Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged cellphone

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Operation AURORAGOLD: How the NSA Hacks Cellphone Networks Worldwide - 0 views

firstlook.org/...nsa-auroragold-hack-cellphones

surveillance state NSA NSA-methods cell-network-penetration AURORAGOLD

shared by Paul Merrell on 06 Dec 14 - No Cached
  • In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.
  • According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.
  • Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.
  • ...11 more annotations...
  • “Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming. “Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”
  • The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”
  • The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.
  • By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices. The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.
  • The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.” Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.” The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.” The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.
  • One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries. The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone. The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.
  • Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3. The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption. In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)
  • The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.
  • The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had already found ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries. The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback. According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.
  • Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.” “NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.
  • Documents published with this article: AURORAGOLD – Project Overview AURORAGOLD Working Group IR.21 – A Technology Warning Mechanism AURORAGOLD – Target Technology Trends Center support to WPMO NSA First-Ever Collect of High-Interest 4G Cellular Signal AURORAGOLD Working Aid WOLFRAMITE Encryption Attack OPULENT PUP Encryption Attack NSA/GCHQ/CSEC Network Tradecraft Advancement Team
  • Paul Merrell on 06 Dec 14
     
    Notice that they've cracked even 4G.
Paul Merrell

Court to rule on cellphone privacy : SCOTUSblog - 0 views

www.scotusblog.com/...t-to-rule-on-cellphone-privacy

surveillance state constitutional law 4th Amendment cellphone privacy

shared by Paul Merrell on 18 Jan 14 - No Cached
  • Moving into another conflict between technology and privacy, the Supreme Court agreed on Friday afternoon to rule on police authority to search the contents of a cellphone they take from an individual they have arrested.  The Court accepted for review a state case and a federal case, involving differing versions of hand-held telephone capacity.
  • Both of the new cases on cellphone privacy involve the authority of police, who do not have a search warrant, to examine the data that is stored on a cellphone taken from a suspect at the time of arrest.  The two cases span the advance in technology of cellphones:  the government case, Wurie, involves the kind of device that is now considered old-fashioned — the simple flip phone.  The Riley case involves the more sophisticated type of device, which functions literally as a hand-held computer, capable of containing a great deal more personal information. The state case involves a San Diego man, David Leon Riley, convicted of shooting at an occupied vehicle, attempted murder, and assault with a semi-automatic weapon.  Riley was not arrested at the time of the shooting incident in August 2009; instead, he was arrested later, after he was stopped for driving with expired license plates.   Police seized the cellphone he was carrying at the time of his arrest, and twice examined its contents, without a warrant. The data turned up evidence identifying him as a gang member out to kill members of a rival gang.  Other contents included a photo of him with a red car seen at the shooting site.  Police were then able to trace calls, leading to a trail of evidence pointing to Riley as a participant in the shooting.  No one positively identified him, but the data from the cellphone search was put before the jury, which convicted him of all three counts.  He has been sentenced to fifteen years to life in prison.
  • Riley’s petition had posed a general question about whether the Fourth Amendment allowed police without a warrant to search “the digital contents of an individual’s cellphone seized from the person at the time of arrest.”  In granting review, the Court said it would only rule on this issue: “Whether evidence admitted at [his] trial was obtained in a search of [his] cellphone that violated [his] Fourth Amendment rights.” The government case involves a South Boston man, Brima Wurie.  In 2007, a police officer saw him make an apparent drug sale out of his car.  The officer confronted the buyer, turning up two bags of crack cocaine. He partially identified his drug source. Officers followed Wurie from the scene, and arrested him.  He was then taken to a police station, where the officers retrieved two cellphones.   One of the phones was receiving repeated calls from a number identified as Wurie’s home.  The officers checked the phone’s call log.  They traced him to his house.  The officers deemed the fact that he had cellphones with him as an indication that he carried out drug dealing with the use of such a device. He was convicted of being a felon who had a gun and ammunition, distributing crack cocaine, and possessing the crack with intent to distribute it  He sought to block the use of the evidence taken from his cellphone, but that failed.  He was convicted on all charges, and has been sentenced to 262 months in prison.
  • ...1 more annotation...
  • Although the two cases raise the same constitutional issue, the Court did not consolidate them for review, so presumably there will be separate briefing and argument on each.  They probably would be argued one after the other, however.  The Court did not expedite the briefing schedule, but they still are expected to be heard in April.
Gary Edwards

Banksters seek to legalize autodialers calling your cellphone | Ubergizmo - 0 views

www.ubergizmo.com/...dialers-calling-your-cellphone

Banksters robocalling

shared by Gary Edwards on 01 Oct 11 - No Cached
  • Gary Edwards on 01 Oct 11
     
    Banksters want to legalize for cellphones the currently illegal robocalling telemarketing techniques of the past - this time for cellphones.  Incredibly the Banksters are trying to argue that this will improve customer services!  Yeah, just like illegal robosigning document mills improve Bankster foreclosure services for their customers. excerpt: The new bill which has been dubbed the Mobile Informational Call Act of 2011, is seeking to make legal the use of autodialers to call cellphones. It seems that those who are favoring this new bill come from the banking industry, and they are claiming that they will use this new bill to pass along new information to their customers in a timely manner. They are also saying that since about 40% of Americans use their cellphones as their primary or only means of communication, this would be a good way to reach out to their customers.
Paul Merrell

The US government doesn't want you to know the cops are tracking you | Trevor Timm | Co... - 0 views

