Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged Vodafone

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Vodafone reveals existence of secret wires that allow state surveillance | Business | T... - 0 views

www.theguardian.com/...es-allowing-state-surveillance

surveillance state non-U.S.-spy-agencies Vodafone

shared by Paul Merrell on 07 Jun 14 - No Cached
  • Vodafone, one of the world's largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond.The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday. At 40,000 words, it is the most comprehensive survey yet of how governments monitor the conversations and whereabouts of their people.The company said wires had been connected directly to its network and those of other telecoms groups, allowing agencies to listen to or record live conversations and, in certain cases, track the whereabouts of a customer. Privacy campaigners said the revelations were a "nightmare scenario" that confirmed their worst fears on the extent of snooping.
  • Vodafone's group privacy officer, Stephen Deadman, said: "These pipes exist, the direct access model exists."We are making a call to end direct access as a means of government agencies obtaining people's communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used."Vodafone is calling for all direct-access pipes to be disconnected, and for the laws that make them legal to be amended. It says governments should "discourage agencies and authorities from seeking direct access to an operator's communications infrastructure without a lawful mandate".
  • Peter Micek, policy counsel at the campaign group Access, said: "In a sector that has historically been quiet about how it facilitates government access to user data, Vodafone has for the first time shone a bright light on the challenges of a global telecom giant, giving users a greater understanding of the demands governments make of telcos. Vodafone's report also highlights how few governments issue any transparency reports, with little to no information about the number of wiretaps, cell site tower dumps, and other invasive surveillance practices."
  • ...2 more annotations...
  • In America, Verizon and AT&T have published data, but only on their domestic operations. Deutsche Telekom in Germany and Telstra in Australia have also broken ground at home. Vodafone is the first to produce a global survey.
  • Snowden, the National Security Agency whistleblower, joined Google, Reddit, Mozilla and other tech firms and privacy groups on Thursday to call for a strengthening of privacy rights online in a "Reset the net" campaign.Twelve months after revelations about the scale of the US government's surveillance programs were first published in the Guardian and the Washington Post, Snowden said: "One year ago, we learned that the internet is under surveillance, and our activities are being monitored to create permanent records of our private lives – no matter how innocent or ordinary those lives might be. Today, we can begin the work of effectively shutting down the collection of our online communications, even if the US Congress fails to do the same."
  • Paul Merrell on 07 Jun 14
     
    The Vodafone disclosures will undoubtedly have a very large ripple effect. Note carefully that this is the first major telephone service in the world to break ranks with the others and come out swinging at secret government voyeur agencies. Will others follow. If you follow the links to the Vodafone report, you'll find a very handy big PDF providing an overview of the relevant laws in each of the customer nations. There's a cute Guardian table that shows the aggregate number of warrants for interception of content via Vodafone for each of those nations, broken down by content type. That table has white-on-black cells noting where disclosure of those types of surveillance statistics are prohibited by law. So it is far from a complete picture, but it's a heck of a good start.  But several of those customer nations are members of the E.U., where digital privacy rights are enshrined as human rights under an EU-wide treaty. So expect some heat to roll downhill on those nations from the European treaty organizations, particularly the European Court of Human Rights, staffed with civil libertarian judges, from which there is no appeal.     
Paul Merrell

Deutsche Telekom to follow Vodafone in revealing surveillance | World news | The Guardian - 0 views

