Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged Skype

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Web's Reach Binds N.S.A. and Silicon Valley Leaders - NYTimes.com - 0 views

www.nytimes.com/...ound-by-strengthening-web.html

surveillance state NSA Silicon-Valley Skype Microsoft revolving-door

shared by Paul Merrell on 24 Jun 13 - No Cached
  • When Max Kelly, the chief security officer for Facebook, left the social media company in 2010, he did not go to Google, Twitter or a similar Silicon Valley concern. Instead the man who was responsible for protecting the personal information of Facebook’s more than one billion users from outside attacks went to work for another giant institution that manages and analyzes large pools of data: the National Security Agency. Mr. Kelly’s move to the spy agency, which has not previously been reported, underscores the increasingly deep connections between Silicon Valley and the agency and the degree to which they are now in the same business. Both hunt for ways to collect, analyze and exploit large pools of data about millions of Americans. The only difference is that the N.S.A. does it for intelligence, and Silicon Valley does it to make money.
  • Yet technology experts and former intelligence officials say the convergence between Silicon Valley and the N.S.A. and the rise of data mining — both as an industry and as a crucial intelligence tool — have created a more complex reality. Silicon Valley has what the spy agency wants: vast amounts of private data and the most sophisticated software available to analyze it. The agency in turn is one of Silicon Valley’s largest customers for what is known as data analytics, one of the valley’s fastest-growing markets. To get their hands on the latest software technology to manipulate and take advantage of large volumes of data, United States intelligence agencies invest in Silicon Valley start-ups, award classified contracts and recruit technology experts like Mr. Kelly. “We are all in these Big Data business models,” said Ray Wang, a technology analyst and chief executive of Constellation Research, based in San Francisco. “There are a lot of connections now because the data scientists and the folks who are building these systems have a lot of common interests.” Although Silicon Valley has sold equipment to the N.S.A. and other intelligence agencies for a generation, the interests of the two began to converge in new ways in the last few years as advances in computer storage technology drastically reduced the costs of storing enormous amounts of data — at the same time that the value of the data for use in consumer marketing began to rise. “These worlds overlap,” said Philipp S. Krüger, chief executive of Explorist, an Internet start-up in New York. The sums the N.S.A. spends in Silicon Valley are classified, as is the agency’s total budget, which independent analysts say is $8 billion to $10 billion a year.
  • Despite the companies’ assertions that they cooperate with the agency only when legally compelled, current and former industry officials say the companies sometimes secretly put together teams of in-house experts to find ways to cooperate more completely with the N.S.A. and to make their customers’ information more accessible to the agency. The companies do so, the officials say, because they want to control the process themselves. They are also under subtle but powerful pressure from the N.S.A. to make access easier.
  • ...1 more annotation...
  • Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program who asked not to be named to avoid trouble with the intelligence agencies. Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project. The project began about five years ago, before most of the company was sold by its parent, eBay, to outside investors in 2009. Microsoft acquired Skype in an $8.5 billion deal that was completed in October 2011. A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement. It appears, however, that Skype figured out how to cooperate with the intelligence community before Microsoft took over the company, according to documents leaked by Edward J. Snowden, a former contractor for the N.S.A. One of the documents about the Prism program made public by Mr. Snowden says Skype joined Prism on Feb. 6, 2011. Microsoft executives are no longer willing to affirm statements, made by Skype several years ago, that Skype calls could not be wiretapped. Frank X. Shaw, a Microsoft spokesman, declined to comment.
Paul Merrell

Facebook, Apple, Microsoft, Skype & Yahoo Hit With Prism Data Protection Complaints In ... - 0 views

techcrunch.com/...europe-v-prism

surveillance state NSA EU PRISM investigation Facebook Apple Microsoft Skype Yahoo!

shared by Paul Merrell on 26 Jun 13 - No Cached
  • The European data protection activists behind the Europe v Facebook (evf) campaign group, that has long been a thorn in Facebook’s side in Europe, have filed new complaints under regional data protection law targeting Facebook, Apple, Microsoft, Skype and Yahoo for their alleged collaboration with the NSA’s Prism data collection program. The student activist organisation is targeting the European subsidiaries of these five U.S. companies, arguing that their corporate structure means they fall fully under European privacy laws despite being U.S. headquartered companies. And yet, being as they are U.S. companies, they are required to comply with U.S. surveillance laws — putting them in the “tricky” situation of having to comply with potentially conflicting legal requirements. It’s that legal conflict evf is now probing.
  • Evf takes the view that the law needs clarifying — and it using these new data protection complaints as the vehicle to obtain clarification from the various regional data protection agencies. Facebook and Apple; Microsoft and Skype; and Yahoo have subsidiaries in Ireland, Luxembourg and Germany respectively. ”We want a clear statement by the authorities if a European company may simply give foreign intelligence agencies access to its customer data. If this turns out to be legal, then we might have to change the laws,” noted evf speaker, Max Schrems, in a statement. The key question, as evf sees it, is whether “mass transfer” of personal data from to a foreign intelligence agency is legal under European law.  ”Many journalists have asked us in recent weeks if PRISM is legal from a EU perspective. We have looked at that a little closer. The result was – after consulting with legal experts – that it is very likely illegal under EU data protection laws, because of the corporate structure of the companies,” added Schrems. Google and YouTube have not been included in this first round of evf complaints being as they have a different corporate structure that does not include European subsidiaries. However it notes they do have datacenters in European countries, which will give evf a route to filing Prism-related data protection complaints against both at a later date.
  • Writing in a press notice announcing its new action, evf added: If a European subsidiary sends user data to the American parent company, this is considered an “export” of personal data. Under EU law, an export of data is only allowed if the European subsidiary can ensure an “adequate level or protection” in the foreign country. After the recent disclosures on the “PRISM” program such trust in an “adequate level of protection” by the involved companies can hardly be upheld. There can in no way be an adequate level of protection if they cooperate with the NSA on the other end of the line. Right now an export of data to the US must be seen as illegal if the involved companies cannot disprove the reports on the PRISM program. According to evf, the subsidiaries being targeted by these complaints have “the burden of proof” — to either “credibly assure” that the Prism program is a hoax, or “explain how mass access by a foreign intelligence agency interplays with EU data protection laws”. Evf cites a 2006 case precedent involving payment processor SWIFT which had forwarded transaction details to U.S. authorities. In that case it says a group of EU data protection authorities decided that such a mass data transfer is illegal under EU law, leading to SWIFT to move European data to a server in Switzerland. The case also led to an agreement between the U.S. and the EU on the use of payment data to combat crime.
Paul Merrell

