Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged secure-computing

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

DOJ Seeks Removal Of Restrictions On Computer Search Warrants - 0 views

www.mintpressnews.com/...190535

surveillance state digital-privacy remote-computer-search 4th Amendment

shared by Paul Merrell on 13 May 14 - No Cached
  • The Justice Department recently submitted proposed new rules on the procedures and practices of the department’s agencies and bureaus. Among the suggested changes is a modification of the Federal Rules of Criminal Procedure Rule 41(b), which empowers a federal court to issue a warrant allowing the federal government to conduct a search of a computer or computer network involved in a criminal investigation. Under current regulations, a warrant issued by a federal court is only valid in that court’s district. As there are 94 federal judicial districts, investigating a widespread attack may require either petitioning dozens of district courts or acting extrajudicially by not seeking a warrant. An extrajudicial investigation, however, cannot be used if criminal convictions are sought, as evidence gathered in this manner is not typically admissible in court. The Justice Department is seeking to make remote access warrants to search, seize and copy electronic information valid for all federal districts.
  • The Justice Department argues that due to the sophistication of cyber-criminals, an offending computer or computer cluster can sit in a district separate from the district where the hackers that infected the target computer anonymously are and separate from the investigators’ district. “Criminals are using multiple computers in many districts simultaneously as part of complex criminal schemes, and effectively investigating and disrupting these schemes often requires remote access to Internet-connected computers in many different districts,” wrote then-acting Assistant Attorney General Mythili Raman in a September letter to the Advisory Committee on the Criminal Rules. “Botnets are a significant threat to the public: they are used to conduct large-scale denial of service attacks, steal personal and financial data, and distribute malware designed to invade the privacy of users of the host computers,” Raman continued. In the letter, Raman cited an investigation of a child porn site that uses The Onion Router Network, or Tor, to anonymize its traffic. The Justice Department argues that it knows the site’s hosting server location, but without a warrant local to the server, the department is prevented from retrieving the server’s user records — including IP and MAC addresses. In most cases, however, law enforcement do not know the physical location of the site’s server, making it impossible to request a specific warrant.
  • In these cases, the Justice Department could request a blanket warrant. This would allow the department to set up a “zero-day” attack on the server — an attack exploiting a manufacturer-unknown or -permitted security flaw, allowing access to the system’s operating software. However, a Texas judge denied the FBI access to such a warrant, saying the Justice Department’s use of “zero-day” attacks in its investigation exposes the public and the target to unknown risks. One typical type of a “zero-day” attack is an infected email that could affect a large number of innocent people if the target used a public computer to access his email. The FBI planned to install a Remote Administration Tool, or RAT, which would distribute such emails in a partially-targeted spam mail distribution. Last year, Federal Magistrate Judge Stephen Smith of the Houston Division of the Southern District of Texas ruled that this was a gross overreach of investigatory intrusion, blocking the plan temporarily. A “zero-day” attack has the potential to activate and control the targeted computer’s peripherals, such as webcams and microphones.
  • ...2 more annotations...
  • Following this ruling, based on the assumptions that federal law enforcement fundamentally act in good faith and that there may be a legitimate need for remote exploitation of computer data, the Justice Department sought to introduce changes to the rules that would overcome Smith’s objections. The proposed change to Rule 41(b) would allow magistrate judges “… to issue a warrant to use remote access to search electronic storage media and to seize electronically stored information located within or outside that district.” The Justice Department has indicated that it wants warrants permitting multiple computers to be searched at the same time, as well as permission to search all of the email and social media accounts accessible from a single computer. Such access would constitute a violation of the Electronic Communications Privacy Act, as the government, under the act, must make demonstrate probable cause to each targeted service provider and obtain and serve a warrant for each service provider. A warrant to search every account active on a computer would be actively bypassing the act’s numerous safeguards.
  • Privacy advocates fear that this rule change would allow prosecutors and the Justice Department to seek out magistrates likely to give them their requested warrants, creating a situation in which the federal government could have a “warrant shop” with just one judge for the whole of the nation. In light of allegations of federal government over-policing — including revelations of aggressive domestic and international electronic spying by the FBI and the National Security Agency — many advocates argue that an examination of the federal government’s commitment to the Fourth Amendment is needed. “The proposed amendment would significantly expand the government’s authority to conduct remote searches of electronic storage media,” the American Civil Liberties Union wrote in a memorandum early last month. “It would also expand the government’s power to engage in computer hacking in the course of criminal investigations, including through the use of malware and other techniques that pose a risk to internet security and that raise Fourth Amendment and policy concerns. “In light of these concerns, the ACLU recommends that the Advisory Committee exercise extreme caution before granting the government new authority to remotely search individuals’ electronic data.” The rules are scheduled to be discussed at the meeting of the Judiciary’s Committee on Rules of Practice and Procedure later this month.
  • Paul Merrell on 13 May 14
     
