Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged cyber-spying

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Canadian Spies Collect Domestic Emails in Secret Security Sweep - The Intercept - 0 views

firstlook.org/...ony-express-email-surveillance

surveillance state Canada CSE bulk-collection email

shared by Paul Merrell on 27 Feb 15 - No Cached
  • Canada’s electronic surveillance agency is covertly monitoring vast amounts of Canadians’ emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada’s equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats.
  • Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation — exposing the controversial details the government withheld from the public. Under Canada’s criminal code, CSE is not allowed to eavesdrop on Canadians’ communications. But the agency can be granted special ministerial exemptions if its efforts are linked to protecting government infrastructure — a loophole that the Snowden documents show is being used to monitor the emails. The latest revelations will trigger concerns about how Canadians’ private correspondence with government employees are being archived by the spy agency and potentially shared with police or allied surveillance agencies overseas, such as the NSA. Members of the public routinely communicate with government employees when, for instance, filing tax returns, writing a letter to a member of parliament, applying for employment insurance benefits or submitting a passport application.
  • Chris Parsons, an internet security expert with the Toronto-based internet think tank Citizen Lab, told CBC News that “you should be able to communicate with your government without the fear that what you say … could come back to haunt you in unexpected ways.” Parsons said that there are legitimate cybersecurity purposes for the agency to keep tabs on communications with the government, but he added: “When we collect huge volumes, it’s not just used to track bad guys. It goes into data stores for years or months at a time and then it can be used at any point in the future.” In a top-secret CSE document on the security operation, dated from 2010, the agency says it “processes 400,000 emails per day” and admits that it is suffering from “information overload” because it is scooping up “too much data.” The document outlines how CSE built a system to handle a massive 400 terabytes of data from Internet networks each month — including Canadians’ emails — as part of the cyber operation. (A single terabyte of data can hold about a billion pages of text, or about 250,000 average-sized mp3 files.)
  • ...1 more annotation...
  • The agency notes in the document that it is storing large amounts of “passively tapped network traffic” for “days to months,” encompassing the contents of emails, attachments and other online activity. It adds that it stores some kinds of metadata — data showing who has contacted whom and when, but not the content of the message — for “months to years.” The document says that CSE has “excellent access to full take data” as part of its cyber operations and is receiving policy support on “use of intercepted private communications.” The term “full take” is surveillance-agency jargon that refers to the bulk collection of both content and metadata from Internet traffic. Another top-secret document on the surveillance dated from 2010 suggests the agency may be obtaining at least some of the data by covertly mining it directly from Canadian Internet cables. CSE notes in the document that it is “processing emails off the wire.”
  • Paul Merrell on 27 Feb 15
     
    " CANADIAN SPIES COLLECT DOMESTIC EMAILS IN SECRET SECURITY SWEEP BY RYAN GALLAGHER AND GLENN GREENWALD @rj_gallagher@ggreenwald YESTERDAY AT 2:02 AM SHARE TWITTER FACEBOOK GOOGLE EMAIL PRINT POPULAR EXCLUSIVE: TSA ISSUES SECRET WARNING ON 'CATASTROPHIC' THREAT TO AVIATION CHICAGO'S "BLACK SITE" DETAINEES SPEAK OUT WHY DOES THE FBI HAVE TO MANUFACTURE ITS OWN PLOTS IF TERRORISM AND ISIS ARE SUCH GRAVE THREATS? NET NEUTRALITY IS HERE - THANKS TO AN UNPRECEDENTED GUERRILLA ACTIVISM CAMPAIGN HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE Canada's electronic surveillance agency is covertly monitoring vast amounts of Canadians' emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada's equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats. Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation - exposing the controversial details the government withheld from the public. Under Canada's criminal code, CSE is no
Paul Merrell

The U.S. Government's Secret Plans to Spy for American Corporations - The Intercept - 0 views

firstlook.org/...-benefit-american-corporations

surveillance-state DNI economic-espionage technology Clapper lies

shared by Paul Merrell on 08 Sep 14 - No Cached
  • Throughout the last year, the U.S. government has repeatedly insisted that it does not engage in economic and industrial espionage, in an effort to distinguish its own spying from China’s infiltrations of Google, Nortel, and other corporate targets. So critical is this denial to the U.S. government that last August, an NSA spokesperson emailed The Washington Post to say (emphasis in original): “The department does ***not*** engage in economic espionage in any domain, including cyber.” After that categorical statement to the Post, the NSA was caught spying on plainly financial targets such as the Brazilian oil giant Petrobras; economic summits; international credit card and banking systems; the EU antitrust commissioner investigating Google, Microsoft, and Intel; and the International Monetary Fund and World Bank. In response, the U.S. modified its denial to acknowledge that it does engage in economic spying, but unlike China, the spying is never done to benefit American corporations.
  • In a graphic describing an “illustrative example,” the report heralds “technology acquisition by all means.” Some of the planning relates to foreign superiority in surveillance technology, but other parts are explicitly concerned with using cyber-espionage to bolster the competitive advantage of U.S. corporations. The report thus envisions a scenario in which companies from India and Russia work together to develop technological innovation, and the U.S. intelligence community then “conducts cyber operations” against “research facilities” in those countries, acquires their proprietary data, and then “assesses whether and how its findings would be useful to U.S. industry” (click on image to enlarge):
  • One of the principal threats raised in the report is a scenario “in which the United States’ technological and innovative edge slips”— in particular, “that the technological capacity of foreign multinational corporations could outstrip that of U.S. corporations.” Such a development, the report says “could put the United States at a growing—and potentially permanent—disadvantage in crucial areas such as energy, nanotechnology, medicine, and information technology.” How could U.S. intelligence agencies solve that problem? The report recommends “a multi-pronged, systematic effort to gather open source and proprietary information through overt means, clandestine penetration (through physical and cyber means), and counterintelligence” (emphasis added). In particular, the DNI’s report envisions “cyber operations” to penetrate “covert centers of innovation” such as R&D facilities.
  • ...3 more annotations...
  • Director of National Intelligence James Clapper, for instance, responded to the Petrobras revelations by claiming: “It is not a secret that the Intelligence Community collects information about economic and financial matters…. What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of—or give intelligence we collect to—U.S. companies to enhance their international competitiveness or increase their bottom line.” But a secret 2009 report issued by Clapper’s own office explicitly contemplates doing exactly that. The document, the 2009 Quadrennial Intelligence Community Review—provided by NSA whistleblower Edward Snowden—is a fascinating window into the mindset of America’s spies as they identify future threats to the U.S. and lay out the actions the U.S. intelligence community should take in response. It anticipates a series of potential scenarios the U.S. may face in 2025, from a “China/Russia/India/Iran centered bloc [that] challenges U.S. supremacy” to a world in which “identity-based groups supplant nation-states,” and games out how the U.S. intelligence community should operate in those alternative futures—the idea being to assess “the most challenging issues [the U.S.] could face beyond the standard planning cycle.”
  • he report describes itself as “an essential long-term piece, looking out between 10 and 20 years” designed to enable ”the IC [to] best posture itself to meet the range of challenges it may face.” Whatever else is true, one thing is unmistakable: the report blithely acknowledges that stealing secrets to help American corporations secure competitive advantage is an acceptable future role for U.S. intelligence agencies. In May, the U.S. Justice Department indicted five Chinese government employees on charges that they spied on U.S. companies. At the time, Attorney General Eric Holder said the spying took place “for no reason other than to advantage state-owned companies and other interests in China,” and “this is a tactic that the U.S. government categorically denounces.” But the following day, The New York Times detailed numerous episodes of American economic spying that seemed quite similar. Harvard Law School professor and former Bush Justice Department official Jack Goldsmith wrote that the accusations in the indictment sound “a lot like the kind of cyber-snooping on firms that the United States does.” But U.S. officials continued to insist that using surveillance capabilities to bestow economic advantage for the benefit of a country’s corporations is wrong, immoral, and illegal.
  • Yet this 2009 report advocates doing exactly that in the event that ”that the technological capacity of foreign multinational corporations outstrip[s] that of U.S. corporations.” Using covert cyber operations to pilfer “proprietary information” and then determining how it ”would be useful to U.S. industry” is precisely what the U.S. government has been vehemently insisting it does not do, even though for years it has officially prepared to do precisely that.
  • Paul Merrell on 08 Sep 14
     
