Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged routers

Rss Feed Group items tagged

Paul Merrell

Glenn Greenwald: how the NSA tampers with US-made internet routers | World news | The G... - 0 views

  • The NSA has been covertly implanting interception tools in US servers heading overseas – even though the US government has warned against using Chinese technology for the same reasons, says Glenn Greenwald, in an extract from his new book about the Snowden affair, No Place to Hide
  • For years, the US government loudly warned the world that Chinese routers and other internet devices pose a "threat" because they are built with backdoor surveillance functionality that gives the Chinese government the ability to spy on anyone using them. Yet what the NSA's documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing.
  • The Rogers committee voiced fears that the two companies were enabling Chinese state surveillance, although it acknowledged that it had obtained no actual evidence that the firms had implanted their routers and other systems with surveillance devices. Nonetheless, it cited the failure of those companies to cooperate and urged US firms to avoid purchasing their products
  • ...3 more annotations...
  • The constant accusations became such a burden that Ren Zhengfei, the 69-year-old founder and CEO of Huawei, announced in November 2013 that the company was abandoning the US market. As Foreign Policy reported, Zhengfei told a French newspaper: "'If Huawei gets in the middle of US-China relations,' and causes problems, 'it's not worth it'."
  • But while American companies were being warned away from supposedly untrustworthy Chinese routers, foreign organisations would have been well advised to beware of American-made ones. A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft … is very hands-on (literally!)".Eventually, the implanted device connects back to the NSA. The report continues: "In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network."
  • Warning the world about Chinese surveillance could have been one of the motives behind the US government's claims that Chinese devices cannot be trusted. But an equally important motive seems to have been preventing Chinese devices from supplanting American-made ones, which would have limited the NSA's own reach. In other words, Chinese routers and servers represent not only economic competition but also surveillance competition.
Paul Merrell

How the NSA Plans to Infect 'Millions' of Computers with Malware - The Intercept - 0 views

  • Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.
  • The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices. In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations. But the NSA recognized that managing a massive network of implants is too big a job for humans alone.
  • “One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”
  • ...10 more annotations...
  • TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.” In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations. The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)
  • But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.
  • The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes. One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer. An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer. The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption. It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.
  • Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications. Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.
  • Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations. Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers. The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.” The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”
  • Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network. According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds. There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious. Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.
  • To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second. In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.
  • The TURBINE implants system does not operate in isolation. It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.
  • The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England. The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet. When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack. The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter. Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.
  • Documents published with this article: Menwith Hill Station Leverages XKeyscore for Quantum Against Yahoo and Hotmail Five Eyes Hacking Large Routers NSA Technology Directorate Analysis of Converged Data Selector Types There Is More Than One Way to Quantum NSA Phishing Tactics and Man in the Middle Attacks Quantum Insert Diagrams The NSA and GCHQ’s QUANTUMTHEORY Hacking Tactics TURBINE and TURMOIL VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN Industrial-Scale Exploitation Thousands of Implants
  •  
    *Very* long article. Only small portions quoted.
Paul Merrell

Catalog Reveals NSA Has Back Doors for Numerous Devices - SPIEGEL ONLINE - 0 views

  • When it comes to modern firewalls for corporate computer networks, the world's second largest network equipment manufacturer doesn't skimp on praising its own work. According to Juniper Networks' online PR copy, the company's products are "ideal" for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class." Despite these assurances, though, there is one attacker none of these products can fend off -- the United States' National Security Agency.
  • Specialists at the intelligence organization succeeded years ago in penetrating the company's digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.
  • The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA's department for Tailored Access Operations (TAO). In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet. Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.
  • ...3 more annotations...
  • These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them. This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000. In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."
  • The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access. Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.
  • Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" -- in other words, over the Internet. Others require a direct attack on an end-user device -- an "interdiction," as it is known in NSA jargon -- in order to install malware or bugging equipment. There is no information in the documents seen by SPIEGEL to suggest that the companies whose products are mentioned in the catalog provided any support to the NSA or even had any knowledge of the intelligence solutions. "Cisco does not work with any government to modify our equipment, nor to implement any so-called security 'back doors' in our products," the company said in a statement. Contacted by SPIEGEL reporters, officials at Western Digital, Juniper Networks and Huawei also said they had no knowledge of any such modifications. Meanwhile, Dell officials said the company "respects and complies with the laws of all countries in which it operates." Many of the items in the software solutions catalog date from 2008, and some of the target server systems that are listed are no longer on the market today. At the same time, it's not as if the hackers within the ANT division have been sleeping on the job. They have continued to develop their arsenal. Some pages in the 2008 catalog, for example, list new systems for which no tools yet exist. However, the authors promise they are already hard at work developing new tools and that they will be "pursued for a future release."
  •  
    Oh, great. My router and all of my hard drives have NSA backdoors in them. And my BIOS on the Linux box may be infected with a backdoor. What are the odds that NSA has not developed similar capability for the UEFI on our two newer Windows boxes? 
Paul Merrell

Comcast is turning your Xfinity router into a public Wi-Fi hotspot - Dwight Silverman's... - 0 views

  • Some time on Tuesday afternoon, about 50,000 Comcast Internet customers in Houston will become part of a massive public Wi-Fi hotspot network, a number that will swell to 150,000 by the end of June. Comcast will begin activating a feature in its Arris Touchstone Telephony Wireless Gateway Modems that sets up a public Wi-Fi hotspot alongside a residential Internet customer’s private home network. Other Comcast customers will be able to log in to the hotspots for free using a computer, smartphone or other mobile device. And once they log into one, they’ll be automatically logged in to others when their devices “see” them. Comcast says the hotspot – which appears as “xfinitywifi” to those searching for a Wi-Fi connection – is completely separate from the home network. Someone accessing the Net through the hotspot can’t get to the computers, printers, mobile devices, streaming boxes and more sitting on the host network. Comcast officials also say that people using the Internet via the hotspot won’t slow down Internet access on the home network. Additional capacity is allotted to handle the bandwidth. You can read more about Comcast’s reason for doing this in my report on HoustonChronicle.com.
  • What’s interesting about this move is that, by default, the feature is being turned on without its subscribers’ prior consent. It’s an opt-out system – you have to take action to not participate. Comcast spokesman Michael Bybee said on Monday that notices about the hotspot feature were mailed to customers a few weeks ago, and email notifications will go out after it’s turned on. But it’s a good bet that this will take many Comcast customers by surprise. If you have one of these routers and don’t want to host a public Wi-Fi hotspot, here’s how to turn it off.
  • The additional capacity for public hotspot users is provided through a separate channel on the modem called a “service flow,” according to Comcast. But the speed of the connection reflects the tier of the subscriber hosting the hotspot. For example, if you connect to a hotspot hosted by a home user with a 25-Mbps connection, it will be slower than if you connect to a host system on the 50-Mbps tier.
  •  
    I didn't see this one coming. I've got a Comcast account and their Arris Gateway modem. In our area, several coffeehouses, etc., that already offered free wireless connections are now broadcasting Comcast Xfinity wireless. So I'm guessing that this is a planned rollout nationwide. 
Paul Merrell