Alt Thai News Network ATNN : Thailand: Next Anti-Regime Rally - January 13, 2014 - 0 views

altthainews.blogspot.com/...anti-regime-rally-january.html

banksters Thailand Carlyle-Group corruption

shared by Paul Merrell on 08 Jan 14 - No Cached
  • In protest of unelected dictator Thaksin Shinawatra and his proxy regime led by his own nepotist-appointed sister Yingluck Shinawatra, anti-regime protesters plan to shut down Thailand's capital of Bangkok starting on Monday, January 13, 2014.  The necessity of continued mass mobilizations is due in part to the current regime's immense foreign backing - including across the West's mass media who continue to claim Thaksin Shinawatra's rule is legitimate despite him being a convicted criminal hiding abroad and openly running the country through a series of nepotist proxies which have included both his brother-in-law and now sister. While unthinkable and unacceptable in any other country, news fronts such as the BBC, New York Times, CNN, Reuters, AP, AFP and others insist that this cartoonish, criminal arrangement is somehow representative of "democracy" in Thailand.  The New York Times, despite defending what is by all measures an absurd abuse of the principles of representative governance, would even report in its article titled, "In Thailand, Power Comes With Help From Skype," that:  For the past year and a half, by the party’s own admission, the most important political decisions in this country of 65 million people have been made from abroad, by a former prime minister who has been in self-imposed exile since 2008 to escape corruption charges. 
  • The country’s most famous fugitive,Thaksin Shinawatra, circles the globe in his private jet, chatting with ministers over his dozen cellphones, texting over various social media platforms and reading government documents e-mailed to him from civil servants, party officials say.  It might be described as rule by Skype. Or governance by instant messenger, a way for Mr. Thaksin to help run the country without having to face the warrant for his arrest in a case that many believe is politically motivated. There is no question that an accused mass murderer and convicted criminal hiding abroad from a 2 year jail sentence, multiple arrest warrants, and a long list of pending court cases, is illegally running Thailand by proxy.  Of course, just as a convicted criminal running America or England via Skype would be a laughable prospect entirely unacceptable by Americans or English, likewise, it is unacceptable in Thailand. The sham elections the regime is planning for February 2, 2014 which have Thaksin Shinawatra's sister and brother-in-law once again at the top of the candidate list, have already been boycotted by all opposition parties, leaving the regime alone posting campaign posters along Thailand's roads, reminiscent of scenes of sham elections carried out in North Korea. 
  • Who is Thaksin Shinawatra and Why do People Detest Him?
  • Paul Merrell on 08 Jan 14
     
    Long list of crimes and sins committed further down in the article. The Thai protest demonstrations have been massive of late. A group of U.S.-based banksters and other corporate interests have been plucking the Thai economy down to bare skin. 
Paul Merrell

Hacking Online Polls and Other Ways British Spies Seek to Control the Internet - The In... - 0 views

firstlook.org/...sh-spies-seek-control-internet

surveillance state GCHQ dirty-tricks

shared by Paul Merrell on 16 Jul 14 - No Cached
  • The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censor video content judged to be “extremist.” The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call.
  • he “tools” have been assigned boastful code names. They include invasive methods for online surveillance, as well as some of the very techniques that the U.S. and U.K. have harshly prosecuted young online activists for employing, including “distributed denial of service” attacks and “call bombing.” But they also describe previously unknown tactics for manipulating and distorting online political discourse and disseminating state propaganda, as well as the apparent ability to actively monitor Skype users in real-time—raising further questions about the extent of Microsoft’s cooperation with spy agencies or potential vulnerabilities in its Skype’s encryption. Here’s a list of how JTRIG describes its capabilities: • “Change outcome of online polls” (UNDERPASS) • “Mass delivery of email messaging to support an Information Operations campaign” (BADGER) and “mass delivery of SMS messages to support an Information Operations campaign” (WARPARTH) • “Disruption of video-based websites hosting extremist content through concerted target discovery and content removal.” (SILVERLORD)
  • • “Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.” (MINIATURE HERO) • “Find private photographs of targets on Facebook” (SPRING BISHOP) • “A tool that will permanently disable a target’s account on their computer” (ANGRY PIRATE) • “Ability to artificially increase traffic to a website” (GATEWAY) and “ability to inflate page views on websites” (SLIPSTREAM) • “Amplification of a given message, normally video, on popular multimedia websites (Youtube)” (GESTATOR) • “Targeted Denial Of Service against Web Servers” (PREDATORS FACE) and “Distributed denial of service using P2P. Built by ICTR, deployed by JTRIG” (ROLLING THUNDER)
  • ...1 more annotation...
  • • “A suite of tools for monitoring target use of the UK auction site eBay (www.ebay.co.uk)” (ELATE) • “Ability to spoof any email address and send email under that identity” (CHANGELING) • “For connecting two target phone together in a call” (IMPERIAL BARGE) While some of the tactics are described as “in development,” JTRIG touts “most” of them as “fully operational, tested and reliable.” It adds: “We only advertise tools here that are either ready to fire or very close to being ready.”
Paul Merrell

PRISM: Google and Facebook DID allow NSA access to data and were in talks to set up 'sp... - 0 views

www.dailymail.co.uk/...age-controversial-project.html

security state NSA digital surveillance Google Facebook

shared by Paul Merrell on 10 Jun 13 - No Cached
  • Mark Zuckerberg and Larry Page both issued blustery statements over recent media reports they gave the National Security Agency officials access to their troves of user informationNow sources say both tech giants were in discussion about specific ways to give U.S. officials access to their data using virtual classified information reading roomsCompanies are all compelled by the Foreign Intelligence Surveillance Act to hand over any information requested under the law, but they're not required to make access easier
  • PRISM data-mining program was launched in 2007 with approval from special federal judgesApple, Facebook, Microsoft, Google, Yahoo, YouTube, Skype, AOL and PalTalk are involved in spying program The UK has had access to the PRISM data since at least 2010Details of data collection were outlined in classified 41-slide PowerPoint presentation that was leaked by intelligence officer 
  • Mark Zuckerberg of Facebook and Larry Page of Google both strongly denied giving unfettered access to user data to U.S. officials, but it turns out both companies have, in fact, cooperated with governments requests.Zuckerberg denied his company's link to secret government data-sharing scheme PRISM on Friday in a blustery posted message that described allegations that Facebook gave 'US or any other government direct access to our servers' as 'outrageous.'Now, sources tell the New York Times that both Facebook and Google discussed plans to create secure portals for the government 'like a digital version of the secure physical rooms that have long existed for classified information' with U.S. officials.
Gary Edwards

The Stunning Hypocrisy of the U.S. Government - BlackListedNews.com - 1 views

www.blacklistednews.com/...M.html

NSA-Patriot-Act-NDAA Edward-Snowden hypocrisy

shared by Gary Edwards on 24 Jun 13 - No Cached
  • Please read this rather good summary in this morning’s New York Times of the worldwide debate Snowden has enabled – how these disclosures have “set off a national debate over the proper limits of government surveillance” and “opened an unprecedented window on the details of surveillance by the NSA, including its compilation of logs of virtually all telephone calls in the United States and its collection of e-mails of foreigners from the major American Internet companies, including Google, Yahoo, Microsoft, Apple and Skype” – and ask yourself: has Snowden actually does anything to bring “injury to the United States”, or has he performed an immense public service?
  • The irony is obvious: the same people who are building a ubiquitous surveillance system to spy on everyone in the world, including their own citizens, are now accusing the person who exposed it of “espionage”.
  • It seems clear that the people who are actually bringing “injury to the United States” are those who are waging war on basic tenets of transparency and secretly constructing a mass and often illegal and unconstitutional surveillance apparatus aimed at American citizens – and those who are lying to the American people and its Congress about what they’re doing – rather than those who are devoted to informing the American people that this is being done.
  • ...13 more annotations...
  • The Obama administration leaks classified information continuously. They do it to glorify the President, or manipulate public opinion, or even to help produce a pre-election propaganda film about the Osama bin Laden raid.
  • The Obama administration does not hate unauthorized leaks of classified information. They are more responsible for such leaks than anyone.
  • What they hate are leaks that embarrass them or expose their wrongdoing.
  • The “enemy” they’re seeking to keep ignorant with selective and excessive leak prosecutions are not The Terrorists or The Chinese Communists.
  • It’s the American people.
  • The people who have learned things they didn’t already know are American citizens who have no connection to terrorism or foreign intelligence, as well as hundreds of millions of citizens around the world about whom the same is true.
  • What they have learned is that the vast bulk of this surveillance apparatus is directed not at the Chinese or Russian governments or the Terrorists, but at them.
  • And that is precisely why the US government is so furious and will bring its full weight to bear against these disclosures.
  • What has been “harmed” is not the national security of the US but the ability of its political leaders to work against their own citizens and citizens around the world in the dark, with zero transparency or real accountability.
  • If anything is a crime, it’s that secret, unaccountable and deceitful behavior: not the shining of light on it.
  • At a press conference to discuss the accusations, an N.S.A. spokesman surprised observers by announcing the spying charges against Mr. Snowden with a totally straight face. “These charges send a clear message,” the spokesman said. “In the United States, you can’t spy on people.”
  • “The American people have the right to assume that their private documents will remain private and won’t be collected by someone in the government for his own purposes.”
  • “Only by bringing Mr. Snowden to justice can we safeguard the most precious of American rights: privacy,” added the spokesman, apparently serious.
  • Gary Edwards on 24 Jun 13
     
