Group items tagged

The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censor video content judged to be “extremist.” The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call.

he “tools” have been assigned boastful code names. They include invasive methods for online surveillance, as well as some of the very techniques that the U.S. and U.K. have harshly prosecuted young online activists for employing, including “distributed denial of service” attacks and “call bombing.” But they also describe previously unknown tactics for manipulating and distorting online political discourse and disseminating state propaganda, as well as the apparent ability to actively monitor Skype users in real-time—raising further questions about the extent of Microsoft’s cooperation with spy agencies or potential vulnerabilities in its Skype’s encryption. Here’s a list of how JTRIG describes its capabilities: • “Change outcome of online polls” (UNDERPASS) • “Mass delivery of email messaging to support an Information Operations campaign” (BADGER) and “mass delivery of SMS messages to support an Information Operations campaign” (WARPARTH) • “Disruption of video-based websites hosting extremist content through concerted target discovery and content removal.” (SILVERLORD)

• “Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.” (MINIATURE HERO) • “Find private photographs of targets on Facebook” (SPRING BISHOP) • “A tool that will permanently disable a target’s account on their computer” (ANGRY PIRATE) • “Ability to artificially increase traffic to a website” (GATEWAY) and “ability to inflate page views on websites” (SLIPSTREAM) • “Amplification of a given message, normally video, on popular multimedia websites (Youtube)” (GESTATOR) • “Targeted Denial Of Service against Web Servers” (PREDATORS FACE) and “Distributed denial of service using P2P. Built by ICTR, deployed by JTRIG” (ROLLING THUNDER)

When Israeli Prime Minister Benjamin Netanyahu met with Google chairman Eric Schmidt on Tuesday afternoon, he boasted about Israel’s “robust hi-tech and cyber industries.” According to The Jerusalem Post, “Netanyahu also noted that ‘Israel was making great efforts to diversify the markets with which it is trading in the technological field.'” Just how diversified and developed Israeli hi-tech innovation has become was revealed the very next morning, when the Russian cyber-security firm Kaspersky Labs, which claims more than 400 million users internationally, announced that sophisticated spyware with the hallmarks of Israeli origin (although no country was explicitly identified) had targeted three European hotels that had been venues for negotiations over Iran’s nuclear program.

Wednesday’s Wall Street Journal, one of the first news sources to break the story, reported that Kaspersky itself had been hacked by malware whose code was remarkably similar to that of a virus attributed to Israel. Code-named “Duqu” because it used the letters DQ in the names of the files it created, the malware had first been detected in 2011. On Thursday, Symantec, another cyber-security firm, announced it too had discovered Duqu 2 on its global network, striking undisclosed telecommunication sites in Europe, North Africa, Hong Kong, and  Southeast Asia. It said that Duqu 2 is much more difficult to detect that its predecessor because it lives exclusively in the memory of the computers it infects, rather than writing files to a drive or disk. The original Duqu shared coding with — and was written on the same platform as — Stuxnet, the computer worm  that partially disabled enrichment centrifuges in Iranian nuclear power plants, according to a 2012 report in The New York Times. Intelligence and military experts said that Stuxnet was first tested at Dimona, a nuclear-reactor complex in the Negev desert that houses Israel’s own clandestine nuclear weapons program. While Stuxnet is widely believed to have been a joint Israeli-U.S. operation, Israel seems to have developed and implemented Duqu on its own.

Coding of the spyware that targeted two Swiss hotels and one in Vienna—both sites where talks were held between the P5+1 and Iran—so closely resembled that of Duqu that Kaspersky has dubbed it “Duqu 2.” A Kaspersky report contends that the new and improved Duqu would have been almost impossible to create without access to the original Duqu code. Duqu 2’s one hundred “modules” enabled the cyber attackers to commandeer infected computers, compress video feeds  (including those from hotel surveillance cameras), monitor and disrupt telephone service and Wi-Fi, and steal electronic files. The hackers’ penetration of computers used by the front desk would have allowed them to determine the room numbers of negotiators and delegation members. Duqu 2 also gave the hackers the ability to operate two-way microphones in the hotels’ elevators and control their alarm systems.