NSA router bugging: Glenn Greenwald - 0 views

  • An excerpt of investigative reporter Glenn Greenwald's new book No Place to Hide published today in The Guardian asserts that the National Security Agency "routinely" bugs computer network equipment made in the United States and sent to customers abroad: A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers, and other computer network devices being exported from the US before they are delivered to the international customers. Advertisement The agency then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft … is very hands-on (literally!)". The excerpt doesn't say whether the bugging was done to entire shipments of equipment (as opposed to individual items ordered by specific surveillance targets).
Paul Merrell

Inside TAO: The NSA's Shadow Network - SPIEGEL ONLINE - 0 views

  • The insert method and other variants of QUANTUM are closely linked to a shadow network operated by the NSA alongside the Internet, with its own, well-hidden infrastructure comprised of "covert" routers and servers. It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with "implants" that then allow the government hackers to control the computers remotely. (Click here to read a related article on the NSA's "implants".) In this way, the intelligence service seeks to identify and track its targets based on their digital footprints. These identifiers could include certain email addresses or website cookies set on a person's computer. Of course, a cookie doesn't automatically identify a person, but it can if it includes additional information like an email address. In that case, a cookie becomes something like the web equivalent of a fingerprint.
  • Once TAO teams have gathered sufficient data on their targets' habits, they can shift into attack mode, programming the QUANTUM systems to perform this work in a largely automated way. If a data packet featuring the email address or cookie of a target passes through a cable or router monitored by the NSA, the system sounds the alarm. It determines what website the target person is trying to access and then activates one of the intelligence service's covert servers, known by the codename FOXACID. This NSA server coerces the user into connecting to NSA covert systems rather than the intended sites. In the case of Belgacom engineers, instead of reaching the LinkedIn page they were actually trying to visit, they were also directed to FOXACID servers housed on NSA networks. Undetected by the user, the manipulated page transferred malware already custom tailored to match security holes on the target person's computer. The technique can literally be a race between servers, one that is described in internal intelligence agency jargon with phrases like: "Wait for client to initiate new connection," "Shoot!" and "Hope to beat server-to-client response." Like any competition, at times the covert network's surveillance tools are "too slow to win the race." Often enough, though, they are effective. Implants with QUANTUMINSERT, especially when used in conjunction with LinkedIn, now have a success rate of over 50 percent, according to one internal document.
  • At the same time, it is in no way true to say that the NSA has its sights set exclusively on select individuals. Of even greater interest are entire networks and network providers, such as the fiber optic cables that direct a large share of global Internet traffic along the world's ocean floors. One document labeled "top secret" and "not for foreigners" describes the NSA's success in spying on the "SEA-ME-WE-4" cable system. This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India, all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle. The document proudly announces that, on Feb. 13, 2013, TAO "successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4)." With the help of a "website masquerade operation," the agency was able to "gain access to the consortium's management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network."
  • ...3 more annotations...
  • It appears the government hackers succeeded here once again using the QUANTUMINSERT method. The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure. But that was only the first step. "More operations are planned in the future to collect more information about this and other cable systems," it continues. But numerous internal announcements of successful attacks like the one against the undersea cable operator aren't the exclusive factors that make TAO stand out at the NSA. In contrast to most NSA operations, TAO's ventures often require physical access to their targets. After all, you might have to directly access a mobile network transmission station before you can begin tapping the digital information it provides.
  • To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren't connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour's work.
  • Sometimes it appears that the world's most modern spies are just as reliant on conventional methods of reconnaissance as their predecessors. Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer. These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."
  •  
    From page 3 of a 3-page article. The entire article is well worth reading. I chose this page to bookmark because of its disclosure that NSA is intercepting new computers before they are delivered and installing hardware and software backdoors, then reshipping them to their intended recipients. Although not mentioned, this implies the complicity of package shipment companies and conceivably government mail systems and original equipment manufacturers ("OEMs").  
Paul Merrell

Clipper chip - Wikipedia, the free encyclopedia - 0 views

  • The Clipper chip was not embraced by consumers or manufacturers and the chip itself was no longer relevant by 1996. The U.S. government continued to press for key escrow by offering incentives to manufacturers, allowing more relaxed export controls if key escrow were part of cryptographic software that was exported. These attempts were largely made moot by the widespread use of strong cryptographic technologies, such as PGP, which were not under the control of the U.S. government.
  •  
    But were the government attempts actually mooted? Or did they come up with other bribes for the OEMs to add NSA backdoors to their hardware? An inquiring world wishes to know. See http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html (NSA backdoors in routers and hard drives). 
Paul Merrell

DoctorBeet's Blog: LG Smart TVs logging USB filenames and viewing info to LG servers - 1 views

  • In fact, there is an option in the system settings called "Collection of watching info:" which is set ON by default.  This setting requires the user to scroll down to see it and, unlike most other settings, contains no "balloon help" to describe what it does.
  • At this point, I decided to do some traffic analysis to see what was being sent.  It turns out that viewing information appears to be being sent regardless of whether this option is set to On or Off.
  • Here you can clearly see that a unique device ID is transmitted, along with the Channel name "BBC NEWS" and a unique device ID. Here is another example of a viewing info packet.
  • ...5 more annotations...
  • This information appears to be sent back unencrypted and in the clear to LG every time you change channel, even if you have gone to the trouble of changing the setting above to switch collection of viewing information off. It was at this point, I made an even more disturbing find within the packet data dumps.  I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive.  To demonstrate this, I created a mock avi file and copied it to a USB stick.
  • This file didn't really contain "midget porn" at all, I renamed it to make sure it had a unique filename that I could spot easily in the data and one that was unlikely to come from a broadcast source. And sure enough, there is was...
  • Sometimes the names of the contents of an entire folder was posted, other times nothing was sent.  I couldn't determine what rules controlled this.
  • It would easily be possible to infer the presence of adult content or files that had been downloaded from file sharing sites. My wife was shocked to see our children's names being transmitted in the name of a Christmas video file that we had watched from USB.
  • So how can we prevent this from happening?  I haven't read the T&Cs but one thing I am sure about is that I own my router and have absolute jurisdiction of any traffic that I allow to pass, so I have compiled an initial list of internet domains that you can block to stop spying and advertising on TVs that we, as customers have actually paid for.
  •  
    So maybe buying a "smart tv" isn't so smart?
  •  
    Wow! I don't know what to say about this except that as incredible an intrusion as it is, I'm not surprised. I have a MOXI DVR that intercepts the cable feed, and takes control over the content sent to the Samsung TV. I purposely chose MOXI over the two-way cable-DVR boxes provided by Astound because I didn't want Astound collecting information. Now I find out the the the HD-TV provider is in position to snoop on me. I like the router solution though.
Paul Merrell

Edward Snowden: US government has been hacking Hong Kong and China for years | South Ch... - 0 views

  • US whistle-blower Edward Snowden yesterday emerged from hiding in Hong Kong and revealed to the South China Morning Post that he will stay in the city to fight likely attempts by his government to have him extradited for leaking state secrets. In an exclusive interview carried out from a secret location in the city, the former Central Intelligence Agency analyst also made explosive claims that the US government had been hacking into computers in Hong Kong and on the mainland for years.
  • Snowden believed there had been more than 61,000 NSA hacking operations globally, with hundreds of targets in Hong Kong and on the mainland. “We hack network backbones – like huge internet routers, basically – that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” he said.
  • Snowden's revelations threaten to test new attempts to build US-Sino bridges after a weekend summit in California between the nations' presidents, Barack Obama and Xi Jinping. If true, Snowden's allegations lend credence to China's longstanding position that it is as much a victim of hacking as a perpetrator, after Obama pressed Xi to rein in cyber-espionage by the Chinese military.
Paul Merrell