    DNI James Clapper caught telling another whopper. 
Paul Merrell

New Cyber-Spying Discovery Points to NSA and the "Five Eyes" - WhoWhatWhy - 0 views

whowhatwhy.org/...discovery-points-nsa-five-eyes

surveillance state NSA 5-Eyes Regin cyberwar cyber-spying

shared by Paul Merrell on 01 Feb 15 - No Cached
  • here’s yet another tantalizing clue that the National Security Agency and its “Five Eyes” allies are behind a poweful cyber-espionage tool called Regin, used to spy on friend and enemy alike. That’s the conclusion Russian cybersecurity firm Kaspersky drew after examining the source code of Regin and an innocuously-named spying tool called QWERTY. It’s an appropriate monicker. The malware, known as a keylogger,  vacuums up anything typed on a computer keyboard and sends it back to the programmer controlling it. The crucial clue Kaspersky found is that QWERTY “can only operate as part of the Regin platform.” After tracking Regin across 14 countries for years, Kaspersky and technology firm Symantec identified it in November 2014.  At the time, Symantec said Regin’s “capabilities and the level of resources behind [it] indicate that it is one of the main cyberespionage tools used by a nation state.” 
  • Though neither company said it, suspicion immediately arose that the NSA and its allies had created Regin. It immediately drew comparisons with Stuxnet, the joint U.S.-Israeli computer worm used to damage Iranian nuclear centrifuges in Natanz in 2009. Unlike Stuxnet’s narrow mission of sabotage, Regin is designed for spying in a wide set of environments. It hides in plain sight, disguised as ordinary Microsoft software.
  • The new evidence further points to the Five Eyes. The German news magazine Der Spiegel has a trove of documents from NSA whistleblower Edward Snowden, which included the source code. Der Spiegel gave Kaspersky the code to examine: The new analysis provides clear proof that Regin is in fact the cyber-attack platform belonging to the Five Eyes alliance, which includes the U.S., Britain, Canada, Australia and New Zealand. Neither Kaspersky nor Symantec commented directly on the likely creator of Regin. But there can be little room left for doubt regarding the malware’s origin. Der Spiegel pointed to five elements they believe suggest Five Eyes authorship: the presence of QWERTY in Snowden’s files, its use in the Belgacom hack by Britain’s GCHQ, references to the sport of cricket in the code, structural similarities to tools outlined in other Snowden documents, and targets consistent with other Five Eyes tools and campaigns.
  • ...1 more annotation...
  • Regin has been used to spy on telecom providers, financial institutions, energy companies, airlines, research institutes and the hospitality industry, and on European Union officials. The 14 countries found to have been penetrated include Russia, Malaysia, Afghanistan, and Fiji. Even though the trail is hot now, security experts say that Regin is still out there committing wholesale espionage. That’s because parts of it like QWERTY help mask other components. Like any good spy, it’s constantly changing disguises.
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 0 views

theintercept.com/...ck-web-users-online-identities

surveillance state GCHQ Black-Hole

shared by Paul Merrell on 27 Sep 15 - No Cached
  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-based Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s networks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as “bulk personal datasets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datasets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to — pulling back the veil of secrecy that has shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE.
  • As of September 2012, TEMPORA was collecting “more than 40 billion pieces of content a day” and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic passes through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” was transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databases.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitor communications in foreign countries as well as British citizens’ international calls and emails — for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its report that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “last modified” date of July 2012. The document adds that analysts are free to search the databases for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such as a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata has been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reason” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency classes as metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated as content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated as metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be “corrosive towards democracy” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched for data on British citizens, one document states, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “worse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
Paul Merrell

BBC News - Australia sites hacked amid spying row with Indonesia - 0 views

www.bbc.co.uk/...world-asia-25029261

surveillance state 5-eyes Australia Indonesia targets-Indonesia

shared by Paul Merrell on 22 Nov 13 - No Cached
  • A member of Anonymous Indonesia said the group carried out the cyber attacks Continue reading the main story Spy leaks How intelligence is gathered History of spying NSA secrets failure 'Five eyes' club Hackers have attacked the websites of the Australian police and Reserve Bank amid an ongoing row over reports Canberra spied on Jakarta officials. The row has heightened diplomatic tensions between the allies and sparked protests in Indonesia. Indonesia has suspended military co-operation with Australia and recalled its ambassador over the allegations. A top Australian adviser has also come under fire for several tweets critical of Indonesia's handling of the row. Reports of the spying allegations came out in Australian media from documents leaked by whistleblower Edward Snowden.
  • The leaked documents showed that Australian spy agencies named Indonesian President Susilo Bambang Yudhoyono, the first lady, the vice-president and other senior ministers as targets for telephone monitoring, Australian media said. The alleged spying took place in 2009, under the previous Australian government. "It is not possible that we can continue our co-operation when we are still uncertain that there is no spying towards us," Mr Yudhoyono said on Wednesday. He added he would also write to Australian Prime Minister Tony Abbott to seek an official explanation over spying allegations. Mr Abbot has said he regretted the embarrassment the media reports have caused. However, he also said that he does not believe Australia "should be expected to apologise for reasonable intelligence-gathering operations"
  • The Australian Federal Police (AFP) and Australia's Reserve Bank confirmed that their sites were victims of a cyber attack on Wednesday night.
  • ...2 more annotations...
  • The Reserve Bank also said its website was "the subject of a denial of service attack". "The bank has protections for its website, so the bank website remains secure," a spokesman added. Australian media identified a Twitter user who described herself as a member of Anonymous Indonesia and appeared to claim responsibility for the attack. The user wrote: "I am ready for this war!" and said she would conduct further attacks unless there was an apology from the Australian government for the alleged spying. Twitter outburst
  • Meanwhile, Mark Textor, a campaign strategist who advised Australian Prime Minister Tony Abbott's Liberal Party came under fire for a series of provocative tweets that criticised Indonesia's handling of the spying row. Mr Textor wrote in a Twitter post: "Apology demanded from Australia by a bloke who looks like a 1970's Pilipino [sic] porn star and has ethics to match". The tweet has since been deleted. Australian media widely reported that he was referring to Indonesian Foreign Minister Marty Natalegawa, who has called for an apology from Australia over the spying claims.
  • Paul Merrell on 22 Nov 13
     