    The proposed rule change is at pp. 499-501 here. http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499 (very large PDF).  This is not just about the government being granted permission to exploit vulnerabilities unknown to the computer owner; the issue arose in a case where the government sought judicial permission to implant a Trojan Horse in a suspect's computer. Moreover, the proposed rule goes far beyond the confines of that case, purporting to authorize the government to skip merrily along searching computers not specified in the warrant, along the purported botnet. To put the icing on the cake, the government wants to be relieved from the requirement that they apply for a warrant in the district in which the computer to be searched is located. ("Oh, Goody! Let's start shopping around for the judges we like instead of the ones we are now required to persuade. What? The Mississippi judge refused to sign the warrant? Oh well, let's try it with that other judge we like, the one in Gnome, Alaska.") In other words, what the government seeks is authority for "general warrants," the very evil that the 4th Amendment was designed to outlaw. Even more outrageously, the proposed rule provides in part: "For a warrant to use remote access to search electronic storage media and seize or copy electronically stored information, the officer must make reasonable efforts to serve a copy of the warrant on the person whose property *was* searched or whose information *was* seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." Not the use of the past tense "was." So after they have drained your computer of all its data, they may permissibly install a batch file that will display a copy of the warrant on your monitor the next time you boot your computer. With a big red lipstick imprint of a kiss imprinted in the warrant's bottom margin, no doubt
  • Paul Merrell on 13 May 14
     
    The proposed rule change is at pp. 499-501 here. http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499 (very large PDF).  This is not just about the government being granted permission to exploit vulnerabilities unknown to the computer owner; the issue arose in a case where the government sought judicial permission to implant a Trojan Horse in a suspect's computer. Moreover, the proposed rule goes far beyond the confines of that case, purporting to authorize the government to skip merrily along searching computers not specified in the warrant, along the purported botnet. To put the icing on the cake, the government wants to be relieved from the requirement that they apply for a warrant in the district in which the computer to be searched is located. In other words, what the government seeks is authority for "general warrants," the very evil that the 4th Amendment was designed to outlaw. Even more outrageously, the proposed rule provides in part: "For a warrant to use remote access to search electronic storage media and seize or copy electronically stored information, the officer must make reasonable efforts to serve a copy of the warrant on the person whose property *was* searched or whose information *was* seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." Not the use of the past tense "was." So after they have drained your computer of all its data, they may permissibly install a batch file that will display a copy of the warrant on your monitor the next time you boot your computer. With a big red lipstick imprint of a kiss imprinted at the bottom.  To be continued after this is intially posted to Diigo so the content isn't cut off.   
Paul Merrell

If GCHQ wants to improve national security it must fix our technology | Technology | th... - 0 views