www.theguardian.com/...-also-reveal-surveillance-data

surveillance state NSA-reform Deutsche-Delekom Vodafone

shared by Paul Merrell on 08 Jun 14 - No Cached
  • Germany's biggest telecoms company is to follow Vodafone in disclosing for the first time the number of surveillance requests it receives from governments around the world.Deutsche Telekom, which owns half of Britain's EE mobile network and operates in 14 countries including the US, Spain and Poland, has already published surveillance data for its home nation – one of the countries that have reacted most angrily to the Edward Snowden revelations. In the wake of Vodafone's disclosures, first published in the Guardian on Friday, it announced that it would extend its disclosures to every other market where it operates and where it is legal.A spokeswoman for Deutsche Telekom, which has 140 million customers worldwide, said: "Deutsche Telekom has initially focused on Germany when it comes to disclosure of government requests. We are currently checking if and to what extent our national companies can disclose information. We intend to publish something similar to Vodafone."
  • Bosses of the world's biggest mobile networks, many of which have headquarters in Europe, are gathering for an industry conference in Shanghai this weekend, and the debate is expected to centre on whether they should join Deutsche and Vodafone in using transparency to push back against the use of their technology for government surveillance.Mobile companies, unlike social networks, cannot operate without a government-issued licence, and have previously been reluctant to discuss the extent of their cooperation with national security and law enforcement agencies.But Vodafone broke cover on Friday by confirming that in around half a dozen of the markets in which it operates, governments in Europe and outside have installed their own secret listening equipment on its network and those of other operators.
  • Paul Merrell on 08 Jun 14
     
    Looks like Vodafone broke a government transparency logjam on government surveillance via digital communications, as to disclosure of raw totals of search warrants by nations other than the U.S. 
Paul Merrell

Vodafone-Linked Company Aided British Mass Surveillance - The Intercept - 0 views

firstlook.org/...fone-surveillance-gchq-snowden

surveillance state GCHQ telecoms undersea-cables

shared by Paul Merrell on 25 Nov 14 - No Cached
  • They flow deep underneath the Atlantic Ocean and into the United Kingdom below the golden sands of idyllic beaches. But the internet cables that come ashore at the coast of Cornwall, England, are not just used to connect the country with the rest of the world. According to new reports based on documents from National Security Agency whistleblower Edward Snowden, the cables have become an integral part of the global mass surveillance system operated by the British spy agency Government Communications Headquarters, intimately assisted by a company now owned by Vodafone, the world’s third largest cellphone network provider.
  • The latest details about the extent of the spying were revealed on Thursday by the British Channel 4 News, the German newspaper Süddeutsche Zeitung, and the German broadcaster WDR, who worked in partnership with Intercept founding editor Laura Poitras. The Intercept obtained a preview of the revelations in advance of their publication. According to the reports, British telecommunications firms have helped GCHQ dramatically scale-up the volume of internet data it collects from undersea cables. In the five years leading up to 2012, there was a 7,000-fold increase in the amount of data the agency was sweeping up, with its computers monitoring some 46 billion private communications “events” every day, according to documents cited in the reports. The data swept up from the cables would include content from emails, online messages, browsing sessions, and calls made using internet chat tools.
  • British telecommunications company Cable & Wireless played a leading role in the secret cable tapping operation, according to the reports, and the collaboration appears to have gone further than simply complying with the law in helping implement the surveillance. The company provided GCHQ with updates on opportunities it could give the agency to tap into internet traffic, and in February 2009 a GCHQ employee was assigned to work within Cable & Wireless in a “full-time project management” role. The British government paid Cable & Wireless more than £5 million ($9 million) of taxpayers’ money as part of an annual lease for GCHQ to access the cables. The agency described the company a “partner” and designated it the codename Gerontic.
  • ...1 more annotation...
  • According to the reports, Cable & Wireless also appears to have helped GCHQ obtain data from a rival foreign communications company, India’s Reliance Communications, enabling the spies to sweep up communications sent by millions of internet users worldwide through a Reliance-owned cable that stretches from England across Asia and the Middle East. This so-called “access point” for GCHQ was named Nigella and located near an agency surveillance base in Bude, Cornwall (pictured above). Reliance did not respond to a request for comment. In July 2012, the multinational phone company Vodafone bought Cable & Wireless for about $1.5 billion. The documents indicate that the Nigella surveillance access point remained active as of April 2013. Vodafone said in a statement that it complies with the law and does not give “direct access” to its cables. The company says it is compelled to provide certain access to data based on warrants issued by the government.
Paul Merrell

