Group items tagged

Cisco CEO John Chambers had a euphemism for it during the first quarter earnings call: the “challenging political dynamics in that country,” that country being China. But then there was India and others, including Russia where NSA leaker Edward Snowden is holed up, and where sales crashed much worse than in China. It led Cisco to chop its guidance. Overall revenues, instead of rising, would drop 8% to 10%. Or, as Tal Liani, an analyst from Bank of America, pointed out during the call, by “11% sequentially,” the worst since January 2009 when “the world was about to collapse.” It was in between the lines everywhere, but never once did Chambers, or anyone else on his team, mouth the acronym NSA. It was off limits. And that’s exactly how another tech giant, IBM, had dealt with its own China revenue fiasco.

How fast has the collapse happened? Cisco had already been struggling in China a year ago, when business was “flat.” Chambers had explained at the time that China was “very important” to Cisco. “We have invested a lot of resources in innovation in China for the last 20 years, and our commitment to China has not changed in any way,” he’d said. But China is home to some of Cisco’s largest competitors, Huawei and ZTE – whose forays into the US have been blocked by Congress for security reasons. Cisco was feeling the heat from that imbroglio – but it thought that problem would go away in a couple of quarters. In Q4, ending July 31, after the Snowden revelations had been ricocheting around for months, the China business fell 6%. “China is a little bit unique to Cisco because of some of the issues going on, which you all are aware of,” he’d said during the earnings call on August 14, once again refusing the utter NSA. Three months later, due to “the challenging political dynamics in that country?” An 18% plunge. Business in India, the “highlight in Asia-Pacific,” as Chambers had called it three months ago, had been up a dizzying 19% during Q4. Three months later, a stunning reversal: down 18%.

A year ago, Brazil was a star: orders had jumped 24%! By Q4 this year, orders were flat. Then revelations pushed Brazil center-stage in the spying scandal, and it had an allergic reaction. The government is even trying to force Google and others to keep Brazilian data in local data centers, not spread around the world. It would require the reengineering of the internet. During that quarter, orders plunged 25%! And Russia, where Snowden is trying to find new footing? Already damaged from the revelations, business in Q4 had been “approximately flat.” But now it plummeted 30%, the worst of any major market in Cisco’s book.

Warning of an erosion of confidence in the products of the U.S. technology industry, John Chambers, the CEO of networking giant Cisco Systems, has asked President Obama to intervene to curtail the surveillance activities of the National Security Agency. In a letter dated May 15 (obtained by Re/code and reprinted in full below), Chambers asked Obama to create “new standards of conduct” regarding how the NSA carries out its spying operations around the world. The letter was first reported by The Financial Times. The letter follows new revelations, including photos, published in a book based on documents leaked by former NSA contractor Edward Snowden alleging that the NSA intercepted equipment from Cisco and other manufacturers and loaded them with surveillance software. The photos, which have not been independently verified, appear to show NSA technicians working with Cisco equipment. Cisco is not said to have cooperated in the NSA’s efforts.

The headline news is that the NSA has surreptitiously “burrowed its way into nearly all the security architecture” sold by the world’s largest computer networking companies, including everyone from U.S. mainstays Cisco and Juniper to Chinese giant Huawei. But beneath this bombshell of a story from Der Spiegel, you’ll find a rather healthy bit of irony. After all, the United States government has spent years complaining that Chinese intelligence operations could find ways of poking holes in Huawei networking gear, urging both American businesses and foreign allies to sidestep the company’s hardware. The complaints grew so loud that, at one point, Huawei indicated it may abandon the U.S. networking market all together. And, yet, Der Speigel now tells us that U.S. intelligence operations have been poking holes in Huawei networking gear — not to mention hardware sold by countless other vendors in both the States and abroad. “We read the media reports, and we’ve noted the references to Huawei and our peers,” says William Plummer, a Huawei vice president and the company’s point person in Washington, D.C. “As we have said, over and over again — and as now seems to be validated — threats to networks and data integrity can come from any and many sources.”

Plummer and Huawei have long complained that when the U.S. House Intelligence Committee released a report in October 2012 condemning the use of Huawei gear in telephone and data networks, it failed to provide any evidence that the Chinese government had compromised the company’s hardware. Adam Segal, a senior fellow for China Studies at the Center for Foreign Relations, makes the same point. And now we have evidence — Der Spiegel cites leaked NSA documents — that the U.S. government has compromised gear on a massive scale. “Do I see the irony? Certainly the Chinese will,” Segal says, noting that the Chinese government and the Chinese press have complained of U.S hypocrisy ever since former government contractor Edward Snowden first started to reveal NSA surveillance practices last summer. “The Chinese government has been hammering home what they call the U.S.’s ulterior motives for criticizing China, and there’s been a steady drumbeat of stories in the Chinese press about backdoors in the products of U.S. companies. They’ve been going after Cisco in particular.”