    Edward Snowden's leak continues to roil international relations.
Gary Edwards

The Stunning Hypocrisy of the U.S. Government - BlackListedNews.com - 1 views

www.blacklistednews.com/...M.html

NSA-Patriot-Act-NDAA Edward-Snowden hypocrisy

shared by Gary Edwards on 24 Jun 13 - No Cached
  • Please read this rather good summary in this morning’s New York Times of the worldwide debate Snowden has enabled – how these disclosures have “set off a national debate over the proper limits of government surveillance” and “opened an unprecedented window on the details of surveillance by the NSA, including its compilation of logs of virtually all telephone calls in the United States and its collection of e-mails of foreigners from the major American Internet companies, including Google, Yahoo, Microsoft, Apple and Skype” – and ask yourself: has Snowden actually does anything to bring “injury to the United States”, or has he performed an immense public service?
  • The irony is obvious: the same people who are building a ubiquitous surveillance system to spy on everyone in the world, including their own citizens, are now accusing the person who exposed it of “espionage”.
  • It seems clear that the people who are actually bringing “injury to the United States” are those who are waging war on basic tenets of transparency and secretly constructing a mass and often illegal and unconstitutional surveillance apparatus aimed at American citizens – and those who are lying to the American people and its Congress about what they’re doing – rather than those who are devoted to informing the American people that this is being done.
  • ...13 more annotations...
  • The Obama administration leaks classified information continuously. They do it to glorify the President, or manipulate public opinion, or even to help produce a pre-election propaganda film about the Osama bin Laden raid.
  • The Obama administration does not hate unauthorized leaks of classified information. They are more responsible for such leaks than anyone.
  • What they hate are leaks that embarrass them or expose their wrongdoing.
  • The “enemy” they’re seeking to keep ignorant with selective and excessive leak prosecutions are not The Terrorists or The Chinese Communists.
  • It’s the American people.
  • The people who have learned things they didn’t already know are American citizens who have no connection to terrorism or foreign intelligence, as well as hundreds of millions of citizens around the world about whom the same is true.
  • What they have learned is that the vast bulk of this surveillance apparatus is directed not at the Chinese or Russian governments or the Terrorists, but at them.
  • And that is precisely why the US government is so furious and will bring its full weight to bear against these disclosures.
  • What has been “harmed” is not the national security of the US but the ability of its political leaders to work against their own citizens and citizens around the world in the dark, with zero transparency or real accountability.
  • If anything is a crime, it’s that secret, unaccountable and deceitful behavior: not the shining of light on it.
  • At a press conference to discuss the accusations, an N.S.A. spokesman surprised observers by announcing the spying charges against Mr. Snowden with a totally straight face. “These charges send a clear message,” the spokesman said. “In the United States, you can’t spy on people.”
  • “The American people have the right to assume that their private documents will remain private and won’t be collected by someone in the government for his own purposes.”
  • “Only by bringing Mr. Snowden to justice can we safeguard the most precious of American rights: privacy,” added the spokesman, apparently serious.
  • Gary Edwards on 24 Jun 13
     
    Extremely well linked story from "Washington's Blog" excerpt: "The Government's Hypocrisy Is the Core Problem Congress has exempted itself from the prohibition against trading on inside information … the law that got Martha Stewart and many other people thrown in jail. There are many other ways in which the hypocrisy of the politicians in D.C. are hurting our country. Washington politicians say we have to slash basic services, and yet waste hundreds of billions of dollars on counter-productive boondoggles.  If the politicos just stopped throwing money at corporate welfare queens, military and security boondoggles and pork, harmful quantitative easing, unnecessary nuclear subsidies,  the failed war on drugs, and other wasted and counter-productive expenses, we wouldn't need to impose austerity on the people. The D.C. politicians said that the giant failed banks couldn't be nationalized, because that would be socialism.  Instead of temporarily nationalizing them and then spinning them off to the private sector - or breaking them up - the politicians have bailed them out to the tune of many tens of billions of dollars each year, and created a system where all of the profits are privatized, and all of the losses socialized. Obama and Congress promised help for struggling homeowners, and passed numerous bills that they claimed would rescue the little guy.  But every single one of these bills actually bails out the banks … and doesn't really help the homeowner. The D.C. regulators pretend that they are being tough on the big banks, but are actually doing everything they can to help cover up their sins. Many have pointed out Obama's hypocrisy in slamming Bush's spying programs … and then expanding them  (millions more). And in slamming China's cyber-warfare … while doing the same thing. And - while the Obama administration is spying on everyone in the country - it is at the same time the most secretive administration ever (ba
Paul Merrell

Snowden Docs: British Spies Used Sex and 'Dirty Tricks' - NBC News.com - 0 views

www.nbcnews.com/...s-used-sex-dirty-tricks-n23091

surveillance state GCHQ NSA-targets NSA-methods cyberwarfare Greenwald

shared by Paul Merrell on 09 Feb 14 - No Cached
  • ritish spies have developed “dirty tricks” for use against nations, hackers, terror groups, suspected criminals and arms dealers that include releasing computer viruses, spying on journalists and diplomats, jamming phones and computers, and using sex to lure targets into “honey traps.”Documents taken from the National Security Agency by Edward Snowden and exclusively obtained by NBC News describe techniques developed by a secret British spy unit called the Joint Threat Research and Intelligence Group (JTRIG) as part of a growing mission to go on offense and attack adversaries ranging from Iran to the hacktivists of Anonymous. According to the documents, which come from presentations prepped in 2010 and 2012 for NSA cyber spy conferences, the agency’s goal was to “destroy, deny, degrade [and] disrupt” enemies by “discrediting” them, planting misinformation and shutting down their communications. advertisement Both PowerPoint presentations describe “Effects” campaigns that are broadly divided into two categories: cyber attacks and propaganda operations. The propaganda campaigns use deception, mass messaging and “pushing stories” via Twitter, Flickr, Facebook and YouTube. JTRIG also uses “false flag” operations, in which British agents carry out online actions that are designed to look like they were performed by one of Britain’s adversaries.
  • ritish spies have developed “dirty tricks” for use against nations, hackers, terror groups, suspected criminals and arms dealers that include releasing computer viruses, spying on journalists and diplomats, jamming phones and computers, and using sex to lure targets into “honey traps.”Documents taken from the National Security Agency by Edward Snowden and exclusively obtained by NBC News describe techniques developed by a secret British spy unit called the Joint Threat Research and Intelligence Group (JTRIG) as part of a growing mission to go on offense and attack adversaries ranging from Iran to the hacktivists of Anonymous. According to the documents, which come from presentations prepped in 2010 and 2012 for NSA cyber spy conferences, the agency’s goal was to “destroy, deny, degrade [and] disrupt” enemies by “discrediting” them, planting misinformation and shutting down their communications.
  • In connection with this report, NBC is publishing documents that Edward Snowden took from the NSA before fleeing the U.S., which can be viewed by clicking here and here. The documents are being published with minimal redactions.
  • Paul Merrell on 09 Feb 14
     