UK spy base GCHQ tapped Irish internet cables - 0 views

www.irishtimes.com/...rish-internet-cables-1.2019492

surveillance-state GCHQ NSA-targets-Ireland telecom-cables

shared by Paul Merrell on 02 Dec 14 - No Cached
  • New documents released this week via the National Security Agency whistleblower Edward Snowden outline how Irish subsea telecommunications cables have been targeted by British intelligence. The documents detail a whole series of underwater cables – essentially the backbone that connects Ireland to the globe – that are being tapped. A document titled “Partner Cables” list the cables that Britain’s Government Communications Headquarters (GCHQ) has accessed or sought to access. The commercial owners of the cables are identified by codenames.
  • The cables include the Solas undersea cable, which extends from the Wexford coast to southern Wales. The owner of the cable is listed as “GERONTIC”, the password for Cable & Wireless, which is now part of Vodafone. The method of access is described as “DCO” or Direct Cable Ownership.
  • British intelligence also access the Hibernia cable, which connects Ireland to the US and Canada from Dublin to Halifax, Nova Scotia. It loops to the UK via Southport, on the other side of the Irish Sea. It is listed as a cable to which GCHQ does not “currently have good access”. According to the documents, the only providers assisting GCHQ with access to the Hibernia cable are called “VITREOUS” and “LITTLE”. They provide what’s called IRU/LC or “Indefeasible Rights of Use/Lit Capacity” access. An Irish company linked to the VITREOUS codename last night denied involvement.
  • ...2 more annotations...
  • A cable called ESAT 1, which goes from Kilmore Quay in Wexford and lands at Sennen Cove in Cornwall, is on the list, as is ESAT2, another cable that runs from Sandymount in Dublin to Southport, north of Liverpool in the UK. The German newspaper Süddeutsche Zeitung released the documents as part of its report on a new cache of documents from Mr Snowden. It focused on how telecom firm Cable & Wireless, which was acquired by Vodafone in 2012, “played a key role in establishing one of the Government Communications Headquarters’ (GCHQ) most controversial surveillance programmes”.
  • The newspaper said that according to the documents, Cable & Wireless “actively shaped and provided the most data to GCHQ mass surveillance programmes, and received millions of pounds in compensation”.Vodafone says it does not go beyond what is required under the law when responding to demands from any agency for access to customer data. Telecommunications companies can be legally compelled to co-operate with intelligence agencies in providing access to cables and also forbidden to disclose their involvement.
Paul Merrell

Vodafone Law Enforcement Report - 0 views

www.vodafone.com/...country_by_country.html

surveillance state non-U.S.-spy-agencies Vodafone research-resources

shared by Paul Merrell on 07 Jun 14 - No Cached
  • As explained earlier in this report, Vodafone’s global business consists largely of a group of separate subsidiary companies, each of which operates under the terms of a licence or other authorisation issued by the government of the country in which the subsidiary is located, and each of which is subject to the domestic laws of that country. In this section of the report, we provide a country-by-country insight into the nature of the local legal regime governing law enforcement assistance, together with an indication of the volume of each country’s agency and authority demands wherever that information is available and publication is not prohibited. In addition, a summary of some of the most relevant legal powers in each of our countries of operation can be found in our legal Annexe (pdf, 1.76 MB).
Paul Merrell

REVEALED: GCHQ's BEYOND TOP SECRET Middle Eastern INTERNET SPY BASE * The Register - 0 views