Third in a series. Part 1 here; Part 2 here. When it comes to the National Security Agency’s recently disclosed use of automated speech recognition technology to search, index and transcribe voice communications, people in the United States may well be asking: But are they transcribing my phone calls? The answer is maybe. A clear-cut answer is elusive because documents in the Snowden archive describe the capability to turn speech into text, but not the extent of its use — and the U.S. intelligence community refuses to answer even the most basic questions on the topic.

thanks to previous explorations of the Snowden archive and some documents released by the Obama administration, we know there are four major methods the NSA uses to get access to phone calls involving Americans — and only one of them technically precludes the use of speech recognition.

In a $100 million lawsuit that has garnered virtually no public attention, five National Security Agency (NSA) whistleblowers are accusing the federal government of illegally retaliating against them for alerting the NSA and Congress to a waste of taxpayer funds that benefitted a well-connected contractor.The lawsuit tells the story of the infancy of the NSA’s efforts to surveil the Internet. Back then, there were two programs for the spying agency to choose from — and the first was called ThinThread. It had been developed internally, was comparatively inexpensive, had been tested and proven to be effective, and included safeguards preventing the spying on Americans without a court warrant. The other was called Trailblazer. It did not include such safeguards, had not yet been shown to be effective, and cost 1,000 times more than ThinThread. Instead of being developed internally, it was to be outsourced to Science Applications International Corporation (SAIC), a politically connected contractor.The NSA chose Trailblazer.

In response, four NSA employees who had worked on ThinThread, as well as a congressional staffer, alerted Congress and the Office of the Inspector General of the NSA that the agency was wasting taxpayer funds. That is when their troubles began, according to the lawsuit.It alleges that the defendants, which include the NSA, FBI, and the Department of Justice, as well as individuals associated with them, “knowingly and intentionally fabricated” a claim that the plaintiffs leaked classified information to New York Times reporters Eric Lichtblau and James Risen.“[The defendants] used this fabricated claim for retaliation, illegal searches and seizures, physical invasion of their residences and places of business, temporary false imprisonment, the confiscation of their property, cancellation of security clearances leading to the loss of their jobs and employment, intentional infliction of emotional distress, harassment and intimidation,” the lawsuit alleges.It also states that the defendants should have known that the plaintiffs were not the leaks because the NSA “was tracking all domestic telephone calls for the supposed purpose of protecting national security.”

The plaintiffs are former NSA employees Thomas Drake, Ed Loomis, J. Kirk Wiebe, William Binney, and former congressional staffer Diane Roark. They seek “punitive damages in excess of $100 million because of Defendants [sic] callous and reckless indifference and malicious acts …” as well as well as an additional $15 million for lost wages and to cover costs.Larry Klayman, the prominent conservative public interest attorney and founder of Judicial Watch, filed the suit on August 20th. However, it is expected to be amended this week, and it is possible that additional publicity for the case will be sought then.

Back in 2011, Julian Assange met up with Eric Schmidt for an interview that he considers the best he’s ever given. That doesn’t change, however, the opinion he now has about Schmidt and the company he represents, Google.In fact, the WikiLeaks leader doesn’t believe in the famous “Don’t Be Evil” mantra that Google has been preaching for years.Assange thinks both Schmidt and Google are at the exact opposite spectrum.“Nobody wants to acknowledge that Google has grown big and bad. But it has. Schmidt’s tenure as CEO saw Google integrate with the shadiest of US power structures as it expanded into a geographically invasive megacorporation. But Google has always been comfortable with this proximity,” Assange writes in an opinion piece for Newsweek.

“Long before company founders Larry Page and Sergey Brin hired Schmidt in 2001, their initial research upon which Google was based had been partly funded by the Defense Advanced Research Projects Agency (DARPA). And even as Schmidt’s Google developed an image as the overly friendly giant of global tech, it was building a close relationship with the intelligence community,” Assange continues.Throughout the lengthy article, Assange goes on to explain how the 2011 meeting came to be and talks about the people the Google executive chairman brought along - Lisa Shields, then vice president of the Council on Foreign Relationship, Jared Cohen, who would later become the director of Google Ideas, and Scott Malcomson, the book’s editor, who would later become the speechwriter and principal advisor to Susan Rice.“At this point, the delegation was one part Google, three parts US foreign-policy establishment, but I was still none the wiser.” Assange goes on to explain the work Cohen was doing for the government prior to his appointment at Google and just how Schmidt himself plays a bigger role than previously thought.In fact, he says that his original image of Schmidt, as a politically unambitious Silicon Valley engineer, “a relic of the good old days of computer science graduate culture on the West Coast,” was wrong.

