Group items tagged

The NSA and Britain's GCHQ hacked the world's biggest SIM card maker to harvest the encryption keys needed to silently and effortlessly eavesdrop on potentially millions of people. That's according to documents obtained by surveillance whistleblower Edward Snowden and leaked to the web on Thursday. "Wow. This is huge – it's one of the most significant findings of the Snowden files so far," computer security guru Bruce Schneier told The Register this afternoon. "We always knew that they would occasionally steal SIM keys. But all of them? The odds that they just attacked this one firm are extraordinarily low and we know the NSA does like to steal keys where it can." The damning slides, published by Snowden's chums at The Intercept, detail the activities of the as-yet unheard-of Mobile Handset Exploitation Team (MHET), run by the US and UK. The group targeted Gemalto, which churns out about two billion SIM cards each year for use around the world, and targeted it in an operation dubbed DAPINO GAMMA.

Gemalto's hacking may also bring into question some of its other security products as well. The company supplies chips for electronic passports issued by the US, Singapore, India, and many European states, and is also involved in the NFC and mobile banking sector. It's important to note that this is useful for tracking the phone activity of a target, but the mobile user can still use encryption on the handset itself to ensure that some communications remain private. "Ironically one of your best defenses against a hijacked SIM is to use software encryption," Jon Callas, CTO of encrypted chat biz Silent Circle told The Register. "In our case there's a TCP/IP cloud between Alice and Bob and that can deal with compromised routers along the path as well as SIM issues, and the same applies to similar mobile software."

On Wednesday the UK government admitted that its intelligence agencies had in fact broken the ECHR when spying on communications between lawyers and those suing the British state, so GCHQ might want to reconsider that statement.

BRUSSELS — Amid a growing outcry over American snooping on foreigners that threatens to cloud European-U.S. trade talks and President Barack Obama’s visit to Berlin, the European Union’s top justice official has demanded in unusually sharp terms that the United States reveal what its intelligence is doing with personal information of Europeans gathered under the Prism surveillance program revealed last week.

Viviane Reding, the Union’s combative commissioner of justice, told Attorney General Eric Holder in a letter sent on Monday evening that individual citizens of European countries had the right to know whether their personal information had been part of intelligence gathering “on a large scale.” In the letter, seen Tuesday by the International Herald Tribune, she also asked what avenues were available to Europeans to find out whether they had been spied on, and whether they would be treated similarly to U.S. citizens in such cases. “Given the gravity of the situation and the serious concerns expressed in public opinion on this side of the Atlantic, you will understand that I will expect swift and concrete answers,” Mrs. Reding wrote.

Speaking for a continent where snooping carries ghastly echoes of fascist or communist regimes, Mrs. Reding challenged Mr. Holder to answer a list of detailed questions by Friday, when they are expected to speak face-to-face in Dublin at a ministerial meeting scheduled before the Prism spy operation came to light. In Berlin, where Mr. Obama will speak next week before the Brandenburg Gate, privacy is a highly sensitive political issue and the Prism revelations have stirred a furor. “You can be sure that this will be one of the things the chancellor addresses when President Obama is in Germany,” said Steffen Seibert, spokesman for Angela Merkel, who grew up in the former Communist East.

Recent revelations about the extent of surveillance by the U.S. National Security Agency come as no surprise to those with a technical background in the workings of digital communications. The leaked documents show how the NSA has taken advantage of the increased use of digital communications and cloud services, coupled with outdated privacy laws, to expand and streamline their surveillance programs. This is a predictable response to the shrinking cost and growing efficiency of surveillance brought about by new technology. The extent to which technology has reduced the time and cost necessary to conduct surveillance should play an important role in our national discussion of this issue.

What we have learned about the NSA’s capabilities suggests a move toward programmatic, automated surveillance previously unfathomable due to limitations of computing speed, scale, and cost. Technical advances have both reduced the barriers to surveillance and increased the NSA’s capacity for it. We need to remember that this is a trend with a firm lower bound. Once the cost of surveillance reaches zero we will be left with our outdated laws as the only protection. Whatever policy actions are taken as a result of the recent leaks should address the fact that technical barriers such as cost and speed offer dwindling protection from unwarranted government surveillance domestically and abroad.