    Glenn Greenwald adds another dollop to the brew. 
Paul Merrell

The Stunning Hypocrisy of the U.S. Government | Washington's Blog - 0 views

www.washingtonsblog.com/...-hypocrisy-versus-honesty.html

surveillance state NSA hypocricy

shared by Paul Merrell on 25 Jun 13 - No Cached
  • Congress has exempted itself from the prohibition against trading on inside information … the law that got Martha Stewart and many other people thrown in jail. There are many other ways in which the hypocrisy of the politicians in D.C. is hurting our country. Washington politicians say we have to slash basic services, and yet waste hundreds of billions of dollars on counter-productive boondoggles. If the politicos just stopped throwing money at corporate welfare queens, military and security boondoggles and pork, harmful quantitative easing, unnecessary nuclear subsidies, the failed war on drugs, and other wasted and counter-productive expenses, we wouldn’t need to impose austerity on the people. The D.C. politicians said that the giant failed banks couldn’t be nationalized, because that would be socialism. Instead of temporarily nationalizing them and then spinning them off to the private sector – or breaking them up – the politicians have bailed them out to the tune of many tens of billions of dollars each year, and created a system where all of the profits are privatized, and all of the losses socialized. Obama and Congress promised help for struggling homeowners, and passed numerous bills that they claimed would rescue the little guy. But every single one of these bills actually bails out the banks … and doesn’t really help the homeowner.
  • The Federal Reserve promises to do everything possible to reduce unemployment. But its policies are actually destroying jobs. Many D.C. politicians pay lip service to helping the little guy … while pushing policies which have driven inequality to levels surpassing slave-owning societies. The D.C. regulators pretend that they are being tough on the big banks, but are actually doing everything they can to help cover up their sins. Many have pointed out Obama’s hypocrisy in slamming Bush’s spying programs … and then expanding them (millions more). And in slamming China’s cyber-warfare … while doing the same thing. And – while the Obama administration is spying on everyone in the country – it is at the same time the most secretive administration ever (background). That’s despite Obama saying he’s running the most transparent administration ever.
  • Glenn Greenwald – the Guardian reporter who broke the NSA spying revelations – has documented for many years the hypocritical use of leaks by the government to make itself look good … while throwing the book at anyone who leaks information embarrassing to the government. Greenwald notes today: Prior to Barack Obama’s inauguration, there were a grand total of three prosecutions of leakers under the Espionage Act (including the prosecution of Dan Ellsberg by the Nixon DOJ). That’s because the statute is so broad that even the US government has largely refrained from using it. But during the Obama presidency, there are now seven such prosecutions: more than double the number under all prior US presidents combined.
  • ...3 more annotations...
  • The irony is obvious: the same people who are building a ubiquitous surveillance system to spy on everyone in the world, including their own citizens, are now accusing the person who exposed it of “espionage”. It seems clear that the people who are actually bringing “injury to the United States” are those who are waging war on basic tenets of transparency and secretly constructing a mass and often illegal and unconstitutional surveillance apparatus aimed at American citizens – and those who are lying to the American people and its Congress about what they’re doing – rather than those who are devoted to informing the American people that this is being done.
  • Similarly, journalists who act as mere stenographers for the government who never criticize in more than a superficial fashion are protected and rewarded … but reporters who actually report on government misdeeds are prosecuted and harassed. Further, the biggest terrorism fearmongers themselves actually support terrorism. And see this. In the name of fighting terrorism, the U.S. has been directly supporting Al Qaeda and other terrorists and providing them arms, money and logistical support in Syria, Libya, Mali, Bosnia, Chechnya, Iran, and many other countries … both before and after 9/11. And see this. The American government has long labeled foreigners as terrorists for doing what America does. Moreover, government officials may brand Americans as potential terrorists if they peacefully protest, complain about the taste of their water, or do any number of other normal, all-American things.
  • This is especially hypocritical given that liberals like Noam Chomsky and conservatives like the director of the National Security Agency under Ronald Reagan (Lt. General William Odom) all say that the American government is the world’s largest purveyor of terrorism. As General Odom noted: Because the United States itself has a long record of supporting terrorists and using terrorist tactics, the slogans of today’s war on terrorism merely makes the United States look hypocritical to the rest of the world. These are just a couple of ways in which the D.C. politicians are hypocrites.
Paul Merrell

EU votes to support suspending U.S. data sharing agreements, including passenger flight... - 0 views

www.zdnet.com/ssenger-flight-data-7000017677

surveillance state NSA blowback EU

shared by Paul Merrell on 06 Jul 13 - No Cached
  • The European Parliament on Thursday adopted a joint, cross-party resolution to begin investigations into widespread surveillance of Europeans by the U.S. National Security Agency (NSA). Read this EU to vote to suspend U.S. data sharing agreements, passenger records amid NSA spying scandal Read more In the vote, 483 voted for the resolution, 98 against, and 65 abstained on a vote that called on the U.S. to suspend and review any laws and surveillance programs that "violate the fundamental right of EU citizens to privacy and data protection," as well as Europe's "sovereignty and jurisdiction." The vote also gave backing to the suspension of data sharing deals between the two continents, should the European Commission take action against its U.S. ally.
  • The U.S. government faces continued criticism and pressure from its international allies following news that its intelligence agencies spied on foreign nationals under its so-called PRISM program. The U.K. government was also embroiled in the NSA spying saga, after its signals intelligence intercepting station GCHQ tapped submarine fiber optic cables under its own secret program, code named Tempora. Reuters reported on Wednesday that the Commission is examining whether the U.K. broke EU law, which could lead to fines imposed by the highest court in Europe.
  • Should the Commission decide it necessary to suspend the data sharing agreement of passenger details — including personal and sensitive individual data — it could ultimately lead to the grounding of flights between the EU and the U.S. Dutch MEP Sophie in 't Veld said in a statement after the vote: "We must consider now if the PNR and SWIFT agreements are still tenable in the circumstances." Critics say PNR data has never helped catch a suspected criminal or terrorist before. SWIFT data sharing, which provides U.S. authorities with secure banking details in a bid to crack down on terrorist financing, could also be suspended. A spokesperson for the D66 delegation in Brussels confirmed by email that the English version of the joint motion is "the right one and is leading," despite claims that there were "translation error[s]" between the different versions of the joint resolution.
  • ...3 more annotations...
  • Members of the European Parliament (MEPs) in a plenary session in Strasbourg voted in favor of a section of the resolution that called on the Commission to "give consideration to all the instruments at their disposal in discussions and negotiations with the U.S. [...] including the possible suspension of the passenger name record (PNR) and terrorist finance tracking program (TFTP) agreements."
  • An EU source familiar with proceedings confirmed that the Commission now has the authority from the Parliament to suspend PNR and TFTP, but it falls at the Commission's discretion. Resolutions passed by the Parliament are not legally binding, but give backing to the Commission should the executive body wish to enact measures against a foreign power or entity. A Commission spokesperson confirmed that there are "no deadlines" on deciding whether it will follow up on the Parliament's resolution.
  • The Parliament's Civil Liberties, Justice and Home Affairs committee was given the authority by Thursday's vote to set up an inquiry to gather evidence from both U.S. and EU sources to assess the impact of the surveillance activities on EU citizens' fundamental right to privacy and data protection.
Paul Merrell