www.theguardian.com/...ng-calls-stingray-surveillance

surveillance state local-law-enforcement location-data stingrays

shared by Paul Merrell on 15 Jun 14 - No Cached
  • All across America, from Florida to Colorado and back again, the country's increasingly militarized local police forces are using a secretive technology to vacuum up cellphone data from entire neighborhoods – including from people inside their own homes – almost always without a warrant. This week, numerous investigations by major news agencies revealed the US government is now taking unbelievable measures to make sure you never find out about it. But a landmark court ruling for privacy could soon force the cops to stop, even as the Obama administration fights to keep its latest tool for mass surveillance a secret.So-called International Mobile Subscriber Identity (IMSI) catchers – more often called their popular brand name, "Stingray" – have long been the talk of the civil liberties crowd, for the indiscriminate and invasive way these roving devices conduct surveillance. Essentially, Stingrays act as fake cellphone towers (usually mounted in a mobile police truck) that police can point toward any given area and force every phone in the area to connect to it. So even if you're not making a call, police can find out who you've been calling, and for how long, as well as your precise location. As Nathan Freed Wessler of the ACLU explained on Thursday, "In one Florida case, a police officer explained in court that he 'quite literally stood in front of every door and window' with his stingray to track the phones inside a large apartment complex."
  • Yet these mass surveillance devices have largely stayed out of the public eye, thanks to the federal government and local police refusing to disclose they're using them in the first place – sometimes, shockingly, even to judges. As the Associated Press reported this week, the Obama administration has been telling local cops to keep information on Stingrays secret from members of the news media, even when it seems like local public records laws would mandate their disclosure. The AP noted:Federal involvement in local open records proceedings is unusual. It comes at a time when President Barack Obama has said he welcomes a debate on government surveillance and called for more transparency about spying in the wake of disclosures about classified federal surveillance programs.
  • Some of the government's tactics to hide Stingray from journalists and the public have been downright disturbing. After the ACLU had filed a records request for information on Stingrays, the local police force initially told them that, yes, they had the documents and to come on down to the station to look at them. But just before an ACLU rep was due to arrive, US Marshals seized the records and hid them away at another location, in what Wessler describes as "a blatant violation of state open-records laws".The federal government has used various other tactics around the country to prevent disclosure of similar information.USA Today also published a significant nationwide investigation about the Stingray problem, as well as what are known as "cellphone tower dumps". When police agencies don't have Stingrays at their disposal, they can go to cell phone providers to get the cellphone location information of everyone who has connected to a specific cell tower (which inevitably includes thousands of innocent people). The paper's John Kelly reported that one Colorado case shows cellphone tower dumps got police "'cellular telephone numbers, including the date, time and duration of any calls,' as well as numbers and location data for all phones that connected to the towers searched, whether calls were being made or not."
  • ...3 more annotations...
  • It's scary enough to think that the NSA is collecting so much information, but this mass location and metadata tracking at the local level all may be about to change. This week, the ACLU won a historic victory in the 11th Circuit Court of Appeals (serving Florida, Alabama and Georgia), which ruled that police need to get a warrant from a judge before extracting from your cellphone the location data obtained by way of a cell tower. This ruling will apply whether cops are going after one person, the whole tower and, one can assume, Stingrays. (The case was also argued by the aforementioned Wessler, who clearly is this month’s civil liberties Most Valuable Player.)This case has huge implications, and not just for the Stingrays secretly being used in Florida. It virtually guarantees the US supreme court will soon have to tackle the larger cellphone location question in some form – and whether police across the country have to finally start getting a warrant to find out where your precise location for days or weeks at a time. But as Stanford law professor Jennifer Granick wrote on Friday, it could also have an impact on NSA spying, which relies on the theory that indiscriminately collecting metadata is fair game until a court says otherwise.
  • You may be asking: how, exactly, are the local cops getting their hands on such advanced military technology? Well, the feds are, in many cases, giving away the technology for free. When the US government is not loaning police agencies their own Stingrays, the Defense Department and Homeland Security are giving federal grants to cops, which allow departments to purchase the gear at the cost of $400,000 a pop from defense contractors like Harris Corporation, which makes the Stingray brand.
  • Like Stingrays, and the NSA's phone dragnet before them, the militarization of America's local cops is a phenomenon that's only now getting widespread attention. As journalist Radley Balko, who wrote a seminal book on the subject two years ago, said this week, the Obama administration could easily limit these tactics to "cases of legitimate national security" – but has clearly chosen not to.No matter how much President Obama talks about how he has "maintained a healthy skepticism toward our surveillance programs", it seems the Most Transparent Administration in American History™ remains much more interested in maintaining a healthy, top-secret surveillance state.
Paul Merrell

Supreme Court Says Phones Can't Be Searched Without a Warrant - NYTimes.com - 0 views

www.nytimes.com/...cellphones-search-privacy.html

digital-privacy litigation U.S. cellphone-privacy NSA-reform

shared by Paul Merrell on 26 Jun 14 - No Cached
  • In a sweeping victory for privacy rights in the digital age, the Supreme Court on Wednesday unanimously ruled that the police need warrants to search the cellphones of people they arrest.While the decision will offer protection to the 12 million people arrested every year, many for minor crimes, its impact will most likely be much broader. The ruling almost certainly also applies to searches of tablet and laptop computers, and its reasoning may apply to searches of homes and businesses and of information held by third parties like phone companies.“This is a bold opinion,” said Orin S. Kerr, a law professor at George Washington University. “It is the first computer-search case, and it says we are in a new digital age. You can’t apply the old rules anymore.”
  • Paul Merrell on 26 Jun 14
     
    It is now beyond doubt that the Supreme Court is declining to authorize an Orwellian government surveillance future for the U.S. This sweeping, unanimous ruling definitely has broad application beyond cellphones, in no small part because the court recognized that cellphones of today are more like desktop computers and a host of other computerized devices than they are like the telephones of yesteryear. Hence, almost everything the court said afterward about the privacy rights in cellphones applies equally to all personal use computers. 
Paul Merrell

Ed Markey letters from cellphone companies: How often AT&T, T-mobile give the governmen... - 0 views

www.slate.com/..._often_at_t_t_mobile_give.html

surveillance state Cell-phone-tracking law-enforcement

shared by Paul Merrell on 11 Dec 13 - No Cached
  • Cellphones are the spies in our pockets, gathering information about whom we befriend, what we say, where we go, and what we read. That’s why Sen. Edward Markey, D-Mass., recently asked the nation’s major cellphone companies to disclose how frequently they receive requests from law enforcement for customer call records—including the content of communications, numbers dialed, websites visited, and location data. Sometimes police have a warrant, sometimes they don’t. Seven companies provided information in response to the inqury. The letters Markey received, which were covered today in the Boston Globe, Washington Post, and New York Times, show that the quantity of requests for these records is staggering. T-Mobile and AT&T together received nearly 600,000 requests for customer information in 2012. AT&T has to employ more than 100 full-time workers to process them. And police demand for our call records is growing rapidly, with requests to Verizon doubling in the last five years.
  • he companies keep records of where you have traveled in the past and can track you in real time—so law enforcement can do it, too. In some ways having a police officer track you in real time electronically is even worse, because you never know when it’s happening. Historical records can be even more sensitive than real-time tracking, stretching back for months or even years, and reveal your daily routine and every deviation from it.
  • Unfortunately, according to the companies’ letters, some of them appear to be handing over the content of our digital communications without a warrant. AT&T discloses stored texts or voicemails that are older than 180 days old with a subpoena—no court supervision or probable cause required. In one bright spot, T-Mobile requires a warrant for texts and voicemails. The letters also show that in its search for evidence about a handful of guilty people, law enforcement often obtains the data of hundreds or thousands of innocent people. For example, through a technique known as “tower dumps,” law enforcement agents can see all of the cellphones using a particular tower in a given time range. There were approximately 9,000 tower dumps reported in 2012 (with not all companies reporting). What happens to that data? Could it be used for future investigations? No one really knows, because there are no clear policies in place, and the people whose data is turned over are never notified.
  • Paul Merrell on 11 Dec 13
     
    Note that this is about requests from *law enforcement," not from the federal spy agencies. 
Paul Merrell