Beginning more than 50 years ago, and extending over the period from 1957 to 1978, according to official U.S. government records and studies, more than 300 kilograms of uranium 235 (U-235) in the form of highly enriched uranium (HEU) went missing from a nuclear fuel manufacturing plant in the small town of Apollo, Pennsylvania. The Atomic Energy Commission (AEC) concluded in 1966 that there was about a 200-kilogram deficit between the U-235 in the form of HEU supplied to the plant and the amount returned in products to customers. After the AEC and its Oak Ridge office calculated the processing losses based on NUMEC’s records, they determined that the fate of about 100 kilograms of U-235 in the form of HEU remained unexplained. NUMEC paid for the missing material, but later disputed the AEC calculations, maintaining that the unexplained 100 kgs could be attributed to other processing losses. After decommissioning of the Apollo plant, more than 330 kgs of U-235 in the form of HEU were unaccounted for, with most of that deficit occurring while NUMEC ran the plant. For decades there have been allegations and suspicions that foreign agents, perhaps aided by American citizens, diverted a significant fraction of NUMEC’s unexplained uranium deficits to Israel for its nuclear-weapons program. Because of the high stakes involved, the affair has been clouded in denial and concealment for nearly a half century. Several recent books and articles, including a book by this Briefing Book’s primary author, Stealing the Atom Bomb: How Denial and Deception Armed Israel, have attempted to account for what is known and what is still a mystery.[1] Using recently declassified documents published today for the first time by the National Security Archive and the Nuclear Proliferation International History Project, this Electronic Briefing Book aims to make more widely available to the public the fascinating information that has been declassified so far.

Thirty years after the Chernobyl nuclear accident, there’s still a significant threat of radiation from the crumbling remains of Reactor 4. But an innovative, €1.5 billion super-structure is being built to prevent further releases, giving an elegant engineering solution to one of the ugliest disasters known to man. Since the disaster that directly killed at least 31 people and released large quantities of radiation, the reactor has been encased in a tomb of steel-reinforced concrete. Usually buildings of this kind can be protected from corrosion and environmental damage through regular maintenance. But because of the hundreds of tonnes of highly radioactive material inside the structure, maintenance hasn’t been possible. Water dripping from the sarcophagus roof has become radioactive and leaks into the soil on the reactor floor, birds have been sighted in the roof space. Every day, the risk of the sarcophagus collapsing increases, along with the risk of another widespread release of radioactivity to the environment. Thanks to the sarcophagus, up to 80% of the original radioactive material left after the meltdown remains in the reactor. If it were to collapse, some of the melted core, a lava-like material called corium, could be ejected into the surrounding area in a dust cloud, as a mixture of highly radioactive vapour and tiny particles blown in the wind. The key substances in this mixture are iodine-131, which has been linked to thyroid cancer, and cesium-137, which can be absorbed into the body, with effects ranging from radiation sickness to death depending on the quantity inhaled or ingested.

With repair of the existing sarcophagus deemed impossible because of the radiation risks, a new structure designed to last 100 years is now being built. This “new safe confinement” will not only safely contain the radioactivity from Reactor 4, but also enable the sarcophagus and the reactor building within to be safely taken apart. This is essential if potential future releases of radioactivity, 100 years or more into the future, are to be prevented. Construction of the steel arch-shaped structure began in 2010 and is currently scheduled for completion in 2017. At 110 metres tall with a span of 260 metres, the confinement structure will be large enough to house St Paul’s Cathedral or two Statues of Liberty on top of one another. But the major construction challenges are not down to size alone.

Privacy may not be the only casualty of the National Security Agency’s massive surveillance program. Major sectors of the US economy are reporting financial damage as the recent revelations shake consumer confidence and US trade partners distance themselves from companies that may have been compromised by the NSA or, worse, are secretly collaborating with the spy agency. Member of Congress, especially those who champion America’s competitiveness in the global marketplace, should take note and rein in the NSA now if they want to stem the damage.

The fallout may worsen. One study released shortly after the first Edward Snowden leaks said the economy would lose $22 to $35 billion in the next three years. Another study by Forrester said the $35 billion estimate was too low and pegged the real loss figure around $180 billion for the US tech industry by 2016.

