Group items tagged

The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.

By looking out for hacking conducted “both by state-sponsored and freelance hackers” and riding on the coattails of hackers, Western intelligence agencies have gathered what they regard as valuable content: Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers’ sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect. The hackers targeted a wide range of diplomatic corps, human rights and democracy activists and even journalists: INTOLERANT traffic is very organized. Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim – it helps herd victims and track which attacks succeed and which fail. Victim categories make INTOLERANT interesting: A = Indian Diplomatic & Indian Navy B = Central Asian diplomatic C = Chinese Human Rights Defenders D = Tibetan Pro-Democracy Personalities E = Uighur Activists F = European Special Rep to Afghanistan and Indian photo-journalism G = Tibetan Government in Exile

In those cases, the NSA and its partner agencies in the United Kingdom and Canada were unable to determine the identity of the hackers who collected the data, but suspect a state sponsor “based on the level of sophistication and the victim set.” In instances where hacking may compromise data from the U.S. and U.K. governments, or their allies, notification was given to the “relevant parties.” In a separate document, GCHQ officials discuss plans to use open source discussions among hackers to improve their own knowledge. “Analysts are potentially missing out on valuable open source information relating to cyber defence because of an inability to easily keep up to date with specific blogs and Twitter sources,” according to one document. GCHQ created a program called LOVELY HORSE to monitor and index public discussion by hackers on Twitter and other social media. The Twitter accounts designated for collection in the 2012 document:

MERICAN AND BRITISH INTELLIGENCE secretly tapped into live video feeds from Israeli drones and fighter jets, monitoring military operations in Gaza, watching for a potential strike against Iran, and keeping tabs on the drone technology Israel exports around the world. Under a classified program code-named “Anarchist,” the U.K.’s Government Communications Headquarters, or GCHQ, working with the National Security Agency, systematically targeted Israeli drones from a mountaintop on the Mediterranean island of Cyprus. GCHQ files provided by former NSA contractor Edward Snowden include a series of “Anarchist snapshots” — thumbnail images from videos recorded by drone cameras. The files also show location data mapping the flight paths of the aircraft. In essence, U.S. and British agencies stole a bird’s-eye view from the drones.

Several of the snapshots, a subset collected in 2009 and 2010, appear to show drones carrying missiles. Although they are not clear enough to be conclusive, the images offer rare visual evidence to support reports that Israel flies attack drones — an open secret that the Israeli government won’t acknowledge. “There’s a good chance that we are looking at the first images of an armed Israeli drone in the public domain,” said Chris Woods, author of Sudden Justice, a history of drone warfare. “They’ve gone to extraordinary lengths to suppress information on weaponized drones.” The Intercept is publishing a selection of the drone snapshots in an accompanying article.

Additionally, in 2012, a GCHQ analyst reported “regular collects of Heron TP carrying weapons,” referring to a giant drone made by the state-owned Israel Aerospace Industries, known as IAI. Anarchist operated from a Royal Air Force installation in the Troodos Mountains, near Mount Olympus, the highest point on Cyprus. The Troodos site “has long been regarded as a ‘Jewel in the Crown’ by NSA as it offers unique access to the Levant, North Africa, and Turkey,” according to an article from GCHQ’s internal wiki. Last August, The Intercept published a portion of a GCHQ document that revealed that NSA and GCHQ tracked weapons signals from Troodos, and earlier reporting on the Snowden documents indicated that the NSA targeted Israeli drones and an Israeli missile system for tracking, but the details of the operations have not been previously disclosed. “This access is indispensable for maintaining an understanding of Israeli military training and operations and thus an insight to possible future developments in the region,” a GCHQ report from 2008 enthused. “In times of crisis this access is critical and one of the only avenues to provide up to the minute information and support to U.S. and Allied operations in the area.”