However, Assange concedes that that is not the sort of person who attends Bilderberg conferences, who regularly visits the White House, and who delivers speeches at the Davos Economic Forum.He claims that Schmidt’s emergence as Google’s “foreign minister” did not come out of nowhere, but it was “presaged by years of assimilation within US establishment networks of reputation and influence.” Assange makes further accusations that, well before Prism had even been dreamed of, the NSA was already systematically violating the Foreign Intelligence Surveillance Act under its director at the time, Michael Hayden. He states, however, that during the same period, namely around 2003, Google was accepting NSA money to provide the agency with search tools for its rapidly-growing database of information.Assange continues by saying that in 2008, Google helped launch the NGA spy satellite, the GeoEye-1, into space and that the search giant shares the photographs from the satellite with the US military and intelligence communities. Later on, 2010, after the Chinese government was accused of hacking Google, the company entered into a “formal information-sharing” relationship with the NSA, which would allow the NSA’s experts to evaluate the vulnerabilities in Google’s hardware and software.

Three cases that likely lay the groundwork for a major privacy battle at the U.S. Supreme Court are pending before federal appeals courts, whose judges are taking their time announcing whether they believe the dragnet collection of Americans' phone records is legal. It’s been more than five months since the American Civil Liberties Union argued against the National Security Agency program in New York, three months since legal activist Larry Klayman defended his thus far unprecedented preliminary injunction win in Washington, D.C., and two months since Idaho nurse Anna Smith’s case was heard by appeals judges in Seattle. At the district court level, judges handed down decisions about a month after oral arguments in the cases. It’s unclear what accounts for the delay. It’s possible judges are meticulously crafting opinions that are likely to receive wide coverage, or that members of the three-judge panels are clashing on the appropriate decision.

Attorneys involved in the cases understandably are reluctant to criticize the courts, but all express hope for speedy resolution of their fights against alleged violations of Americans’ Fourth Amendment rights.

Though it’s difficult to accurately predict court decisions based on oral arguments, opponents of the mass surveillance program may have reason for optimism.

How much extra will you have to pay for the privilege of being spied on?

UK ISPs have warned MPs that the costs of implementing the Investigatory Powers Bill (aka the Snooper's Charter) will be much greater than the £175 million the UK government has allotted for the task, and that broadband bills will need to rise as a result. Representatives from ISPs and software companies told the House of Commons Science and Technology Committee that the legislation greatly underestimates the "sheer quantity" of data generated by Internet users these days. They also pointed out that distinguishing content from metadata is a far harder task than the government seems to assume. Matthew Hare, the chief executive of ISP Gigaclear, said with "a typical 1 gigabit connection to someone's home, over 50 terabytes of data per year [are] passing over it. If you say that a proportion of that is going to be the communications data—the record of who you communicate with, when you communicate or what you communicate—there would be the most massive and enormous amount of data that in future an access provider would be expected to keep. The indiscriminate collection of mass data across effectively every user of the Internet in this country is going to have a massive cost."

Moreover, the larger the cache of stored data, the more worthwhile it will be for criminals and state-backed actors to gain access and download that highly-revealing personal information for fraud and blackmail. John Shaw, the vice president of product management at British security firm Sophos, told the MPs: "There would be a huge amount of very sensitive personal data that could be used by bad guys.

Chinese human rights practices are in the news again. The White House is reportedly weighing sanctions against Chinese officials and companies that are engaged in or facilitating the mass surveillance and detention of Uighurs in the Xinjiang Uighur Autonomous Region (XUAR).  Over the past several months, it has become increasingly clear that the Chinese government is conducting widespread efforts to “re-educate” its largely-Muslim Uighur population in XUAR and impose strict controls over that population’s movements and actions, including through the extensive use of facial recognition software (FRS). And now the Trump Administration, which to date has not focused on other states’ human rights practices, seems to have concluded that China’s actions are worthy of condemnation. Though the administration should not be overly sanguine about the effectiveness of making it harder for a few companies to provide FRS to the Chinese government, there is value in putting down a marker that using FRS this way is not acceptable.