Senate majority whip: Cyber bill will have to wait until fall | TheHill - 0 views

thehill.com/...l-will-have-to-wait-until-fall

surveillance state CISA legislation digital-privacy

shared by Paul Merrell on 30 Jul 15 - No Cached
  • Senate Majority Whip John Cornyn (R-Texas) on Tuesday said the upper chamber is unlikely to move on a stalled cybersecurity bill before the August recess.Senate Republican leaders, including Cornyn, had been angling to get the bill — known as the Cybersecurity Information Sharing Act (CISA) — to the floor this month.ADVERTISEMENTBut Cornyn said that there is simply too much of a time crunch in the remaining legislative days to get to the measure, intended to boost the public-private exchange of data on hackers.  “I’m sad to say I don’t think that’s going to happen,” he told reporters off the Senate floor. “The timing of this is unfortunate.”“I think we’re just running out time,” he added.An aide for Senate Majority Leader Mitch McConnell (R-Ky.) said he had not committed to a specific schedule after the upper chamber wraps up work in the coming days on a highway funding bill.Cornyn said Senate leadership will look to move on the bill sometime after the legislature returns in September from its month-long break.
  • The move would delay yet again what’s expected to be a bruising floor fight about government surveillance and digital privacy rights.“[CISA] needs a lot of work,” Sen. Patrick Leahy (D-Vt.), who currently opposes the bill, told The Hill on Tuesday. “And when it comes up, there’s going to have to be a lot of amendments otherwise it won’t pass.”Despite industry support, broad bipartisan backing, and potentially even White House support, CISA has been mired in the Senate for months over privacy concerns.Civil liberties advocates worry the bill would create another venue for the government’s intelligence wing to collect sensitive data on Americans only months after Congress voted to rein in surveillance powers.But industry groups and many lawmakers insist a bolstered data exchange is necessary to better understand and counter the growing cyber threat. Inaction will leave government and commercial networks exposed to increasingly dangerous hackers, they say.Sen. Ron Wyden (D-Ore.), who has been leading the chorus opposing the bill, rejoiced Tuesday after hearing of the likely delay.
  • “I really want to commend the advocates for the tremendous grassroots effort to highlight the fact that this bill was badly flawed from a privacy standpoint,” he told The Hill.Digital rights and privacy groups are blanketing senators’ offices this week with faxes and letters in an attempt to raise awareness of bill’s flaws.“Our side has picked up an enormous amount of support,” Wyden said.Wyden was the only senator to vote against CISA in the Senate Intelligence Committee. The panel approved the measure in March by a 14-1 vote and it looked like CISA was barrelling toward the Senate floor.After the House easily passed its companion pieces of legislation, CISA’s odds only seemed better.But the measure got tied up in the vicious debate over the National Security Agency's (NSA) spying powers that played out throughout April and May.“It’s like a number of these issues, in the committee the vote was 14-1, everyone says, ‘oh, Ron Wyden opposes another bipartisan bill,’” Wyden said Tuesday. “And I said, ‘People are going to see that this is a badly flawed bill.’”
  • ...2 more annotations...
  • CISA backers hoped that the ultimate vote to curb the NSA’s surveillance authority might quell some of the privacy fears surrounding CISA, clearing a path to passage. But numerous budget debates and the Iranian nuclear deal have chewed up much of the Senate’s floor time throughout June and July.  Following the devastating hacks at the Office of Personnel Management (OPM), Senate Republican leaders tried to jump CISA in the congressional queue by offering its language as an amendment to a defense authorization bill.Democrats — including the bill’s original co-sponsor Sen. Dianne Feinstein (D-Calif.) — revolted, angry they could not offer amendments to CISA’s language before it was attached to the defense bill.Cornyn on Tuesday chastised Democrats for stalling a bill that many of them favor.“As you know, Senate Democrats blocked that before on the defense authorization bill,” Cornyn said. “So we had an opportunity to do it then.”Now it’s unclear when the Senate will have another opportunity.When it does, however, CISA could have the votes to get through.
  • There will be vocal opposition from senators like Wyden and Leahy, and potentially from anti-surveillance advocates like Sens. Rand Paul (R-Ky.), Mike Lee (R-Utah) and Dean Heller (R-Nev.).But finding 40 votes to block the bill completely will be a difficult task.Wyden said he wouldn’t “get into speculation” about whether he could gather the support to stop CISA altogether.“I’m pleased about the progress that we’ve made,” he said.
  • Paul Merrell on 30 Jul 15
     
    NSA and crew decide to delay and try later with CISA. The Internet strikes back again.
Paul Merrell

Protocols of the Hackers of Zion? « LobeLog - 0 views

www.lobelog.com/otocols-of-the-hackers-of-zion

surveillance state Israel cyber-spying Iran-negotiations

shared by Paul Merrell on 12 Jun 15 - No Cached
  • When Israeli Prime Minister Benjamin Netanyahu met with Google chairman Eric Schmidt on Tuesday afternoon, he boasted about Israel’s “robust hi-tech and cyber industries.” According to The Jerusalem Post, “Netanyahu also noted that ‘Israel was making great efforts to diversify the markets with which it is trading in the technological field.'” Just how diversified and developed Israeli hi-tech innovation has become was revealed the very next morning, when the Russian cyber-security firm Kaspersky Labs, which claims more than 400 million users internationally, announced that sophisticated spyware with the hallmarks of Israeli origin (although no country was explicitly identified) had targeted three European hotels that had been venues for negotiations over Iran’s nuclear program.
  • Wednesday’s Wall Street Journal, one of the first news sources to break the story, reported that Kaspersky itself had been hacked by malware whose code was remarkably similar to that of a virus attributed to Israel. Code-named “Duqu” because it used the letters DQ in the names of the files it created, the malware had first been detected in 2011. On Thursday, Symantec, another cyber-security firm, announced it too had discovered Duqu 2 on its global network, striking undisclosed telecommunication sites in Europe, North Africa, Hong Kong, and  Southeast Asia. It said that Duqu 2 is much more difficult to detect that its predecessor because it lives exclusively in the memory of the computers it infects, rather than writing files to a drive or disk. The original Duqu shared coding with — and was written on the same platform as — Stuxnet, the computer worm  that partially disabled enrichment centrifuges in Iranian nuclear power plants, according to a 2012 report in The New York Times. Intelligence and military experts said that Stuxnet was first tested at Dimona, a nuclear-reactor complex in the Negev desert that houses Israel’s own clandestine nuclear weapons program. While Stuxnet is widely believed to have been a joint Israeli-U.S. operation, Israel seems to have developed and implemented Duqu on its own.
  • Coding of the spyware that targeted two Swiss hotels and one in Vienna—both sites where talks were held between the P5+1 and Iran—so closely resembled that of Duqu that Kaspersky has dubbed it “Duqu 2.” A Kaspersky report contends that the new and improved Duqu would have been almost impossible to create without access to the original Duqu code. Duqu 2’s one hundred “modules” enabled the cyber attackers to commandeer infected computers, compress video feeds  (including those from hotel surveillance cameras), monitor and disrupt telephone service and Wi-Fi, and steal electronic files. The hackers’ penetration of computers used by the front desk would have allowed them to determine the room numbers of negotiators and delegation members. Duqu 2 also gave the hackers the ability to operate two-way microphones in the hotels’ elevators and control their alarm systems.
Paul Merrell

Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views

firstlook.org/...nsa-gchq-targeted-kaspersky

surveillance state NSA GCHQ anti-virus-software

shared by Paul Merrell on 23 Jun 15 - No Cached
  • The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
  • The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
  • The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
  • ...9 more annotations...
  • The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report. The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
  • According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
  • Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
  • The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.” After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
  • The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
  • As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
  • Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware. Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
  • Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers. He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
  • Documents published with this article: Kaspersky User-Agent Strings — NSA Project CAMBERDADA — NSA NDIST — GCHQ’s Developing Cyber Defence Mission GCHQ Application for Renewal of Warrant GPW/1160 Software Reverse Engineering — GCHQ Reverse Engineering — GCHQ Wiki Malware Analysis & Reverse Engineering — ACNO Skill Levels — GCHQ
Paul Merrell