Cover Story: How NSA Spied on Merkel Cell Phone from Berlin Embassy - SPIEGEL ONLINE - 0 views

www.spiegel.de/...m-berlin-embassy-a-930205.html

surveillance state NSA Obama Merkel U.S. Germany U.S. foreign policy NSA-blowback must-read lies

shared by Paul Merrell on 29 Oct 13 - No Cached
  • According to SPIEGEL research, United States intelligence agencies have not only targeted Chancellor Angela Merkel's cellphone, but they have also used the American Embassy in Berlin as a listening station. The revelations now pose a serious threat to German-American relations.
  • Research by SPIEGEL reporters in Berlin and Washington, talks with intelligence officials and the evaluation of internal documents of the US' National Security Agency and other information, most of which comes from the archive of former NSA contractor Edward Snowden, lead to the conclusion that the US diplomatic mission in the German capital has not merely been promoting German-American friendship. On the contrary, it is a nest of espionage. From the roof of the embassy, a special unit of the CIA and NSA can apparently monitor a large part of cellphone communication in the government quarter. And there is evidence that agents based at Pariser Platz recently targeted the cellphone that Merkel uses the most. The NSA spying scandal has thus reached a new level, becoming a serious threat to the trans-Atlantic partnership. The mere suspicion that one of Merkel's cellphones was being monitored by the NSA has led in the past week to serious tensions between Berlin and Washington.
  • A "top secret" classified NSA document from the year 2010 shows that a unit known as the "Special Collection Service" (SCS) is operational in Berlin, among other locations. It is an elite corps run in concert by the US intelligence agencies NSA and CIA. The secret list reveals that its agents are active worldwide in around 80 locations, 19 of which are in Europe -- cities such as Paris, Madrid, Rome, Prague and Geneva. The SCS maintains two bases in Germany, one in Berlin and another in Frankfurt. That alone is unusual. But in addition, both German bases are equipped at the highest level and staffed with active personnel. The SCS teams predominantly work undercover in shielded areas of the American Embassy and Consulate, where they are officially accredited as diplomats and as such enjoy special privileges. Under diplomatic protection, they are able to look and listen unhindered. They just can't get caught.
  • ...5 more annotations...
  • This would correspond to internal NSA documents seen by SPIEGEL. They show, for example, an SCS office in another US embassy -- a small windowless room full of cables with a work station of "signal processing racks" containing dozens of plug-in units for "signal analysis." On Friday, author and NSA expert James Bamford also visited SPIEGEL's Berlin bureau, which is located on Pariser Platz diagonally opposite the US Embassy. "To me, it looks like NSA eavesdropping equipment is hidden behind there," he said. "The covering seems to be made of the same material that the agency uses to shield larger systems." The Berlin-based security expert Andy Müller Maguhn was also consulted. "The location is ideal for intercepting mobile communications in Berlin's government district," he says, "be it technical surveillance of communication between cellphones and wireless cell towers or radio links that connect radio towers to the network."
  • Campbell refers to window-like indentations on the roof of the US Embassy. They are not glazed but rather veneered with "dielectric" material and are painted to blend into the surrounding masonry. This material is permeable even by weak radio signals. The interception technology is located behind these radio-transparent screens, says Campbell. The offices of SCS agents would most likely be located in the same windowless attic.
  • Wiretapping from an embassy is illegal in nearly every country. But that is precisely the task of the SCS, as is evidenced by another secret document. According to the document, the SCS operates its own sophisticated listening devices with which they can intercept virtually every popular method of communication: cellular signals, wireless networks and satellite communication. The necessary equipment is usually installed on the upper floors of the embassy buildings or on rooftops where the technology is covered with screens or Potemkin-like structures that protect it from prying eyes. That is apparently the case in Berlin, as well. SPIEGEL asked British investigative journalist Duncan Campbell to appraise the setup at the embassy. In 1976, Campbell uncovered the existence of the British intelligence service GCHQ. In his so-called "Echelon Report" in 1999, he described for the European Parliament the existence of the global surveillance network of the same name.
  • Apparently, SCS agents use the same technology all over the world. They can intercept cellphone signals while simultaneously locating people of interest. One antenna system used by the SCS is known by the affable code name "Einstein." When contacted by SPIEGEL, the NSA declined to comment on the matter. The SCS are careful to hide their technology, especially the large antennas on the roofs of embassies and consulates. If the equipment is discovered, explains a "top secret" set of classified internal guidelines, it "would cause serious harm to relations between the United States and a foreign government." According to the documents, SCS units can also intercept microwave and millimeter-wave signals. Some programs, such as one entitled "Birdwatcher," deal primarily with encrypted communications in foreign countries and the search for potential access points. Birdwatcher is controlled directly from SCS headquarters in Maryland.
  • With the growing importance of the Internet, the work of the SCS has changed. Some 80 branches offer "thousands of opportunities on the net" for web-based operations, according to an internal presentation. The organization is now able not only to intercept cellphone calls and satellite communication, but also to proceed against criminals or hackers. From some embassies, the Americans have planted sensors in communications equipment of the respective host countries that are triggered by selected terms.
  • Paul Merrell on 29 Oct 13
     
    A must-read article offering an in-depth, 3-page view of how badly the Snowden disclosures have poisoned trust between the U.S. and its NATO allies that are not favored members of the Five Eyes club. Details of NSA's surveillance operations in Germany and strong circumstantial evidence that Obama knew -- as recently as June 2013 -- of spy operations being conducted against hundreds of world leaders but denied it.  
Paul Merrell

For sale: Systems that can secretly track where cellphone users go around the globe - T... - 0 views