    Extremely well linked story from "Washington's Blog" excerpt: "The Government's Hypocrisy Is the Core Problem Congress has exempted itself from the prohibition against trading on inside information … the law that got Martha Stewart and many other people thrown in jail. There are many other ways in which the hypocrisy of the politicians in D.C. are hurting our country. Washington politicians say we have to slash basic services, and yet waste hundreds of billions of dollars on counter-productive boondoggles.  If the politicos just stopped throwing money at corporate welfare queens, military and security boondoggles and pork, harmful quantitative easing, unnecessary nuclear subsidies,  the failed war on drugs, and other wasted and counter-productive expenses, we wouldn't need to impose austerity on the people. The D.C. politicians said that the giant failed banks couldn't be nationalized, because that would be socialism.  Instead of temporarily nationalizing them and then spinning them off to the private sector - or breaking them up - the politicians have bailed them out to the tune of many tens of billions of dollars each year, and created a system where all of the profits are privatized, and all of the losses socialized. Obama and Congress promised help for struggling homeowners, and passed numerous bills that they claimed would rescue the little guy.  But every single one of these bills actually bails out the banks … and doesn't really help the homeowner. The D.C. regulators pretend that they are being tough on the big banks, but are actually doing everything they can to help cover up their sins. Many have pointed out Obama's hypocrisy in slamming Bush's spying programs … and then expanding them  (millions more). And in slamming China's cyber-warfare … while doing the same thing. And - while the Obama administration is spying on everyone in the country - it is at the same time the most secretive administration ever (ba
Paul Merrell

Greenwald: Snowden's Files Are Out There if "Anything Happens" To Him - The Daily Beast - 0 views

www.thedailybeast.com/...f-anything-happens-to-him.html

surveillance state NSA leaked-docs Greenwald

shared by Paul Merrell on 26 Jun 13 - No Cached
  • Glenn Greenwald, the Guardian journalist who Snowden first contacted in February, told The Daily Beast on Tuesday that Snowden “has taken extreme precautions to make sure many different people around the world have these archives to insure the stories will inevitably be published.” Greenwald added that the people in possession of these files “cannot access them yet because they are highly encrypted and they do not have the passwords.” But, Greenwald said, “if anything happens at all to Edward Snowden, he told me he has arranged for them to get access to the full archives.” The fact that Snowden has made digital copies of the documents he accessed while working at the NSA poses a new challenge to the U.S. intelligence community that has scrambled in recent days to recover them and assess the full damage of the breach. Even if U.S. authorities catch up with Snowden and the four classified laptops the Guardian reported he brought with him to Hong Kong the secrets Snowden hopes to expose will still likely be published.
  • A former U.S. counterintelligence officer following the Snowden saga closely said his contacts inside the U.S. intelligence community “think Snowden has been planning this for years and has stashed files all over the Internet.” This source added, “At this point there is very little anyone can do about this.” The arrangement to entrust encrypted archives of his files with others also sheds light on a cryptic statement Snowden made on June 17 during a live chat with The Guardian. In the online session he said, “All I can say right now is the U.S. government is not going to be able to cover this up by jailing or murdering me. Truth is coming, and it cannot be stopped.”
  • Greenwald said that he himself has thousands of documents from Snowden that he is continuing to examine. That figure is considerably higher than the 200 documents that Sen. Dianne Feinstein, the chairwoman of the Senate Select Committee, said over the weekend that she was told Snowden possessed. “I don’t know for sure whether [Snowden] has more documents than the ones he has given me,” Greenwald said. “I believe he does. He was clear he did not want to give to journalists things he did not think should be published.”
  • ...2 more annotations...
  • However, Greenwald said that in his dealings with Snowden the 30-year-old systems administrator was adamant that he and his newspaper go through the document and only publish what served the public’s right to know. “Snowden himself was vehement from the start that we do engage in that journalistic process and we not gratuitously publish things,” Greenwald said. “I do know he was vehement about that. He was not trying to harm the U.S. government; he was trying to shine light on it.” Greenwald said Snowden for example did not wish to publicize information that gave the technical specifications or blueprints for how the NSA constructed its eavesdropping network. “He is worried that would enable other states to enhance their security systems and monitor their own citizens.” Greenwald also said Snowden did not wish to repeat the kinds of disclosures made famous a generation ago by former CIA spy, Philip Agee—who published information after defecting to Cuba that outed undercover CIA officers. “He was very insistent he does not want to publish documents to harm individuals or blow anyone’s undercover status,” Greenwald said. He added that Snowden told him, “Leaking CIA documents can actually harm people, whereas leaking NSA documents can harm systems.”
  • For now, Greenwald said he is taking extra precautions against the prospect that he is a target of U.S. surveillance. He said he began using encrypted email when he began communicating with Snowden in February after Snowden sent him a YouTube video walking him through the procedure to encrypt his email. “When I was in Hong Kong, I spoke to my partner in Rio via Skype and told him I would send an electronic encrypted copy of the documents,” Greenwald said. “I did not end up doing it. Two days later his laptop was stolen from our house and nothing else was taken. Nothing like that has happened before. I am not saying it’s connected to this, but obviously the possibility exists.” When asked if Greenwald believed his computer was being monitored by the U.S. government. “I would be shocked if the U.S. government were not trying to access the information on my computer. I carry my computers and data with me everywhere I go.”
Gary Edwards

Why the Ruling Class is So Upset About Edward Snowden » CounterPunch: Tells t... - 0 views