Glenn Greenwald: The NSA Can "Literally Watch Every Keystroke You Make" - 0 views

  • On Sunday, the German publication Der Spiegel revealed new details about secretive hacking—a secretive hacking unit inside the NSA called the Office of Tailored Access Operations, or TAO. The unit was created in 1997 to hack into global communications traffic. Still with us, Jameel Jaffer, deputy legal director of the ACLU, director of the ACLU’s Center for Democracy, and Glenn Greenwald, the journalist who first broke the story about Edward Snowden. Glenn, can you just talk about the revelations in Der Spiegel?
  • And one of the ways that they’re doing it is that they intercept products in transit, such as if you order a laptop or other forms of Internet routers or servers and the like, they intercept it in transit, open the box, implant the malware, factory-seal it and then send it back to the user. They also exploit weaknesses in Google and YouTube and Yahoo and other services, as well, in order to implant these devices. It’s unclear to what extent, if at all, the companies even know about it, let alone cooperate in it. But what is clear is that they’ve been able to compromise the physical machines themselves, so that it makes no difference what precautions you take in terms of safeguarding the sanctity of your online activity.
  • But we’ve actually been working, ourselves, on certain stories that should be published soon regarding similar interdiction efforts. And one of the things that I think is so amazing about this, Amy, is that the U.S. government has spent the last three or four years shrilly, vehemently warning the world that Chinese technology companies are unsafe to purchase products from, because they claim the Chinese government interdicts these products and installs surveillance, backdoors and other forms of malware onto the machinery so that when you get them, immediately your privacy is compromised. And they’ve actually driven Chinese firms out of the U.S. market and elsewhere with these kinds of accusations. Congress has convened committees to issue reports making these kind of accusations about Chinese companies. And yet, at the same time, the NSA is doing exactly that which they accuse these Chinese companies of doing. And there’s a real question, which is: Are these warnings designed to steer people away from purchasing Chinese products into the arms of the American industry so that the NSA’s ability to implant these devices becomes even greater, since now everybody is buying American products out of fear that they can no longer buy Chinese products because this will happen to them?
  • ...1 more annotation...
  • And the final thing I want to say is, you know, all this talk about amnesty for Edward Snowden, and it’s so important that the rule of law be applied to him, it’s really quite amazing. Here’s Michael Hayden. He oversaw the illegal warrantless eavesdropping program implemented under the Bush administration. He oversaw torture and rendition as the head of the CIA. James Clapper lied to the face of Congress. These are felonies at least as bad, and I would say much worse, than anything Edward Snowden is accused of doing, and yet they’re not prosecuted. They’re free to appear on television programs. The United States government in Washington constantly gives amnesty to its highest officials, even when they commit the most egregious crimes. And yet the idea of amnesty for a whistleblower is considered radical and extreme. And that’s why a hardened felon like Michael Hayden is free to walk around on the street and is treated on American media outlets as though he’s some learned, wisdom-drenched elder statesman, rather than what he is, which is a chronic criminal.
  •  
    Greenwald asks a very good question about the U.S. government accusing the Chinese government of cyber-espionage and the government's finding that Chinese-manufactured ware pose a security risk. Was that intended to drive people to purchase hardware that comes equipped with NSA backdoors? The flip side, of course, is whether the world should be beating feet to purchase their hardware from the Chinese in order to escape the NSA backdoors. Then there is the question of how those backdoors might have made their way into the hardware devices without the acquiescence of their manufacturers, who surely would have realized that their businesses might take enormous financial hits if knowledge of the backdoors became public? Bribing key staff? The manufacturers named in the Der Spiegel article surely are going to face some hard questions and they may face some very unhappy shareholders if their stock prices take a dive. It would be fun to see a shareholder's derivative class action against one of these companies for having acquiesced to NSA implantation of backdoors, leading to the disclosure and the fall in stock price. Caption the case as Wall Street, Inc. v. National Security Agency, dba Seagate Technology, PLC, then watch the feathers and blood fly.  "Seagate is the company the world trusts to store our lives - our files and photos, our libraries and histories, our science and progress."   Yes, and your stockholders trusted you not to endanger their investment by adding NSA backdoors in your products.
Paul Merrell

Your Computer May Already be Hacked - NSA Inside? | Steve Blank - 1 views

  • But while the interviewer focused on the Skype revelation, I thought the most interesting part was the other claim, “that the National Security Agency already had pre-encryption stage access to email on Outlook.”  Say what??  They can see the plaintext on my computer before I encrypt it? That defeats any/all encryption methods. How could they do that? Bypass Encryption While most outside observers think the NSA’s job is cracking encrypted messages, as the Prism disclosures have shown, the actual mission is simply to read all communications. Cracking codes is a last resort.
  • The NSA has a history of figuring out how to get to messages before or after they are encrypted. Whether it was by putting keyloggers on keyboards and recording the keystrokes or detecting the images of the characters as they were being drawn on a CRT. Today every desktop and laptop computer has another way for the NSA to get inside. Intel Inside It’s inevitable that complex microprocessors have bugs in them when they ship. When the first microprocessors shipped the only thing you could hope is that the bug didn’t crash your computer. The only way the chip vendor could fix the problem was to physically revise the chip and put out a new version. But computer manufacturers and users were stuck if you had an old chip. After a particularly embarrassing math bug in 1994 that cost Intel $475 million, the company decided to fix the problem by allowing it’s microprocessors to load fixes automatically when your computer starts.
  • Starting in 1996 with the Intel P6 (Pentium Pro) to today’s P7 chips (Core i7) these processors contain instructions that are reprogrammable in what is called microcode. Intel can fix bugs on the chips by reprogramming a microprocessors microcode with a patch. This patch, called a microcode update, can be loaded into a processor by using special CPU instructions reserved for this purpose. These updates are not permanent, which means each time you turn the computer on, its microprocessor is reset to its built-in microcode, and the update needs to be applied again (through a computer’s BIOS.). Since 2000, Intel has put out 29 microcode updates to their processors. The microcode is distributed by 1) Intel or by 2) Microsoft integrated into a BIOS or 3) as part of a Windows update. Unfortunately, the microcode update format is undocumented and the code is encrypted. This allows Intel to make sure that 3rd parties can’t make unauthorized add-ons to their chips. But it also means that no one can look inside to understand the microcode, which makes it is impossible to know whether anyone is loading a backdoor into your computer.
  • ...3 more annotations...
  • A few months ago these kind of discussions would have been theory at best, if not paranoia.
  • Or perhaps the NSA, working with Intel and/or Microsoft, have wittingly have put backdoors in the microcode updates. A backdoor is is a way of gaining illegal remote access to a computer by getting around the normal security built-in to the computer. Typically someone trying to sneak malicious software on to a computer would try to install a rootkit (software that tries to conceal the malicious code.) A rootkit tries to hide itself and its code, but security conscious sites can discover rootkits by tools that check kernel code and data for changes. But what if you could use the configuration and state of microprocessor hardware in order to hide? You’d be invisible to all rootkit detection techniques that checks the operating system. Or what if you can make the microprocessor random number generator (the basis of encryption) not so random for a particular machine? (The NSA’s biggest coup was inserting backdoors in crypto equipment the Swiss sold to other countries.) Rather than risk getting caught messing with everyone’s updates, my bet is that the NSA has compromised the microcode update signing keys  giving the NSA the ability to selectively target specific computers. (Your operating system ensures security of updates by checking downloaded update packages against the signing key.) The NSA then can send out backdoors disguised as a Windows update for “security.” (Ironic but possible.) That means you don’t need backdoors baked in the hardware, don’t need Intel’s buy-in, don’t have discoverable rootkits, and you can target specific systems without impacting the public at large.
  • The Prism disclosures prove otherwise – the National Security Agency has decided it needs the ability to capture all communications in all forms. Getting inside of a target computer and weakening its encryption or having access to the plaintext of encrypted communication seems likely. Given the technical sophistication of the other parts of their surveillance net, the surprise would be if they haven’t implemented a microcode backdoor. The downside is that 1) backdoors can be hijacked by others with even worse intent. So if NSA has a microcode backdoor – who else is using it? and 2) What other pieces of our infrastructure, (routers, smartphones, military computers, satellites, etc) use processors with uploadable microcode? —— And that may be why the Russian president is now using a typewriter rather than a personal computer.
Paul Merrell