To be sure, the exploits discussed by Der Spiegel are a little different from the sort of attacks Congress envisioned during its long campaign against Huawei and ZTE, another Chinese manufacturer. As Segal and others note, Congress mostly complained that the Chinese government could collaborate with people inside the two companies to plant backdoors in their gear, with lawmakers pointing out that Huawei’s CEO was once an officer in China’s People’s Liberation Army, or PLA, the military arm of the country’s Communist party. Der Spiegel, by contrast, says the NSA is exploiting hardware without help from anyone inside the Ciscos and the Huaweis, focusing instead on compromising network gear with clever hacks or intercepting the hardware as it’s shipped to customers. “For the most part, the article discusses typical malware exploits used by hackers everywhere,” says JR Rivers, an engineer who has built networking hardware for Cisco as well as Google and now runs the networking startup Cumulus Networks. “It’s just pointing out that the NSA is engaged in the practice and has resources that are not available to most people.” But in the end, the two types of attack have the same result: Networking gear controlled by government spies. And over the last six months, Snowden’s revelations have indicated that the NSA is not only hacking into networks but also collaborating with large American companies in its hunt for data.

U.S. contracting companies such as Cisco, which manages much of the German armed forces' data, should be contractually barred from passing sensitive information to the U.S. security services, a spokesman for Chancellor Angela Merkel's conservatives was quoted saying.   German news magazine Focus on Saturday cited Hans-Peter Uhl, parliamentary spokesman on interior policy for the conservatives, as saying Cisco needed to be required by contract not to pass sensitive material to the U.S. National Security Agency (NSA).   He said the German government wanted to monitor U.S. contracting companies more closely in future.

When it comes to modern firewalls for corporate computer networks, the world's second largest network equipment manufacturer doesn't skimp on praising its own work. According to Juniper Networks' online PR copy, the company's products are "ideal" for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class." Despite these assurances, though, there is one attacker none of these products can fend off -- the United States' National Security Agency.

Specialists at the intelligence organization succeeded years ago in penetrating the company's digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.

The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA's department for Tailored Access Operations (TAO). In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet. Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.

The United States on Monday charged five Chinese military officers and accused them of hacking into American nuclear, metal and solar companies to steal trade secrets, ratcheting up tensions between the two world powers over cyber espionage. China immediately denied the charges, saying in a strongly worded Foreign Ministry statement the U.S. grand jury indictment was "made up" and would damage trust between the two nations.Officials in Washington have argued for years that cyber espionage is a top national security concern. The indictment was the first criminal hacking charge that the United States has filed against specific foreign officials, and follows a steady increase in public criticism and private confrontation, including at a summit last year between U.S. President Barack Obama and Chinese President Xi Jinping.

Federal prosecutors said the suspects targeted companies including Alcoa Inc, Allegheny Technologies Inc, United States Steel Corp, Toshiba Corp unit Westinghouse Electric Co, the U.S. subsidiaries of SolarWorld AG, and a steel workers' union.

According to the indictment, Chinese state-owned companies "hired" Unit 61398 of the People's Liberation Army "to provide information technology services" including assembling a database of corporate intelligence. The Chinese companies were not named.The Shanghai-based Unit 61398 was identified last year by cybersecurity firm Mandiant as the source of a large number of espionage operations. All five defendants worked with 61398, according to the indictment.

Today EFF is pleased to announce Let’s Encrypt, a new certificate authority (CA) initiative that we have put together with Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to clear the remaining roadblocks to transition the Web from HTTP to HTTPS.Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP website, you are always vulnerable to problems, including account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every website is HTTPS by default.With a launch scheduled for summer 2015, the Let’s Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button.

The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires. We’re all familiar with the warnings and error messages produced by misconfigured certificates. These warnings are a hint that HTTPS (and other uses of TLS/SSL) is dependent on a horrifyingly complex and often structurally dysfunctional bureaucracy for authentication.