www.counterpunch.org/...-so-upset-about-edward-snowden

Gary-Leupp NSA-Patriot-Act-NDAA NSA-Whistleblower Edward-Snowden

shared by Gary Edwards on 26 Jun 13 - No Cached
  • the networks now compete with one another to generate outrage—not at the spying, mind you, but at Snowden for violating the law.
  • O’Reilly’s current position is that while a hero, Snowden should be placed on trial and judged by a jury. Which is to say, he should be apprehended abroad, brought back in handcuffs and treated to the same benefits of the U.S. judicial system enjoyed by a Bradley Manning or a Guantanamo detainee.
  • He broke the law! He told us: “Any analyst at any time can target anyone.”
  • ...24 more annotations...
  • “He took an oath,” thunders Dianne Feinstein
  • chair of the Senate Intelligence Committee (and thus someone complicit in the spying programs).
  • What she means by this is that he broke his pledge, made when he became an employee of the CIA contractor Booz Allen Hamilton—which helps handle the massive effort to monitor all of us daily—to conceal any secrets he obtained as an employee.
  • She is of course not referring to the oath he made at the same time, to uphold the Constitution of the United States, which says very clearly that “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…”
  • Snowden has not merely revealed that the U.S. government has forced service providers Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple to share all their records with itself, in the form of mega-data that can only be accessed for content following the issuance of warrants from (secret) courts, in order to thwart real or imagined terrorist plots. He hasn’t merely shown that the NSA intercepts 1.7 billion electronic records every day (in order, of course, to thwart the terrorists). He has charged the following:
  • The FBI’s “Counterintelligence Program” (COINTELPRO), active from 1956 to 1971, collected information through wiretaps and other means with the specific objective of destroying civil rights and left-wing organizations.
  • Snowden indicates that those with that power can indeed gain access to what Bill Clinton recently called the “meat” of your communications.
  • That is, every word you’ve spoken on the phone recently, or maybe for several years; or test-messaged or instant-messaged online; can be accessed by government “analysts” at their whim.
  • in 2008, ABC News revealed that National Security Agency staffers enjoyed monitoring satellite phone sex involving U.S. officers in Iraq. It’s worth quoting at length.
  • “‘These were just really everyday, average, ordinary Americans who happened to be in the Middle East, in our area of intercept and happened to be making these phone calls on satellite phones,’ said Adrienne Kinne, a 31-year old US Army Reserves Arab linguist assigned to a special military program at the NSA’s Back Hall at Fort Gordon from November 2001 to 2003. Kinne described the contents of the calls as ‘personal, private things with Americans who are not in any way, shape or form associated with anything to do with terrorism.’ [...] Another intercept operator, former Navy Arab linguist, David Murfee Faulk, 39, said he and his fellow intercept operators listened into hundreds of Americans picked up using phones in Baghdad’s Green Zone from late 2003 to November 2007. ‘Calling home to the United States, talking to their spouses, sometimes their girlfriends, sometimes one phone call following another,’ said Faulk. [...] ‘Hey, check this out,’ Faulk says he would be told, ‘there’s good phone sex or there’s some pillow talk, pull up this call, it’s really funny, go check it out. It would be some colonel making pillow talk and we would say, ‘Wow, this was crazy,’ Faulk told ABC News.”
  • “Any analyst at any time can target anyone. Any selector, anywhere… I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant, to a federal judge, to even the President…”
  • But the main issue is not your protection from phone-sex interlopers, but protection from those who want to do you harm.
  • If that’s the way NSA analysts could deal with U.S. military officers in Iraq—fellow cogs in the system, fighting on behalf of U.S. imperialism—how much respect do you suppose they have for you and your privacy? For your security from their searches, their violations?
  • One of its stated missions was to use surveillance on activists to release negative personal information to the public to discredit them. In many instances the agents succeeded, and they ruined lives. And their abilities to do so pale in comparison with the abilities of Obama’s NSA.
  • the Bush administration would be willing to learn a thing or two about domestic spying from the experts of the former Stasi. What ruling elite has ever gained more total information awareness about its citizens than the old German Democratic Republic?  And done it with such elegant legal scaffolding?
  • As historians such as Katherine Pence and Paul Betts have shown, the GDR authorities operated within scrupulously observed legal constraints. One sees this in the film Das Leben der Anderen (The Lives of Others) produced in the reunited Germany in 2006. It depicts the surveillance culture of the former East Germany, leaving the viewer nauseated.
  • Everything according to law.
  • I thought of that film while reading the lead Boston Globe editorial on June 13. It concludes that the “policies that [Snowden revealed], however objectionable, are properly authorized” while Snowden himself “broke the law.”
  • Thus, you see, he’s not a whistle-blower but a criminal.
  • U.S. to World: “You Must View Snowden as a Criminal, and Give Him Back”
  • Suddenly, the Cold War has reappeared. Snowden is charged with espionage, some of his critics alleging that he’s in the service of the PRC and/or Russia or other “enemies.” It in fact appears that Beijing and Moscow both were taken by surprise by this episode, and that both have attempted to handle Snowden’s unexpected presence carefully to avoid annoying the U.S.
  • The entirety of the ruling elite and the journalistic establishment are keen on defending the programs Snowden has exposed; keen on punishing him for his whistle-blowing; determined to vilify him as a punk, narcissist, egoist, attention-hungry ne’er-do-well (anything but a thoughtful man who made a moral choice that has enlightened people about the character of the U.S. government); feverishly working on damage control while anticipating more damning revelations; and determined to get those four laptops with their incriminating content back into the bosom of the national security state.
  • It all, in my humble opinion, boils down to thi
  • No, there are us, and there are them. The tiny power elite that controls the mainstream press and cable channels, the corporations that dutifully hand over mega-data to the state (and then deny doing so to allay consumer outrage), the twin political parties, are sick to their stomachs that they’ve been so exposed. We in our turn should feel, if not terrorized, nauseated.
  • Gary Edwards on 26 Jun 13
     
    This is a fun and enlightening read.  Extremely well written!  Maybe the most complete statement of both the facts of the Snowden - NSA disclosure event, and the mix of heartache and anger I feel about it.  Gut wrenching, nauseating and sick to my soul over what these clowns are doing to this great Republic, the Constitution, and the brief history of individual liberty this country represents.  Nicely written summary.
Paul Merrell

Documents Reveal N.S.A. Campaign Against Encryption - Document - NYTimes.com - 0 views

www.nytimes.com/...mpaign-against-encryption.html

surveillance state NSA NSA-capabilities compromised-encryption-standards

shared by Paul Merrell on 06 Sep 13 - No Cached
  • (U) HTTPS – HTTP traffic secured inside an SSL/TLS session, indicated by the https:// URL, commonly using TCP port 443 (U) IPSEC -- IPSec, or IP Security, is the Internet Engineering Task Force (IETF) standard for layer 3 real-time communication security. IPSec allows two hosts (or two gateways) to establish a secure connection, sometimes called a tunnel. All traffic is protected at the network layer. (U) SSH – Secure Shell. A common protocol used for secure remote computer access (U) SSL – Secure Sockets Layer. Commonly used to provide secure network communication. Widely used on the internet to provide secure web browsing, webmail, instant messaging, electronic commerce, etc. (U) TLS – Transport Layer Security. The follow-on to SSL, SSLv3 and TLSv1.0 are nearly identical. (U) VoIP – Voice over Internet Protocol. A general term for the using IP networks to make voice phone calls. The application layer protocol can be standards-based (e.g., H.323, SIP), or proprietary (e.g., Skype). (U) VPN – Virtual Private Network. A private network that makes use of the public telecommunications infrastructure, maintaining privacy via the use of a tunneling protocol and security procedures that typically include encryption. Common protocols include IPSEC and PPTP.
  • Paul Merrell on 06 Sep 13
     
    An "example" non-exclusive list of encryption standards that the "patriots" at the NSA have compromised.  Select the "Bullrun Briefing Sheet" tab to view.
Paul Merrell

N.S.A. Able to Foil Basic Safeguards of Privacy on Web - NYTimes.com - 1 views

www.nytimes.com/...-much-internet-encryption.html

surveillance state NSA GCHQ NSA-capabilities

shared by Paul Merrell on 06 Sep 13 - No Cached
Gary Edwards liked it
  • The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
  • The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
  • The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
  • ...11 more annotations...
  • “For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
  • Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.
  • For at least three years, one document says, GCHQ, almost certainly in collaboration with the N.S.A., has been looking for ways into protected traffic of popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document. (Google denied giving any government access and said it had no evidence its systems had been breached).
  • Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip. “And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.
  • The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus on GCHQ but include thousands from or about the N.S.A. Intelligence officials asked The Times and ProPublica not to publish this article, saying it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful privacy tools.
  • The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June. “Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.
  • Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.
  • At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.
  • Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method. Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members. Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.” “Eventually, N.S.A. became the sole editor,” the memo says.
  • But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence. A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.
  • Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
  • Paul Merrell on 06 Sep 13
     
    Lengthy article, lots of new information on NSA decryption capabilities, none of it good for those who value their data privacy.
  • Gary Edwards on 06 Sep 13
     