Leaked docs show spyware used to snoop on US computers | Ars Technica - 0 views

arstechnica.com/...-used-to-snoop-on-us-computers

surveillance state Gamma-Group FinFisher zero-day-exploits Vupen-Security MSOffice MSIE Acrobat

shared by Paul Merrell on 10 Aug 14 - No Cached
  • Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
  • The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists, and activist groups. The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday. The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.
  • The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones. A price list included in the trove lists a license of the software at almost $4 million. The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer "exploits." Exploits include techniques called "zero days" for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more." Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.
  • ...2 more annotations...
  • Many of Gamma's product brochures have previously been published by the Wall Street Journal and Wikileaks, but the latest trove shows how the products are getting more sophisticated. In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user's machine, and found that it could not be blocked by most antivirus software. Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker.
  • The documents also describe a "country-wide" surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target's computer. The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak. On Reddit, a user called PhineasFisher claimed responsibility for the leak. "Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents," the user wrote. The name on the @GammaGroupPR Twitter account is also "Phineas Fisher." GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company's malware was used to target activists in Bahrain. In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.
Paul Merrell

Interview with NSA Experts on US Spying in Germany - SPIEGEL ONLINE - 0 views

www.spiegel.de/...pying-in-germany-a-979215.html

surveillance-state NSA Drake Radack Snowden

shared by Paul Merrell on 06 Jul 14 - No Cached
  • In a SPIEGEL interview, Edward Snowden's lawyer, Jesselyn Radack, and former NSA contractor Thomas Drake discuss the reasons behind the American spying agency's obssession with collecting data.
  • In a SPIEGEL interview, Edward Snowden's lawyer, Jesselyn Radack, and former NSA contractor Thomas Drake discuss the reasons behind the American spying agency's obssession with collecting data.
  • In its current issue, SPIEGEL conducted two interviews it hopes will contribute to the debate. The first is with two major critics of the NSA's work -- human rights activist and lawyer Jesselyn Radack, who represents Snowden, and former spy Thomas Drake. The second interview is with John Podesta, a special advisor to United States President Barack Obama.
  • ...1 more annotation...
  • SPIEGEL: You yourself worked as a spy for the NSA. What made you become a whistleblower? Drake: It was only months after 9/11. Back then it became clear to me that in order to avoid another failure to protect people we just set aside the rules of law. The NSA violated our constitution by spying on its own people. Today, we have the greatest surveillance platform the world has ever seen. This is why I shudder. National security has become a state religion. They say they want to keep us safe, but from whom?
Paul Merrell

Tomgram: Pepe Escobar, The Tao of Containing China | TomDispatch - 0 views

www.tomdispatch.com/...2C_the_tao_of_containing_china

surveillance state NSA U.S. China economy foreign policy

shared by Paul Merrell on 21 Jun 13 - No Cached
  • Sun Tzu, the ancient author of The Art of War, must be throwing a rice wine party in his heavenly tomb in the wake of the shirtsleeves California love-in between President Obama and President Xi Jinping. "Know your enemy" was, it seems, the theme of the meeting. Beijing was very much aware of -- and had furiously protested -- Washington’s deep plunge into China’s computer networks over the past 15 years via a secretive NSA unit, the Office of Tailored Access Operations (with the apt acronym TAO). Yet Xi merrily allowed Obama to pontificate on hacking and cyber-theft as if China were alone on such a stage. Enter -- with perfect timing -- Edward Snowden, the spy who came in from Hawaii and who has been holed up in Hong Kong since May 20th. And cut to the wickedly straight-faced, no-commentary-needed take on Obama’s hacker army by Xinhua, the Chinese Communist Party’s official press service. With America’s dark-side-of-the-moon surveillance programs like Prism suddenly in the global spotlight, the Chinese, long blistered by Washington’s charges about hacking American corporate and military websites, were polite enough. They didn’t even bother to mention that Prism was just another node in the Pentagon’s Joint Vision 2020 dream of “full spectrum dominance.” By revealing the existence of Prism (and other related surveillance programs), Snowden handed Beijing a roast duck banquet of a motive for sticking with cyber-surveillance. Especially after Snowden, a few days later, doubled down by unveiling what Xi, of course, already knew -- that the National Security Agency had for years been relentlessly hacking both Hong Kong and mainland Chinese computer networks.
  • But the ultimate shark fin’s soup on China’s recent banquet card was an editorial in the Communist Party-controlled Global Times.  “Snowden,” it acknowledged, “is a ‘card’ that China never expected,” adding that “China is neither adept at nor used to playing it.” Its recommendation: use the recent leaks “as evidence to negotiate with the U.S.” It also offered a warning that “public opinion will turn against China’s central government and the Hong Kong SAR [Special Administrative Region] government if they choose to send [Snowden] back.” With a set of cyber-campaigns -- from cyber-enabled economic theft and espionage to the possibility of future state-sanctioned cyber-attacks -- evolving in the shadows, it’s hard to spin the sunny “new type of great power relationship” President Xi suggested for the U.S. and China at the recent summit. It’s the (State) Economy, Stupid The unfolding Snowden cyber-saga effectively drowned out the Obama administration’s interest in learning more about Xi’s immensely ambitious plans for reconfiguring the Chinese economy -- and how to capture a piece of that future economic pie for American business. Essential to those plans is an astonishing investment of $6.4 trillion by China’s leadership in a drive to “urbanize” the economy yet further by 2020.
  • Paul Merrell on 21 Jun 13
     
    Lengthy political analysis by the sterling Pepe Escobar on China/U.S. relations and Chinese President Xi Jinping's goals for the future of China during his period of national leadership. He leads with the impact of the NSA scandal, but goes on to paint a far more detailed picture of China's role in international policy, economic progress, and economic plans being executed. This is a must-read for China-watchers. As always, Pepe provides a lively read.
Paul Merrell

Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise - The Intercept - 0 views

firstlook.org/...-nsa-gchq-rely-intel-expertise

surveillance state NSA-targets hackers

shared by Paul Merrell on 05 Feb 15 - No Cached
  • The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.
  • By looking out for hacking conducted “both by state-sponsored and freelance hackers” and riding on the coattails of hackers, Western intelligence agencies have gathered what they regard as valuable content: Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers’ sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect. The hackers targeted a wide range of diplomatic corps, human rights and democracy activists and even journalists: INTOLERANT traffic is very organized. Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim – it helps herd victims and track which attacks succeed and which fail. Victim categories make INTOLERANT interesting: A = Indian Diplomatic & Indian Navy B = Central Asian diplomatic C = Chinese Human Rights Defenders D = Tibetan Pro-Democracy Personalities E = Uighur Activists F = European Special Rep to Afghanistan and Indian photo-journalism G = Tibetan Government in Exile
  • In those cases, the NSA and its partner agencies in the United Kingdom and Canada were unable to determine the identity of the hackers who collected the data, but suspect a state sponsor “based on the level of sophistication and the victim set.” In instances where hacking may compromise data from the U.S. and U.K. governments, or their allies, notification was given to the “relevant parties.” In a separate document, GCHQ officials discuss plans to use open source discussions among hackers to improve their own knowledge. “Analysts are potentially missing out on valuable open source information relating to cyber defence because of an inability to easily keep up to date with specific blogs and Twitter sources,” according to one document. GCHQ created a program called LOVELY HORSE to monitor and index public discussion by hackers on Twitter and other social media. The Twitter accounts designated for collection in the 2012 document:
  • ...3 more annotations...
  • These accounts represent a cross section of the hacker community and security scene. In addition to monitoring multiple accounts affiliated with Anonymous, GCHQ monitored the tweets of Kevin Mitnick, who was sent to prison in 1999 for various computer and fraud related offenses. The U.S. Government once characterized Mitnick as one of the world’s most villainous hackers, but he has since turned security consultant and exploit broker. Among others, GCHQ monitored the tweets of reverse-engineer and Google employee, Thomas Dullien. Fellow Googler Tavis Ormandy, from Google’s vulnerability research team Project Zero, is featured on the list, along with other well known offensive security researchers, including Metasploit’s HD Moore and James Lee (aka Egypt) together with Dino Dai Zovi and Alexander Sotirov, who at the time both worked for New York-based offensive security company, Trail of Bits (Dai Zovi has since taken up a position at payment company, Square). The list also includes notable anti-forensics and operational security expert “The Grugq.” GCHQ monitored the tweets of former NSA agents Dave Aitel and Charlie Miller, and former Air Force intelligence officer Richard Bejtlich as well as French exploit vendor, VUPEN (who sold a one year subscription for its binary analysis and exploits service to the NSA in 2012).
  • Documents published with this article: LOVELY HORSE – GCHQ Wiki Overview INTOLERANT – Who Else Is Targeting Your Target? Collecting Data Stolen by Hackers – SIDtoday  HAPPY TRIGGER/LOVELY HORSE/Zool/TWO FACE – Open Source for Cyber Defence/Progress NATO Civilian Intelligence Council – Cyber Panel – US Talking Points
  • The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.
Paul Merrell

