Group items tagged

First, it assumes that Snowden’s master file includes data from every network he ever scanned. Second, it assumes that this file is already in or will end up in the hands of America’s adversaries. If these assumptions turn out to be true, then the alarm raised in the last week will be warranted. The key word here is “if.”

the report recognized that email privacy is critical

one issue was left conspicuously unaddressed in the report. The Securities and Exchange Commission, the civil agency in charge of protecting investors and ensuring orderly markets, has been advocating for a special exception to the warrant requirement. No agency can or should have a get-out-of-jail-free card for bypassing the Fourth Amendment.

the algorithm is only as fair as the data fed into it.

According to internal NSA documents viewed by SPIEGEL, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies. TAO's area of operations ranges from counterterrorism to cyber attacks to traditional espionage. The documents reveal just how diversified the tools at TAO's disposal have become -- and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks. The unit is "akin to the wunderkind of the US intelligence community," says Matthew Aid, a historian who specializes in the history of the NSA. "Getting the ungettable" is the NSA's own description of its duties. "It is not about the quantity produced but the quality of intelligence that is important," one former TAO chief wrote, describing her work in a document. The paper seen by SPIEGEL quotes the former unit head stating that TAO has contributed "some of the most significant intelligence our country has ever seen." The unit, it goes on, has "access to our very hardest targets."

Documents provided by NSA whistleblower Edward Snowden show that the government worked in secret to exploit a new internet surveillance law enacted in the wake of revelations of illegal domestic spying to initiate a new metadata collection program that appeared designed to collect information about the communications of New Zealanders.

Snowden explained that “at the NSA, I routinely came across the communications of New Zealanders in my work with a mass surveillance tool we share with GCSB, called ‘X KEYSCORE.”" He further detailed that “the GCSB provides mass surveillance data into XKEYSCORE. They also provide access to the communications of millions of New Zealanders to the NSA at facilities such as the GCSB facility in Waihopai, and the Prime Minister is personally aware of this fact.”

Court documents have revealed how information supplied by New Zealand’s Organised and Financial Crime Agency led to Kim Dotcom and his associates being illegally monitored by GCSB, the Kiwi spy agency comparable to the United States’ CIA. Today a High Court judge expressed concern at the situation, with Dotcom’ legal team calling for an independent inquiry into the fiasco. Meanwhile, pressure continues to mount on Prime Minister John Key as it’s revealed the government issued an information suppression order.

According to court documents, GCSB checked with OFCANZ that both Dotcom and der Kolk were indeed foreign nationals. OFCANZ said they were, but in fact neither should have been spied on by GCSB. The monitoring went ahead anyway. In the High Court today, Justice Helen Winkelmann asked lawyers how it could be possible that GCSB hadn’t known about Dotcom’s New Zealand residency.

During an earlier hearing, Detective Inspector Grant Wormald of OFCANZ said that apart from surveillance carried out by the police, no other surveillance had been carried out against Dotcom. But with the revelation that GCSB had indeed been monitoring the Megaupload founder at the behest of OFCANZ, questions are now being raised about this apparent inconsistency, not least since Wormald previously acknowledged that a secret government unit had been involved in a pre-raid planning meeting in January.

Further evidence of overeager and illegal police work emerged Thursday in New Zealand as Inspector General of Security and Intelligence Paul Neazor released a report on the illegal bugging of Kim Dotcom and Megaupload programmer Bram van der Kolk. Two GCSB officers were present at a police station nearby Dotcom’s mansion as the raid took place.

Police weighed several options for the raid named “Operation Debut,” undertaken at the behest of US authorities, and sought to take Dotcom and associates with the “greatest element of surprise” and to minimise any delays the in executing the search and seizure operation should the German file sharing tycoon’s staff be uncooperative or even resist officers on arrival.

The police planners also noted that “Dotcom will use violence against person’s [sic] and that he has several staff members who are willing to use violence at Dotcom’s bidding” after a U.S. cameraman, Jess Bushyhead, reported the Megaupload founder for assaulting him with his stomach after a dispute. Based on Dotcom’s license plates such as MAFIA, POLICE, STONED, GUILTY, and HACKER, police said this indicates the German “likes to think of himself as a gangster” and is “described as arrogant, flamboyant and having disregard for law enforcement.” However, the documents show that Dotcom had only been caught violating the speed limit in New Zealand. The request for assistance from the STG notes that the US investigation against Mega Media Group and Dotcom was started in March 2010 by prosecutors and the FBI. According to the documents, US prosecutors and FBI “discovered that the Mega Media Group had engaged in and facilitated criminal copyright infringement and money laundering on a massive scale around the world.” FBI in turn contacted NZ Police in “early 2011," requesting assistance with the Mega Media Group investigation as Dotcom had moved to New Zealand at the time.