www.theguardian.com/...q-national-security-technology

surveillance state cyberwar vulnerabilities secure-computing Doctorow

shared by Paul Merrell on 10 Apr 14 - No Cached
  • In a recent column, security expert Bruce Schneier proposed breaking up the NSA – handing its offensive capabilities work to US Cyber Command and its law enforcement work to the FBI, and terminating its programme of attacking internet security. In place of this, Schneier proposed that “instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.” This is a profoundly good idea for reasons that may not be obvious at first blush.People who worry about security and freedom on the internet have long struggled with the problem of communicating the urgent stakes to the wider public. We speak in jargon that’s a jumble of mixed metaphors – viruses, malware, trojans, zero days, exploits, vulnerabilities, RATs – that are the striated fossil remains of successive efforts to come to grips with the issue. When we do manage to make people alarmed about the stakes, we have very little comfort to offer them, because Internet security isn’t something individuals can solve.
  • I remember well the day this all hit home for me. It was nearly exactly a year ago, and I was out on tour with my novel Homeland, which tells the story of a group of young people who come into possession of a large trove of government leaks that detail a series of illegal programmes through which supposedly democratic governments spy on people by compromising their computers.
  • I explained the book’s premise, and then talked about how this stuff works in the real world. I laid out a parade of awfuls, including a demonstrated attack that hijacked implanted defibrillators from 10 metres’ distance and caused them to compromise other defibrillators that came into range, implanting an instruction to deliver lethal shocks at a certain time in the future. I talked about Cassidy Wolf, the reigning Miss Teen USA, whose computer had been taken over by a “sextortionist” who captured nude photos of her and then threatened to release them if she didn’t perform live sex shows for him. I talked about the future of self-driving cars, smart buildings, implanted hearing aids and robotic limbs, and explained that the world is made out of computers that we put our bodies into, and that we put inside our bodies.These computers are badly secured. What’s more, governments and their intelligence agencies are actively working to undermine the security of our computers and networks. This was before the Snowden revelations, but we already knew that governments were buying “zero-day vulnerabilities” from security researchers. These are critical bugs that can be leveraged to compromise entire systems. Until recently, the normal response to the discovery of one of these “vulns” was to report them to the vendor so they could be repaired.
  • ...6 more annotations...
  • But spy-agencies and law-enforcement have created a bustling marketplace for “zero-days,” which are weaponised for the purpose of attacking the computers and networks of “bad guys”. The incentives have shifted, and now a newly discovered bug had a good chance of remaining unpatched and live in the field because governments wanted to be able to use it to hack their enemies.
  • Last year, when I finished that talk in Seattle, a talk about all the ways that insecure computers put us all at risk, a woman in the audience put up her hand and said, “Well, you’ve scared the hell out of me. Now what do I do? How do I make my computers secure?”And I had to answer: “You can’t. No one of us can. I was a systems administrator 15 years ago. That means that I’m barely qualified to plug in a WiFi router today. I can’t make my devices secure and neither can you. Not when our governments are buying up information about flaws in our computers and weaponising them as part of their crime-fighting and anti-terrorism strategies. Not when it is illegal to tell people if there are flaws in their computers, where such a disclosure might compromise someone’s anti-copying strategy.But: If I had just stood here and spent an hour telling you about water-borne parasites; if I had told you about how inadequate water-treatment would put you and everyone you love at risk of horrifying illness and terrible, painful death; if I had explained that our very civilisation was at risk because the intelligence services were pursuing a strategy of keeping information about pathogens secret so they can weaponise them, knowing that no one is working on a cure; you would not ask me ‘How can I purify the water coming out of my tap?’”
  • Because when it comes to public health, individual action only gets you so far. It doesn’t matter how good your water is, if your neighbour’s water gives him cholera, there’s a good chance you’ll get cholera, too. And even if you stay healthy, you’re not going to have a very good time of it when everyone else in your country is striken and has taken to their beds.If you discovered that your government was hoarding information about water-borne parasites instead of trying to eradicate them; if you discovered that they were more interested in weaponising typhus than they were in curing it, you would demand that your government treat your water-supply with the gravitas and seriousness that it is due.The public health analogy is suprisingly apt here. The public health threat-model is in a state of continuous flux, because our well-being is under continuous, deliberate attack from pathogens for whom we are, at best, host organisms, and at worst, dinner. Evolution drives these organisms to a continuously shifting array of tactics to slide past our defenses.Public health isn’t just about pathogens, either – its thorniest problems are about human behaviour and social policy. HIV is a blood-borne disease, but disrupting its spread requires changes to our attitudes about sex, pharmaceutical patents, drugs policy and harm minimisation. Almost everything interesting about HIV is too big to fit on a microscope slide.
  • And so it is for security: crypto is awesome maths, but it’s just maths. Security requires good password choice, good password management, good laws about compelled crypto disclosure, transparency into corporate security practices, and, of course, an end to the governmental practice of spending $250M/year on anti-security sabotage through the NSA/GCHQ programmes Bullrun and Edgehill.
  • But for me, the most important parallel between public health and internet security is their significance to our societal wellbeing. Everything we do today involves the internet. Everything we do tomorrow will require the internet. If you live near a nuclear power plant, fly in airplanes, ride in cars or trains, have an implanted pacemaker, keep money in the bank, or carry a phone, your safety and well-being depend on a robust, evolving, practice of network security.This is the most alarming part of the Snowden revelations: not just that spies are spying on all of us – that they are actively sabotaging all of our technical infrastructure to ensure that they can continue to spy on us.There is no way to weaken security in a way that makes it possible to spy on “bad guys” without making all of us vulnerable to bad guys, too. The goal of national security is totally incompatible with the tactic of weakening the nation’s information security.
  • “Virus” has been a term of art in the security world for decades, and with good reason. It’s a term that resonates with people, even people with only a cursory grasp of technology. As we strive to make the public and our elected representatives understand what’s at stake, let’s expand that pathogen/epidemiology metaphor. We’d never allow MI5 to suppress information on curing typhus so they could attack terrorists by infecting them with it. We need to stop allowing the NSA and GCHQ to suppress information on fixing bugs in our computers, phones, cars, houses, planes, and bodies.If GCHQ wants to improve the national security of the United Kingdom – if the NSA want to impove the American national security – they should be fixing our technology, not breaking it. The technology of Britons and Americans is under continuous, deadly attack from criminals, from foreign spies, and from creeps. Our security is better served by armouring us against these threats than it is by undermining security so that cops and spies have an easier time attacking “bad guys.”
Paul Merrell