The chances of Theresa May reintroducing her "snooper's charter" communications data bill are practically zero in the wake of the Guardian's disclosures on the scale of internet surveillance, leading Tory and Labour civil liberties campaigners have said.David Davis, a former contender for Conservative leadership, and Tom Watson, the Labour deputy chair, both said on Thursday they felt there had been a change in the atmosphere at Westminster compared with the "great rush" to legislate in the immediate aftermath of the Woolwich murder of Drummer Lee Rigby.Both MPs said the disclosure of the mass harvesting of personal communications, including internet data, by the American National Security Agency and Britain's eavesdropping agency, GCHQ, had shown that the existing UK regulatory framework was completely ineffective.Davis said in particular that GCHQ's Tempora operation, which harvests global phone and internet traffic by tapping into the transatlantic fibre-optic cables, had "put up a big red flag" indicating it was time to think again from scratch about the legal oversight arrangements.

He said it was necessary to look at ways of rewriting the Regulation of Investigatory Powers Act 2000, which sets out the legal oversight arrangements for the interception and surveillance of communications.But the former shadow home secretary and staunch Eurosceptic also praised the efforts of Viviane Reding, the EU commissioner for justice, who wrote to the foreign secretary, William Hague, on Wednesday giving him until the end of the week to answer the charge that the fundamental rights of citizens across Europe were being flouted."I hope that Viviane Reding keeps up the pressure. This is the only time you will hear me say that the European Union might be the answer," said Davis.Watson said he shared Davis's analysis of the poor prospects for the reintroduction of May's communications data bill, which would require internet and phone companies to store for up to 12 months data tracking everyone's use of email, phone and internet.

The meeting heard from surveillance experts Casper Bowden, a former chief privacy adviser to Microsoft, and solicitor/advocate, Simon McKay. Bowden said a huge debt was owed to Snowden, who had made the most important disclosures about surveillance for more than 25 years.He said the disclosures had serious implications for the corporate and individual stampede towards the use of "cloud computing" storage, much of which was housed in the US. He said that there was a real danger now that Britain would be left in an exposed position, with the rest of Europe not willing to allow their data to be stored through the UK. "Keep your cloudbase close and local and keep it in your jurisdiction," he said, adding that encryption was very limited as a defence.Bowden, who has worked as an adviser to the EU on its new data protection directive, which has yet to come into force principally because of British opposition, said he had secured an amendment giving protection for whistleblowers.He had also argued for a warning "pop-up" to be required when data was being transferred outside the EU's borders.

Top-secret documents from the National Security Agency and its British counterpart reveal for the first time how the governments of the United States and the United Kingdom targeted WikiLeaks and other activist groups with tactics ranging from covert surveillance to prosecution. The efforts – detailed in documents provided previously by NSA whistleblower Edward Snowden – included a broad campaign of international pressure aimed not only at WikiLeaks founder Julian Assange, but at what the U.S. government calls “the human network that supports WikiLeaks.” The documents also contain internal discussions about targeting the file-sharing site Pirate Bay and hacktivist collectives such as Anonymous. One classified document from Government Communications Headquarters, Britain’s top spy agency, shows that GCHQ used its surveillance system to secretly monitor visitors to a WikiLeaks site. By exploiting its ability to tap into the fiber-optic cables that make up the backbone of the Internet, the agency confided to allies in 2012, it was able to collect the IP addresses of visitors in real time, as well as the search terms that visitors used to reach the site from search engines like Google.

Another classified document from the U.S. intelligence community, dated August 2010, recounts how the Obama administration urged foreign allies to file criminal charges against Assange over the group’s publication of the Afghanistan war logs. A third document, from July 2011, contains a summary of an internal discussion in which officials from two NSA offices – including the agency’s general counsel and an arm of its Threat Operations Center – considered designating WikiLeaks as “a ‘malicious foreign actor’ for the purpose of targeting.” Such a designation would have allowed the group to be targeted with extensive electronic surveillance – without the need to exclude U.S. persons from the surveillance searches.