U.S. accuses China of cyber spying on American companies | Reuters - 0 views

www.reuters.com/...sa-china-idUSBREA4I09420140519

surveillance state cyberwar China DoJ Holder

shared by Paul Merrell on 20 May 14 - No Cached
  • The United States on Monday charged five Chinese military officers and accused them of hacking into American nuclear, metal and solar companies to steal trade secrets, ratcheting up tensions between the two world powers over cyber espionage. China immediately denied the charges, saying in a strongly worded Foreign Ministry statement the U.S. grand jury indictment was "made up" and would damage trust between the two nations.Officials in Washington have argued for years that cyber espionage is a top national security concern. The indictment was the first criminal hacking charge that the United States has filed against specific foreign officials, and follows a steady increase in public criticism and private confrontation, including at a summit last year between U.S. President Barack Obama and Chinese President Xi Jinping.
  • Federal prosecutors said the suspects targeted companies including Alcoa Inc, Allegheny Technologies Inc, United States Steel Corp, Toshiba Corp unit Westinghouse Electric Co, the U.S. subsidiaries of SolarWorld AG, and a steel workers' union.
  • According to the indictment, Chinese state-owned companies "hired" Unit 61398 of the People's Liberation Army "to provide information technology services" including assembling a database of corporate intelligence. The Chinese companies were not named.The Shanghai-based Unit 61398 was identified last year by cybersecurity firm Mandiant as the source of a large number of espionage operations. All five defendants worked with 61398, according to the indictment.
  • ...4 more annotations...
  • U.S. officials have maintained that they do not steal secrets to give an advantage to U.S. companies, but in China, Lewis said, the line between military and business prowess is unclear.Unit 61398 has hundreds of active spies and is just one of dozens of such bodies in China, said Jen Weedon, an analyst at Mandiant, now owned by global network security company FireEye Inc. She said the group is not among the most sophisticated.
  • Washington announced the charges as new claims emerged last week about the scope of overseas spying by the United States. Documents leaked by Snowden showed the agency intercepted and modified equipment made by Cisco Systems Inc that was headed overseas.Cisco responded by asking Obama to curtail U.S. surveillance programs, underscoring the vulnerability of multinationals to a whipsaw of competing government interests.
  • Skeptics said U.S. authorities would not be able to arrest those indicted because Beijing would not hand them over. Still, the move would prevent the individuals from traveling to the United States or other countries that have an extradition agreement with the United States.
  • In an indictment filed in the Western District of Pennsylvania, prosecutors said the officers hacked into computers starting in 2006, often by infecting machines with tainted "spear phishing" emails to employees that purport to be from colleagues.Prosecutors alleged that one hacker, for example, stole cost and pricing information in 2012 from an Oregon-based solar panel production unit of SolarWorld. The company was losing market share at the time to Chinese competitors who were systematically pricing exports below production costs, according to the indictment.Another officer is accused of stealing technical and design specifications about pipes for nuclear plants from Westinghouse Electric as the company was negotiating with a Chinese company to build four power plants in China, prosecutors said.
  • Paul Merrell on 20 May 14
     
    Yesterday I watched the DoJ press conference announcing charges. This article does not capture its spirit. AG Ben Holder faced stiff questions directed by attending reporters. One of the first questions went something like this: "Is it true that the U.S. has extradition treaty with China and these defendants will never be actually prosecuted, and if so, what's the real reason for the charges?" Others raised the hypocrisy of the U.S. move in light of what the NSA has been doing. Holder ducked the tough questions  The press conference was a farce and too many of the reporters realized it. Recall that Obama was days away from traveling to China with the announced purpose of chastising its leader for waging cyberesionage against the U.S. when the first Edward Snowden pulled the moral high ground from beneath Obama's feet. This stunt looks more like it was designed to lesson the government pain by promoting Obama's "everyone does it" meme.   Also not mentioned in this article, at the press confernence the five defendants were identified as generals in the Chinese Army. Might we see China respond by charging a few former and present NSA generals with cyber-espionage? Fun and games on the Beltway. 
Paul Merrell

Director Of National Intelligence Confirms Smart Devices May Be Used To Spy On Americans - 0 views

www.mintpressnews.com/...213635

surveillance state NSA Clapper Internet-of-things

shared by Paul Merrell on 11 Feb 16 - No Cached
  • Director of National Intelligence James Clapper stated to the Senate Armed Services Committee that the Internet of Things (IoT) — so-called “smart” devices, vehicles, and appliances which employ various computer technologies — may be used to spy and keep tabs on people in the future. “In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper’s prepared testimony claimed. Though his remarks were ostensibly, and not surprisingly, directed toward the fight against ‘terrorism,’ the potential implications for all civilians cannot be ignored — particularly considering the IoT comprises everything from smart cars and fitness tracking devices to televisions and Barbie dolls. Clapper warns the threat from Russia, China, Iran, North Korea, and such non-state actors as ISIL and al-Qaeda. can be expected in the form of cyber attacks, gathering information about individuals, and even psy-ops, which make the IoT vulnerable to malicious intent — and ideal for U.S. intelligence-gathering purposes. “Future cyber operations will almost certainly include an increased emphasis on changing or manipulating data to compromise its integrity (i.e., accuracy and reliability) … Broader adoption of IoT devices and AI [artificial intelligence] — in settings such as public utilities and health care — will only exacerbate these potential effects,” said Clapper.
  • No matter the possible veracity in concerns of National Intelligence, the agency’s desire to thwart terrorism with an exponential increase in surveillance should be disquieting to all civilians wishing to maintain a modicum of privacy. As researchers with the Berkman Center for Internet & Society at Harvard warned in their recent report, Don’t Panic: “The Internet of Things promises a new frontier for networking objects, machines, and environments in ways that we [are] just beginning to understand. When, say, a television has a microphone and a network connection, and is reprogrammable by its vendor, it could be used to listen in to one side of a telephone conversation taking place in its room — no matter how encrypted the telephone service itself might be. These forces are on a trajectory towards a future with more opportunities for surveillance.” In fact, the Nest is a home automation producer of programmable, self-learning, sensor-driven, Wi-Fi-enabled thermostats, smoke detectors, and other security systems. It’s also one of the devices can be used to spy on people in their homes. Clapper’s testimony carefully constructs a potential legal justification for expanding surveillance via, say, your dishwasher, in his assertion that homegrown violent extremists — who have now earned an acronym, HVEs — present the greatest looming threat inside the United States. According to his remarks:
Paul Merrell