www.washingtonpost.com/...3-bf76-447a5df6411f_story.html

surveillance-state Verint cellphone-tracking SS7 IMSI surveillance-proliferation

shared by Paul Merrell on 26 Aug 14 - No Cached
  • Makers of surveillance systems are offering governments across the world the ability to track the movements of almost anybody who carries a cellphone, whether they are blocks away or on another continent. The technology works by exploiting an essential fact of all cellular networks: They must keep detailed, up-to-the-minute records on the locations of their customers to deliver calls and other services to them. Surveillance systems are secretly collecting these records to map people’s travels over days, weeks or longer, according to company marketing documents and experts in surveillance technology.
  • The world’s most powerful intelligence services, such as the National Security Agency and Britain’s GCHQ, long have used cellphone data to track targets around the globe. But experts say these new systems allow less technically advanced governments to track people in any nation — including the United States — with relative ease and precision.
  • It is unclear which governments have acquired these tracking systems, but one industry official, speaking on the condition of anonymity to share sensitive trade information, said that dozens of countries have bought or leased such technology in recent years. This rapid spread underscores how the burgeoning, multibillion-dollar surveillance industry makes advanced spying technology available worldwide. “Any tin-pot dictator with enough money to buy the system could spy on people anywhere in the world,” said Eric King, deputy director of Privacy International, a London-based activist group that warns about the abuse of surveillance technology. “This is a huge problem.”
  • ...9 more annotations...
  • Yet marketing documents obtained by The Washington Post show that companies are offering powerful systems that are designed to evade detection while plotting movements of surveillance targets on computerized maps. The documents claim system success rates of more than 70 percent. A 24-page marketing brochure for SkyLock, a cellular tracking system sold by Verint, a maker of analytics systems based in Melville, N.Y., carries the subtitle “Locate. Track. Manipulate.” The document, dated January 2013 and labeled “Commercially Confidential,” says the system offers government agencies “a cost-effective, new approach to obtaining global location information concerning known targets.”
  • tracking systems that access carrier location databases are unusual in their ability to allow virtually any government to track people across borders, with any type of cellular phone, across a wide range of carriers — without the carriers even knowing. These systems also can be used in tandem with other technologies that, when the general location of a person is already known, can intercept calls and Internet traffic, activate microphones, and access contact lists, photos and other documents. Companies that make and sell surveillance technology seek to limit public information about their systems’ capabilities and client lists, typically marketing their technology directly to law enforcement and intelligence services through international conferences that are closed to journalists and other members of the public.
  • Security experts say hackers, sophisticated criminal gangs and nations under sanctions also could use this tracking technology, which operates in a legal gray area. It is illegal in many countries to track people without their consent or a court order, but there is no clear international legal standard for secretly tracking people in other countries, nor is there a global entity with the authority to police potential abuses.
  • (Privacy International has collected several marketing brochures on cellular surveillance systems, including one that refers briefly to SkyLock, and posted them on its Web site. The 24-page SkyLock brochure and other material was independently provided to The Post by people concerned that such systems are being abused.)
  • Verint, which also has substantial operations in Israel, declined to comment for this story. It says in the marketing brochure that it does not use SkyLock against U.S. or Israeli phones, which could violate national laws. But several similar systems, marketed in recent years by companies based in Switzerland, Ukraine and elsewhere, likely are free of such limitations.
  • The tracking technology takes advantage of the lax security of SS7, a global network that cellular carriers use to communicate with one another when directing calls, texts and Internet data. The system was built decades ago, when only a few large carriers controlled the bulk of global phone traffic. Now thousands of companies use SS7 to provide services to billions of phones and other mobile devices, security experts say. All of these companies have access to the network and can send queries to other companies on the SS7 system, making the entire network more vulnerable to exploitation. Any one of these companies could share its access with others, including makers of surveillance systems.
  • Companies that market SS7 tracking systems recommend using them in tandem with “IMSI catchers,” increasingly common surveillance devices that use cellular signals collected directly from the air to intercept calls and Internet traffic, send fake texts, install spyware on a phone, and determine precise locations. IMSI catchers — also known by one popular trade name, StingRay — can home in on somebody a mile or two away but are useless if a target’s general location is not known. SS7 tracking systems solve that problem by locating the general area of a target so that IMSI catchers can be deployed effectively. (The term “IMSI” refers to a unique identifying code on a cellular phone.)
  • Verint can install SkyLock on the networks of cellular carriers if they are cooperative — something that telecommunications experts say is common in countries where carriers have close relationships with their national governments. Verint also has its own “worldwide SS7 hubs” that “are spread in various locations around the world,” says the brochure. It does not list prices for the services, though it says that Verint charges more for the ability to track targets in many far-flung countries, as opposed to only a few nearby ones. Among the most appealing features of the system, the brochure says, is its ability to sidestep the cellular operators that sometimes protect their users’ personal information by refusing government requests or insisting on formal court orders before releasing information.
  • Another company, Defentek, markets a similar system called Infiltrator Global Real-Time Tracking System on its Web site, claiming to “locate and track any phone number in the world.” The site adds: “It is a strategic solution that infiltrates and is undetected and unknown by the network, carrier, or the target.”
  • Paul Merrell on 26 Aug 14
     
    The Verint company has very close ties to the Iraeli government. Its former parent company Comverse, was heavily subsidized by Israel and the bulk of its manufacturing and code development was done in Israel. See https://en.wikipedia.org/wiki/Comverse_Technology "In December 2001, a Fox News report raised the concern that wiretapping equipment provided by Comverse Infosys to the U.S. government for electronic eavesdropping may have been vulnerable, as these systems allegedly had a back door through which the wiretaps could be intercepted by unauthorized parties.[55] Fox News reporter Carl Cameron said there was no reason to believe the Israeli government was implicated, but that "a classified top-secret investigation is underway".[55] A March 2002 story by Le Monde recapped the Fox report and concluded: "Comverse is suspected of having introduced into its systems of the 'catch gates' in order to 'intercept, record and store' these wire-taps. This hardware would render the 'listener' himself 'listened to'."[56] Fox News did not pursue the allegations, and in the years since, there have been no legal or commercial actions of any type taken against Comverse by the FBI or any other branch of the US Government related to data access and security issues. While no real evidence has been presented against Comverse or Verint, the allegations have become a favorite topic of conspiracy theorists.[57] By 2005, the company had $959 million in sales and employed over 5,000 people, of whom about half were located in Israel.[16]" Verint is also the company that got the Dept. of Homeland Security contract to provide and install an electronic and video surveillance system across the entire U.S. border with Mexico.  One need not be much of a conspiracy theorist to have concerns about Verint's likely interactions and data sharing with the NSA and its Israeli equivalent, Unit 8200. 
Paul Merrell

A Secret Catalogue of Government Gear for Spying on Your Cellphone - 0 views

theintercept.com/...r-for-spying-on-your-cellphone

surveillance state surveillance-devices catalog

shared by Paul Merrell on 18 Dec 15 - No Cached
  • HE INTERCEPT HAS OBTAINED a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States. The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.
  • The Intercept obtained the catalogue from a source within the intelligence community concerned about the militarization of domestic law enforcement. (The original is here.) A few of the devices can house a “target list” of as many as 10,000 unique phone identifiers. Most can be used to geolocate people, but the documents indicate that some have more advanced capabilities, like eavesdropping on calls and spying on SMS messages. Two systems, apparently designed for use on captured phones, are touted as having the ability to extract media files, address books, and notes, and one can retrieve deleted text messages. Above all, the catalogue represents a trove of details on surveillance devices developed for military and intelligence purposes but increasingly used by law enforcement agencies to spy on people and convict them of crimes. The mass shooting earlier this month in San Bernardino, California, which President Barack Obama has called “an act of terrorism,” prompted calls for state and local police forces to beef up their counterterrorism capabilities, a process that has historically involved adapting military technologies to civilian use. Meanwhile, civil liberties advocates and others are increasingly alarmed about how cellphone surveillance devices are used domestically and have called for a more open and informed debate about the trade-off between security and privacy — despite a virtual blackout by the federal government on any information about the specific capabilities of the gear.
  • ANY OF THE DEVICES in the catalogue, including the Stingrays and dirt boxes, are cell-site simulators, which operate by mimicking the towers of major telecom companies like Verizon, AT&T, and T-Mobile. When someone’s phone connects to the spoofed network, it transmits a unique identification code and, through the characteristics of its radio signals when they reach the receiver, information about the phone’s location. There are also indications that cell-site simulators may be able to monitor calls and text messages. In the catalogue, each device is listed with guidelines about how its use must be approved; the answer is usually via the “Ground Force Commander” or under one of two titles in the U.S. code governing military and intelligence operations, including covert action.
  • ...2 more annotations...
  • “We’ve seen a trend in the years since 9/11 to bring sophisticated surveillance technologies that were originally designed for military use — like Stingrays or drones or biometrics — back home to the United States,” said Jennifer Lynch, a senior staff attorney at the Electronic Frontier Foundation, which has waged a legal battle challenging the use of cellphone surveillance devices domestically. “But using these technologies for domestic law enforcement purposes raises a host of issues that are different from a military context.”
  • But domestically the devices have been used in a way that violates the constitutional rights of citizens, including the Fourth Amendment prohibition on illegal search and seizure, critics like Lynch say. They have regularly been used without warrants, or with warrants that critics call overly broad. Judges and civil liberties groups alike have complained that the devices are used without full disclosure of how they work, even within court proceedings.
Paul Merrell