www.theregister.co.uk/...e_middleeast_internet_spy_base

surveillance-state GCHQ Snowden El-Reg Seeb

shared by Paul Merrell on 06 Jun 14 - No Cached
  • Exclusive Above-top-secret details of Britain’s covert surveillance programme - including the location of a clandestine British base tapping undersea cables in the Middle East - have so far remained secret, despite being leaked by fugitive NSA sysadmin Edward Snowden. Government pressure has meant that some media organisations, despite being in possession of these facts, have declined to reveal them. Today, however, the Register publishes them in full.The secret British spy base is part of a programme codenamed “CIRCUIT” and also referred to as Overseas Processing Centre 1 (OPC-1). It is located at Seeb, on the northern coast of Oman, where it taps in to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf. Seeb is one of a three site GCHQ network in Oman, at locations codenamed “TIMPANI”, “GUITAR” and “CLARINET”. TIMPANI, near the Strait of Hormuz, can monitor Iraqi communications. CLARINET, in the south of Oman, is strategically close to Yemen. British national telco BT, referred to within GCHQ and the American NSA under the ultra-classified codename “REMEDY”, and Vodafone Cable (which owns the former Cable & Wireless company, aka “GERONTIC”) are the two top earners of secret GCHQ payments running into tens of millions of pounds annually.
  • The actual locations of such codenamed “access points” into the worldwide cable backbone are classified 3 levels above Top Secret and labelled “Strap 3”. The true identities of the companies hidden behind codenames such as “REMEDY”, “GERONTIC”, “STREETCAR” or “PINNAGE” are classified one level below this, at “Strap 2”.After these details were withheld, the government opted not to move against the Guardian newspaper last year for publishing above-top-secret information at the lower level designated “Strap 1”. This included details of the billion-pound interception storage system, Project TEMPORA, which were revealed in 2013 and which have triggered Parliamentary enquiries in Britain and Europe, and cases at the European Court of Human Rights. The Guardian was forced to destroy hard drives of leaked information to prevent political embarrassment over extensive commercial arrangements with these and other telecommunications companies who have secretly agreed to tap their own and their customers’ or partners’ overseas cables for the intelligence agency GCHQ. Intelligence chiefs also wished to conceal the identities of countries helping GCHQ and its US partner the NSA by sharing information or providing facilities
  • According to documents revealed by Edward Snowden to journalists including Glenn Greenwald among others, the intelligence agency annually pays selected companies tens of millions of pounds to run secret teams which install hidden connections which copy customers' data and messages to the spooks’ processing centres. The GCHQ-contracted companies also install optical fibre taps or “probes” into equipment belonging to other companies without their knowledge or consent. Within GCHQ, each company has a special section called a “Sensitive Relationship Team” or SRT.BT and Vodafone/C&W also operate extensive long distance optical fibre communications networks throughout the UK, installed and paid for by GCHQ, NSA, or by a third and little known UK intelligence support organization called the National Technical Assistance Centre (NTAC).
  • Paul Merrell on 06 Jun 14
     
    Report on GCHQ documents that The Guardian had agreed not to write about. Nice picture of the secret Seeb base.
Paul Merrell

Kurdish TAK Claim Responsibility for Istanbul Bombings - Timed for a Constitutional Cou... - 0 views

nsnbc.me/...imed-for-a-constitutional-coup

Turkey bombing TAK false-flag U.S.-foreign-policy NATO Gladio

shared by Paul Merrell on 11 Dec 16 - No Cached
  • The Kurdistan Freedom Hawks (TAK) claimed responsibility for the twin bomb attack near Istanbul’s Beşiktas’s Vodafone Arena Stadium that killed 38 people and wounded 166 Saturday night. The TAK, a PKK offshoot is believed to be infiltrated and at least in part handled by Turkish and NATO intelligence. The bombings happened as a drat resolution for sweeping constitutional change was presented in parliament and as the U.S. declared its solidarity with Turkey in its fight against the PKK.
  • The Kurdistan Freedom Hawks (TAK) published a claim of responsibility for the deadly twin bombing in Istanbul Saturday night. The TAK mentions several reasons for the bombing; among the primary ones is the continued imprisonment of Kurdistan Worker’s Party (PKK) leader Abdullah Öcalan. The TAK split off from the PKK in the early 200os. The organization has no more than about 200 – 300 armed members. Most objective political analysts and intelligence analysts consider the TAK to be an organization that, at the very least, has been deeply infiltrated by, and one that is at the very least in part managed by Turkish and NATO intelligence structures. The TAK are notorious for carrying out low-cost, high-public-profile attacks that result in support for otherwise controversial Turkish government or NATO policies. The TAKs strategy, including attacks on non-combatant civilians, is largely inconsistent with the policy and the strategy of the PKK. The latter primarily launches guerrilla attacks against military targets.
  • The twin bombings in Istanbul happened not long after Turkey’s ruling Justice and Development Party, (AKP), submitted a 21-article draft for a constitutional amendment in parliament. The proposal aims at abolishing the post of the prime minister and to institute a presidential system instead. The proposed system will vastly enhance the powers for the head of state. An agreement between the AKP and the Nationalist Movement Party (MHP) has been reached while the CHP opposes it “somewhat” and the leftist pro-Kurdistan peace HDP opposes it fully. The draft constitutional amendment was submitted to the parliamentary speaker on Dec. 10, one day prior to the bombings in Istanbul. It is widely believed to be adopted by parliament after the mandatory readings. The draft proposes granting the president the authority to issue decree laws, declare a state of emergency, rule the country with resolutions during states of emergency, appoint public officials and half of the top judges. If the bill passes parliament, may be submitted for a public referendum, although it is questionable whether such a referendum would even be considered valid while the country still maintains a state of emergency and numerous HDP members, including members of parliament and Mayors are jailed or otherwise persecuted. The draft proposes a one-chamber parliament and stresses the country’s unitary system that implicitly rejects a republican model or regional autonomy for Kurdish areas. Peace negotiations between the Turkish AKP government and the PKK during the ceasefire that was unilaterally ended by the government last year, had led the PKK to drop its demand for aa separate Kurdish State in exchange for forms of regional autonomy and cultural self-determination in predominantly Kurdish areas.
  • ...1 more annotation...
  • The proposed constitutional change was met by substantial public criticism – until the “Kurdistan Freedom Hawks” distracted from the discourse by exploding two bombs in Istanbul. Instead of discussions about and protests against what is widely perceived as the attempt to implement a semi-dictatorial presidential system, the AKP, the MHP and associated organizations are now calling for mass rallies against terror (Kurds), and national unity.
Gary Edwards