In a statement to The Intercept, Assange condemned what he called “the reckless and unlawful behavior of the National Security Agency” and GCHQ’s “extensive hostile monitoring of a popular publisher’s website and its readers.” “News that the NSA planned these operations at the level of its Office of the General Counsel is especially troubling,” Assange said. “Today, we call on the White House to appoint a special prosecutor to investigate the extent of the NSA’s criminal activity against the media, including WikiLeaks, its staff, its associates and its supporters.” Illustrating how far afield the NSA deviates from its self-proclaimed focus on terrorism and national security, the documents reveal that the agency considered using its sweeping surveillance system against Pirate Bay, which has been accused of facilitating copyright violations. The agency also approved surveillance of the foreign “branches” of hacktivist groups, mentioning Anonymous by name. The documents call into question the Obama administration’s repeated insistence that U.S. citizens are not being caught up in the sweeping surveillance dragnet being cast by the NSA. Under the broad rationale considered by the agency, for example, any communication with a group designated as a “malicious foreign actor,” such as WikiLeaks and Anonymous, would be considered fair game for surveillance.

British authorities are capable of tapping into bulk communications data collected by other countries' intelligence services—including the National Security Agency—without a warrant, according to secret government documents released Tuesday. The agreement between the NSA and Britain's spy agency, known as Government Communications Headquarters or GCHQ, potentially puts the Internet and phone data of Americans in the hands of another country without legal oversight when obtaining a warrant is "not technically feasible."   The data, once obtained, can be kept for up to two years, according to internal policies disclosed by the British government. GCHQ was forced to reveal that it can request and receive vast quantities of raw, unanalyzed data collected from foreign governments it partners with during legal proceedings in a closed court hearing in a case brought by various international human-rights organizations, including Privacy International, Liberty U.K., and Amnesty International. The suit challenges certain aspects of GCHQ's surveillance practices.

It is well known that the NSA and GCHQ closely share intelligence data with one another, as part of a long-standing surveillance partnership. Some details of the agencies' spy pact were exposed by former NSA contractor Edward Snowden last year, including the existence of GCHQ's Tempora program, which taps into fiber-optic cables to scoop up online and telephone traffic across the Web for up to 30 days. But this is the first time the British government has disclosed that it does not require a warrant to access data collected and maintained by its American counterparts. The revelation appears to counter statements made by an oversight committee of the British Parliament in July of last year that "in each case where GCHQ sought information from the U.S., a warrant for interception, signed by a minister, was already in place."   It is unclear whether any restrictions on Britain's access to NSA surveillance data is imposed by the U.S. However, documents provided by Snowden to The Guardian last year reveal that the NSA shares raw intelligence data with Israel without removing information about U.S. citizens.

In a statement, the NSA said it works with a number of partner countries to further its "foreign intelligence mission." But it did not specify whether it was aware of or condoned Britain's apparent warrantless access of its data. "Whenever NSA shares intelligence information, we comply with all applicable rules, including rules designed to safeguard U.S. person information," the agency said. "NSA does not ask its foreign partners to undertake any intelligence activity that the U.S. government would be legally prohibited from undertaking itself." American privacy advocates quickly condemned any warrantless access of U.S. communications data by British authorities.   "The 'arrangement' disclosed today suggests that the two countries are circumventing even the very weak safeguards that have been put in place," Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said in a statement to National Journal. "It underscores both the inadequacy of existing oversight structures and the pressing need for [surveillance] reform."

GCHQ’s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK’s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals. Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise by the signals intelligence agency. The disclosure comes as the British government faces intense pressure to protect the confidential communications of reporters, MPs and lawyers from snooping.

Senior editors and lawyers in the UK have called for the urgent introduction of a freedom of expression law amid growing concern over safeguards proposed by ministers to meet concerns over the police use of surveillance powers linked to the Regulation of Investigatory Powers Act 2000 (Ripa). More than 100 editors, including those from all the national newspapers, have signed a letter, coordinated by the Society of Editors and Press Gazette, to the UK prime minister, David Cameron, protesting at snooping on journalists’ communications. In the wake of terror attacks on the Charlie Hebdo offices and a Jewish grocer in Paris, Cameron has renewed calls for further bulk-surveillance powers, such as those which netted these journalistic communications.