Missouri house bans cellphone tracking without a warrant, 134-13 | Tenth Amendment Cent... - 0 views

blog.tenthamendmentcenter.com/...cking-without-a-warrant-134-13

surveillance state Missouri NSA-blowback NSA-reform legislation

shared by Paul Merrell on 16 Mar 14 - No Cached
  • Yesterday, the Missouri house overwhelmingly approved a bill to ban the obtaining of cellphone location tracking information without a warrant. House Bill 1388 (HB1388) prohibits use of such information in civil or criminal proceedings, and even bans its use as “an affidavit of probable cause in an effort to obtain a search warrant.” Introduced by Rep. Robert Cornejo, the measure passed by a vote of 134-13. HB1388 will not only add a key protection to bolster the privacy rights of Missourians from potential local abuse, it will also end some practical effects of unconstitutional data gathering by the federal government. NSA collects, stores, and analyzes data on countless millions of people without a warrant, and without even the mere suspicion of criminal activity. The NSA tracks the physical location of people through their cellphones. In late 2013, the Washington Post reported that NSA is “gathering nearly 5 billion records a day on the whereabouts of cellphones around the world.” This includes location data on “tens of millions” of Americans each year – without a warrant. Through fusion centers, state and local law enforcement act as “information recipients” to various federal departments under Information Sharing Environment (ISE). ISE partners include the Office of Director of National Intelligence, which is an umbrella covering 17 federal agencies and organizations, including the NSA.
  • The NSA expressly shares warrantless data with state and local law enforcement through a super-secret DEA unit known as the Special Operations Division (SOD). That information is being used for criminal prosecutions. Reuters reported that most of this shared data has absolutely nothing to do with national security issues. Most of it involves routine criminal investigations. In short – banning state government entities in Missouri from obtaining phone location tracking information without a warrant will block them from receiving that kind of information from federal agencies who routinely collect it without warrant. HB1388 is part of a package of bills designed to thwart the surveillance state being considered in the Missouri legislature this year.  SB819 would deny compliance and material support from the state to the NSA as long as they continue their unconstitutional spying programs. SJR27 would amend the Missouri State Constitution to protect residents’ electronic data from warrantless searches. HB1388 now moves to the State Senate where it will first be assigned to a committee for approval before the full senate has an opportunity to send it to Gov. Nixon’s desk for a signature.
Paul Merrell

US pushing local cops to stay mum on surveillance - Yahoo News - 0 views

news.yahoo.com/;_ylt=AwrBJR4e65lTwmEAb7zQtDMD

surveillance state location-data public-records-acts litigation stingrays

shared by Paul Merrell on 13 Jun 14 - No Cached
  • WASHINGTON (AP) -- The Obama administration has been quietly advising local police not to disclose details about surveillance technology they are using to sweep up basic cellphone data from entire neighborhoods, The Associated Press has learned. Citing security reasons, the U.S. has intervened in routine state public records cases and criminal trials regarding use of the technology. This has resulted in police departments withholding materials or heavily censoring documents in rare instances when they disclose any about the purchase and use of such powerful surveillance equipment. Federal involvement in local open records proceedings is unusual. It comes at a time when President Barack Obama has said he welcomes a debate on government surveillance and called for more transparency about spying in the wake of disclosures about classified federal surveillance programs.
  • One well-known type of this surveillance equipment is known as a Stingray, an innovative way for law enforcement to track cellphones used by suspects and gather evidence. The equipment tricks cellphones into identifying some of their owners' account information, like a unique subscriber number, and transmitting data to police as if it were a phone company's tower. That allows police to obtain cellphone information without having to ask for help from service providers, such as Verizon or AT&T, and can locate a phone without the user even making a call or sending a text message. But without more details about how the technology works and under what circumstances it's used, it's unclear whether the technology might violate a person's constitutional rights or whether it's a good investment of taxpayer dollars. Interviews, court records and public-records requests show the Obama administration is asking agencies to withhold common information about the equipment, such as how the technology is used and how to turn it on. That pushback has come in the form of FBI affidavits and consultation in local criminal cases.
  • "These extreme secrecy efforts are in relation to very controversial, local government surveillance practices using highly invasive technology," said Nathan Freed Wessler, a staff attorney with the American Civil Liberties Union, which has fought for the release of these types of records. "If public participation means anything, people should have the facts about what the government is doing to them." Harris Corp., a key manufacturer of this equipment, built a secrecy element into its authorization agreement with the Federal Communications Commission in 2011. That authorization has an unusual requirement: that local law enforcement "coordinate with the FBI the acquisition and use of the equipment." Companies like Harris need FCC authorization in order to sell wireless equipment that could interfere with radio frequencies. A spokesman from Harris Corp. said the company will not discuss its products for the Defense Department and law enforcement agencies, although public filings showed government sales of communications systems such as the Stingray accounted for nearly one-third of its $5 billion in revenue. "As a government contractor, our solutions are regulated and their use is restricted," spokesman Jim Burke said.
  • ...4 more annotations...
  • Local police agencies have been denying access to records about this surveillance equipment under state public records laws. Agencies in San Diego, Chicago and Oakland County, Michigan, for instance, declined to tell the AP what devices they purchased, how much they cost and with whom they shared information. San Diego police released a heavily censored purchasing document. Oakland officials said police-secrecy exemptions and attorney-client privilege keep their hands tied. It was unclear whether the Obama administration interfered in the AP requests. "It's troubling to think the FBI can just trump the state's open records law," said Ginger McCall, director of the open government project at the Electronic Privacy Information Center. McCall suspects the surveillance would not pass constitutional muster. "The vast amount of information it sweeps in is totally irrelevant to the investigation," she said.
  • A court case challenging the public release of information from the Tucson Police Department includes an affidavit from an FBI special agent, Bradley Morrison, who said the disclosure would "result in the FBI's inability to protect the public from terrorism and other criminal activity because through public disclosures, this technology has been rendered essentially useless for future investigations." Morrison said revealing any information about the technology would violate a federal homeland security law about information-sharing and arms-control laws — legal arguments that that outside lawyers and transparency experts said are specious and don't comport with court cases on the U.S. Freedom of Information Act. The FBI did not answer questions about its role in states' open records proceedings.
  • But a former Justice Department official said the federal government should be making this argument in federal court, not a state level where different public records laws apply. "The federal government appears to be attempting to assert a federal interest in the information being sought, but it's going about it the wrong way," said Dan Metcalfe, the former director of the Justice Department's office of information and privacy. Currently Metcalfe is the executive director of American University's law school Collaboration on Government Secrecy project. A criminal case in Tallahassee cites the same homeland security laws in Morrison's affidavit, court records show, and prosecutors told the court they consulted with the FBI to keep portions of a transcript sealed. That transcript, released earlier this month, revealed that Stingrays "force" cellphones to register their location and identifying information with the police device and enables officers to track calls whenever the phone is on.
  • One law enforcement official familiar with the Tucson lawsuit, who spoke on condition of anonymity because the official was not authorized to speak about internal discussions, said federal lawyers told Tucson police they couldn't hand over a PowerPoint presentation made by local officers about how to operate the Stingray device. Federal officials forwarded Morrison's affidavit for use in the Tucson police department's reply to the lawsuit, rather than requesting the case be moved to federal court. In Sarasota, Florida, the U.S. Marshals Service confiscated local records on the use of the surveillance equipment, removing the documents from the reach of Florida's expansive open-records law after the ACLU asked under Florida law to see the documents. The ACLU has asked a judge to intervene. The Marshals Service said it deputized the officer as a federal agent and therefore the records weren't accessible under Florida law.
  • Paul Merrell on 13 Jun 14
     