Is The US Using Prism To Engage In Commercial Espionage Against Germany And Others? | T... - 1 views

www.techdirt.com/...e-against-germany-others.shtml

NSA-Patriot-Act-NDAA

shared by Gary Edwards on 07 Aug 13 - No Cached
  • Gary Edwards on 07 Aug 13
     
    Meanwhile, illegal NSA spying is expected to cost USA Cloud Computing companies $35 Billion in lost sales and services. "whistleblower Edward Snowden worked for the CIA, rather than the NSA. Here's the original text in the Guardian: By 2007, the CIA stationed him with diplomatic cover in Geneva, Switzerland. His responsibility for maintaining computer network security meant he had clearance to access a wide array of classified documents. That access, along with the almost three years he spent around CIA officers, led him to begin seriously questioning the rightness of what he saw. He described as formative an incident in which he claimed CIA operatives were attempting to recruit a Swiss banker to obtain secret banking information. Snowden said they achieved this by purposely getting the banker drunk and encouraging him to drive home in his car. When the banker was arrested for drunk driving, the undercover agent seeking to befriend him offered to help, and a bond was formed that led to successful recruitment. In that quotation, there's the nugget of information that the CIA was not targeting terrorists on this occasion, at least not directly, but "attempting to recruit a Swiss banker to obtain secret banking information". That raises an interesting possibility for the heightened interest in Germany, as revealed by Boundless Informant. Given that the NSA is gathering information on a large scale -- even though we don't know exactly how large -- it's inevitable that some of that data will include sensitive information about business activities in foreign countries. That could be very handy for US companies seeking to gain a competitive advantage, and it's not hard to imagine the NSA passing it on in a suitably discreet way. Germany is known as the industrial and economic powerhouse of Europe, so it would make sense to keep a particularly close eye on what people are doing there -- especially if those people happen to work in companies that compete with US firms.
  • Paul Merrell on 08 Aug 13
     
    Closely related: see http://www.theguardian.com/business/2013/aug/02/telecoms-bt-vodafone-cables-gchq (,) an article on British telecom's collaboration with wiretapping by the UK's counterpart to the NSA, GCHQ. According to an inside source: "The source said analysts used four criteria for determining what was examined: security, terror, organised crime and Britain's economic wellbeing." I also recall that years ago during the furor over the Echelon system, an EU Parliament investigation had concluded that there were concrete instances of commercial intelligence being passed on by NSA to American companies. Specifically, I recall a finding that during development of the AirBus, details of its design had been intercepted by NSA and passed on to Boeing. There was testimony received that more generically discussed the types of economic surveillance conducted. http://cryptome.org/echelon-nh.htm (page search for "economic"). The same researcher stressed that in public statements: "Those targets like terrorism and weapons transport are used as a cover for the traditional areas of spying, the predominant areas of spying, which are political, diplomatic, economic and military."
Paul Merrell