    Thanks Paul - nice job cutting this monster down to size :)
Paul Merrell

Your Computer May Already be Hacked - NSA Inside? | Steve Blank - 1 views

steveblank.com/...y-already-be-hacked-nsa-inside

surveillance state NSA NSA-targets NSA-backdoors CPU-backdoors

shared by Paul Merrell on 22 Dec 13 - No Cached
  • But while the interviewer focused on the Skype revelation, I thought the most interesting part was the other claim, “that the National Security Agency already had pre-encryption stage access to email on Outlook.”  Say what??  They can see the plaintext on my computer before I encrypt it? That defeats any/all encryption methods. How could they do that? Bypass Encryption While most outside observers think the NSA’s job is cracking encrypted messages, as the Prism disclosures have shown, the actual mission is simply to read all communications. Cracking codes is a last resort.
  • The NSA has a history of figuring out how to get to messages before or after they are encrypted. Whether it was by putting keyloggers on keyboards and recording the keystrokes or detecting the images of the characters as they were being drawn on a CRT. Today every desktop and laptop computer has another way for the NSA to get inside. Intel Inside It’s inevitable that complex microprocessors have bugs in them when they ship. When the first microprocessors shipped the only thing you could hope is that the bug didn’t crash your computer. The only way the chip vendor could fix the problem was to physically revise the chip and put out a new version. But computer manufacturers and users were stuck if you had an old chip. After a particularly embarrassing math bug in 1994 that cost Intel $475 million, the company decided to fix the problem by allowing it’s microprocessors to load fixes automatically when your computer starts.
  • Starting in 1996 with the Intel P6 (Pentium Pro) to today’s P7 chips (Core i7) these processors contain instructions that are reprogrammable in what is called microcode. Intel can fix bugs on the chips by reprogramming a microprocessors microcode with a patch. This patch, called a microcode update, can be loaded into a processor by using special CPU instructions reserved for this purpose. These updates are not permanent, which means each time you turn the computer on, its microprocessor is reset to its built-in microcode, and the update needs to be applied again (through a computer’s BIOS.). Since 2000, Intel has put out 29 microcode updates to their processors. The microcode is distributed by 1) Intel or by 2) Microsoft integrated into a BIOS or 3) as part of a Windows update. Unfortunately, the microcode update format is undocumented and the code is encrypted. This allows Intel to make sure that 3rd parties can’t make unauthorized add-ons to their chips. But it also means that no one can look inside to understand the microcode, which makes it is impossible to know whether anyone is loading a backdoor into your computer.
  • ...3 more annotations...
  • Or perhaps the NSA, working with Intel and/or Microsoft, have wittingly have put backdoors in the microcode updates. A backdoor is is a way of gaining illegal remote access to a computer by getting around the normal security built-in to the computer. Typically someone trying to sneak malicious software on to a computer would try to install a rootkit (software that tries to conceal the malicious code.) A rootkit tries to hide itself and its code, but security conscious sites can discover rootkits by tools that check kernel code and data for changes. But what if you could use the configuration and state of microprocessor hardware in order to hide? You’d be invisible to all rootkit detection techniques that checks the operating system. Or what if you can make the microprocessor random number generator (the basis of encryption) not so random for a particular machine? (The NSA’s biggest coup was inserting backdoors in crypto equipment the Swiss sold to other countries.) Rather than risk getting caught messing with everyone’s updates, my bet is that the NSA has compromised the microcode update signing keys  giving the NSA the ability to selectively target specific computers. (Your operating system ensures security of updates by checking downloaded update packages against the signing key.) The NSA then can send out backdoors disguised as a Windows update for “security.” (Ironic but possible.) That means you don’t need backdoors baked in the hardware, don’t need Intel’s buy-in, don’t have discoverable rootkits, and you can target specific systems without impacting the public at large.
  • A few months ago these kind of discussions would have been theory at best, if not paranoia.
  • The Prism disclosures prove otherwise – the National Security Agency has decided it needs the ability to capture all communications in all forms. Getting inside of a target computer and weakening its encryption or having access to the plaintext of encrypted communication seems likely. Given the technical sophistication of the other parts of their surveillance net, the surprise would be if they haven’t implemented a microcode backdoor. The downside is that 1) backdoors can be hijacked by others with even worse intent. So if NSA has a microcode backdoor – who else is using it? and 2) What other pieces of our infrastructure, (routers, smartphones, military computers, satellites, etc) use processors with uploadable microcode? —— And that may be why the Russian president is now using a typewriter rather than a personal computer.
Gary Edwards

XKeyscore: NSA tool collects 'nearly everything a user does on the internet' | World ne... - 1 views

www.theguardian.com/...top-secret-program-online-data

Edward-Snowden Glenn-Greenwald NSA NSA-Patriot-Act-NDAA NSA-Whistleblower

shared by Gary Edwards on 01 Aug 13 - No Cached
  • The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.
  • The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10
  • "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".
  • ...23 more annotations...
  • US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do."
  • But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.
  • XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.
  • Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.
  • Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets.
  • But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.
  • One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time.
  • The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted.
  • Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.
  • One document notes that this is because "strong selection [search by email address] itself gives us only a very limited capability" because "a large amount of time spent on the web is performing actions that are anonymous."
  • Email monitoring
  • One top-secret document describes how the program "searches within bodies of emails, webpages and documents", including the "To, From, CC, BCC lines" and the 'Contact Us' pages on websites".
  • To search for emails, an analyst using XKS enters the individual's email address into a simple online search form, along with the "justification" for the search and the time period for which the emails are sought.
  • One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications.
  • Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications:
  • Chats, browsing history and other internet activity
  • Beyond emails, the XKeyscore system allows analysts to monitor a virtually unlimited array of other internet activities, including those within social media.
  • An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.
  • The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies.
  • The quantity of communications accessible through programs such as XKeyscore is staggeringly large. One NSA report from 2007 estimated that there were 850bn "call events" collected and stored in the NSA databases, and close to 150bn internet records. Each day, the document says, 1-2bn records were added.
  • William Binney, a former NSA mathematician, said last year that the agency had "assembled on the order of 20tn transactions about US citizens with other US citizens", an estimate, he said, that "only was involving phone calls and emails". A 2010 Washington Post article reported that "every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications."
  • The ACLU's deputy legal director, Jameel Jaffer, told the Guardian last month that national security officials expressly said that a primary purpose of the new law was to enable them to collect large amounts of Americans' communications without individualized warrants.
  • "The government doesn't need to 'target' Americans in order to collect huge volumes of their communications," said Jaffer. "The government inevitably sweeps up the communications of many Americans" when targeting foreign nationals for surveillance.
  • Gary Edwards on 01 Aug 13
     
    "One presentation claims the XKeyscore program covers 'nearly everything a typical user does on the internet' ................................................................. A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight. The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do." But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks - what the agency calls Digital Network Intelligence (DNI). One
  • Paul Merrell on 02 Aug 13
     
    "But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. " Note in that regard that Snowden said in an earlier interview that use of this system rarely was audited and that when audited, the most common request if changes were requested was to beef up the justification for the search. The XScore system puts the lie to just about everything the Administration has claimed about intense oversight by all three branches of federal government and about not reading emails or listening to (Skype) phone calls. The lies keep stacking up in an ever-deepening pile.
Paul Merrell