How the NSA Plans to Infect 'Millions' of Computers with Malware - The Intercept - 0 views

firstlook.org/...ect-millions-computers-malware

surveillance state NSA GCHQ NSA-methods malware

shared by Paul Merrell on 13 Mar 14 - No Cached
  • Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.
  • The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices. In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations. But the NSA recognized that managing a massive network of implants is too big a job for humans alone.
  • “One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”
  • ...10 more annotations...
  • TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.” In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations. The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)
  • But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.
  • The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes. One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer. An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer. The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption. It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.
  • Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications. Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.
  • Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations. Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers. The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.” The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”
  • Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network. According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds. There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious. Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.
  • To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second. In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.
  • The TURBINE implants system does not operate in isolation. It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.
  • The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England. The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet. When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack. The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter. Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.
  • Documents published with this article: Menwith Hill Station Leverages XKeyscore for Quantum Against Yahoo and Hotmail Five Eyes Hacking Large Routers NSA Technology Directorate Analysis of Converged Data Selector Types There Is More Than One Way to Quantum NSA Phishing Tactics and Man in the Middle Attacks Quantum Insert Diagrams The NSA and GCHQ’s QUANTUMTHEORY Hacking Tactics TURBINE and TURMOIL VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN Industrial-Scale Exploitation Thousands of Implants
  • Paul Merrell on 13 Mar 14
     
    *Very* long article. Only small portions quoted.
Paul Merrell

N.S.A. Devises Radio Pathway Into Computers - NYTimes.com - 1 views

www.nytimes.com/...not-connected-to-internet.html

surveillance state NSA NSA-capabilities air-gap-penetration must-read

shared by Paul Merrell on 16 Jan 14 - No Cached
  • The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
  • The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
  • The N.S.A. and the Pentagon’s Cyber Command have implanted nearly 100,000 “computer network exploits” around the world, but the hardest problem is getting inside machines isolated from outside communications.
  • ...8 more annotations...
  • the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
  • A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.
  • Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
  • A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
  • The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.
  • One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.
  • Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
  • But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
  • Paul Merrell on 16 Jan 14
     
    Even radio transceivers emplanted in USB jacks. So now to be truly secure, we need not only an air gap but also a Faraday cage protecting the air gap. 
Paul Merrell