Feds confirm Bush-era e-mail surveillance - POLITICO.com - 0 views

  • The U.S. government has acknowledged that it swept up huge volumes of data from emails in the U.S. for several years without any court approval, based solely on the orders of former President George W. Bush. In a court filings on Monday, government lawyers said that the Internet program ran in parallel with a program gathering so-called metadata about telephone calls. The counterterrorism efforts operated under presidential authority before a judge approved them in July 2004, said a 2007 court filing made public Monday by the Justice Department (and posted here.)
  • "After the 9/11 attacks and pursuant to an authorization of the President, [redacted] the NSA [redacted] the bulk collection of non-content information about  telephone calls and Internet communications (hereafter 'metadata') activities that enable the NSA to uncover the contacts [redacted] of members or agents of al Qaeda or affiliated terrorist organizations," a senior NSA official wrote in an October 2007 declaration originally filed under seal as part of an effort to defeat litigation about the snooping Bush ordered. "Specifically, the President authorized the the NSA to collect metadata related to Internet communications for the purpose of conducting targeted analysis to track Al Qaeda-related networks. Internet metadata is header/router/addressing information, such as the 'to,' 'from,' 'cc,' and 'bcc' lines, as opposed to the body or 're' lines, of a standard e-mail. Since July 2004, the collection of Internet metadata has been conducted pursuant to an Order of the Foreign Intelligence Surveillance Court," the still-unidentified official from NSA's Signals Intelligence Directorate continued. The email program was effectively public since June of last year, after contractor Edward Snowden leaked a top-secret National Security Agency inspector general report that described the program.
  • FISC Judge Colleen Kollar-Kotelly's opinion approving the surveillance was officially released in November 2013. However, the date she issued it was redacted. Many surmised that her opinion followed a dust-up in March 2004, when then-Deputy Attorney General James Comey questioned the legality of some aspect of Bush's post-9/11 surveillance programs and refused to reauthorize that portion of the surveillance. Comey's refusal is said to have put the program into turmoil for a period of months, until officials sought and won the order from Kollar-Kotelly blessing the gathering of both the email and telephone metadata. The publicly released version of Kollar-Kotelly's opinion does not discuss the operation of the program during the period before the application for court approval. The filings Monday came in continuing legal wrangling over obligations pending lawsuits may create for the NSA to hang on to aging metadata that it would ordinarily have been required to erase under FISC orders. A federal judge in San Francisco has required that the NSA preserve that data, at least for now, rather than erasing it.
Paul Merrell

NSA Spied on Chinese Government and Networking Firm Huawei - SPIEGEL ONLINE - 0 views

  • According to documents viewed by SPIEGEL, America'a NSA intelligence agency put considerable efforts into spying on Chinese politicians and firms. One major target was Huawei, a company that is fast becoming a major Internet player.
  • The American government conducted a major intelligence offensive against China, with targets including the Chinese government and networking company Huawei, according to documents from former NSA worker Edward Snowden that have been viewed by SPIEGEL. Among the American intelligence service's targets were former Chinese President Hu Jintao, the Chinese Trade Ministry, banks, as well as telecommunications companies. But the NSA made a special effort to target Huawei. With 150,000 employees and €28 billion ($38.6 billion) in annual revenues, the company is the world's second largest network equipment supplier. At the beginning of 2009, the NSA began an extensive operation, referred to internally as "Shotgiant," against the company, which is considered a major competitor to US-based Cisco. The company produces smartphones and tablets, but also mobile phone infrastructure, WLAN routers and fiber optic cable -- the kind of technology that is decisive in the NSA's battle for data supremacy. A special unit with the US intelligence agency succeeded in infiltrating Huwaei's network and copied a list of 1,400 customers as well as internal documents providing training to engineers on the use of Huwaei products, among other things.
  • According to a top secret NSA presentation, NSA workers not only succeeded in accessing the email archive, but also the secret source code of individual Huwaei products. Software source code is the holy grail of computer companies. Because Huawei directed all mail traffic from its employees through a central office in Shenzhen, where the NSA had infiltrated the network, the Americans were able to read a large share of the email sent by company workers beginning in January 2009, including messages from company CEO Ren Zhengfei and Chairwoman Sun Yafang. "We currently have good access and so much data that we don't know what to do with it," states one internal document. As justification for targeting the company, an NSA document claims that "many of our targets communicate over Huawei produced products, we want to make sure that we know how to exploit these products." The agency also states concern that "Huawei's widespread infrastructure will provide the PRC (People's Republic of China) with SIGINT capabilities." SIGINT is agency jargon for signals intelligence. The documents do not state whether the agency found information indicating that to be the case.
  • ...2 more annotations...
  • The operation was conducted with the involvement of the White House intelligence coordinator and the FBI. One document states that the threat posed by Huawei is "unique". The agency also stated in a document that "the intelligence community structures are not suited for handling issues that combine economic, counterintelligence, military influence and telecommunications infrastructure from one entity."
  • Editor's note: A longer version of this story will appear in German in the issue of SPIEGEL to be published on Monday.
Paul Merrell