Members of Congress who care about the US economy should take note: the companies losing their competitive edge due to NSA surveillance are mainstream economic drivers. Just as their constituents are paying attention, so are the customers who vote with their dollars. As Sen. Ron Wyden remarked last month, “If a foreign enemy was doing this much damage to the economy, people would be in the streets with pitchforks.”

The Privacy and Civil Liberties Oversight Board (PCLOB) voted 4–1 yesterday to conduct reviews of how Executive Order 12333 is used in counterterrorism investigations by the CIA and NSA. The PCLOB’s plan to investigate two surveillance programs conducted under the wide-ranging executive order will result in three reports — two classified, one public — that it hopes to complete by the end of this year. Rachel Brand, the sole board member to vote against the plan, did so largely because the public proposed reports will focus on the legal framework and adequacy of EO 12333’s privacy and civil liberties protections. She expressed concern that the report might make judgments about the whole of EO 12333 activities based on information about only two programs. But EO 12333 and its implementation are clouded in secrecy. The public knows very little about the activities that are conducted according to its terms. Such activities are usually conducted with very little congressional oversight. Examining two discrete sets of activities conducted under its auspices seems like a perfect place to start the process of informing the public about how EO 12333 is understood and used by the executive branch to conduct intelligence activities that fall largely outside of other independent oversight mechanisms.

What beats me is why more Democrats aren’t deeply troubled by the legacy of Clinton’s foreign policy blunder in Honduras. Maybe you’ve forgotten what happened in that small country in the first year of the Obama administration — more on that in a moment. But surely you’ve noticed the ugly wave of xenophobia greeting a growing number of Central American child refugees arriving on our southern border. Some of President Barack Obama’s supporters are trying to blame this immigration crisis on the Bush administration because of an anti-trafficking law George W. signed in 2008 specifically written to protect Central American children that preceded an uptick in their arrivals. But which country is the top source of kids crossing the border? Honduras, home to the world’s highest murder rate, Latin America’s worst economic inequality, and a repressive U.S.-backed government. When Honduran military forces allied with rightist lawmakers ousted democratically elected President Manuel Zelaya in 2009, then-Secretary of State Clinton sided with the armed forces and fought global pressure to reinstate him.

Washington wields great influence over Honduras, thanks to the numerous military bases built with U.S. funds where training and joint military and anti-drug operations take place. Since the coup, nearly $350 million in U.S. assistance, including more than $50 million in military aid has poured into the country. That’s a lot of investment in a nation where the police, the military, and private security forces are killing people with alarming frequency and impunity, according to Human Rights Watch. In short, desperate Honduran children are seeking refuge from a human rights nightmare that would cast a dark cloud over Clinton’s presidential bid right now if the media were paying any attention. That wouldn’t give Republicans a big advantage, of course. Until they stop alienating a majority of female voters and communities of color, I find it hard to see the party of Mitt Romney and John McCain winning the White House.

Given the Democratic Party’s demographic edge, progressives have nothing to lose by seizing on the GOP field’s weakness and pressing for a viable alternative to another Clinton administration. Senator Elizabeth Warren could prove a contender. Unfortunately, the consumer-rights firebrand and Massachusetts Democrat lacks any foreign policy experience. And foreign policy is no afterthought these days. Israel — the recipient of $3.1 billion a year in U.S. military aid — is waging a ground war in Gaza, and the stakes in the Russia-Ukraine conflict just grew following the downing of that Malaysia Airlines jet. Plus, Iraq is growing more violent and unstable once more. On all these issues, Clinton is more hawkish than most of the Democratic base. But other Democrats with a wide range of liberal credentials and foreign policy expertise are signaling some interest in running, especially if Clinton ultimately sits out the race. Even if Clinton does win in 2016, a serious progressive primary challenge could help shape her presidency. As more and more Honduran kids cross our border in search of a safe haven, voters should take a good look at her track record at the State Department and reconsider the inevitability of another Clinton administration.

U.S. technology companies are in danger of losing more business to foreign competitors if the National Security Agency’s power to spy on customers isn’t curbed, researchers with the New America Foundation said in a report today. The report, by the foundation’s Open Technology Institute, called for prohibiting the NSA from collecting data in bulk, while letting companies report more details about what information they give the government. Senate legislation introduced today would fulfill some recommendations by the institute, a Washington-based advocacy group that has been critical of NSA programs.