Group items tagged

With a surveillance reform bill stuck in the Senate, the federal court overseeing spy agencies on Friday reauthorized the National Security Agency’s controversial bulk collection of Americans' phone records.

The NSA’s phone records program needs to be reauthorized by the FISC every 90 days. The current authority expires on Dec. 5.

Documents provided by NSA whistleblower Edward Snowden show that the government worked in secret to exploit a new internet surveillance law enacted in the wake of revelations of illegal domestic spying to initiate a new metadata collection program that appeared designed to collect information about the communications of New Zealanders.

Snowden explained that “at the NSA, I routinely came across the communications of New Zealanders in my work with a mass surveillance tool we share with GCSB, called ‘X KEYSCORE.”" He further detailed that “the GCSB provides mass surveillance data into XKEYSCORE. They also provide access to the communications of millions of New Zealanders to the NSA at facilities such as the GCSB facility in Waihopai, and the Prime Minister is personally aware of this fact.”

“The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” the judge wrote.

“Given the limited record before me at this point in the litigation – most notably, the utter lack of evidence that a terrorist attack has ever been prevented because searching the NSA database was faster than other investigative tactics – I have serious doubts about the efficacy of the metadata collection program as a means of conducting time-sensitive investigations in cases involving imminent threats of terrorism.”

the report recognized that email privacy is critical

one issue was left conspicuously unaddressed in the report. The Securities and Exchange Commission, the civil agency in charge of protecting investors and ensuring orderly markets, has been advocating for a special exception to the warrant requirement. No agency can or should have a get-out-of-jail-free card for bypassing the Fourth Amendment.

the algorithm is only as fair as the data fed into it.

the malware was more advanced than the malicious programs developed by the NSA-tied Equation Group that Kaspersky just exposed. More intriguing still, Kaspersky antivirus products showed the same malware has infected one or more venues that hosted recent diplomatic negotiations the US and five other countries have convened with Iran over its nuclear program.

“The Art of Deception: Training for Online Covert Operations.”

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. 

Critically, the “targets” for this deceit and reputation-destruction extend far beyond the customary roster of normal spycraft: hostile nations and their leaders, military agencies, and intelligence services. In fact, the discussion of many of these techniques occurs in the context of using them in lieu of “traditional law enforcement” against people suspected (but not charged or convicted) of ordinary crimes or, more broadly still, “hacktivism”, meaning those who use online protest activity for political ends. The title page of one of these documents reflects the agency’s own awareness that it is “pushing the boundaries” by using “cyber offensive” techniques against people who have nothing to do with terrorism or national security threats, and indeed, centrally involves law enforcement agents who investigate ordinary crimes:

According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency's elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA's TAO group is able to divert shipping deliveries to its own "secret workshops" in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access. While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it's a unique look at the agency's collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it's a USB "hardware implant" that secretly provides the NSA with remote access to the compromised machine.

The NSA cannot know in advance which tiny fraction of 1 percent of the records it may need, so it collects and keeps as many as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection.

NSA defends the program by saying that it uses the location data to find "unknown associates of known intelligence targets." Basically, it's tracking where everyone goes, just in case people end up spending time with people the NSA deems as being terrorists.

Elsewhere in the article, they quote NSA officials repeatedly saying that the program is "tuned to be looking outside the United States," but not saying it only collects info outside the US. Also, they make clear, once a person leaves the US, the NSA no longer believes the 4th Amendment applies to them, so their location is fair game in this giant database.. Asked for specific numbers, an NSA person said:

The project, which cost a total of $1.8 billion to construct, received a million-dollar loan from the Loan Programs Office. Under its “SunShot” initiative (so-named in the spirit of president John F. Kennedy’s “moon shot” program), the DoE provides guaranteed loans to unproved ventures in solar power in the hopes of promoting innovation and making the technology more cost-effective.* Although Agua Caliente (owned by U.S. energy giant NRG Energy and partner MidAmerican Solar) is now the largest photovoltaic solar facility in the world, it probably will not hold that distinction for long. Other massive solar panel facilities, such as Antelope Valley Solar Ranch One in California’s Mojave Desert, are rapidly springing up across the Southwest.

But, the bigger issue is that without presenting any actual evidence on these situations, it's impossible to know whether or not the NSA really needed this massive data collection to stop those "potential" plots. As we've already seen, in the one case where the NSA has said the programs were useful, it quickly became clear that they were not necessary, and traditional policework actually did the bulk of the effort in identifying the plot.

Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak. So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily.

The Washington Post added another noteworthy finding to the growing pile of information leaked by former NSA contractor Edward Snowden: the NSA is collecting nearly five billion cellphone location records per day from across the world.

This gigantic data collection feeds a database that stores information on "hundreds of millions of devices," according to the documents obtained by

27 terabytes