N.S.A. Report Outlined Goals for More Power - NYTimes.com - 0 views

  • Officials at the National Security Agency, intent on maintaining its dominance in intelligence collection, pledged last year to push to expand its surveillance powers, according to a top-secret strategy document.
  • In a February 2012 paper laying out the four-year strategy for the N.S.A.’s signals intelligence operations, which include the agency’s eavesdropping and communications data collection around the world, agency officials set an objective to “aggressively pursue legal authorities and a policy framework mapped more fully to the information age.” Written as an agency mission statement with broad goals, the five-page document said that existing American laws were not adequate to meet the needs of the N.S.A. to conduct broad surveillance in what it cited as “the golden age of Sigint,” or signals intelligence. “The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on N.S.A.’s mission,” the document concluded. Using sweeping language, the paper also outlined some of the agency’s other ambitions. They included defeating the cybersecurity practices of adversaries in order to acquire the data the agency needs from “anyone, anytime, anywhere.” The agency also said it would try to decrypt or bypass codes that keep communications secret by influencing “the global commercial encryption market through commercial relationships,” human spies and intelligence partners in other countries. It also talked of the need to “revolutionize” analysis of its vast collections of data to “radically increase operational impact.”
  • The N.S.A. document, titled “Sigint Strategy 2012-2016,” does not make clear what legal or policy changes the agency might seek. The N.S.A.’s powers are determined variously by Congress, executive orders and the nation’s secret intelligence court, and its operations are governed by layers of regulations. While asserting that the agency’s “culture of compliance” would not be compromised, N.S.A. officials argued that they needed more flexibility, according to the paper. Senior intelligence officials, responding to questions about the document, said that the N.S.A. believed that legal impediments limited its ability to conduct surveillance of terrorism suspects inside the United States. Despite an overhaul of national security law in 2008, the officials said, if a terrorism suspect who is under surveillance overseas enters the United States, the agency has to stop monitoring him until it obtains a warrant from the Foreign Intelligence Surveillance Court. “N.S.A.’s Sigint strategy is designed to guide investments in future capabilities and close gaps in current capabilities,” the agency said in a statement. “In an ever-changing technology and telecommunications environment, N.S.A. tries to get in front of issues to better fulfill the foreign-intelligence requirements of the U.S. government.”
  • ...4 more annotations...
  • Critics, including some congressional leaders, say that the role of N.S.A. surveillance in thwarting terrorist attacks — often cited by the agency to justify expanded powers — has been exaggerated. In response to the controversy about its activities after Mr. Snowden’s disclosures, agency officials claimed that the N.S.A.’s sweeping domestic surveillance programs had helped in 54 “terrorist-related activities.” But under growing scrutiny, congressional staff members and other critics say that the use of such figures by defenders of the agency has drastically overstated the value of the domestic surveillance programs in counterterrorism. Agency leaders believe that the N.S.A. has never enjoyed such a target-rich environment as it does now because of the global explosion of digital information — and they want to make certain that they can dominate “the Sigint battle space” in the future, the document said. To be “optimally effective,” the paper said, “legal, policy and process authorities must be as adaptive and dynamic as the technological and operational advances we seek to exploit.” Intent on unlocking the secrets of adversaries, the paper underscores the agency’s long-term goal of being able to collect virtually everything available in the digital world. To achieve that objective, the paper suggests that the N.S.A. plans to gain greater access, in a variety of ways, to the infrastructure of the world’s telecommunications networks.
  • Yet the paper also shows how the agency believes it can influence and shape trends in high-tech industries in other ways to suit its needs. One of the agency’s goals is to “continue to invest in the industrial base and drive the state of the art for high performance computing to maintain pre-eminent cryptanalytic capability for the nation.” The paper added that the N.S.A. must seek to “identify new access, collection and exploitation methods by leveraging global business trends in data and communications services.” And it wants to find ways to combine all of its technical tools to enhance its surveillance powers. The N.S.A. will seek to integrate its “capabilities to reach previously inaccessible targets in support of exploitation, cyberdefense and cyberoperations,” the paper stated. The agency also intends to improve its access to encrypted communications used by individuals, businesses and foreign governments, the strategy document said. The N.S.A. has already had some success in defeating encryption, The New York Times has reported, but the document makes it clear that countering “ubiquitous, strong, commercial network encryption” is a top priority. The agency plans to fight back against the rise of encryption through relationships with companies that develop encryption tools and through espionage operations. In other countries, the document said, the N.S.A. must also “counter indigenous cryptographic programs by targeting their industrial bases with all available Sigint and Humint” — human intelligence, meaning spies.
  • Above all, the strategy paper suggests the N.S.A.’s vast view of its mission: nothing less than to “dramatically increase mastery of the global network.” Other N.S.A. documents offer hints of how the agency is trying to do just that. One program, code-named Treasure Map, provides what a secret N.S.A. PowerPoint presentation describes as “a near real-time, interactive map of the global Internet.” According to the undated PowerPoint presentation, disclosed by Mr. Snowden, Treasure Map gives the N.S.A. “a 300,000 foot view of the Internet.”  Relying on Internet routing data, commercial and Sigint information, Treasure Map is a sophisticated tool, one that the PowerPoint presentation describes as a “massive Internet mapping, analysis and exploration engine.” It collects Wi-Fi network and geolocation data, and between 30 million and 50 million unique Internet provider addresses — code that can reveal the location and owner of a computer, mobile device or router — are represented each day on Treasure Map, according to the document. It boasts that the program can map “any device, anywhere, all the time.”  The documents include addresses labeled as based in the “U.S.,” and because so much Internet traffic flows through the United States, it would be difficult to map much of the world without capturing such addresses.
  • The program takes advantage of the capabilities of other secret N.S.A. programs. To support Treasure Map, for example, the document states that another program, called Packaged Goods, tracks the “traceroutes” through which data flows around the Internet. Through Packaged Goods, the N.S.A. has gained access to “13 covered servers in unwitting data centers around the globe,” according to the PowerPoint. The document identifies a list of countries where the data centers are located, including Germany, Poland, Denmark, South Africa and Taiwan as well as Russia, China and Singapore.
Paul Merrell

Group Thinks Anonymity Should Be Baked Into the Internet Itself Using Tor - Slashdot - 0 views

  • "David Talbot writes at MIT Technology review that engineers on the Internet Engineering Task Force (IETF), an informal organization of engineers that changes Internet code and operates by rough consensus, have asked the architects of Tor to consider turning the technology into an Internet standard. If widely adopted, such a standard would make it easy to include the technology in consumer and business products ranging from routers to apps and would allow far more people to browse the Web without being identified by anyone who might be spying on Internet traffic. The IETF is already working to make encryption standard in all web traffic. Stephen Farrell believes that forging Tor into a standard that interoperates with other parts of the Internet could be better than leaving Tor as a separate tool that requires people to take special action to implement. 'I think there are benefits that might flow in both directions,' says Farrell. 'I think other IETF participants could learn useful things about protocol design from the Tor people, who've faced interesting challenges that aren't often seen in practice. And the Tor people might well get interest and involvement from IETF folks who've got a lot of experience with large-scale systems.' Andrew Lewman, executive director of Tor, says the group is considering it. 'We're basically at the stage of 'Do we even want to go on a date together?' It's not clear we are going to do it, but it's worth exploring to see what is involved. It adds legitimacy, it adds validation of all the research we've done.'"
Paul Merrell

If GCHQ wants to improve national security it must fix our technology | Technology | th... - 0 views