One restricted document intended for those in army intelligence warned that “journalists and reporters representing all types of news media represent a potential threat to security”. It continued: “Of specific concern are ‘investigative journalists’ who specialise in defence-related exposés either for profit or what they deem to be of the public interest. “All classes of journalists and reporters may try either a formal approach or an informal approach, possibly with off-duty personnel, in their attempts to gain official information to which they are not entitled.” It goes on to caution “such approaches pose a real threat”, and tells staff they must be “immediately reported” to the chain-of-command.

AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data. The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania. In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

Recently, Techdirt noted that the FBI may soon have permission to break into computers anywhere on the planet. It will come as no surprise to learn that the US's partner in crime, the UK, granted similar powers to its own intelligence services some time back. What's more unexpected is that it has now publicly said as much, as Privacy International explains: The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justifed to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime. That important admission was made in what the UK government calls its "Open Response" to court cases started last year against GCHQ. Here's what it reveals, according to Privacy International:

Buried deep within the document, Government lawyers claim that while the intelligence services require authorisation to hack into the computer and mobile phones of "intelligence targets", GCHQ is equally permitted to break into computers anywhere in the world even if they are not connected to a crime or a threat to national security. Moreover: The intelligence services assert the right to exploit communications networks in covert manoeuvres that severely undermine the security of the entire internet. The deployment of such powers is confirmed by recent news stories detailing how GCHQ hacked into Belgacom using the malware Regin, and targeted Gemalto, the world's largest maker of SIM cards used in countries around the world.

What's important about this revelation is not just the information itself -- many people had assumed this was the case -- but the fact that once more, bringing court cases against the UK's GCHQ has ferreted out numerous details that were previously secret. This shows the value of the strategy, and suggests it should be used again where possible.

A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans' online data – despite the Obama administration's insistence that the program that began under Bush ended in 2011.Shawn Turner, the Obama administration's director of communications for National Intelligence, told the Guardian that "the internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted."But the documents indicate that the amount of internet metadata harvested, viewed, processed and overseen by the Special Source Operations (SSO) directorate inside the NSA is extensive.While there is no reference to any specific program currently collecting purely domestic internet metadata in bulk, it is clear that the agency collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.

On December 26 2012, SSO announced what it described as a new capability to allow it to collect far more internet traffic and data than ever before. With this new system, the NSA is able to direct more than half of the internet traffic it intercepts from its collection points into its own repositories. One end of the communications collected are inside the United States.The NSA called it the "One-End Foreign (1EF) solution". It intended the program, codenamed EvilOlive, for "broadening the scope" of what it is able to collect. It relied, legally, on "FAA Authority", a reference to the 2008 Fisa Amendments Act that relaxed surveillance restrictions.This new system, SSO stated in December, enables vastly increased collection by the NSA of internet traffic. "The 1EF solution is allowing more than 75% of the traffic to pass through the filter," the SSO December document reads. "This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories."

It continued: "After the EvilOlive deployment, traffic has literally doubled."The scale of the NSA's metadata collection is highlighted by references in the documents to another NSA program, codenamed ShellTrumpet.On December 31, 2012, an SSO official wrote that ShellTrumpet had just "processed its One Trillionth metadata record".

Private firms are selling spying tools and mass surveillance technologies to developing countries with promises that "off the shelf" equipment will allow them to snoop on millions of emails, text messages and phone calls, according to a cache of documents published on Monday.The papers show how firms, including dozens from Britain, tout the capabilities at private trade fairs aimed at offering nations in Africa, Asia and the Middle East the kind of powerful capabilities that are usually associated with government agencies such as GCHQ and its US counterpart, the National Security Agency.The market has raised concerns among human rights groups and ministers, who are poised to announce new rules about the sale of such equipment from Britain.