N.S.A. Spied on Allies, Aid Groups and Businesses - NYTimes.com - 0 views

www.nytimes.com/...groups-and-business-elite.html

surveillance state NSA NSA-targets

shared by Paul Merrell on 21 Dec 13 - No Cached
  • Secret documents reveal more than 1,000 targets of American and British surveillance in recent years, including the office of an Israeli prime minister, heads of international aid organizations, foreign energy companies and a European Union official involved in antitrust battles with American technology businesses.
  • While the names of some political and diplomatic leaders have previously emerged as targets, the newly disclosed intelligence documents provide a much fuller portrait of the spies’ sweeping interests in more than 60 countries. Britain’s Government Communications Headquarters, working closely with the National Security Agency, monitored the communications of senior European Union officials, foreign leaders including African heads of state and sometimes their family members, directors of United Nations and other relief programs, and officials overseeing oil and finance ministries, according to the documents. In addition to Israel, some targets involved close allies like France and Germany, where tensions have already erupted over recent revelations about spying by the N.S.A.
  • Details of the surveillance are described in documents from the N.S.A. and Britain’s eavesdropping agency, known as GCHQ, dating from 2008 to 2011. The target lists appear in a set of GCHQ reports that sometimes identify which agency requested the surveillance, but more often do not. The documents were leaked by the former N.S.A. contractor Edward J. Snowden and shared by The New York Times, The Guardian and Der Spiegel. The reports are spare, technical bulletins produced as the spies, typically working out of British intelligence sites, systematically tapped one international communications link after another, focusing especially on satellite transmissions. The value of each link is gauged, in part, by the number of surveillance targets found to be using it for emails, text messages or phone calls. More than 1,000 targets, which also include people suspected of being terrorists or militants, are in the reports. It is unclear what the eavesdroppers gleaned. The documents include a few fragmentary transcripts of conversations and messages, but otherwise contain only hints that further information was available elsewhere, possibly in a larger database.
  • ...8 more annotations...
  • Ms. Hansen, the spokeswoman for the European Commission, said that it was already engaged in talks with the United States that were “needed to restore trust and confidence in the trans-Atlantic relationship.” She added that “the commission will raise these new allegations with U.S. and U.K. authorities.”
  • Also appearing on the surveillance lists is Joaquín Almunia, vice president of the European Commission, which, among other powers, has oversight of antitrust issues in Europe. The commission has broad authority over local and foreign companies, and it has punished a number of American companies, including Microsoft and Intel, with heavy fines for hampering fair competition. The reports say that spies intercepted Mr. Almunia’s communications in 2008 and 2009. Mr. Almunia, a Spaniard, assumed direct authority over the commission’s antitrust office in 2010. He has been involved in a three-year standoff with Google over how the company runs its search engine. Competitors of the online giant had complained that it was prioritizing its own search results and using content like travel reviews and ratings from other websites without permission. While pushing for a settlement with Google, Mr. Almunia has warned that the company could face large fines if it does not cooperate.
  • Some condemned the surveillance on Friday as unjustified and improper. “This is not the type of behavior that we expect from strategic partners,” Pia Ahrenkilde Hansen, a spokeswoman for the European Commission, said on the latest revelations of American and British spying in Europe. Some of the surveillance relates to issues that are being scrutinized by President Obama and a panel he appointed in Washington that on Wednesday recommended tighter limits on the N.S.A., particularly on spying of foreign leaders, especially allies.
  • “We do not use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line,” said Vanee Vines, an N.S.A. spokeswoman. But she added that some economic spying was justified by national security needs. “The intelligence community’s efforts to understand economic systems and policies, and monitor anomalous economic activities, are critical to providing policy makers with the information they need to make informed decisions that are in the best interest of our national security,” Ms. Vines said.
  • The surveillance reports show American and British spies’ deep appetite for information. The French companies Total, the oil and gas giant, and Thales, an electronics, logistics and transportation outfit, appear as targets, as do a French ambassador, an “Estonian Skype security team” and the German Embassy in Rwanda.
  • Multiple United Nations Missions in Geneva are listed as targets, including Unicef and the United Nations Institute for Disarmament Research. So is Médecins du Monde, a medical relief organization that goes into war-ravaged areas. Leigh Daynes, an executive director of the organization in Britain, responded to news about the surveillance by saying: “There is absolutely no reason for our operations to be secretly monitored.” More obvious intelligence targets are also listed, though in smaller numbers, including people identified as “Israeli grey arms dealer,” “Taleban ministry of refugee affairs” and “various entities in Beijing.” Some of those included are described as possible members of Al Qaeda, and as suspected extremists or jihadists.
  • While few if any American citizens appear to be named in the documents, they make clear that some of the intercepted communications either began or ended in the United States and that N.S.A. facilities carried out interceptions around the world in collaboration with their British partners. Some of the interceptions appear to have been made at the Sugar Grove, W.Va., listening post run by the N.S.A. and code-named Timberline, and some are explicitly tied to N.S.A. target lists in the reports.
  • Strengthening the likelihood that full transcripts were taken during the intercepts is the case of Mohamed Ibn Chambas, an official of the Economic Community of West African States, known as Ecowas, a regional initiative of 15 countries that promotes economic and industrial activity. Whether intentionally or through some oversight, when Mr. Chambas’s communications were intercepted in August 2009, dozens of his complete text messages were copied into one of the reports.
  • Paul Merrell on 21 Dec 13
     
    No mention of any "terrorist" targets. Could it be that Snowden and Greenwald are right, that the surveillance is not about terrorism at all? Surely our nation's leaders would not lie to us about that. Right. The Politics of Fear.
Paul Merrell

How Secret Partners Expand NSA's Surveillance Dragnet - The Intercept - 0 views

firstlook.org/...le-partners-revealed-rampart-a

surveillance state NSA NSA-partners fiber-optic

shared by Paul Merrell on 20 Jun 14 - No Cached
  • Huge volumes of private emails, phone calls, and internet chats are being intercepted by the National Security Agency with the secret cooperation of more foreign governments than previously known, according to newly disclosed documents from whistleblower Edward Snowden. The classified files, revealed today by the Danish newspaper Dagbladet Information in a reporting collaboration with The Intercept, shed light on how the NSA’s surveillance of global communications has expanded under a clandestine program, known as RAMPART-A, that depends on the participation of a growing network of intelligence agencies.
  • It has already been widely reported that the NSA works closely with eavesdropping agencies in the United Kingdom, Canada, New Zealand, and Australia as part of the so-called Five Eyes surveillance alliance. But the latest Snowden documents show that a number of other countries, described by the NSA as “third-party partners,” are playing an increasingly important role – by secretly allowing the NSA to install surveillance equipment on their fiber-optic cables. The NSA documents state that under RAMPART-A, foreign partners “provide access to cables and host U.S. equipment.” This allows the agency to covertly tap into “congestion points around the world” where it says it can intercept the content of phone calls, faxes, e-mails, internet chats, data from virtual private networks, and calls made using Voice over IP software like Skype.
  • The secret documents reveal that the NSA has set up at least 13 RAMPART-A sites, nine of which were active in 2013. Three of the largest – codenamed AZUREPHOENIX, SPINNERET and MOONLIGHTPATH – mine data from some 70 different cables or networks. The precise geographic locations of the sites and the countries cooperating with the program are among the most carefully guarded of the NSA’s secrets, and these details are not contained in the Snowden files. However, the documents point towards some of the countries involved – Denmark and Germany among them. An NSA memo prepared for a 2012 meeting between the then-NSA director, Gen. Keith Alexander, and his Danish counterpart noted that the NSA had a longstanding partnership with the country’s intelligence service on a special “cable access” program. Another document, dated from 2013 and first published by Der Spiegel on Wednesday, describes a German cable access point under a program that was operated by the NSA, the German intelligence service BND, and an unnamed third partner.
  • ...2 more annotations...
  • The program, which the secret files show cost U.S. taxpayers about $170 million between 2011 and 2013, sweeps up a vast amount of communications at lightning speed. According to the intelligence community’s classified “Black Budget” for 2013, RAMPART-A enables the NSA to tap into three terabits of data every second as the data flows across the compromised cables – the equivalent of being able to download about 5,400 uncompressed high-definition movies every minute. In an emailed statement, the NSA declined to comment on the RAMPART-A program. “The fact that the U.S. government works with other nations, under specific and regulated conditions, mutually strengthens the security of all,” said NSA spokeswoman Vanee’ Vines. “NSA’s efforts are focused on ensuring the protection of the national security of the United States, its citizens, and our allies through the pursuit of valid foreign intelligence targets only.”
  • The Danish and German operations appear to be associated with RAMPART-A because it is the only NSA cable-access initiative that depends on the cooperation of third-party partners. Other NSA operations tap cables without the consent or knowledge of the countries that host the cables, or are operated from within the United States with the assistance of American telecommunications companies that have international links. One secret NSA document notes that most of the RAMPART-A projects are operated by the partners “under the cover of an overt comsat effort,” suggesting that the tapping of the fiber-optic cables takes place at Cold War-era eavesdropping stations in the host countries, usually identifiable by their large white satellite dishes and radomes. A shortlist of other countries potentially involved in the RAMPART-A operation is contained in the Snowden archive. A classified presentation dated 2013, published recently in Intercept editor Glenn Greenwald’s book No Place To Hide, revealed that the NSA had top-secret spying agreements with 33 third-party countries, including Denmark, Germany, and 15 other European Union member states:
  • Paul Merrell on 20 Jun 14
     