Your Computer May Already be Hacked - NSA Inside? | Steve Blank - 1 views

steveblank.com/...y-already-be-hacked-nsa-inside

surveillance state NSA NSA-targets NSA-backdoors CPU-backdoors

shared by Paul Merrell on 22 Dec 13 - No Cached
  • But while the interviewer focused on the Skype revelation, I thought the most interesting part was the other claim, “that the National Security Agency already had pre-encryption stage access to email on Outlook.”  Say what??  They can see the plaintext on my computer before I encrypt it? That defeats any/all encryption methods. How could they do that? Bypass Encryption While most outside observers think the NSA’s job is cracking encrypted messages, as the Prism disclosures have shown, the actual mission is simply to read all communications. Cracking codes is a last resort.
  • The NSA has a history of figuring out how to get to messages before or after they are encrypted. Whether it was by putting keyloggers on keyboards and recording the keystrokes or detecting the images of the characters as they were being drawn on a CRT. Today every desktop and laptop computer has another way for the NSA to get inside. Intel Inside It’s inevitable that complex microprocessors have bugs in them when they ship. When the first microprocessors shipped the only thing you could hope is that the bug didn’t crash your computer. The only way the chip vendor could fix the problem was to physically revise the chip and put out a new version. But computer manufacturers and users were stuck if you had an old chip. After a particularly embarrassing math bug in 1994 that cost Intel $475 million, the company decided to fix the problem by allowing it’s microprocessors to load fixes automatically when your computer starts.
  • Starting in 1996 with the Intel P6 (Pentium Pro) to today’s P7 chips (Core i7) these processors contain instructions that are reprogrammable in what is called microcode. Intel can fix bugs on the chips by reprogramming a microprocessors microcode with a patch. This patch, called a microcode update, can be loaded into a processor by using special CPU instructions reserved for this purpose. These updates are not permanent, which means each time you turn the computer on, its microprocessor is reset to its built-in microcode, and the update needs to be applied again (through a computer’s BIOS.). Since 2000, Intel has put out 29 microcode updates to their processors. The microcode is distributed by 1) Intel or by 2) Microsoft integrated into a BIOS or 3) as part of a Windows update. Unfortunately, the microcode update format is undocumented and the code is encrypted. This allows Intel to make sure that 3rd parties can’t make unauthorized add-ons to their chips. But it also means that no one can look inside to understand the microcode, which makes it is impossible to know whether anyone is loading a backdoor into your computer.
  • ...3 more annotations...
  • Or perhaps the NSA, working with Intel and/or Microsoft, have wittingly have put backdoors in the microcode updates. A backdoor is is a way of gaining illegal remote access to a computer by getting around the normal security built-in to the computer. Typically someone trying to sneak malicious software on to a computer would try to install a rootkit (software that tries to conceal the malicious code.) A rootkit tries to hide itself and its code, but security conscious sites can discover rootkits by tools that check kernel code and data for changes. But what if you could use the configuration and state of microprocessor hardware in order to hide? You’d be invisible to all rootkit detection techniques that checks the operating system. Or what if you can make the microprocessor random number generator (the basis of encryption) not so random for a particular machine? (The NSA’s biggest coup was inserting backdoors in crypto equipment the Swiss sold to other countries.) Rather than risk getting caught messing with everyone’s updates, my bet is that the NSA has compromised the microcode update signing keys  giving the NSA the ability to selectively target specific computers. (Your operating system ensures security of updates by checking downloaded update packages against the signing key.) The NSA then can send out backdoors disguised as a Windows update for “security.” (Ironic but possible.) That means you don’t need backdoors baked in the hardware, don’t need Intel’s buy-in, don’t have discoverable rootkits, and you can target specific systems without impacting the public at large.
  • A few months ago these kind of discussions would have been theory at best, if not paranoia.
  • The Prism disclosures prove otherwise – the National Security Agency has decided it needs the ability to capture all communications in all forms. Getting inside of a target computer and weakening its encryption or having access to the plaintext of encrypted communication seems likely. Given the technical sophistication of the other parts of their surveillance net, the surprise would be if they haven’t implemented a microcode backdoor. The downside is that 1) backdoors can be hijacked by others with even worse intent. So if NSA has a microcode backdoor – who else is using it? and 2) What other pieces of our infrastructure, (routers, smartphones, military computers, satellites, etc) use processors with uploadable microcode? —— And that may be why the Russian president is now using a typewriter rather than a personal computer.
Paul Merrell

Canadian Spies Collect Domestic Emails in Secret Security Sweep - The Intercept - 0 views