The documents are included in an online database compiled by the research watchdog Privacy International, which has spent four years gathering 1,203 brochures and sales pitches used at conventions in Dubai, Prague, Brasilia, Washington, Kuala Lumpur, Paris and London. Analysts posed as potential buyers to gain access to the private fairs.The database, called the Surveillance Industry Index, shows how firms from the UK, Israel, Germany, France and the US offer governments a range of systems that allow them to secretly hack into internet cables carrying email and phone traffic.The index has details from 338 companies, including 77 from the UK, offering a total of 97 different technologies.

The documents include a brochure from a company called Advanced Middle East Systems (AMES), based in Dubai. It has been offering a device called Cerebro – a DIY system similar to the Tempora programme run by GCHQ – that taps information from fibre-optic cables carrying internet traffic.AMES describes Cerebro as a "core technology designed to monitor and analyse in real time communications … including SMS (texting), GSM (mobile calls), billing data, emails, conversations, webmail, chat sessions and social networks."The company brochure makes clear this is done by attaching probes to internet cables. "No co-operation with the providers is required," it adds."Cerebro is designed to store several billions of records – metadata and/or communication contents. At any time the investigators can follow the live activity of their target with advanced targeting criteria (email addresses, phone numbers, key words)," says the brochure.

12 August 1988  Cover, pages 10-12   Somebody's  listening  . . . and they don't give a damn about personal privacy or commercial confidence. Project 415 is a top-secret new global surveillance system. It can tap into a billion calls a year in the UK alone. Inside Duncan Campbell on how spying entered the 21st century . . .  They've got it taped In the booming surveillance industry they spy on whom they wish, when they wish, protected by barriers of secrecy, fortified by billions of pounds worth of high, high technology. Duncan Campbell reports from the United States on the secret Anglo-American plan for a global electronic spy system for the 21st century capable of listening in to most of us most of the time   American, British and Allied intelligence agencies are soon to embark on a massive, billion-dollar expansion of their global electronic surveillance system. According to information given recently in secret to the US Congress, the surveillance system will enable the agencies to monitor and analyse civilian communications into the 21st century. Identified for the moment as Project P415, the system will be run by the US National Security Agency (NSA). But the intelligence agencies of many other countries will be closely involved with the new network, including those from Britain, Australia, Germany and Japan--and, surprisingly, the People's Republic of China. New satellite stations and monitoring centres are to be built around the world, and a chain of new satellites launched, so that NSA and its British counterpart, the Government Communications Headquarters (GCHQ) at Cheltenham, may keep abreast of the burgeoning international telecommunications traffic.

Both the new and existing surveillance systems are highly computerised. They rely on near total interception of international commercial and satellite communications in order to locate the telephone or other messages of target individuals. Last month, a US newspaper, the Cleveland Plain Dealer, revealed that the system had been used to target the telephone calls of a US Senator, Strom Thurmond. The fact that Thurmond, a southern Republican and usually a staunch supporter of the Reagan administration, is said to have been a target has raised fears that the NSA has restored domestic, electronic, surveillance programmes. These were originally exposed and criticised during the Watergate investigations, and their closure ordered by President Carter. After talking to the NSA, Thurmond later told the Plain Dealer that he did not believe the allegation. But Thurmond, a right-wing Republican, may have been unwilling to rock the boat. Staff members of the Permanent Select Committee on Intelligence said that staff were "digging into it" despite the "stratospheric security classification" of all the systems involved. The Congressional officials were first told of the Thurmond interception by a former employee of the Lockheed Space and Missiles Corporation, Margaret Newsham, who now lives in Sunnyvale, California. Newsham had originally given separate testimony and filed a lawsuit concerning corruption and mis-spending on other US government "black" projects. She has worked in the US and Britain for two corporations which manufacture signal intelligence computers, satellites and interception equipment for NSA, Ford Aerospace and Lockheed. Citing a special Executive Order signed by President Reagan. she told me last month that she could not and would not discuss classified information with journalists. But according to Washington sources (and the report in the Plain Dealer, she informed a US Congressman that the Thurmond interception took place at Menwith Hill, and that she p

A secret listening agreement, called UKUSA (UK-USA), assigns parts of the globe to each participating agency. GCHQ at Cheltenham is the co-ordinating centre for Europe, Africa and the Soviet Union (west of the Ural Mountains). The NSA covers the rest of the Soviet Union and most of the Americas. Australia--where another station in the NSA listening network is located in the outback--co-ordinates the electronic monitoring of the South Pacific, and South East Asia.