    Don't miss the slide with the names of the NSA-partner nations. Lots of E.U. member nations.
Paul Merrell

Profiled From Radio to Porn, British Spies Track Web Users' Online Identities | Global ... - 0 views

www.globalresearch.ca/...5478246

surveillance state GCHQ Black-Hole Karma-Police

shared by Paul Merrell on 27 Sep 15 - No Cached
  • One system builds profiles showing people’s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps. The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens  all without a court order or judicial warrant.
  • The power of KARMA POLICE was illustrated in 2009, when GCHQ launched a top-secret operation to collect intelligence about people using the Internet to listen to radio shows. The agency used a sample of nearly 7 million metadata records, gathered over a period of three months, to observe the listening habits of more than 200,000 people across 185 countries, including the U.S., the U.K., Ireland, Canada, Mexico, Spain, the Netherlands, France, and Germany.
  • GCHQ’s documents indicate that the plans for KARMA POLICE were drawn up between 2007 and 2008. The system was designed to provide the agency with “either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet.” The origin of the surveillance system’s name is not discussed in the documents. But KARMA POLICE is also the name of a popular song released in 1997 by the Grammy Award-winning British band Radiohead, suggesting the spies may have been fans. A verse repeated throughout the hit song includes the lyric, “This is what you’ll get, when you mess with us.”
  • ...3 more annotations...
  • GCHQ vacuums up the website browsing histories using “probes” that tap into the international fiber-optic cables that transport Internet traffic across the world. A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events”  a term the agency uses to refer to metadata records  with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held  41 percent  was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it saidwould be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.” HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs.
  • The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
Paul Merrell

U.S. surveillance architecture includes collection of revealing Internet, phone metadat... - 0 views

www.washingtonpost.com/...2-b05f-3ea3f0e7bb5a_print.html

surveillance state NSA must-read pen-register

shared by Paul Merrell on 19 Jun 13 - No Cached
  • On March 12, 2004, acting attorney general James B. Comey and the Justice Department’s top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal. President George W. Bush backed down, halting secret foreign-intelligence-gathering operations that had crossed into domestic terrain. That morning marked the beginning of the end of STELLARWIND, the cover name for a set of four surveillance programs that brought Americans and American territory within the domain of the National Security Agency for the first time in decades. It was also a prelude to new legal structures that allowed Bush and then President Obama to reproduce each of those programs and expand their reach.What exactly STELLARWIND did has never been disclosed in an unclassified form. Which parts of it did Comey approve? Which did he shut down? What became of the programs when the crisis passed and Comey, now Obama’s expected nominee for FBI director, returned to private life?Authoritative new answers to those questions, drawing upon a classified NSA history of STELLARWIND and interviews with high-ranking intelligence officials, offer the clearest map yet of the Bush-era programs and the NSA’s contemporary U.S. operations.STELLARWIND was succeeded by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications, according to the interviews and documents.
  • Two of the four collection programs, one each for telephony and the Internet, process trillions of “metadata” records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY.The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called ­NUCLEON.For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.
  • The debate has focused on two of the four U.S.-based collection programs: PRISM, for Internet content, and the comprehensive collection of telephone call records, foreign and domestic, that the Guardian revealed by posting a classified order from the Foreign Intelligence Surveillance Court to Verizon Business Services.The Post has learned that similar orders have been renewed every three months for other large U.S. phone companies, including Bell South and AT&T, since May 24, 2006. On that day, the surveillance court made a fundamental shift in its approach to Section 215 of the Patriot Act, which permits the FBI to compel production of “business records” that are relevant to a particular terrorism investigation and to share those in some circumstances with the NSA. Henceforth, the court ruled, it would define the relevant business records as the entirety of a telephone company’s call database.The Bush administration, by then, had been taking “bulk metadata” from the phone companies under voluntary agreements for more than four years. The volume of information overwhelmed the MAINWAY database, according to a classified report from the NSA inspector general in 2009. The agency spent $146 million in supplemental counterterrorism funds to buy new hardware and contract support — and to make unspecified payments to the phone companies for “collaborative partnerships.”When the New York Times revealed the warrantless surveillance of voice calls, in December 2005, the telephone companies got nervous. One of them, unnamed in the report, approached the NSA with a request. Rather than volunteer the data, at a price, the “provider preferred to be compelled to do so by a court order,” the report said. Other companies followed suit. The surveillance court order that recast the meaning of business records “essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had” under Bush’s asserted authority alone.
  • ...3 more annotations...
  • Telephone metadata was not the issue that sparked a rebellion at the Justice Department, first by Jack Goldsmith of the Office of Legal Counsel and then by Comey, who was acting attorney general because John D. Ashcroft was in intensive care with acute gallstone pancreatitis. It was Internet metadata.At Bush’s direction, in orders prepared by David Addington, the counsel to Vice President Richard B. Cheney, the NSA had been siphoning e-mail metadata and technical records of Skype calls from data links owned by AT&T, Sprint and MCI, which later merged with Verizon.For reasons unspecified in the report, Goldsmith and Comey became convinced that Bush had no lawful authority to do that.MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls.The NSA calls Internet metadata “digital network information.” Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects. Depending on the methods applied, it can also expose medical conditions, political or religious affiliations, confidential business negotiations and extramarital affairs.What permits the former and prevents the latter is a complex set of policies that the public is not permitted to see.
  • In the urgent aftermath of Sept. 11, 2001, with more attacks thought to be imminent, analysts wanted to use “contact chaining” techniques to build what the NSA describes as network graphs of people who represented potential threats.The legal challenge for the NSA was that its practice of collecting high volumes of data from digital links did not seem to meet even the relatively low requirements of Bush’s authorization, which allowed collection of Internet metadata “for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States,” the NSA inspector general’s report said.Lawyers for the agency came up with an interpretation that said the NSA did not “acquire” the communications, a term with formal meaning in surveillance law, until analysts ran searches against it. The NSA could “obtain” metadata in bulk, they argued, without meeting the required standards for acquisition.Goldsmith and Comey did not buy that argument, and a high-ranking U.S. intelligence official said the NSA does not rely on it today.As soon as surveillance data “touches us, we’ve got it, whatever verbs you choose to use,” the official said in an interview. “We’re not saying there’s a magic formula that lets us have it without having it.”
  • When Comey finally ordered a stop to the program, Bush signed an order renewing it anyway. Comey, Goldsmith, FBI Director Robert S. Mueller III and most of the senior Bush appointees in the Justice Department began drafting letters of resignation.Then-NSA Director Michael V. Hayden was not among them. According to the inspector general’s classified report, Cheney’s lawyer, Addington, placed a phone call and “General Hayden had to decide whether NSA would execute the Authorization without the Attorney General’s signature.” He decided to go along.The following morning, when Mueller told Bush that he and Comey intended to resign, the president reversed himself.Three months later, on July 15, the secret surveillance court allowed the NSA to resume bulk collection under the court’s own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as “pen register, trap and trace,” that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line.
  • Paul Merrell on 19 Jun 13
     