firstlook.org/...ony-express-email-surveillance

surveillance state Canada CSE bulk-collection email

shared by Paul Merrell on 27 Feb 15 - No Cached
  • Canada’s electronic surveillance agency is covertly monitoring vast amounts of Canadians’ emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada’s equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats.
  • Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation — exposing the controversial details the government withheld from the public. Under Canada’s criminal code, CSE is not allowed to eavesdrop on Canadians’ communications. But the agency can be granted special ministerial exemptions if its efforts are linked to protecting government infrastructure — a loophole that the Snowden documents show is being used to monitor the emails. The latest revelations will trigger concerns about how Canadians’ private correspondence with government employees are being archived by the spy agency and potentially shared with police or allied surveillance agencies overseas, such as the NSA. Members of the public routinely communicate with government employees when, for instance, filing tax returns, writing a letter to a member of parliament, applying for employment insurance benefits or submitting a passport application.
  • Chris Parsons, an internet security expert with the Toronto-based internet think tank Citizen Lab, told CBC News that “you should be able to communicate with your government without the fear that what you say … could come back to haunt you in unexpected ways.” Parsons said that there are legitimate cybersecurity purposes for the agency to keep tabs on communications with the government, but he added: “When we collect huge volumes, it’s not just used to track bad guys. It goes into data stores for years or months at a time and then it can be used at any point in the future.” In a top-secret CSE document on the security operation, dated from 2010, the agency says it “processes 400,000 emails per day” and admits that it is suffering from “information overload” because it is scooping up “too much data.” The document outlines how CSE built a system to handle a massive 400 terabytes of data from Internet networks each month — including Canadians’ emails — as part of the cyber operation. (A single terabyte of data can hold about a billion pages of text, or about 250,000 average-sized mp3 files.)
  • ...1 more annotation...
  • The agency notes in the document that it is storing large amounts of “passively tapped network traffic” for “days to months,” encompassing the contents of emails, attachments and other online activity. It adds that it stores some kinds of metadata — data showing who has contacted whom and when, but not the content of the message — for “months to years.” The document says that CSE has “excellent access to full take data” as part of its cyber operations and is receiving policy support on “use of intercepted private communications.” The term “full take” is surveillance-agency jargon that refers to the bulk collection of both content and metadata from Internet traffic. Another top-secret document on the surveillance dated from 2010 suggests the agency may be obtaining at least some of the data by covertly mining it directly from Canadian Internet cables. CSE notes in the document that it is “processing emails off the wire.”
  • Paul Merrell on 27 Feb 15
     
    " CANADIAN SPIES COLLECT DOMESTIC EMAILS IN SECRET SECURITY SWEEP BY RYAN GALLAGHER AND GLENN GREENWALD @rj_gallagher@ggreenwald YESTERDAY AT 2:02 AM SHARE TWITTER FACEBOOK GOOGLE EMAIL PRINT POPULAR EXCLUSIVE: TSA ISSUES SECRET WARNING ON 'CATASTROPHIC' THREAT TO AVIATION CHICAGO'S "BLACK SITE" DETAINEES SPEAK OUT WHY DOES THE FBI HAVE TO MANUFACTURE ITS OWN PLOTS IF TERRORISM AND ISIS ARE SUCH GRAVE THREATS? NET NEUTRALITY IS HERE - THANKS TO AN UNPRECEDENTED GUERRILLA ACTIVISM CAMPAIGN HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE Canada's electronic surveillance agency is covertly monitoring vast amounts of Canadians' emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada's equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats. Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation - exposing the controversial details the government withheld from the public. Under Canada's criminal code, CSE is no
Paul Merrell

Catalog Reveals NSA Has Back Doors for Numerous Devices - SPIEGEL ONLINE - 0 views

www.spiegel.de/...numerous-devices-a-940994.html

surveillance state NSA NSA-methods NSA-backdoors routers hard-drives must-read

shared by Paul Merrell on 30 Dec 13 - No Cached
  • When it comes to modern firewalls for corporate computer networks, the world's second largest network equipment manufacturer doesn't skimp on praising its own work. According to Juniper Networks' online PR copy, the company's products are "ideal" for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class." Despite these assurances, though, there is one attacker none of these products can fend off -- the United States' National Security Agency.
  • Specialists at the intelligence organization succeeded years ago in penetrating the company's digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.
  • The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA's department for Tailored Access Operations (TAO). In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet. Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.
  • ...3 more annotations...
  • These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them. This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000. In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."
  • The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access. Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.
  • Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" -- in other words, over the Internet. Others require a direct attack on an end-user device -- an "interdiction," as it is known in NSA jargon -- in order to install malware or bugging equipment. There is no information in the documents seen by SPIEGEL to suggest that the companies whose products are mentioned in the catalog provided any support to the NSA or even had any knowledge of the intelligence solutions. "Cisco does not work with any government to modify our equipment, nor to implement any so-called security 'back doors' in our products," the company said in a statement. Contacted by SPIEGEL reporters, officials at Western Digital, Juniper Networks and Huawei also said they had no knowledge of any such modifications. Meanwhile, Dell officials said the company "respects and complies with the laws of all countries in which it operates." Many of the items in the software solutions catalog date from 2008, and some of the target server systems that are listed are no longer on the market today. At the same time, it's not as if the hackers within the ANT division have been sleeping on the job. They have continued to develop their arsenal. Some pages in the 2008 catalog, for example, list new systems for which no tools yet exist. However, the authors promise they are already hard at work developing new tools and that they will be "pursued for a future release."
  • Paul Merrell on 30 Dec 13
     