On Sunday’s Face the Nation, Sen. Rand Paul was asked about President Trump’s accusation that President Obama ordered the NSA to wiretap his calls. The Kentucky senator expressed skepticism about the mechanics of Trump’s specific charge, saying: “I doubt that Trump was a target directly of any kind of eavesdropping.” But he then made a broader and more crucial point about how the U.S. government spies on Americans’ communications — a point that is deliberately obscured and concealed by U.S. government defenders. Paul explained how the NSA routinely and deliberately spies on Americans’ communications — listens to their calls and reads their emails — without a judicial warrant of any kind: The way it works is, the FISA court, through Section 702, wiretaps foreigners and then [NSA] listens to Americans. It is a backdoor search of Americans. And because they have so much data, they can tap — type Donald Trump into their vast resources of people they are tapping overseas, and they get all of his phone calls. And so they did this to President Obama. They — 1,227 times eavesdrops on President Obama’s phone calls. Then they mask him. But here is the problem. And General Hayden said this the other day. He said even low-level employees can unmask the caller. That is probably what happened to Flynn. They are not targeting Americans. They are targeting foreigners. But they are doing it purposefully to get to Americans.

Paul’s explanation is absolutely correct. That the NSA is empowered to spy on Americans’ communications without a warrant — in direct contravention of the core Fourth Amendment guarantee that “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause” — is the dirty little secret of the U.S. Surveillance State. As I documented at the height of the controversy over the Snowden reporting, top government officials — including President Obama — constantly deceived (and still deceive) the public by falsely telling them that their communications cannot be monitored without a warrant. Responding to the furor created over the first set of Snowden reports about domestic spying, Obama sought to reassure Americans by telling Charlie Rose: “What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls … by law and by rule, and unless they … go to a court, and obtain a warrant, and seek probable cause.” The right-wing chairman of the House Intelligence Committee at the time, GOP Rep. Mike Rogers, echoed Obama, telling CNN the NSA “is not listening to Americans’ phone calls. If it did, it is illegal. It is breaking the law.” Those statements are categorically false. A key purpose of the new 2008 FISA law — which then-Senator Obama voted for during the 2008 general election after breaking his primary-race promise to filibuster it — was to legalize the once-controversial Bush/Cheney warrantless eavesdropping program, which the New York Times won a Pulitzer Prize for exposing in 2005. The crux of the Bush/Cheney controversy was that they ordered NSA to listen to Americans’ international telephone calls without warrants — which was illegal at the time — and the 2008 law purported to make that type of domestic warrantless spying legal.

In a Chicago court, several Facebook users filed a class-action lawsuit against the social media giant for allegedly violating its users’ privacy rights to acquire the largest privately held stash of biometric face-recognition data in the world. The court documents reveal claims that “Facebook began violating the Illinois Biometric Information Privacy Act (IBIPA) of 2008 in 2010, in a purported attempt to make the process of tagging friends easier.”

This was accomplished through the “tag suggestions” feature provided by Facebook which “scans all pictures uploaded by users and identifies any Facebook friends they may want to tag.” The Facebook users maintain that this feature is a “form of data mining [that] violates user’s privacy”. One plaintiff said this is a “brazen disregard for its users’ privacy rights,” through which Facebook has “secretly amassed the world’s largest privately held database of consumer biometrics data.” Because “Facebook actively conceals” their protocol using “faceprint databases” to identify Facebook users in photos, and “doesn’t disclose its wholesale biometrics data collection practices in its privacy policies, nor does it even ask users to acknowledge them.”

This would be a violation of the IBIPA which states it is “unlawful to collect biometric data without written notice to the subject stating the purpose and length of the data collection, and without obtaining the subject’s written release.” Because all users are automatically part of the “faceprint’ facial recognition program, this is an illegal act in the state of Illinois, according to the complaint. Jay Edelson, attorney for the plaintiffs, asserts the opt-out ability to prevent other Facebook users from tagging them in photos is “insufficient”.

"When NSA whistleblower Edward Snowden came forth last year with U.S. government spying secrets, it didn't take long to realize that some of the information revealed could bring on serious repercussions — not just for the U.S. government, but also for U.S.-based companies. The latest to feel the hit? None other than Apple, and in a region the company has been working hard to increase market share: China. China, via state media, has today declared that Apple's iPhone is a threat to national security — all because of its thorough tracking capabilities. It has the ability to keep track of user locations, and to the country, this could potentially reveal "state secrets" somehow. It's being noted that the iPhone will continue to track the user to some extent even if the overall feature is disabled. China's iPhone ousting comes hot on the heels of Russia's industry and trade deeming AMD and Intel processors to be untrustworthy. The nation will instead be building its own ARM-based "Baikal" processor.