The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let’s Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds. You can help test and hack on the developer preview of our Let's Encrypt agent software or watch a video of it in action here:

ysteria reigns supreme at the dawn of the Trump era, with the President rebranded across the whole ideological spectrum as an American Mao or even an American Hitler. Let’s step away from this “American [media] carnage” to examine a few facts concerning the unofficial G2: US-China relations. A case can be made that Beijing has already landed a 1-2-3 punch, pre-empting the possibility of a US-initiated trade war.

It started with Jack Ma’s by now notorious visit to Trump Tower, when he developed his idea of helping small American businesses sell their products in China and across Asia through Alibaba’s network, thus creating at least “1 million jobs” (Ma’s number) in the US. Then came President Xi Jinping’s masterclass at Davos, where he positioned himself as Ronald Xi Reagan selling “inclusive” globalization to the stalwarts of international turbo-capitalism. Finally Ma again, also at Davos, came up with a crystal clear, cause-and-effect formulation on globalization and US economic distress.

Ma said, “In the past 30 years, companies like IBM, Cisco and Microsoft made tons of money.” The problem was how the US spent the wealth: “In the past 30 years, America has had 13 wars at a cost of US$14.2 trillion.” So what if the US “had spent part of that money on building up their infrastructure, helping white-collar and blue-collar workers? You’re supposed to spend money on your own people. It’s not that other countries steal American jobs. It is your strategy – that you did not distribute the money in a proper way.” In the meantime, something quite extraordinary happened at the Asian Financial Forum in Hong Kong, one day before Xi’s Davos speech. China Investment Corporation (CIC) chairman Ding Xuedong, referring to Trump’s much-vaunted US$1 trillion infrastructure building plan, said that created fabulous investment opportunities for China and his US$800 billion sovereign fund. According to Ding, Washington will need at least an astonishing US$8 trillion to fund the infrastructure spectacular. Federal government and US private investors are not enough: “They have to rely on foreign investors.” And CIC is ready for it – focusing already on “alternative investments in the US”.

In the process—and for the first time since Watergate and the other scandals of the Nixon administration—the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes. Finally, the agency has begun building a place to store all the trillions of words and thoughts and whispers captured in its electronic net. And, of course, it’s all being done in secret.

According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.

According to documents viewed by SPIEGEL, America'a NSA intelligence agency put considerable efforts into spying on Chinese politicians and firms. One major target was Huawei, a company that is fast becoming a major Internet player.

The American government conducted a major intelligence offensive against China, with targets including the Chinese government and networking company Huawei, according to documents from former NSA worker Edward Snowden that have been viewed by SPIEGEL. Among the American intelligence service's targets were former Chinese President Hu Jintao, the Chinese Trade Ministry, banks, as well as telecommunications companies. But the NSA made a special effort to target Huawei. With 150,000 employees and €28 billion ($38.6 billion) in annual revenues, the company is the world's second largest network equipment supplier. At the beginning of 2009, the NSA began an extensive operation, referred to internally as "Shotgiant," against the company, which is considered a major competitor to US-based Cisco. The company produces smartphones and tablets, but also mobile phone infrastructure, WLAN routers and fiber optic cable -- the kind of technology that is decisive in the NSA's battle for data supremacy. A special unit with the US intelligence agency succeeded in infiltrating Huwaei's network and copied a list of 1,400 customers as well as internal documents providing training to engineers on the use of Huwaei products, among other things.

According to a top secret NSA presentation, NSA workers not only succeeded in accessing the email archive, but also the secret source code of individual Huwaei products. Software source code is the holy grail of computer companies. Because Huawei directed all mail traffic from its employees through a central office in Shenzhen, where the NSA had infiltrated the network, the Americans were able to read a large share of the email sent by company workers beginning in January 2009, including messages from company CEO Ren Zhengfei and Chairwoman Sun Yafang. "We currently have good access and so much data that we don't know what to do with it," states one internal document. As justification for targeting the company, an NSA document claims that "many of our targets communicate over Huawei produced products, we want to make sure that we know how to exploit these products." The agency also states concern that "Huawei's widespread infrastructure will provide the PRC (People's Republic of China) with SIGINT capabilities." SIGINT is agency jargon for signals intelligence. The documents do not state whether the agency found information indicating that to be the case.