    Oh, great. My router and all of my hard drives have NSA backdoors in them. And my BIOS on the Linux box may be infected with a backdoor. What are the odds that NSA has not developed similar capability for the UEFI on our two newer Windows boxes? 
Paul Merrell

New Snowden Docs Indicate Scope of NSA Preparations for Cyber Battle - SPIEGEL ONLINE - 0 views

www.spiegel.de/...or-cyber-battle-a-1013409.html

surveillance state war & peace cyberwar Snowden NSA-docs

shared by Paul Merrell on 20 Jan 15 - No Cached
  • The NSA's mass surveillance is just the beginning. Documents from Edward Snowden show that the intelligence agency is arming America for future digital wars -- a struggle for control of the Internet that is already well underway.
  • The Birth of D Weapons According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.
  • NSA Docs on Network Attacks and ExploitationExcerpt from the secret NSA budget on computer network operations / Code word GENIE Document about the expansion of the Remote Operations Center (ROC) on endpoint operations Document explaining the role of the Remote Operations Center (ROC) Interview with an employee of NSA's department for Tailored Access Operations about his field of work Supply-chain interdiction / Stealthy techniques can crack some of SIGINT's hardest targets Classification guide for computer network exploitation (CNE) NSA training course material on computer network operations Overview of methods for NSA integrated cyber operations NSA project description to recognize and process data that comes from third party attacks on computers Exploring and exploiting leaky mobile apps with BADASS Overview of projects of the TAO/ATO department such as the remote destruction of network cards iPhone target analysis and exploitation with Apple's unique device identifiers (UDID) Report of an NSA Employee about a Backdoor in the OpenSSH Daemon NSA document on QUANTUMSHOOTER, an implant to remote-control computers with good network connections from unknown third parties
  • ...5 more annotations...
  • From a military perspective, surveillance of the Internet is merely "Phase 0" in the US digital war strategy. Internal NSA documents indicate that it is the prerequisite for everything that follows. They show that the aim of the surveillance is to detect vulnerabilities in enemy systems. Once "stealthy implants" have been placed to infiltrate enemy systems, thus allowing "permanent accesses," then Phase Three has been achieved -- a phase headed by the word "dominate" in the documents. This enables them to "control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0)." Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation. The internal documents state that the ultimate goal is "real time controlled escalation". One NSA presentation proclaims that "the next major conflict will start in cyberspace." To that end, the US government is currently undertaking a massive effort to digitally arm itself for network warfare. For the 2013 secret intelligence budget, the NSA projected it would need around $1 billion in order to increase the strength of its computer network attack operations. The budget included an increase of some $32 million for "unconventional solutions" alone.
  • Part 2: How the NSA Reads Over Shoulders of Other Spies
  • NSA Docs on ExfiltrationExplanation of the APEX method of combining passive with active methods to exfiltrate data from networks attacked Explanation of APEX shaping to put exfiltrating network traffic into patterns that allow plausible deniability Presentation on the FASHIONCLEFT protocol that the NSA uses to exfiltrate data from trojans and implants to the NSA Methods to exfiltrate data even from devices which are supposed to be offline Document detailing SPINALTAP, an NSA project to combine data from active operations and passive signals intelligence Technical description of the FASHIONCLEFT protocol the NSA uses to exfiltrate data from Trojans and implants to the NSA
  • NSA Docs on Malware and ImplantsCSEC document about the recognition of trojans and other "network based anomaly" The formalized process through which analysts choose their data requirement and then get to know the tools that can do the job QUANTUMTHEORY is a set of technologies allowing man-on-the-side interference attacks on TCP/IP connections (includes STRAIGHTBIZARRE and DAREDEVIL) Sample code of a malware program from the Five Eyes alliance
  • According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money. During the 20th century, scientists developed so-called ABC weapons -- atomic, biological and chemical. It took decades before their deployment could be regulated and, at least partly, outlawed. New digital weapons have now been developed for the war on the Internet. But there are almost no international conventions or supervisory authorities for these D weapons, and the only law that applies is the survival of the fittest. Canadian media theorist Marshall McLuhan foresaw these developments decades ago. In 1970, he wrote, "World War III is a guerrilla information war with no division between military and civilian participation." That's precisely the reality that spies are preparing for today.
  • Paul Merrell on 20 Jan 15
     