NSA could have accessed Google, Yahoo data through private cable provider - RT USA - 0 views

rt.com/...nsa-snowden-level3-cable-336

surveillance state NSA Google Yahoo wiretap Level3

shared by Paul Merrell on 27 Nov 13 - No Cached
  • A new analysis of the National Security Agency’s covert eavesdropping operations suggests the private American company that supplies the likes of Google and Yahoo with fiber optic cables might have allowed the NSA to infiltrate those networks. Reporters at the New York Times wrote this week that Level 3 Communications — the Colorado-based internet company that manages online traffic for much of North America, Latin America and Europe — is likely responsible for letting the NSA and its British counterpart silently collect troves of sensitive data from the biggest firms on the web.
  • Nearly one month later, an article published this Monday by Nicole Perlroth and John Markoff at the Times says those interception points could have been approved by Level 3, who owns the cable infrastructure that the majority of America’s web traffic travels through. “People knowledgeable about Google and Yahoo’s infrastructure say they believe that government spies bypassed the big Internet companies and hit them at a weak spot — the fiber-optic cables that connect data centers around the world that are owned by companies like Verizon Communications, the BT Group, the Vodafone Group and Level 3 Communications,” Perlroth and Markoff wrote. “In particular, fingers have been pointed at Level 3, the world’s largest so-called Internet backbone provider, whose cables are used by Google and Yahoo.”
  • In a financial report made by the company and obtained by the paper, however, Level 3 is revealed to have much more of a relationship with the government then one that just involves the occasional compliance order. According to that report, the company announced, “We are party to an agreement with the US Departments of Homeland Security, Justice and Defense addressing the US government’s national security and law enforcement concerns. This agreement imposes significant requirements on us related to information storage and management; traffic management; physical, logical and network security arrangements; personnel screening and training and other matters.”
  • ...1 more annotation...
  • When news of the eavesdropping operation surfaced last month, Christopher Soghoian, a technologist at the American Civil Liberties Union, speculated on Twitter that if Level 3 indeed allowed the government to tap its cables, they’d likely not be covered by the same legal protections in the Foreign Intelligence Surveillance Act, or FISA, that let feds conduct widespread surveillance over private companies’ data. If Level 3 voluntarily let NSA/GCHQ tap Google's data, the immunity available via FISA 702 orders won't apply and they can be sued.
Paul Merrell

Operation AURORAGOLD: How the NSA Hacks Cellphone Networks Worldwide - 0 views

firstlook.org/...nsa-auroragold-hack-cellphones

surveillance state NSA NSA-methods cell-network-penetration AURORAGOLD

shared by Paul Merrell on 06 Dec 14 - No Cached
  • In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.
  • According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.
  • Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.
  • ...11 more annotations...
  • “Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming. “Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”
  • The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”
  • The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.
  • By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices. The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.
  • The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.” Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.” The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.” The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.
  • One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries. The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone. The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.
  • Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3. The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption. In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)
  • The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.
  • The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had already found ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries. The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback. According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.
  • Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.” “NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.
  • Documents published with this article: AURORAGOLD – Project Overview AURORAGOLD Working Group IR.21 – A Technology Warning Mechanism AURORAGOLD – Target Technology Trends Center support to WPMO NSA First-Ever Collect of High-Interest 4G Cellular Signal AURORAGOLD Working Aid WOLFRAMITE Encryption Attack OPULENT PUP Encryption Attack NSA/GCHQ/CSEC Network Tradecraft Advancement Team
  • Paul Merrell on 06 Dec 14
     