  • In a recent column, security expert Bruce Schneier proposed breaking up the NSA – handing its offensive capabilities work to US Cyber Command and its law enforcement work to the FBI, and terminating its programme of attacking internet security. In place of this, Schneier proposed that “instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.” This is a profoundly good idea for reasons that may not be obvious at first blush.People who worry about security and freedom on the internet have long struggled with the problem of communicating the urgent stakes to the wider public. We speak in jargon that’s a jumble of mixed metaphors – viruses, malware, trojans, zero days, exploits, vulnerabilities, RATs – that are the striated fossil remains of successive efforts to come to grips with the issue. When we do manage to make people alarmed about the stakes, we have very little comfort to offer them, because Internet security isn’t something individuals can solve.
  • I remember well the day this all hit home for me. It was nearly exactly a year ago, and I was out on tour with my novel Homeland, which tells the story of a group of young people who come into possession of a large trove of government leaks that detail a series of illegal programmes through which supposedly democratic governments spy on people by compromising their computers.
  • I explained the book’s premise, and then talked about how this stuff works in the real world. I laid out a parade of awfuls, including a demonstrated attack that hijacked implanted defibrillators from 10 metres’ distance and caused them to compromise other defibrillators that came into range, implanting an instruction to deliver lethal shocks at a certain time in the future. I talked about Cassidy Wolf, the reigning Miss Teen USA, whose computer had been taken over by a “sextortionist” who captured nude photos of her and then threatened to release them if she didn’t perform live sex shows for him. I talked about the future of self-driving cars, smart buildings, implanted hearing aids and robotic limbs, and explained that the world is made out of computers that we put our bodies into, and that we put inside our bodies.These computers are badly secured. What’s more, governments and their intelligence agencies are actively working to undermine the security of our computers and networks. This was before the Snowden revelations, but we already knew that governments were buying “zero-day vulnerabilities” from security researchers. These are critical bugs that can be leveraged to compromise entire systems. Until recently, the normal response to the discovery of one of these “vulns” was to report them to the vendor so they could be repaired.
  • ...6 more annotations...
  • But spy-agencies and law-enforcement have created a bustling marketplace for “zero-days,” which are weaponised for the purpose of attacking the computers and networks of “bad guys”. The incentives have shifted, and now a newly discovered bug had a good chance of remaining unpatched and live in the field because governments wanted to be able to use it to hack their enemies.
  • Last year, when I finished that talk in Seattle, a talk about all the ways that insecure computers put us all at risk, a woman in the audience put up her hand and said, “Well, you’ve scared the hell out of me. Now what do I do? How do I make my computers secure?”And I had to answer: “You can’t. No one of us can. I was a systems administrator 15 years ago. That means that I’m barely qualified to plug in a WiFi router today. I can’t make my devices secure and neither can you. Not when our governments are buying up information about flaws in our computers and weaponising them as part of their crime-fighting and anti-terrorism strategies. Not when it is illegal to tell people if there are flaws in their computers, where such a disclosure might compromise someone’s anti-copying strategy.But: If I had just stood here and spent an hour telling you about water-borne parasites; if I had told you about how inadequate water-treatment would put you and everyone you love at risk of horrifying illness and terrible, painful death; if I had explained that our very civilisation was at risk because the intelligence services were pursuing a strategy of keeping information about pathogens secret so they can weaponise them, knowing that no one is working on a cure; you would not ask me ‘How can I purify the water coming out of my tap?’”
  • Because when it comes to public health, individual action only gets you so far. It doesn’t matter how good your water is, if your neighbour’s water gives him cholera, there’s a good chance you’ll get cholera, too. And even if you stay healthy, you’re not going to have a very good time of it when everyone else in your country is striken and has taken to their beds.If you discovered that your government was hoarding information about water-borne parasites instead of trying to eradicate them; if you discovered that they were more interested in weaponising typhus than they were in curing it, you would demand that your government treat your water-supply with the gravitas and seriousness that it is due.The public health analogy is suprisingly apt here. The public health threat-model is in a state of continuous flux, because our well-being is under continuous, deliberate attack from pathogens for whom we are, at best, host organisms, and at worst, dinner. Evolution drives these organisms to a continuously shifting array of tactics to slide past our defenses.Public health isn’t just about pathogens, either – its thorniest problems are about human behaviour and social policy. HIV is a blood-borne disease, but disrupting its spread requires changes to our attitudes about sex, pharmaceutical patents, drugs policy and harm minimisation. Almost everything interesting about HIV is too big to fit on a microscope slide.
  • And so it is for security: crypto is awesome maths, but it’s just maths. Security requires good password choice, good password management, good laws about compelled crypto disclosure, transparency into corporate security practices, and, of course, an end to the governmental practice of spending $250M/year on anti-security sabotage through the NSA/GCHQ programmes Bullrun and Edgehill.
  • But for me, the most important parallel between public health and internet security is their significance to our societal wellbeing. Everything we do today involves the internet. Everything we do tomorrow will require the internet. If you live near a nuclear power plant, fly in airplanes, ride in cars or trains, have an implanted pacemaker, keep money in the bank, or carry a phone, your safety and well-being depend on a robust, evolving, practice of network security.This is the most alarming part of the Snowden revelations: not just that spies are spying on all of us – that they are actively sabotaging all of our technical infrastructure to ensure that they can continue to spy on us.There is no way to weaken security in a way that makes it possible to spy on “bad guys” without making all of us vulnerable to bad guys, too. The goal of national security is totally incompatible with the tactic of weakening the nation’s information security.
  • “Virus” has been a term of art in the security world for decades, and with good reason. It’s a term that resonates with people, even people with only a cursory grasp of technology. As we strive to make the public and our elected representatives understand what’s at stake, let’s expand that pathogen/epidemiology metaphor. We’d never allow MI5 to suppress information on curing typhus so they could attack terrorists by infecting them with it. We need to stop allowing the NSA and GCHQ to suppress information on fixing bugs in our computers, phones, cars, houses, planes, and bodies.If GCHQ wants to improve the national security of the United Kingdom – if the NSA want to impove the American national security – they should be fixing our technology, not breaking it. The technology of Britons and Americans is under continuous, deadly attack from criminals, from foreign spies, and from creeps. Our security is better served by armouring us against these threats than it is by undermining security so that cops and spies have an easier time attacking “bad guys.”
Paul Merrell