Operation Socialist: How GCHQ Spies Hacked Belgium's Largest Telco - 0 views

firstlook.org/...elgacom-hack-gchq-inside-story

surveillance state GCHQ NSA Regin-malware Belgacom

shared by Paul Merrell on 15 Dec 14 - No Cached
  • When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”
  • The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear. Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation. Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom, The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.
  • When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”
  • ...7 more annotations...
  • Snowden told The Intercept that the latest revelations amounted to unprecedented “smoking-gun attribution for a governmental cyber attack against critical infrastructure.” The Belgacom hack, he said, is the “first documented example to show one EU member state mounting a cyber attack on another…a breathtaking example of the scale of the state-sponsored hacking problem.”
  • Publicly, Belgacom has played down the extent of the compromise, insisting that only its internal systems were breached and that customers’ data was never found to have been at risk. But secret GCHQ documents show the agency gained access far beyond Belgacom’s internal employee computers and was able to grab encrypted and unencrypted streams of private communications handled by the company. Belgacom invested several million dollars in its efforts to clean-up its systems and beef-up its security after the attack. However, The Intercept has learned that sources familiar with the malware investigation at the company are uncomfortable with how the clean-up operation was handled—and they believe parts of the GCHQ malware were never fully removed.
  • The revelations about the scope of the hacking operation will likely alarm Belgacom’s customers across the world. The company operates a large number of data links internationally (see interactive map below), and it serves millions of people across Europe as well as officials from top institutions including the European Commission, the European Parliament, and the European Council. The new details will also be closely scrutinized by a federal prosecutor in Belgium, who is currently carrying out a criminal investigation into the attack on the company. Sophia in ’t Veld, a Dutch politician who chaired the European Parliament’s recent inquiry into mass surveillance exposed by Snowden, told The Intercept that she believes the British government should face sanctions if the latest disclosures are proven.
  • What sets the secret British infiltration of Belgacom apart is that it was perpetrated against a close ally—and is backed up by a series of top-secret documents, which The Intercept is now publishing.
  • Between 2009 and 2011, GCHQ worked with its allies to develop sophisticated new tools and technologies it could use to scan global networks for weaknesses and then penetrate them. According to top-secret GCHQ documents, the agency wanted to adopt the aggressive new methods in part to counter the use of privacy-protecting encryption—what it described as the “encryption problem.” When communications are sent across networks in encrypted format, it makes it much harder for the spies to intercept and make sense of emails, phone calls, text messages, internet chats, and browsing sessions. For GCHQ, there was a simple solution. The agency decided that, where possible, it would find ways to hack into communication networks to grab traffic before it’s encrypted.
  • The Snowden documents show that GCHQ wanted to gain access to Belgacom so that it could spy on phones used by surveillance targets travelling in Europe. But the agency also had an ulterior motive. Once it had hacked into Belgacom’s systems, GCHQ planned to break into data links connecting Belgacom and its international partners, monitoring communications transmitted between Europe and the rest of the world. A map in the GCHQ documents, named “Belgacom_connections,” highlights the company’s reach across Europe, the Middle East, and North Africa, illustrating why British spies deemed it of such high value.
  • Documents published with this article: Automated NOC detection Mobile Networks in My NOC World Making network sense of the encryption problem Stargate CNE requirements NAC review – October to December 2011 GCHQ NAC review – January to March 2011 GCHQ NAC review – April to June 2011 GCHQ NAC review – July to September 2011 GCHQ NAC review – January to March 2012 GCHQ Hopscotch Belgacom connections
Paul Merrell

A Zombie Bill Comes Back to Life: A Look at The Senate's Cybersecurity Information Shar... - 0 views

www.eff.org/...y-information-sharing-act-2014

surveillance state NSA legislation Cybersecurity Bill Feinstein

shared by Paul Merrell on 12 Jul 14 - No Cached
  • The Senate Intelligence Committee recently introduced the Cybersecurity Information Sharing Act of 2014. It’s the fourth time in four years that Congress has tried to pass "cybersecurity" legislation. Unfortunately, the newest Senate bill is one of the worst yet. Cybersecurity bills aim to facilitate information sharing between companies and the government, but they always seem to come with broad immunity clauses for companies, vague definitions, and aggressive spying powers. Given such calculated violence to users' privacy rights, it’s no surprise that these bills fail every year. What is a surprise is that the bills keep coming back from the dead. Last year, President Obama signed Executive Order 13636 (EO 13636) directing the Department of Homeland Security (DHS) to expand current information sharing programs that are far more privacy protective than anything seen in recent cybersecurity bills. Despite this, members of Congress like Rep. Mike Rogers and Senator Dianne Feinstein keep on introducing bills that would destroy these privacy protections and grant new spying powers to companies.
  • Aside from its redundancy, the Senate's bill grants two new authorities to companies. First, the bill authorizes companies to launch countermeasures for a "cybersecurity purpose" against a "cybersecurity threat." "Cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of the information system. Combined, the two definitions could be read by companies to permit attacks on machines that unwittingly contribute to network congestion. The countermeasures clause will increasingly militarize the Internet—a prospect that may appeal to some "active defense" (aka offensive) cybersecurity companies, but does not favor the everyday user. Second, the bill adds a new authority for companies to monitor information systems to protect an entity's rights or property. Here again, the broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information, which is also called “cyber threat indicators,” freely with government agencies like the NSA.
  • Such sharing will occur because under this bill, DHS would no longer be the lead agency making decisions about the cybersecurity information received, retained, or shared to companies or within the government. Its new role in the bill mandates DHS send information to agencies like the NSA—"in real-time and simultaneous[ly]." DHS is even barred from "delay[ing]" or "interfer[ing]" with the information, which ensures that DHS's current privacy protections won’t be applied to the information. The provision is ripe for improper and over-expansive information sharing. This leads to a question: What stops your sensitive personal information from being shared by companies to the government? Almost nothing. Companies must only remove personally identifiable information if the information is known to be US person information and not directly related to the threat. Such a willful blindness approach is inappropriate. Further, the bill does not even impose this weak minimization requirement on information shared by, and within, the government (including federal, state, local, and tribal governments) thereby allowing the government to share information containing personally identifiable information. The bill should require deletion of all information not directly related to a threat.
  • ...2 more annotations...
  • Once the information is sent to a government agency, it can use the information for reasons other than for cybersecurity purposes. One clause even allows the information to be used to prosecute violations of the Espionage Act—a World War I era law that was meant to prosecute spies but has been used in recent years primarily to go after journalists’ sources. The provisions grant the government far too much leeway in how to use the information for non-cybersecurity purposes. The public won’t even know what information is being collected, shared, or used because the bill will exempt all of it from disclosure under the Freedom of Information Act.
  • The bill also retains near-blanket immunity for companies to monitor information systems, to share information, and to use countermeasures. The high bar immunizes an incredible amount of activity, including negligent damage to property and may deprive private entities of legal recourse if a computer security contractor is at fault for destruction of property. Existing private rights of action for violations of the Wiretap Act, Stored Communications Act, and the Computer Fraud and Abuse Act would be precluded or at least sharply restricted by the clause. It remains to be seen why such immunity is needed when just a few months ago, the FTC and DOJ noted they would not prosecute companies for sharing such information. It's also unclear because we continue to see companies freely share information among each other and with the government both publicly via published reports and privately.
1 - 20 of 55 Next › Last »
Showing 20 items per page