programs were useful, it quickly became clear that they were not necessary, and traditional policework actually did the bulk of the effort in identifying the plot.

Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak. So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily.

"I don't want to pre-empt the work of journalists," he said, "but there's no question the US is engaged in economic spying. If there's information at Siemens that they think would be beneficial to the national interests (not the national security) of the United States, they'll go after that information."

While evidence shows the NSA has spied on Brazil's Petrobras oil company, the US government has never been conclusively linked to the surveillance or theft of trade secrets on an international stage. If true, the revelations would have a grave diplomatic impact, particularly the government attempts to regain the trust of allied nations.

“The Art of Deception: Training for Online Covert Operations.”

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. 

Critically, the “targets” for this deceit and reputation-destruction extend far beyond the customary roster of normal spycraft: hostile nations and their leaders, military agencies, and intelligence services. In fact, the discussion of many of these techniques occurs in the context of using them in lieu of “traditional law enforcement” against people suspected (but not charged or convicted) of ordinary crimes or, more broadly still, “hacktivism”, meaning those who use online protest activity for political ends. The title page of one of these documents reflects the agency’s own awareness that it is “pushing the boundaries” by using “cyber offensive” techniques against people who have nothing to do with terrorism or national security threats, and indeed, centrally involves law enforcement agents who investigate ordinary crimes:

According to internal NSA documents viewed by SPIEGEL, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies. TAO's area of operations ranges from counterterrorism to cyber attacks to traditional espionage. The documents reveal just how diversified the tools at TAO's disposal have become -- and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks. The unit is "akin to the wunderkind of the US intelligence community," says Matthew Aid, a historian who specializes in the history of the NSA. "Getting the ungettable" is the NSA's own description of its duties. "It is not about the quantity produced but the quality of intelligence that is important," one former TAO chief wrote, describing her work in a document. The paper seen by SPIEGEL quotes the former unit head stating that TAO has contributed "some of the most significant intelligence our country has ever seen." The unit, it goes on, has "access to our very hardest targets."

"The real danger [from] the publicity about [NSA surveillance] is that other countries will begin to put very serious encryption – we use the term 'Balkanization' in general – to essentially split the internet and that the internet's going to be much more country specific," Google executive chairman Eric Schmidt said at an event in New York this month. "That would be a very bad thing, it would really break the way the internet works, and I think that's what I worry about."

The Washington Post added another noteworthy finding to the growing pile of information leaked by former NSA contractor Edward Snowden: the NSA is collecting nearly five billion cellphone location records per day from across the world.

This gigantic data collection feeds a database that stores information on "hundreds of millions of devices," according to the documents obtained by

27 terabytes

US surveillance agency may be using Google's advertising cookies to track and "pinpoint" targets for government hacking and location-tracking. According to Snowden's leaked presentation slides, both the NSA and the British equivalent, the GCHQ, are using a Google-specific ad cookie (know as "PREF") as a way of homing in on specific surveillance targets. While Google's cookie doesn't contain personal information like a name or email address, it does contain numeric codes that uniquely identify a user's browser.

Bobby R. Inman, who weathered his own turbulent period as N.S.A. director from 1977 to 1981, offers his hyper-secret former agency a radical suggestion for right now. "My advice would be to take everything you think Snowden has and get it out yourself," he said. "It would certainly be a shock to the agency. But bad news doesn't get better with age. The sooner they get it out and put it behind them, the faster they can begin to rebuild."

"The world has learned a lot in a short amount of time about irresponsibly operated security agencies and, at times, criminal surveillance programs. Sometimes the agencies try to avoid controls," Snowden wrote, according to the news magazine. "While the NSA and GCHQ (the British national security agency) appear to be the worst offenders -- at least according to the documents that are currently public -- we cannot forget that mass surveillance is a global problem and needs a global solution."

A recent report by Der Spiegel, citing documents provided by Snowden, alleged the NSA monitored German Chancellor Angela Merkel's cell phone. Some reports also suggest the United States carried out surveillance on French and Spanish citizens.

"If he wants to come back and open up to the responsibility of the fact that he took and stole information, he violated his oath, he disclosed classified information -- that by the way has allowed three different terrorist organizations, affiliates of al Qaeda to change the way they communicate -- I'd be happy to have that discussion with him," Rogers said on "Face the Nation."

First, it assumes that Snowden’s master file includes data from every network he ever scanned. Second, it assumes that this file is already in or will end up in the hands of America’s adversaries. If these assumptions turn out to be true, then the alarm raised in the last week will be warranted. The key word here is “if.”

Still, that moratorium on spying didn't extend beyond those world leaders, and Reuters, translating from the BamS source, writes that the source said, “We have had the order not to miss out on any information now that we are no longer able to monitor the chancellor's communication directly.” Specifically, Interior Minister Thomas de Maiziere, one of Merkel's confidants, was called out as being a target of the NSA's increased spying efforts.