DOJ Seeks Removal Of Restrictions On Computer Search Warrants - 0 views

  • The Justice Department recently submitted proposed new rules on the procedures and practices of the department’s agencies and bureaus. Among the suggested changes is a modification of the Federal Rules of Criminal Procedure Rule 41(b), which empowers a federal court to issue a warrant allowing the federal government to conduct a search of a computer or computer network involved in a criminal investigation. Under current regulations, a warrant issued by a federal court is only valid in that court’s district. As there are 94 federal judicial districts, investigating a widespread attack may require either petitioning dozens of district courts or acting extrajudicially by not seeking a warrant. An extrajudicial investigation, however, cannot be used if criminal convictions are sought, as evidence gathered in this manner is not typically admissible in court. The Justice Department is seeking to make remote access warrants to search, seize and copy electronic information valid for all federal districts.
  • The Justice Department argues that due to the sophistication of cyber-criminals, an offending computer or computer cluster can sit in a district separate from the district where the hackers that infected the target computer anonymously are and separate from the investigators’ district. “Criminals are using multiple computers in many districts simultaneously as part of complex criminal schemes, and effectively investigating and disrupting these schemes often requires remote access to Internet-connected computers in many different districts,” wrote then-acting Assistant Attorney General Mythili Raman in a September letter to the Advisory Committee on the Criminal Rules. “Botnets are a significant threat to the public: they are used to conduct large-scale denial of service attacks, steal personal and financial data, and distribute malware designed to invade the privacy of users of the host computers,” Raman continued. In the letter, Raman cited an investigation of a child porn site that uses The Onion Router Network, or Tor, to anonymize its traffic. The Justice Department argues that it knows the site’s hosting server location, but without a warrant local to the server, the department is prevented from retrieving the server’s user records — including IP and MAC addresses. In most cases, however, law enforcement do not know the physical location of the site’s server, making it impossible to request a specific warrant.
  • In these cases, the Justice Department could request a blanket warrant. This would allow the department to set up a “zero-day” attack on the server — an attack exploiting a manufacturer-unknown or -permitted security flaw, allowing access to the system’s operating software. However, a Texas judge denied the FBI access to such a warrant, saying the Justice Department’s use of “zero-day” attacks in its investigation exposes the public and the target to unknown risks. One typical type of a “zero-day” attack is an infected email that could affect a large number of innocent people if the target used a public computer to access his email. The FBI planned to install a Remote Administration Tool, or RAT, which would distribute such emails in a partially-targeted spam mail distribution. Last year, Federal Magistrate Judge Stephen Smith of the Houston Division of the Southern District of Texas ruled that this was a gross overreach of investigatory intrusion, blocking the plan temporarily. A “zero-day” attack has the potential to activate and control the targeted computer’s peripherals, such as webcams and microphones.
  • ...2 more annotations...
  • Following this ruling, based on the assumptions that federal law enforcement fundamentally act in good faith and that there may be a legitimate need for remote exploitation of computer data, the Justice Department sought to introduce changes to the rules that would overcome Smith’s objections. The proposed change to Rule 41(b) would allow magistrate judges “… to issue a warrant to use remote access to search electronic storage media and to seize electronically stored information located within or outside that district.” The Justice Department has indicated that it wants warrants permitting multiple computers to be searched at the same time, as well as permission to search all of the email and social media accounts accessible from a single computer. Such access would constitute a violation of the Electronic Communications Privacy Act, as the government, under the act, must make demonstrate probable cause to each targeted service provider and obtain and serve a warrant for each service provider. A warrant to search every account active on a computer would be actively bypassing the act’s numerous safeguards.
  • Privacy advocates fear that this rule change would allow prosecutors and the Justice Department to seek out magistrates likely to give them their requested warrants, creating a situation in which the federal government could have a “warrant shop” with just one judge for the whole of the nation. In light of allegations of federal government over-policing — including revelations of aggressive domestic and international electronic spying by the FBI and the National Security Agency — many advocates argue that an examination of the federal government’s commitment to the Fourth Amendment is needed. “The proposed amendment would significantly expand the government’s authority to conduct remote searches of electronic storage media,” the American Civil Liberties Union wrote in a memorandum early last month. “It would also expand the government’s power to engage in computer hacking in the course of criminal investigations, including through the use of malware and other techniques that pose a risk to internet security and that raise Fourth Amendment and policy concerns. “In light of these concerns, the ACLU recommends that the Advisory Committee exercise extreme caution before granting the government new authority to remotely search individuals’ electronic data.” The rules are scheduled to be discussed at the meeting of the Judiciary’s Committee on Rules of Practice and Procedure later this month.
  •  
    The proposed rule change is at pp. 499-501 here. http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499 (very large PDF).  This is not just about the government being granted permission to exploit vulnerabilities unknown to the computer owner; the issue arose in a case where the government sought judicial permission to implant a Trojan Horse in a suspect's computer. Moreover, the proposed rule goes far beyond the confines of that case, purporting to authorize the government to skip merrily along searching computers not specified in the warrant, along the purported botnet. To put the icing on the cake, the government wants to be relieved from the requirement that they apply for a warrant in the district in which the computer to be searched is located. ("Oh, Goody! Let's start shopping around for the judges we like instead of the ones we are now required to persuade. What? The Mississippi judge refused to sign the warrant? Oh well, let's try it with that other judge we like, the one in Gnome, Alaska.") In other words, what the government seeks is authority for "general warrants," the very evil that the 4th Amendment was designed to outlaw. Even more outrageously, the proposed rule provides in part: "For a warrant to use remote access to search electronic storage media and seize or copy electronically stored information, the officer must make reasonable efforts to serve a copy of the warrant on the person whose property *was* searched or whose information *was* seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." Not the use of the past tense "was." So after they have drained your computer of all its data, they may permissibly install a batch file that will display a copy of the warrant on your monitor the next time you boot your computer. With a big red lipstick imprint of a kiss imprinted in the warrant's bottom margin, no doubt
  •  
    The proposed rule change is at pp. 499-501 here. http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499 (very large PDF).  This is not just about the government being granted permission to exploit vulnerabilities unknown to the computer owner; the issue arose in a case where the government sought judicial permission to implant a Trojan Horse in a suspect's computer. Moreover, the proposed rule goes far beyond the confines of that case, purporting to authorize the government to skip merrily along searching computers not specified in the warrant, along the purported botnet. To put the icing on the cake, the government wants to be relieved from the requirement that they apply for a warrant in the district in which the computer to be searched is located. In other words, what the government seeks is authority for "general warrants," the very evil that the 4th Amendment was designed to outlaw. Even more outrageously, the proposed rule provides in part: "For a warrant to use remote access to search electronic storage media and seize or copy electronically stored information, the officer must make reasonable efforts to serve a copy of the warrant on the person whose property *was* searched or whose information *was* seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." Not the use of the past tense "was." So after they have drained your computer of all its data, they may permissibly install a batch file that will display a copy of the warrant on your monitor the next time you boot your computer. With a big red lipstick imprint of a kiss imprinted at the bottom.  To be continued after this is intially posted to Diigo so the content isn't cut off.   
Paul Merrell