IBM announced today that it would throw another billion at Linux, the open-source operating system, to run its Power System servers. The first time it had thrown a billion at Linux was in 2001, when Linux was a crazy, untested, even ludicrous proposition for the corporate world. So the moolah back then didn’t go to Linux itself, which was free, but to related technologies across hardware, software, and service, including things like sales and advertising – and into IBM’s partnership with Red Hat which was developing its enterprise operating system, Red Hat Enterprise Linux. “It helped start a flurry of innovation that has never slowed,” said Jim Zemlin, executive director of the Linux Foundation. IBM claims that the investment would “help clients capitalize on big data and cloud computing with modern systems built to handle the new wave of applications coming to the data center in the post-PC era.” Some of the moolah will be plowed into the Power Systems Linux Center in Montpellier, France, which opened today. IBM’s first Power Systems Linux Center opened in Beijing in May. IBM may be trying to make hay of the ongoing revelations that have shown that the NSA and other intelligence organizations in the US and elsewhere have roped in American tech companies of all stripes with huge contracts to perfect a seamless spy network. They even include physical aspects of surveillance, such as license plate scanners and cameras, which are everywhere [read.... Surveillance Society: If You Drive, You Get Tracked].

Then another boon for IBM. Experts at the German Federal Office for Security in Information Technology (BIS) determined that Windows 8 is dangerous for data security. It allows Microsoft to control the computer remotely through a “special surveillance chip,” the wonderfully named Trusted Platform Module (TPM), and a backdoor in the software – with keys likely accessible to the NSA and possibly other third parties, such as the Chinese. Risks: “Loss of control over the operating system and the hardware” [read.... LEAKED: German Government Warns Key Entities Not To Use Windows 8 – Links The NSA.

It would be an enormous competitive advantage for an IBM salesperson to walk into a government or corporate IT department and sell Big Data servers that don’t run on Windows, but on Linux. With the Windows 8 debacle now in public view, IBM salespeople don’t even have to mention it. In the hope of stemming the pernicious revenue decline their employer has been suffering from, they can politely and professionally hype the security benefits of IBM’s systems and mention in passing the comforting fact that some of it would be developed in the Power Systems Linux Centers in Montpellier and Beijing. Alas, Linux too is tarnished. The backdoors are there, though the code can be inspected, unlike Windows code. And then there is Security-Enhanced Linux (SELinux), which was integrated into the Linux kernel in 2003. It provides a mechanism for supporting “access control” (a backdoor) and “security policies.” Who developed SELinux? Um, the NSA – which helpfully discloses some details on its own website (emphasis mine): The results of several previous research projects in this area have yielded a strong, flexible mandatory access control architecture called Flask. A reference implementation of this architecture was first integrated into a security-enhanced Linux® prototype system in order to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. The architecture has been subsequently mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel, spawning a wide range of related work.

One should not expect any change to come from the U.S. government itself (which includes Congress), whose strategy in such cases is to enact the pretext of “reform” so as to placate public anger, protect the system from any serious weakening, and allow President Obama to go before the country and the world and give a pretty speech about how the U.S. heard their anger and re-calibrated the balance between privacy and security. Any new law that comes from the radically corrupted political class in DC will either be largely empty, or worse. The purpose will be to shield the NSA from real reform. There are, though, numerous other avenues with the real potential to engender serious limits on the NSA’s surveillance powers, including the self-interested though genuine panic of the U.S. tech industry over how surveillance will impede their future business prospects, the efforts of other countries to undermine U.S. hegemony over the internet, the newfound emphasis on privacy protections from internet companies worldwide, and, most of all, the increasing use of encryption technology by users around the world that poses genuine obstacles to state surveillance. Those are all far, far more promising avenues than any bill Barack Obama, Dianne Feinstein and Saxby Chambliss will let Congress cough up.

That national security state officials routinely mislead and deceive the public should never have even been in serious doubt in the first place – certainly not for journalists, and especially now after the experience of the Iraq War. That fact — that official pronouncements merit great skepticism rather than reverence — should be (but plainly is not) fundamental to how journalists view the world. More evidence for that is provided by a Washington Post column today by one of the national security state’s favorite outlets, David Ignatius. Ignatius interviewed the chronic deceiver, Director of National Intelligence James Clapper, who now “says it appears the impact [of Snowden's leaking] may be less than once feared because ‘it doesn’t look like he [Snowden] took as much’ as first thought.” Clapper specifically casts serious doubt on the U.S. government’s prior claim that Snowden ”had compromised the communications networks that make up the military’s command and control system”; instead, “officials now think that dire forecast may have been too extreme.” Ignatius — citing an anonymous “senior intelligence official” (who may or may not be Clapper) — also announces that the government has yet again revised its rank speculation about how many documents Snowden took: “This batch of probably downloaded material is about 1.5 million documents, the senior official said. That’s below an earlier estimate of 1.77 million documents.”