The National Security Agency has collected almost 200 million text messages a day from across the globe, using them to extract data including location, contact networks and credit card details, according to top-secret documents. The untargeted collection and storage of SMS messages – including their contacts – is revealed in a joint investigation between the Guardian and the UK’s Channel 4 News based on material provided by NSA whistleblower Edward Snowden. The documents also reveal the UK spy agency GCHQ has made use of the NSA database to search the metadata of “untargeted and unwarranted” communications belonging to people in the UK.

The NSA program, codenamed Dishfire, collects “pretty much everything it can”, according to GCHQ documents, rather than merely storing the communications of existing surveillance targets. The NSA has made extensive use of its vast text message database to extract information on people’s travel plans, contact books, financial transactions and more – including of individuals under no suspicion of illegal activity. An agency presentation from 2011 – subtitled “SMS Text Messages: A Goldmine to Exploit” – reveals the program collected an average of 194 million text messages a day in April of that year. In addition to storing the messages themselves, a further program known as “Prefer” conducted automated analysis on the untargeted communications.

The Prefer program uses automated text messages such as missed call alerts or texts sent with international roaming charges to extract information, which the agency describes as “content-derived metadata”, and explains that “such gems are not in current metadata stores and would enhance current analytics”. On average, each day the NSA was able to extract:

Three of Britain’s most prominent campaign groups have today announced the launch of a legal challenge against the actions of GCHQ, alleging it has illegally intruded on the privacy of millions of British and European citizens. Big Brother Watch, the Open Rights Group and English PEN, together with German internet activist Constanze Kurz, have filed papers at the European Court of Human Rights bringing an action against the UK Government.

 They allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy agency has acted illegally. When details recently emerged in the media about the Prism and Tempora programmes, codenames for previously secret online surveillance operations, it was revealed that GCHQ has the capacity to collect more than 21 petabytes of data a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours. The disclosures have raised serious parliamentary concerns both in Britain and at the EU level. Deighton Pierce Glynn solicitors represent the applicants, instructing Helen Mountfield QC of Matrix Chambers and Tom Hickman and Ravi Mehta of Blackstone Chambers. The legal action will be funded through donations at www.privacynotprism.org.uk

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

The extent and scale of mass surveillance undertaken by Britain's spy agencies is to be scrutinised in a major inquiry to be formally launched on Thursday.Parliament's intelligence and security committee (ISC), the body tasked with overseeing the work of GCHQ, MI5 and MI6, will say the investigation is a response to concern raised by the leaks from the whistleblower Edward Snowden.Sir Malcolm Rifkind, the committee chair, said "an informed and proper debate was needed". One Whitehall source described the investigation as "a public inquiry in all but name".

In a change from its usual protocol, the normally secretive committee also announced that part of its inquiry would be held in public.It will also take written evidence from interested groups and the public, as well as assessing secret material supplied by the intelligence agencies. The Guardian will also consider submitting evidence.

In a recent column, security expert Bruce Schneier proposed breaking up the NSA – handing its offensive capabilities work to US Cyber Command and its law enforcement work to the FBI, and terminating its programme of attacking internet security. In place of this, Schneier proposed that “instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.” This is a profoundly good idea for reasons that may not be obvious at first blush.People who worry about security and freedom on the internet have long struggled with the problem of communicating the urgent stakes to the wider public. We speak in jargon that’s a jumble of mixed metaphors – viruses, malware, trojans, zero days, exploits, vulnerabilities, RATs – that are the striated fossil remains of successive efforts to come to grips with the issue. When we do manage to make people alarmed about the stakes, we have very little comfort to offer them, because Internet security isn’t something individuals can solve.