Internet Giants Erect Barriers to Spy Agencies - NYTimes.com - 0 views

  • As fast as it can, Google is sealing up cracks in its systems that Edward J. Snowden revealed the N.S.A. had brilliantly exploited. It is encrypting more data as it moves among its servers and helping customers encode their own emails. Facebook, Microsoft and Yahoo are taking similar steps.
  • After years of cooperating with the government, the immediate goal now is to thwart Washington — as well as Beijing and Moscow. The strategy is also intended to preserve business overseas in places like Brazil and Germany that have threatened to entrust data only to local providers. Google, for example, is laying its own fiber optic cable under the world’s oceans, a project that began as an effort to cut costs and extend its influence, but now has an added purpose: to assure that the company will have more control over the movement of its customer data.
  • A year after Mr. Snowden’s revelations, the era of quiet cooperation is over. Telecommunications companies say they are denying requests to volunteer data not covered by existing law. A.T.&T., Verizon and others say that compared with a year ago, they are far more reluctant to cooperate with the United States government in “gray areas” where there is no explicit requirement for a legal warrant.
  • ...8 more annotations...
  • Eric Grosse, Google’s security chief, suggested in an interview that the N.S.A.'s own behavior invited the new arms race.“I am willing to help on the purely defensive side of things,” he said, referring to Washington’s efforts to enlist Silicon Valley in cybersecurity efforts. “But signals intercept is totally off the table,” he said, referring to national intelligence gathering.“No hard feelings, but my job is to make their job hard,” he added.
  • Hardware firms like Cisco, which makes routers and switches, have found their products a frequent subject of Mr. Snowden’s disclosures, and their business has declined steadily in places like Asia, Brazil and Europe over the last year. The company is still struggling to convince foreign customers that their networks are safe from hackers — and free of “back doors” installed by the N.S.A. The frustration, companies here say, is that it is nearly impossible to prove that their systems are N.S.A.-proof.
  • Many point to an episode in 2012, when Russian security researchers uncovered a state espionage tool, Flame, on Iranian computers. Flame, like the Stuxnet worm, is believed to have been produced at least in part by American intelligence agencies. It was created by exploiting a previously unknown flaw in Microsoft’s operating systems. Companies argue that others could have later taken advantage of this defect.Worried that such an episode undercuts confidence in its wares, Microsoft is now fully encrypting all its products, including Hotmail and Outlook.com, by the end of this year with 2,048-bit encryption, a stronger protection that would take a government far longer to crack. The software is protected by encryption both when it is in data centers and when data is being sent over the Internet, said Bradford L. Smith, the company’s general counsel.
  • Mr. Smith also said the company was setting up “transparency centers” abroad so that technical experts of foreign governments could come in and inspect Microsoft’s proprietary source code. That will allow foreign governments to check to make sure there are no “back doors” that would permit snooping by United States intelligence agencies. The first such center is being set up in Brussels.Microsoft has also pushed back harder in court. In a Seattle case, the government issued a “national security letter” to compel Microsoft to turn over data about a customer, along with a gag order to prevent Microsoft from telling the customer it had been compelled to provide its communications to government officials. Microsoft challenged the gag order as violating the First Amendment. The government backed down.
  • In Washington, officials acknowledge that covert programs are now far harder to execute because American technology companies, fearful of losing international business, are hardening their networks and saying no to requests for the kind of help they once quietly provided.Continue reading the main story Robert S. Litt, the general counsel of the Office of the Director of National Intelligence, which oversees all 17 American spy agencies, said on Wednesday that it was “an unquestionable loss for our nation that companies are losing the willingness to cooperate legally and voluntarily” with American spy agencies.
  • In one slide from the disclosures, N.S.A. analysts pointed to a sweet spot inside Google’s data centers, where they could catch traffic in unencrypted form. Next to a quickly drawn smiley face, an N.S.A. analyst, referring to an acronym for a common layer of protection, had noted, “SSL added and removed here!”
  • Facebook and Yahoo have also been encrypting traffic among their internal servers. And Facebook, Google and Microsoft have been moving to more strongly encrypt consumer traffic with so-called Perfect Forward Secrecy, specifically devised to make it more labor intensive for the N.S.A. or anyone to read stored encrypted communications.One of the biggest indirect consequences from the Snowden revelations, technology executives say, has been the surge in demands from foreign governments that saw what kind of access to user information the N.S.A. received — voluntarily or surreptitiously. Now they want the same.
  • The latest move in the war between intelligence agencies and technology companies arrived this week, in the form of a new Google encryption tool. The company released a user-friendly, email encryption method to replace the clunky and often mistake-prone encryption schemes the N.S.A. has readily exploited.But the best part of the tool was buried in Google’s code, which included a jab at the N.S.A.'s smiley-face slide. The code included the phrase: “ssl-added-and-removed-here-; - )”
Paul Merrell

In Letter to Obama, Cisco CEO Complains About NSA Allegations | Re/code - 0 views

  • Warning of an erosion of confidence in the products of the U.S. technology industry, John Chambers, the CEO of networking giant Cisco Systems, has asked President Obama to intervene to curtail the surveillance activities of the National Security Agency. In a letter dated May 15 (obtained by Re/code and reprinted in full below), Chambers asked Obama to create “new standards of conduct” regarding how the NSA carries out its spying operations around the world. The letter was first reported by The Financial Times. The letter follows new revelations, including photos, published in a book based on documents leaked by former NSA contractor Edward Snowden alleging that the NSA intercepted equipment from Cisco and other manufacturers and loaded them with surveillance software. The photos, which have not been independently verified, appear to show NSA technicians working with Cisco equipment. Cisco is not said to have cooperated in the NSA’s efforts.
Gary Edwards

Security, the Edward Snowden Way - Datamation - 0 views

  • NoScript NoScript is a free extension for Mozilla-based web browsers, including Firefox. It blocks executable web content by default. This blocking includes JavaScript, Java, Flash and Silverlight. You can whitelist sites if you want to use such content on a site-by-site basis. Or, if you choose, you can make all sites active by default and choose to blacklist sites you think might be dangerous. A visual button tells you if active content has been blocked on the current site.
  • PGP In the first chapter of his book “No Place to Hide,” journalist Glenn Greenwald wrote that Edward Snowden contacted him using the alias “Cincinnatus,” and said he would tell Greenwald some highly newsworthy facts, but only if he installed Pretty Good Privacy (PGP) first. (Greenwald didn’t know the magnitude of the scoop being offered to him and didn’t get around to installing PGP for months, thus delaying the leak.) PGP, of course, is a 23-year-old encryption program that can be used for email, as well as files and other things.
  • Tor Tor is a free application that routes your Internet traffic through a global volunteer network of thousands of relays that play a shell game with your data so your location and Internet travels are concealed. Tor, which used to stand for “The Onion router” in a reference to layers of encryption, encrypts data in multiple layers that prevents snoops from being able to figure out any details about your web travels, such as where you are or what you’re looking at. Tor was developed in part by US government funding as a way to enable citizens in repressive countries to communicate safely. And the NSA has a lot of respect for it. But in a recent controversy, two Carnegie Mellon researchers said they would give a talk at the Black Hat USA 2014 conference next month telling how to identify Tor users inexpensively (for only $3,000). The session was cut from the lineup because university lawyers didn’t approve it. The institute that the researchers work for is funded by the Pentagon, but the Department of Homeland Security said they did not request that the talk be cancelled.
  •  
    "Whether you think NSA whistleblower Edward Snowden is a hero or a traitor, you have to admit: The guy knows how to keep his information secure. The fact that Snowden isn't sitting in Guantanamo right now with ankle cuffs and a bag over his head demonstrates his ability to avoid detection. Snowden spoke at the Hope X conference in New York this month via a Google+ Hangout from Russia, and called on developers to build privacy and security into everyday products. He also hinted that he planned to work on building such technology. If you look into the details of what's been happening with tracking, surveillance, spying, hacking and global cyber industrial espionage, you can see that Snowden is right. We all need a lot better protection from snoops of all stripes. But how does the non-expert get started? One option is to listen to Snowden himself. Over the past year, Snowden has in one format or another, made specific product recommendations. Here are the products Snowden has explicitly recommended since the trove of documents on the NSA has been publicly revealed. (The list is in alphabetical order.) Ghostery Ghostery, made by a company called Evidon, is a browser extension for Chrome, Firefox, Safari and Internet Explorer. It exists for two purposes. The first is to block tracking code, which makes browsing the web both more private and also faster. The second purpose is, somewhat contradictory -- Evidon collects data from you to help advertisers avoid being blocked. It also enables website owners to gain insights into the tracking code deployed on their site by third-party advertising companies. Note that Snowden recommended Ghostery some time ago. But this month, the Electronic Frontier Foundation launched a competing product that I would imagine Snowden would recommend called Privacy Badger."
  •  
    I'd back Snowden in 2016 as a write-in candidate for President.
1 - 20 of 28 Next ›
Showing 20 items per page