    The Florida case is particularly interesting because Florida is within the jurisdiction of the U.S. Eleventh Circuit Court of Appeals, which has just ruled that law enforcement must obtain a search warrant from a court before using equipment to determine a cell phone's location.  
Paul Merrell

'Almost Orwellian' -- why Judge Leon is right about massive NSA spying program | Fox News - 1 views

www.foxnews.com/...out-massive-nsa-spying-program

surveillance state NSA-blowback rants

shared by Paul Merrell on 22 Dec 13 - No Cached
  • “Almost Orwellian” -- that’s the description a federal judge gave earlier this week to the massive spying by the National Security Agency (NSA) on virtually all 380 million cellphones in the United States. In the first meaningful and jurisdictionally grounded judicial review of the NSA cellphone spying program, U.S. District Court Judge Richard Leon, a George W. Bush appointee sitting in Washington, D.C., ruled that the scheme of asking a secret judge on a secret court for a general warrant to spy on all American cellphone users without providing evidence of probable cause of criminal behavior against any of them is unconstitutional because it directly violates the Fourth Amendment.
  • Paul Merrell on 22 Dec 13
     
    Andrew Napolitano, in what I view as his best essay I have read, explains the significance of "jurisdictionally based judicial ruling on the cellphone aspect of the domestic spying that former NSA contractor Edward Snowden revealed last spring" as compared to the non-jurisdictional rulings of the FISA court.
Paul Merrell

Tacoma, Wash. police use 'Stingray' system to sweep cellphone data | Al Jazeera America - 0 views

america.aljazeera.com/...tacoma-cell-surveillance.html

surveillance state stingrays IMSI ACLU-report

shared by Paul Merrell on 30 Aug 14 - No Cached
  • A Washington state police department just south of Seattle has for years been quietly using controversial surveillance equipment that can collect records of all cellphone calls, text messages and data transfers within a half-mile radius, according to local media. The Stingray surveillance system, deployed by the Tacoma Police Department since 2009, “tricks cellphones into thinking it’s a cell tower and draws in their information,” local news website The Olympian reported Wednesday. The device is reportedly capable of indiscriminate data collection, which worries civil rights advocates. The American Civil Liberties Union (ACLU) said it has identified at least 43 police departments in 18 states that use Stingray equipment. The rights group said on its website that police use of such a device may violate the U.S. Constitution's Fourth Amendment, and with taxpayers’ money.
  • "The result is that police gather the electronic serial numbers and other information about phones, as well as the direction and strength of each phone's signal, allowing precise location tracking,” the ACLU said. “Stingrays can also gather information about people's communications, such as which phone numbers they call. Because we carry our cellphones with us virtually everywhere we go, Stingrays can paint a precise picture of where we are and who we spend time with, including our location in a lover's house, in a psychologist's office or at a political protest." Tacoma Police Department’s Assistant Police Chief Kathy McAlpine said that officers only use Stingray with permission from a judge, and that they do not collect data. “It is used in felony-level crimes to locate suspects wanted for crimes such as homicide, rape, robbery, kidnapping, and narcotics trafficking,” McAlpine said. The department said the device has been used nearly 200 times since June.
  • The Tacoma City Council approved buying an updated version of the equipment in March 2013 on the grounds that it would be used to find improvised explosive devices. McAlpine said they have never used the Stingray to locate such a device. Civil rights groups said they are concerned about the possibility of indiscriminate data collection, and worry that police could store the data of innocent citizens. “They are essentially searching the homes of innocent Americans to find one phone used by one person,” said Christopher Soghoian, principal technologist with the ACLU in Washington, D.C. “It’s like they’re kicking down the doors of 50 homes and searching 50 homes because they don’t know where the bad guy is.” A similar controversy erupted in nearby Seattle last November, when  alternative news website The Stranger reported that a new apparatus capable of geo-locating and tracking the movement of any wireless device that passes it was quietly installed in a Seattle neighborhood.
  • ...1 more annotation...
  • The U.S. Supreme Court unanimously ruled in June that warrantless searches of cellphone data were illegal in most cases. It is unclear how the ruling would apply to such a device that is capable of indiscriminate data collection, but police say it is not used for that purpose.
Paul Merrell

European Lawmakers Demand Answers on Phone Key Theft - The Intercept - 0 views

firstlook.org/...gemalto-heist-shocks-europe

surveillance state Gemalto SIM-card-keys

shared by Paul Merrell on 24 Feb 15 - No Cached
  • European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday. The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys. The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities.” “Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal. Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”
  • “If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday. The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said. Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request. Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.
  • According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year. The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boasted in a leaked slide, referring to the Gemalto heist.
  • ...4 more annotations...
  • While Gemalto was indeed another casualty in Western governments’ sweeping effort to gather as much global intelligence advantage as possible, the leaked documents make clear that the company was specifically targeted. According to the materials published Thursday, GCHQ used a specific codename — DAPINO GAMMA — to refer to the operations against Gemalto. The spies also actively penetrated the email and social media accounts of Gemalto employees across the world in an effort to steal the company’s encryption keys. Evidence of the Gemalto breach rattled the digital security community. “Almost everyone in the world carries cell phones and this is an unprecedented mass attack on the privacy of citizens worldwide,” said Greg Nojeim, senior counsel at the Center for Democracy & Technology, a non-profit that advocates for digital privacy and free online expression. “While there is certainly value in targeted surveillance of cell phone communications, this coordinated subversion of the trusted technical security infrastructure of cell phones means the US and British governments now have easy access to our mobile communications.”
  • For Gemalto, evidence that their vaunted security systems and the privacy of customers had been compromised by the world’s top spy agencies made an immediate financial impact. The company’s shares took a dive on the Paris bourse Friday, falling $500 million. In the U.S., Gemalto’s shares fell as much 10 percent Friday morning. They had recovered somewhat — down 4 percent — by the close of trading on the Euronext stock exchange. Analysts at Dutch financial services company Rabobank speculated in a research note that Gemalto could be forced to recall “a large number” of SIM cards. The French daily L’Express noted today that Gemalto board member Alex Mandl was a founding trustee of the CIA-funded venture capital firm In-Q-Tel. Mandl resigned from In-Q-Tel’s board in 2002, when he was appointed CEO of Gemplus, which later merged with another company to become Gemalto. But the CIA connection still dogged Mandl, with the French press regularly insinuating that American spies could infiltrate the company. In 2003, a group of French lawmakers tried unsuccessfully to create a commission to investigate Gemplus’s ties to the CIA and its implications for the security of SIM cards. Mandl, an Austrian-American businessman who was once a top executive at AT&T, has denied that he had any relationship with the CIA beyond In-Q-Tel. In 2002, he said he did not even have a security clearance.
  • AT&T, T-Mobile and Verizon could not be reached for comment Friday. Sprint declined to comment. Vodafone, the world’s second largest telecom provider by subscribers and a customer of Gemalto, said in a statement, “[W]e have no further details of these allegations which are industrywide in nature and are not focused on any one mobile operator. We will support industry bodies and Gemalto in their investigations.” Deutsche Telekom AG, a German company, said it has changed encryption algorithms in its Gemalto SIM cards. “We currently have no knowledge that this additional protection mechanism has been compromised,” the company said in a statement. “However, we cannot rule out this completely.”
  • Update: Asked about the SIM card heist, White House press secretary Josh Earnest said he did not expect the news would hurt relations with the tech industry: “It’s hard for me to imagine that there are a lot of technology executives that are out there that are in a position of saying that they hope that people who wish harm to this country will be able to use their technology to do so. So, I do think in fact that there are opportunities for the private sector and the federal government to coordinate and to cooperate on these efforts, both to keep the country safe, but also to protect our civil liberties.”
  • Paul Merrell on 24 Feb 15
     