Prominent activists, lawmakers, artists, academics, and other leading voices in civil society, including Sen. Bernie Sanders (I-Vt.), are joining the campaign to get a pardon for National Security Agency (NSA) whistleblower Edward Snowden. “The information disclosed by Edward Snowden has allowed Congress and the American people to understand the degree to which the NSA has abused its authority and violated our constitutional rights,” Sanders wrote for the Guardian on Wednesday. “Now we must learn from the troubling revelations Mr. Snowden brought to light. Our intelligence and law enforcement agencies must be given the tools they need to protect us, but that can be done in a way that does not sacrifice our rights.” Pentagon Papers whistleblower Daniel Ellsberg, who co-founded the public interest journalism advocacy group Freedom of the Press Foundation, where Snowden is a board member, also wrote, “Ed Snowden should be freed of the legal burden hanging over him. They should remove the indictment, pardon him if that’s the way to do it, so that he is no longer facing prison.” Snowden faces charges under the Espionage Act after he released classified NSA files to media outlets in 2013 exposing the U.S. government’s global mass surveillance operations. He fled to Hong Kong, then Russia, where he has been living under political asylum for the past three years.

The Pardon Snowden campaign, supported by the American Civil Liberties Union (ACLU), Amnesty International, and Human Rights Watch (HRW), urgespeople around the world to write to Obama throughout his last four months in the White House.

he message arrived at night and consisted of three words: “Good evening sir!” The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine. Good evening sir!

The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine.

I got lucky with the hacker, because he recently left the agency for the cybersecurity industry; it would be his choice to talk, not the NSA’s. Fortunately, speaking out is his second nature.

The Day We Fought Back: by the numbers Thanks to everyone who participated on Tuesday. Together we demonstrated that activists, organizations, and companies can work in unison to fight mass surveillance, and laid a foundation for escalation over months to come. Below are some numbers that quantify how we did* on Tuesday.

A federal judge in Idaho has upheld the constitutionality of the National Security Agency's program that gathers massive quanities of data on the telephone calls of Americans. The ruling Tuesday from U.S. District Court Judge B. Lynn Winmill leaves the federal government with two wins in lawsuits decided since the program was revealed about a year ago by ex-NSA contractor Edward Snowden. In addition, one judge handling a criminal case ruled that the surveillance did not violate the Constitution. Opponents of the program have only one win: U.S. District Court Judge Richard Leon's ruling in December that the program likely violates the Fourth Amendment. In the new decision, Winmill said binding precedent in the Ninth Circuit holds that call and email metadata are not protected by the Constitution and no warrant is needed to obtain it.

"The weight of the authority favors the NSA," wrote Winmill, an appointee of President Bill Clinton. Winmill took note of Leon's contrary decision and called it eloquent, but concluded it departs from current Supreme Court precedent — though perhaps not for long. "Judge Leon’s decision should serve as a template for a Supreme Court opinion. And it might yet," Winmill wrote as he threw out the lawsuit brought by an Idaho registered nurse who objected to the gathering of data on her phone calls. Winmill's opinion (posted here) does not address an argument put forward by some critics of the program, including some lawmakers: that the metadata program violates federal law because it does not fit squarely within the language of the statute used to authorize it.

There will be a lot of talk in coming months about the government surveillance golem assembled in the shadows of the internet. Good. But what about the pervasive claim the private sector has staked to our digital lives, from where we (and our phones) spend the night to how often we text our spouse or swipe our Visa at the liquor store? It's not a stretch to say that there's a corporate spy operation equal to the NSA—indeed, sometimes it's hard to tell the difference.

We can't choose a world where the US gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance.

As Washington weighs new cybersecurity steps amid a public backlash over mass surveillance, U.S. tech companies warned President Barack Obama not to weaken increasingly sophisticated encryption systems designed to protect consumers' privacy.In a strongly worded letter to Obama on Monday, two industry associations for major software and hardware companies said, "We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool."The Information Technology Industry Council and the Software and Information Industry Association, representing tech giants, including Apple Inc, Google Inc, Facebook Inc, IBM and Microsoft Corp, fired the latest salvo in what is shaping up to be a long fight over government access into smart phones and other digital devices.