Most notable is Ignatius’ summary of the government’s attempt to claim Snowden seriously compromised the security of the U.S.: Pressed to explain what damage Snowden’s revelations had done, the official was guarded, saying that there was “damage in foreign relations” and that the leaks had “poisoned [NSA’s] relations with commercial providers.” He also said that terrorist groups had carefully studied the disclosures, turning more to anonymizers, encryption and use of couriers to shield communications. The senior official wouldn’t respond to repeated questions about whether the intelligence community has noted any changes in behavior by either the Russian or Chinese governments, in possible response to information they may have gleaned from Snowden’s revelations. In other words, the only specific damage they can point to is from the anger that other people around the world have about what the U.S. government has done and the fact that people will not want to buy U.S. tech products if they fear (for good reason) that those companies collaborate with the NSA. But, as usual, there is zero evidence provided (as opposed to bald, self-serving assertions) of any harm to genuine national security concerns (i.e., the ability to monitor anyone planning actual violent attacks).

As fast as it can, Google is sealing up cracks in its systems that Edward J. Snowden revealed the N.S.A. had brilliantly exploited. It is encrypting more data as it moves among its servers and helping customers encode their own emails. Facebook, Microsoft and Yahoo are taking similar steps.

After years of cooperating with the government, the immediate goal now is to thwart Washington — as well as Beijing and Moscow. The strategy is also intended to preserve business overseas in places like Brazil and Germany that have threatened to entrust data only to local providers. Google, for example, is laying its own fiber optic cable under the world’s oceans, a project that began as an effort to cut costs and extend its influence, but now has an added purpose: to assure that the company will have more control over the movement of its customer data.

A year after Mr. Snowden’s revelations, the era of quiet cooperation is over. Telecommunications companies say they are denying requests to volunteer data not covered by existing law. A.T.&T., Verizon and others say that compared with a year ago, they are far more reluctant to cooperate with the United States government in “gray areas” where there is no explicit requirement for a legal warrant.

Edward Snowden's leaks show that the NSA and GCHQ have been systematically subverting key technologies that underlie the Internet. That betrayal of trust has prompted some soul-searching by the Net engineering community, which realizes that it needs to come up with more surveillance-resistant approaches. This story from Radio Netherlands Worldwide (RNW) provides information about the kind of thing they are working on in one key group, the Internet Engineering Task Force (IETF). It reports on a speech given by the IETF's chair, Jari Arkko, at the recent Internet Governance Forum in Bali, Indonesia.

Firstly, the IETF wants to eventually apply encryption to all web traffic. "Today, security only gets switched on for certain services like banking," Arkko explained, referring to IETF-developed standards like SSL -- the little lock that appears in the upper left corner of your browser to secure online purchases. "If we work hard, we can make [the entire internet] secure by default." To this end, the IETF might make encryption mandatory for HTTP 2.0, a new version of the basic web protocol. Secondly, the IETF plans to remove weak algorithms and strengthen existing algorithms behind encryption. This means that the US National Security Agency and other surveillors will find it harder to crack current forms of encryption.

Putting that in context, Axl Pavlik, the managing director of Europe's Internet Registry (RIPE NCC), notes that you can never stop surveillance completely, but you can make it more expensive: "You and I have limited resources, and the surveillor has limited resources -- maybe more than we have -- but if millions of users of the internet raise the bar a little bit, the requirements to surveil every little bit of internet traffic would be much higher," he explained to RNW. Mandatory use of encryption helps do that. And here's another good reason for adopting it: The IETF's plans also benefit people who are already encrypting their online activities themselves, argued Marco Hogewoning, technical adviser to RIPE NCC. According to him, these people currently stick out like a sore thumb to the very surveillors they hope to evade.

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough. The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.

In the wake of the Paris terror attacks, the prime minister said there should be no “safe spaces for terrorists to communicate” or that British authorites could not access. Cameron, who landed in the US on Thursday night, is expected to urge Barack Obama to apply more pressure to tech giants, such as Apple, Google and Facebook, which have been expanding encrypted messaging for their millions of users since the revelations of mass NSA surveillance by the whistleblower Edward Snowden.

Cameron said the companies “need to work with us. They need also to demonstrate, which they do, that they have a social responsibility to fight the battle against terrorism. We shouldn’t allow safe spaces for terrorists to communicate. That’s a huge challenge but that’s certainly the right principle”. But the document from the US National Intelligence Council, which reports directly to the US director of national intelligence, made clear that encryption was the “best defence” for computer users to protect private data. Part of the cache given to the Guardian by Snowden was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.