I remember well the day this all hit home for me. It was nearly exactly a year ago, and I was out on tour with my novel Homeland, which tells the story of a group of young people who come into possession of a large trove of government leaks that detail a series of illegal programmes through which supposedly democratic governments spy on people by compromising their computers.

I explained the book’s premise, and then talked about how this stuff works in the real world. I laid out a parade of awfuls, including a demonstrated attack that hijacked implanted defibrillators from 10 metres’ distance and caused them to compromise other defibrillators that came into range, implanting an instruction to deliver lethal shocks at a certain time in the future. I talked about Cassidy Wolf, the reigning Miss Teen USA, whose computer had been taken over by a “sextortionist” who captured nude photos of her and then threatened to release them if she didn’t perform live sex shows for him. I talked about the future of self-driving cars, smart buildings, implanted hearing aids and robotic limbs, and explained that the world is made out of computers that we put our bodies into, and that we put inside our bodies.These computers are badly secured. What’s more, governments and their intelligence agencies are actively working to undermine the security of our computers and networks. This was before the Snowden revelations, but we already knew that governments were buying “zero-day vulnerabilities” from security researchers. These are critical bugs that can be leveraged to compromise entire systems. Until recently, the normal response to the discovery of one of these “vulns” was to report them to the vendor so they could be repaired.

Ex-KGB Major Boris Karpichkov said spies from Russia’s SVR intelligence service posing as ­diplomats tricked Snowden into ­seeking asylum in Russia

Russian spies had whistleblower Edward Snowden in their sights SIX YEARS before he exposed US secrets, reports the Sunday People.Moscow believed the cyber wizard working for the CIA in Geneva was ripe for defection in 2007 and opened a file on him, says a KGB defector.But secret agents did not swoop until last year when Snowden, 30, fled to Hong Kong with 1.7 million top secret documents which he leaked to the media.Ex-KGB Major Boris Karpichkov said spies from Russia’s SVR intelligence service posing as ­diplomats tricked Snowden into ­seeking asylum in Russia.And when the turncoat went there the information was leaked to ­provoke the US into cancelling his passport , so restricting his movements, said Karpichkov.

“He wasn’t a Russian spy before he went to Moscow . But death threats have frightened him."These threats were a carefully planned operation by the Russian security services to make Snowden stay in Russia.“Snowden cannot leave Moscow even if he wanted as the Americans have cancelled his passport.”He was admitted to the country on a 12-month renewable visa.But Karpichkov said Snowden’s flight to Moscow was deliberately leaked by the Russians to provoke the Americans into just such an action.

Just last week we wrote about the growing number of legal challenges to GCHQ spying. Now here's another one, from The Bureau of Investigative Journalism, which is concerned about how blanket surveillance threatens the workings of a free press: The Bureau of Investigative Journalism is asking a European court to rule on whether UK legislation properly protects journalists' sources and communications from government scrutiny and mass surveillance.

The government’s electronic eavesdropping agency GCHQ spied illegally on Amnesty International, according to the tribunal responsible for handling complaints against the intelligence services. Confirmation that surveillance took place emerged late on Wednesday, when the human rights group revealed that the Investigatory Powers Tribunal (IPT) sent it an email correcting an earlier judgment. The extraordinary revision of a key detail in the ruling given on 22 June may alarm many supporters of Amnesty, who will want to know why it has been targeted.

In the original judgment, the IPT said that communications by the Egyptian Initiative for Personal Rights and the South African non-profit Legal Resources Centre had been illegally retained and examined. In the email sent on Wednesday, the tribunal made it clear that it was Amnesty and not the Egyptian organisation that had been spied on – as well as the Legal Resources Centre in South Africa. The breach of surveillance powers, under the Regulation of Investigatory Powers Act, related to retaining databases for longer than was permitted. Amnesty had been one of the claimants in the case, but in the original judgment the IPT made “no determination” on the organisation’s complaint – implying that either their emails and phone calls were not intercepted or that they were intercepted but by legal means.