    Notice that they've cracked even 4G.
Paul Merrell

European Lawmakers Demand Answers on Phone Key Theft - The Intercept - 0 views

firstlook.org/...gemalto-heist-shocks-europe

surveillance state Gemalto SIM-card-keys

shared by Paul Merrell on 24 Feb 15 - No Cached
  • European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday. The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys. The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities.” “Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal. Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”
  • “If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday. The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said. Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request. Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.
  • According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year. The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boasted in a leaked slide, referring to the Gemalto heist.
  • ...4 more annotations...
  • While Gemalto was indeed another casualty in Western governments’ sweeping effort to gather as much global intelligence advantage as possible, the leaked documents make clear that the company was specifically targeted. According to the materials published Thursday, GCHQ used a specific codename — DAPINO GAMMA — to refer to the operations against Gemalto. The spies also actively penetrated the email and social media accounts of Gemalto employees across the world in an effort to steal the company’s encryption keys. Evidence of the Gemalto breach rattled the digital security community. “Almost everyone in the world carries cell phones and this is an unprecedented mass attack on the privacy of citizens worldwide,” said Greg Nojeim, senior counsel at the Center for Democracy & Technology, a non-profit that advocates for digital privacy and free online expression. “While there is certainly value in targeted surveillance of cell phone communications, this coordinated subversion of the trusted technical security infrastructure of cell phones means the US and British governments now have easy access to our mobile communications.”
  • For Gemalto, evidence that their vaunted security systems and the privacy of customers had been compromised by the world’s top spy agencies made an immediate financial impact. The company’s shares took a dive on the Paris bourse Friday, falling $500 million. In the U.S., Gemalto’s shares fell as much 10 percent Friday morning. They had recovered somewhat — down 4 percent — by the close of trading on the Euronext stock exchange. Analysts at Dutch financial services company Rabobank speculated in a research note that Gemalto could be forced to recall “a large number” of SIM cards. The French daily L’Express noted today that Gemalto board member Alex Mandl was a founding trustee of the CIA-funded venture capital firm In-Q-Tel. Mandl resigned from In-Q-Tel’s board in 2002, when he was appointed CEO of Gemplus, which later merged with another company to become Gemalto. But the CIA connection still dogged Mandl, with the French press regularly insinuating that American spies could infiltrate the company. In 2003, a group of French lawmakers tried unsuccessfully to create a commission to investigate Gemplus’s ties to the CIA and its implications for the security of SIM cards. Mandl, an Austrian-American businessman who was once a top executive at AT&T, has denied that he had any relationship with the CIA beyond In-Q-Tel. In 2002, he said he did not even have a security clearance.
  • AT&T, T-Mobile and Verizon could not be reached for comment Friday. Sprint declined to comment. Vodafone, the world’s second largest telecom provider by subscribers and a customer of Gemalto, said in a statement, “[W]e have no further details of these allegations which are industrywide in nature and are not focused on any one mobile operator. We will support industry bodies and Gemalto in their investigations.” Deutsche Telekom AG, a German company, said it has changed encryption algorithms in its Gemalto SIM cards. “We currently have no knowledge that this additional protection mechanism has been compromised,” the company said in a statement. “However, we cannot rule out this completely.”
  • Update: Asked about the SIM card heist, White House press secretary Josh Earnest said he did not expect the news would hurt relations with the tech industry: “It’s hard for me to imagine that there are a lot of technology executives that are out there that are in a position of saying that they hope that people who wish harm to this country will be able to use their technology to do so. So, I do think in fact that there are opportunities for the private sector and the federal government to coordinate and to cooperate on these efforts, both to keep the country safe, but also to protect our civil liberties.”
  • Paul Merrell on 24 Feb 15
     
    Watch for massive class action product defect litigation to be filed against the phone companies.and mobile device manufacturers.  In most U.S. jurisdictions, proof that the vendors/manufacturers  knew of the product defect is not required, only proof of the defect. Also, this is a golden opportunity for anyone who wants to get out of a pricey cellphone contract, since providing a compromised cellphone is a material breach of warranty, whether explicit or implied..   
Gary Edwards