    Note particularly the mention that the FISA Court decision to throw the doors open for government snooping was based on "pen register, trap and trace" law. As suspected, now we are into territory dealt with by the Supreme Court in the pre-internet days of 1979 In Smith v. Maryland, 442 U.S. 735 (1979), More about that next, in a bookmark also tagged with "pen-register".
Paul Merrell

Spy Tech Company 'Hacking Team' Gets Hacked | Motherboard - 0 views

motherboard.vice.com/...mpany-hacking-team-gets-hacked

surveillance-state Hacking-Team hacking-the-spies

shared by Paul Merrell on 06 Jul 15 - No Cached
  • Sometimes even the cops get robbed. The controversial Italian surveillance company Hacking Team, which sells spyware to governments all around the world, including agencies in Ethiopia, Morocco, the United Arab Emirates, as well as the US Drug Enforcement Administration, appears to have been seriously hacked. Hackers have made 500 GB of client files, contracts, financial documents, and internal emails, some as recent as 2015, publicly available for download. Hacking Team’s spokesperson Eric Rabe did not immediately respond to Motherboard’s calls and email asking for verification that the hacked information is legitimate. Without confirmation from the company itself, it’s difficult to know what percentage of the files are real—however, based on the sheer size of the breach and the information in the files, the hack appears to be authentic. What’s more, the unknown hackers announced their feat through Hacking Team’s own Twitter account.
  • he hackers composed the tweets as if they were written by Hacking Team. “Since we have nothing to hide, we're publishing all our e-mails, files, and source code,” the hackers wrote in a tweet, which included the link to around 500 Gb of files. The hackers also started tweeting a few samples of internal emails from the company. One of the screenshots shows an email dated 2014 from Hacking Team’s founder and CEO David Vincenzetti to another employee. In the email, titled “Yet another Citizen Lab attack,” Vincenzetti links to a report from the online digital rights research center Citizen Lab, at the University of Toronto’s Munk School of Global Affairs, which has exposed numerous cases of abuse from Hacking Team’s clients. Hacking Team has never revealed a list of its clients, and has always and repeatedly denied selling to sketchy governments, arguing that it has an internal procedure to address human rights concerns about prospective customers.
  • It’s unclear exactly how much the hackers got their hands on, but judging from the size of the files, it’s certainly a large collection of internal files. A source who asked to speak anonymously due to the sensitivity of the issue, told me that based on the file names and folders in the leak, the hackers who hit Hacking Team "got everything." A few hours after the initial hack, a list of alleged Hacking Team customers was posted on Pastebin. The list includes past and current customers. Among the most notable, there are a few that were previously unknown, such as the FBI, Chile, Australia, Spain, and Iraq, among others.
  • ...1 more annotation...
  • The breach on Hacking Team comes almost a year after another surveillance tech company, the competing FinFisher, was hacked in a similar way, with a hacker leaking 40 Gb of internal files. FinFisher, like Hacking Team, sells surveillance software to law enforcement agencies across the world. Their software, once surreptitiously installed on a target’s cell phone or computer, can be used to monitor the target’s communications, such as phone calls, text messages, Skype calls, or emails. Operators can also turn on the target’s webcam and exfiltrate files from the infected device.
Paul Merrell

Here Are All the Sketchy Government Agencies Buying Hacking Team's Spy Tech | Motherboard - 0 views

motherboard.vice.com/...-buying-hacking-teams-spy-tech

surveillance state Hacking-Team hacked

shared by Paul Merrell on 07 Jul 15 - No Cached
  • They say what goes around comes around, and there's perhaps nowhere that rings more true than in the world of government surveillance. Such was the case on Monday morning when Hacking Team, the Italian company known for selling electronic intrusion tools to police and federal agencies around the world, awoke to find that it had been hacked itself—big time—apparently exposing its complete client list, email spools, invoices, contracts, source code, and more. Those documents show that not only has the company been selling hacking tools to a long list of foreign governments with dubious human rights records, but it’s also establishing a nice customer base right here in the good old US of A. The cache, which sources told Motherboard is legitimate, contains more than 400 gigabytes of files, many of which confirm previous reports that the company has been selling industrial-grade surveillance software to authoritarian governments. Hacking Team is known in the surveillance world for its flagship hacking suite, Remote Control System (RCS) or Galileo, which allows its government and law enforcement clients to secretly install “implants” on remote machines that can steal private emails, record Skype calls, and even monitor targets through their computer's webcam. Hacking Team in North America
  • According to leaked contracts, invoices and an up-to-date list of customer subscriptions, Hacking Team’s clients—which the company has consistently refused to name—also include Kazakhstan, Azerbaijan, Oman, Saudi Arabia, Uzbekistan, Bahrain, Ethiopia, Nigeria, Sudan and many others. The list of names matches the findings of Citizen Lab, a research lab at the University of Toronto's Munk School of Global Affairs that previously found traces of Hacking Team on the computers of journalists and activists around the world. Last year, the Lab's researchers mapped out the worldwide collection infrastructure used by Hacking Team's customers to covertly transport stolen data, unveiling a massive network comprised of servers based in 21 countries. Reporters Without Borders later named the company one of the “Enemies of the Internet” in its annual report on government surveillance and censorship.
  • we’ve only scratched the surface of this massive leak, and it’s unclear how Hacking Team will recover from having its secrets spilling across the internet for all to see. In the meantime, the company is asking all customers to stop using its spyware—and likely preparing for the worst.
Paul Merrell

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide - The Intercept - 0 views

firstlook.org/...hacking-team

surveillance state Hacking-Team Remote-Control-System FinFisher

shared by Paul Merrell on 31 Oct 14 - No Cached
  • When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept. We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”
  • The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.
Paul Merrell

Leaked docs show spyware used to snoop on US computers | Ars Technica - 0 views

arstechnica.com/...-used-to-snoop-on-us-computers

surveillance state Gamma-Group FinFisher zero-day-exploits Vupen-Security MSOffice MSIE Acrobat

shared by Paul Merrell on 10 Aug 14 - No Cached
  • Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
  • The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists, and activist groups. The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday. The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.
  • The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones. A price list included in the trove lists a license of the software at almost $4 million. The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer "exploits." Exploits include techniques called "zero days" for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more." Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.
  • ...2 more annotations...
  • Many of Gamma's product brochures have previously been published by the Wall Street Journal and Wikileaks, but the latest trove shows how the products are getting more sophisticated. In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user's machine, and found that it could not be blocked by most antivirus software. Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker.
  • The documents also describe a "country-wide" surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target's computer. The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak. On Reddit, a user called PhineasFisher claimed responsibility for the leak. "Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents," the user wrote. The name on the @GammaGroupPR Twitter account is also "Phineas Fisher." GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company's malware was used to target activists in Bahrain. In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.
1 - 20 of 23 Next ›
Showing 20 items per page