    Watch for massive class action product defect litigation to be filed against the phone companies.and mobile device manufacturers.  In most U.S. jurisdictions, proof that the vendors/manufacturers  knew of the product defect is not required, only proof of the defect. Also, this is a golden opportunity for anyone who wants to get out of a pricey cellphone contract, since providing a compromised cellphone is a material breach of warranty, whether explicit or implied..   
Paul Merrell

9 Calif. law enforcement agencies connected to cellphone spying technology - 0 views

www.news10.net/...6147381

surveillance state California police stingrays

shared by Paul Merrell on 16 Mar 14 - No Cached
  • News10 submitted numerous public records requests to every major law enforcement agency in Northern California to find out which departments are using StingRay technology. A StingRay is a device law enforcement uses to track people and collect real time data from every cellphone within a certain radius.
  • Some agencies provided documentation, but none would discuss how StingRays work, or even admit they have them. However, records show at least seven Northern California agencies have the technology and two more just received grants to buy it in 2014.
  • San Jose Police Department provided News10 with documentation that provided insight into what agencies have the technology and why they want it.A 2012 grant application submitted to the Bay Area Urban Area Shield Initiative (UASI), which was approved, said San Jose police requested feedback from numerous other agencies that already use StingRays."Research of the product included testing by San Jose Police and technology and equipment feedback from the U.S. Marshals Service, (REDACTED), the Oakland Police Department, the Sacramento Sheriff's Department, the San Diego Sheriff's Department, the Los Angeles Police Department, and the Los Angeles Sheriff's Department. This technology is in use at the law enforcement agencies listed [above]," the application states.They explain how the surveillance system would be used in conjunction with Oakland and San Francisco police in another section of the grant application."We will work with the Fusion Center to partner with San Francisco and Oakland to ensure we have the ability to cover all of the Bay Area in deploying cellphone tracking technology in any region of the Bay Area at a moment's notice."
  • ...2 more annotations...
  • This graphic illustrates how a StingRay works. Signals from cellphones within the device's radius are bounced to law enforcement. The information relayed may include names, phone numbers, locations, call records and even text messages.
  • Terrorism is used as the primary justification for purchasing StingRay technology in every grant application obtained by News10. San Jose police, Fremont police, the Alameda County District Attorney's Office and Oakland police say a StingRay could be used to track and disrupt terrorist networks and protect critical infrastructure.However, arrest records from Oakland and Los Angeles show that StingRays are being used for routine police work. Lye says the potential for "mission creep" is concerning."Mission creep is an unfortunate but extremely common phenomenon with surveillance technology," she said. "By 'mission creep,' I mean the phenomenon in which one purpose is offered to justify the collection of the data, but the data is ultimately used for many other entirely separate purposes."
Paul Merrell

The Government's Secret Plan to Shut Off Cellphones and the Internet, Explained | Conne... - 0 views

billmoyers.com/...nes-and-the-internet-explained

cyberwar internet-kill-switch cellphone-kill-switch DHS litigation FOIA

shared by Paul Merrell on 03 Dec 13 - No Cached
  • This month, the United States District Court for the District of Columbia ruled that the Department of Homeland Security must make its plan to shut off the Internet and cellphone communications available to the American public. You, of course, may now be thinking: What plan?! Though President Barack Obama swiftly disapproved of ousted Egyptian President Hosni Mubarak turning off the Internet in his country (to quell widespread civil disobedience) in 2011, the US government has the authority to do the same sort of thing, under a plan that was devised during the George W. Bush administration. Many details of the government’s controversial “kill switch” authority have been classified, such as the conditions under which it can be implemented and how the switch can be used. But thanks to a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center (EPIC), DHS has to reveal those details by December 12 — or mount an appeal. (The smart betting is on an appeal, since DHS has fought to release this information so far.) Yet here’s what we do know about the government’s “kill switch” plan:
  • What are the constitutional problems? Civil liberties advocates argue that kill switches violate the First Amendment and pose a problem because they aren’t subject to rigorous judicial and congressional oversight. “There is no court in the loop at all, at any stage in the SOP 303 process,” according to the Center for Democracy and Technology. ”The executive branch, untethered by the checks and balances of court oversight, clear instruction from Congress, or transparency to the public, is free to act as it will and in secret.” David Jacobs of EPIC says, “Cutting off communications imposes a prior restraint on speech, so the First Amendment imposes the strictest of limitations…We don’t know how DHS thinks [the kill switch] is consistent with the First Amendment.” He adds, “Such a policy, unbounded by clear rules and oversight, just invites abuse.”
Paul Merrell