Reinventing Banking: From Russia to Iceland to Ecuador - 1 views

www.counterpunch.org/...m-russia-to-iceland-to-ecuador

Banksters

shared by Gary Edwards on 12 Dec 15 - No Cached
  • Global developments in finance and geopolitics are prompting a rethinking of the structure of banking and of the nature of money itself. Among other interesting news items: * In Russia, vulnerability to Western sanctions has led to proposals for a banking system that is not only independent of the West but is based on different design principles. * In Iceland, the booms and busts culminating in the banking crisis of 2008-09 have prompted lawmakers to consider a plan to remove the power to create money from private banks. * In Ireland, Iceland and the UK, a recession-induced shortage of local credit has prompted proposals for a system of public interest banks on the model of the Sparkassen of Germany. * In Ecuador, the central bank is responding to a shortage of US dollars (the official Ecuadorian currency) by issuing digital dollars through accounts to which everyone has access, effectively making it a bank of the people.
  • A major concern with stripping private banks of the power to create money as deposits when they make loans is that it will seriously reduce the availability of credit in an already sluggish economy. One solution is to make the banks, or some of them, public institutions. They would still be creating money when they made loans, but it would be as agents of the government; and the profits would be available for public use, on the model of the US Bank of North Dakota and the German Sparkassen (public savings banks). In Ireland, three political parties – Sinn Fein, the Green Party and Renua Ireland (a new party) — are now supporting initiatives for a network of local publicly-owned banks on the Sparkassen model. In the UK, the New Economy Foundation (NEF) is proposing that the failed Royal Bank of Scotland be transformed into a network of public interest banks on that model. And in Iceland, public banking is part of the platform of a new political party called the Dawn Party.
  • Particularly interesting is a proposal to provide targeted lending for businesses and industries by providing them with low-interest loans at 1-4 percent, financed through the central bank with quantitative easing (digital money creation). The proposal is to issue 20 trillion rubles for this purpose over a five year period. Using quantitative easing for economic development mirrors the proposal of UK Labour Leader Jeremy Corbin for “quantitative easing for people.”
  • ...8 more annotations...
  • William Engdahl concludes that Russia is in “a fascinating process of rethinking every aspect of her national economic survival because of the reality of the western attacks,” one that “could produce a very healthy transformation away from the deadly defects” of the current banking model.
  • Iceland’s Radical Money Plan Iceland, too, is looking at a radical transformation of its money system, after suffering the crushing boom/bust cycle of the private banking model that bankrupted its largest banks in 2008. According to a March 2015 article in the UK Telegraph: Iceland’s government is considering a revolutionary monetary proposal – removing the power of commercial banks to create money and handing it to the central bank. The proposal, which would be a turnaround in the history of modern finance, was part of a report written by a lawmaker from the ruling centrist Progress Party, Frosti Sigurjonsson, entitled “A better monetary system for Iceland”.
  • Under this “Sovereign Money” proposal, the country’s central bank would become the only creator of money. Banks would continue to manage accounts and payments and would serve as intermediaries between savers and lenders. The proposal is a variant of the Chicago Plan promoted by Kumhof and Benes of the IMF and the Positive Money group in the UK.
  • Ever since 2000, when Ecuador agreed to use the US dollar as its official legal tender, it has had to ship boatloads of paper dollars into the country just to conduct trade. In order to “seek efficiency in payment systems [and] to promote and contribute to the economic stability of the country,” the government of President Rafael Correa has therefore established the world’s first national digitally-issued currency.
  • Unlike Bitcoin and similar private crypto-currencies (which have been outlawed in the country), Ecuador’s dinero electronico is operated and backed by the government. The Ecuadorian digital currency is less like Bitcoin than like M-Pesa, a private mobile phone-based money transfer service started by Vodafone, which has generated a “mobile money” revolution in Kenya.
  • According to a National Assembly statement: Electronic money will stimulate the economy; it will be possible to attract more Ecuadorian citizens, especially those who do not have checking or savings accounts and credit cards alone. The electronic currency will be backed by the assets of the Central Bank of Ecuador.
  • That means there is no fear of the bank going bankrupt or of bank runs or bail-ins. Nor can the digital currency be devalued by speculative short selling. The government has declared that these are digital US dollars trading at 1 to 1 – take it or leave it – and the people are taking it. According to an October 2015 article titled “
  • Banking Moves into the 21st Century The catastrophic failures of the Western banking system mandate a new vision. These transformations, current and proposed, are constructive steps toward streamlining the banking system, eliminating the risks that have devastated individuals and governments, democratizing money, and promoting sustainable and prosperous economies.
  • Gary Edwards on 16 Dec 15
     
    Excellent article on banking, lending, and currency reform initiatives.  Thanks to Marbux!
1 - 12 of 12
Showing 20 items per page