"deny, disrupt, degrade and deceive" by any means possible.

According to reports in Der Spiegel last year, British intelligence has tapped the reservations systems of over 350 top hotels around the world for the past three years to set up Royal Concierge. It was used to spy on trade delegations, foreign diplomats, and other targets with a taste for the high life.

A PowerPoint presentation from 2010 states that JTRIG activities account for five per cent of GCHQ's operations budget and uses a variety of techniques. These include "call bombing" to drown out a target's ability to receive messages, attacking targets in hotels, Psyops (psychological operations) against individuals, and going all the way up to disrupting a country's critical infrastructure.

Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.

between 2008 and 2010

“They’ve spent hundreds and hundreds of man-hours trying to reconstruct everything he has gotten, and they still don’t know all of what he took,” a senior administration official said. “I know that seems crazy, but everything with this is crazy.”

In recent days, a senior N.S.A. official has told reporters that he believed Mr. Snowden still had access to documents not yet disclosed. The official, Rick Ledgett, who is heading the security agency’s task force examining Mr. Snowden’s leak, said he would consider recommending amnesty for Mr. Snowden in exchange for those documents.

“So, my personal view is, yes, it’s worth having a conversation about,” Mr. Ledgett told CBS News. “I would need assurances that the remainder of the data could be secured, and my bar for those assurances would be very high. It would be more than just an assertion on his part.”

"The world has learned a lot in a short amount of time about irresponsibly operated security agencies and, at times, criminal surveillance programs. Sometimes the agencies try to avoid controls," Snowden wrote, according to the news magazine. "While the NSA and GCHQ (the British national security agency) appear to be the worst offenders -- at least according to the documents that are currently public -- we cannot forget that mass surveillance is a global problem and needs a global solution."

A recent report by Der Spiegel, citing documents provided by Snowden, alleged the NSA monitored German Chancellor Angela Merkel's cell phone. Some reports also suggest the United States carried out surveillance on French and Spanish citizens.

"If he wants to come back and open up to the responsibility of the fact that he took and stole information, he violated his oath, he disclosed classified information -- that by the way has allowed three different terrorist organizations, affiliates of al Qaeda to change the way they communicate -- I'd be happy to have that discussion with him," Rogers said on "Face the Nation."

A search warrant obtained by TheDC indicates that the August raid allowed law enforcement to search for firearms inside her home.

The document notes that her husband, Paul Flanagan, was found guilty in 1986 to resisting arrest in Prince George’s County. The warrant called for police to search the residence they share and seize all weapons and ammunition because he is prohibited under the law from possessing firearms. But without Hudson’s knowledge, the agents also confiscated a batch of documents that contained information about sources inside the Department of Homeland Security and the Transportation Security Administration, she said.

And, yes, the "but what about my $100 million movie" crowd will scoff and argue that this number is so "small." But, two points there: first, this number is growing very, very, very fast. And if you can't understand how trends explode, then you're going to be in trouble soon. Second -- and this is the more important point -- those funds helped create 8,000 films. For those who have been arguing about culture and how we're going to lose the ability to make movies... this suggests something amazing and important is happening which goes against all those gloom and doom predictions. By way of comparison, the UN, which keeps track of stats on film production, claimed that in 2009, 7,233 films were made. Worldwide.

“The Art of Deception: Training for Online Covert Operations.”

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. 

Critically, the “targets” for this deceit and reputation-destruction extend far beyond the customary roster of normal spycraft: hostile nations and their leaders, military agencies, and intelligence services. In fact, the discussion of many of these techniques occurs in the context of using them in lieu of “traditional law enforcement” against people suspected (but not charged or convicted) of ordinary crimes or, more broadly still, “hacktivism”, meaning those who use online protest activity for political ends. The title page of one of these documents reflects the agency’s own awareness that it is “pushing the boundaries” by using “cyber offensive” techniques against people who have nothing to do with terrorism or national security threats, and indeed, centrally involves law enforcement agents who investigate ordinary crimes:

The two main components of Uroburos are - a driver and an encrypted virtual file system, used to disguise its nasty activities and to try to avoid detection. Its driver part is extremely complex and is designed to be very discrete and very difficult to identify.

The virtual file system can’t be decrypted without the presence of drivers, according to the Gdata’s analysis explained in the PDF.

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency's elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA's TAO group is able to divert shipping deliveries to its own "secret workshops" in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access. While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it's a unique look at the agency's collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it's a USB "hardware implant" that secretly provides the NSA with remote access to the compromised machine.