Spying on the president -- Obama, Merkel and the NSA | Fox News - 0 views

www.foxnews.com/...president-obama-merkel-and-nsa

shared by Paul Merrell on 01 Nov 13 - No Cached
  • When German Chancellor Angela Merkel celebrated the opening of the new U.S. embassy in Berlin in 2008, she could not have imagined that she was blessing the workplace for the largest and most effective gaggle of American spies anywhere outside of the U.S. It seems straight out of a grade-B movie, but it has been happening for the past eleven years: The NSA has been using Merkel as an instrument to spy on the president of the United States.  We now know that the NSA has been listening to and recording Merkel’s cellphone calls since 2002. 
  • In 2008, when the new embassy opened, the NSA began using more sophisticated techniques that included not only listening, but also following her.  Merkel uses her cellphone more frequently than her landline, and she uses it to communicate with her husband and family members, the leadership of her political party, and her colleagues and officials in the German government. She also uses her cellphone to speak with foreign leaders, among whom have been President George W. Bush and President Obama. 
  • Thus, the NSA -- which Bush and Obama have unlawfully and unconstitutionally authorized to obtain and retain digital copies of all telephone conversations, texts and emails of everyone in the U.S., as well as those of hundreds of millions of persons in Europe and Latin America -- has been listening to the telephone calls of both American presidents whenever they have spoken with the chancellor.
  • ...3 more annotations...
  • Obama apparently has no such revulsion. One would think he’s not happy that his own spies have been listening to him.  One would expect that he would have known of this.  Not from me, says Gen. Keith Alexander, the director of the NSA, who disputed claims in the media that he told Obama of the NSA spying network in Germany last summer.  Either the president knew of this and has denied it, or he is invincibly ignorant of the forces he has unleashed on us and on himself.
  • One can only imagine what NSA agents learned from listening to Bush and Obama as they spoke to Merkel and 34 other friendly foreign leaders, as yet unidentified publicly. Now we know how pervasive this NSA spying is: It not only reaches the Supreme Court, the Pentagon, the CIA, the local police and the cellphones and homes of all Americans; it reaches the Oval Office itself. Yet when the president denies that he knows of this, that denial leads to more questions. The president claims he can start secret foreign wars using the CIA, secretly kill Americans using drones, and now secretly spy on anyone anywhere using the NSA. 
  • Is the president an unwitting dupe to a secret rats’ nest of uncontrolled government spies and killers?  Or is he a megalomaniacal, totalitarian secret micromanager who lies regularly, consistently and systematically about the role of government in our lives? Which is worse? What do we do about it?
  • Paul Merrell on 01 Nov 13
     
    Judge Napolitano raises an interesting point: Did Barack Obama realize that his conversations with 35 foreign national leaders were being wiretapped? General Alexander says not. 
Paul Merrell

Justice Dept. to Require Warrants for Some Cellphone Tracking - The New York Times - 0 views

www.nytimes.com/...r-some-cellphone-tracking.html

surveillance state DoJ-policy Stingray-surveillance warrants

shared by Paul Merrell on 05 Sep 15 - No Cached
  • The Justice Department will regularly require federal agents to seek warrants before using secretive equipment that can locate and track cellphones, the agency announced Thursday, the first regulations on an increasingly controversial technology.The new policy, which also limits what information may be collected and how long it can be stored, puts a measure of judicial oversight on a technology that was designed to hunt terrorists overseas but has become a popular tool among federal agents and local police officers for fighting crime.Civil libertarians have expressed grave privacy concerns about the technology’s proliferation, but the new Justice Department policies do not apply to local police forces.
  • The device, commonly called a cell-site simulator or StingRay, tricks cellphones into connecting with it by acting like a cell tower, allowing the authorities to determine the location of a tracked phone. In doing so, however, the equipment also connects with all other phones in the area, allowing investigators to collect information on people not suspected of any crime.The device is also capable of capturing calls, text messages, emails and other data. Until Thursday’s regulations, the rules for the use of that information and the duration it could be kept had not been detailed and varied across the department’s offices and agencies.
  • Paul Merrell on 05 Sep 15
     
    A policy is not a law. DoJ is trying to spread some tanglefoot for civil liberties organizations that are prepping litigation over unfettered abuse of Stingray devices by federal, state, and local officials. Warrantless use of Stingrays has been severely undermined by recent Supreme Court rulings, notably U.S. v. Jones and Riley v. California.
Paul Merrell

Between the Lines of the Cellphone Privacy Ruling - NYTimes.com - 0 views

www.nytimes.com/...ellphone-privacy-decision.html

digital-privacy litigation U.S. cellphone-privacy NSA-reform

shared by Paul Merrell on 26 Jun 14 - No Cached
  • In a pathbreaking case on Fourth Amendment privacy rights and modern technology, the Supreme Court unanimously ruled that the police must obtain warrants before searching the digital contents of cellphones taken from people who are placed under arrest. Here are some key points in the opinion by Chief Justice John G. Roberts Jr. and a concurrence by Justice Samuel Alito.
Paul Merrell

New York Police Have Used Stingrays Widely, New Documents Show - 0 views

theintercept.com/...rays-widely-new-documents-show

surveillance state NYPD stingrays ACLU

shared by Paul Merrell on 13 Feb 16 - No Cached
  • The NYPD has used cell-site simulators, commonly known as Stingrays, more than 1,000 times since 2008, according to documents turned over to the New York Civil Liberties Union. The documents represent the first time the department has acknowledged using the devices. The NYPD also disclosed that it does not get a warrant before using a Stingray, which sweeps up massive amounts of data. Instead, the police obtain a “pen register order” from a court, more typically used to collect call data for a specific phone. Those orders do not require the police to establish probable cause. Additionally, the NYPD has no written policy guidelines on the use of Stingrays. Stingrays work by imitating cellphone towers. They force all nearby phones to connect to them, revealing the owners’ locations. That means they collect data on potentially hundreds of people. They are small enough to fit in a suitcase, or be mounted on a plane.
  • When they were originally developed in 2003, Stingrays were designed for military use. But in the past decade, they have increasingly been purchased by law enforcement agencies. According to the ACLU, Stingrays are used by at least 59 police departments in 23 states, and at least 13 federal agencies, including the DEA, FBI, and the IRS. Because most departments withhold information about Stingrays, these numbers likely underrepresent the total.
  • Stingrays have long been a topic of concern for privacy activists. “Cell-site simulators are powerful surveillance devices that can track people, including in their homes, and collect information on innocent bystanders,” said Mariko Hirose, a senior staff attorney at the NYCLU.  “If they are going to be used in communities the police should at minimum obtain a warrant and follow written policies.” Instead, law enforcement agencies have fought to keep Stingrays secret, even dropping criminal cases to avoid disclosing anything about them. The FBI has forced local police agencies to sign Stingray-related non-disclosure agreements, claiming that criminals and terrorists who know about Stingrays could take countermeasures against them. The increasing use of Stingrays, coupled with the lack of transparency, has alarmed civil liberties groups. “I think it’s critical to have transparency about the use of technology like Stingrays,” said Faiza Patel, an attorney with the Brennan Center for Justice. “That’s what allows courts, the public, and our elected officials to weigh in on the proper rules.”
  • ...1 more annotation...
  • In September, the Department of Justice issued guidelines requiring its officers to seek probable cause warrants before using a Stingray. But the guidelines only applied to federal law enforcement agencies, not to state and local police, who have fought such a change. In one ongoing court case, the state of Maryland has argued that anyone who turns on their phone consents to having his or her location tracked. In November, Senator Ron Wyden, D-Ore., and Rep. Jason Chaffetz, R-Utah, introduced the GPS Act, a bill that would extend the Department of Justice’s guidelines to all law enforcement agencies. “Buying a smartphone shouldn’t be interpreted as giving the government a free pass to track your movements,” Wyden said.
1 - 20 of 70 Next › Last »
Showing 20 items per page