    Major dump of new Snowden NSA docs by Der Spiegel, with an article by a large team of reporters and computer security experts. Topic: Cyberwar capabilities, now and in the near future. 
Paul Merrell

Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views

firstlook.org/...nsa-gchq-targeted-kaspersky

surveillance state NSA GCHQ anti-virus-software

shared by Paul Merrell on 23 Jun 15 - No Cached
  • The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
  • The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
  • The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
  • ...9 more annotations...
  • The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report. The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
  • According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
  • Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
  • The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.” After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
  • The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
  • As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
  • Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware. Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
  • Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers. He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
  • Documents published with this article: Kaspersky User-Agent Strings — NSA Project CAMBERDADA — NSA NDIST — GCHQ’s Developing Cyber Defence Mission GCHQ Application for Renewal of Warrant GPW/1160 Software Reverse Engineering — GCHQ Reverse Engineering — GCHQ Wiki Malware Analysis & Reverse Engineering — ACNO Skill Levels — GCHQ
Paul Merrell

Edward Snowden: A 'Nation' Interview | The Nation - 0 views

www.thenation.com/...wden-exile-exclusive-interview

surveillance state Snowden-interview

shared by Paul Merrell on 30 Oct 14 - No Cached
  • Snowden: That’s the key—to maintain the garden of liberty, right? This is a generational thing that we must all do continuously. We only have the rights that we protect. It doesn’t matter what we say or think we have. It’s not enough to believe in something; it matters what we actually defend. So when we think in the context of the last decade’s infringements upon personal liberty and the last year’s revelations, it’s not about surveillance. It’s about liberty. When people say, “I have nothing to hide,” what they’re saying is, “My rights don’t matter.” Because you don’t need to justify your rights as a citizen—that inverts the model of responsibility. The government must justify its intrusion into your rights. If you stop defending your rights by saying, “I don’t need them in this context” or “I can’t understand this,” they are no longer rights. You have ceded the concept of your own rights. You’ve converted them into something you get as a revocable privilege from the government, something that can be abrogated at its convenience. And that has diminished the measure of liberty within a society.
  • From the very beginning, I said there are two tracks of reform: there’s the political and the technical. I don’t believe the political will be successful, for exactly the reasons you underlined. The issue is too abstract for average people, who have too many things going on in their lives. And we do not live in a revolutionary time. People are not prepared to contest power. We have a system of education that is really a sort of euphemism for indoctrination. It’s not designed to create critical thinkers. We have a media that goes along with the government by parroting phrases intended to provoke a certain emotional response—for example, “national security.” Everyone says “national security” to the point that we now must use the term “national security.” But it is not national security that they’re concerned with; it is state security. And that’s a key distinction. We don’t like to use the phrase “state security” in the United States because it reminds us of all the bad regimes. But it’s a key concept, because when these officials are out on TV, they’re not talking about what’s good for you. They’re not talking about what’s good for business. They’re not talking about what’s good for society. They’re talking about the protection and perpetuation of a national state system. I’m not an anarchist. I’m not saying, “Burn it to the ground.” But I’m saying we need to be aware of it, and we need to be able to distinguish when political developments are occurring that are contrary to the public interest. And that cannot happen if we do not question the premises on which they’re founded. And that’s why I don’t think political reform is likely to succeed. [Senators] Udall and Wyden, on the intelligence committee, have been sounding the alarm, but they are a minority.
  • The Nation: Every president—and this seems to be confirmed by history—will seek to maximize his or her power, and will see modern-day surveillance as part of that power. Who is going to restrain presidential power in this regard? Snowden: That’s why we have separate and co-equal branches. Maybe it will be Congress, maybe not. Might be the courts, might not. But the idea is that, over time, one of these will get the courage to do so. One of the saddest and most damaging legacies of the Bush administration is the increased assertion of the “state secrets” privilege, which kept organizations like the ACLU—which had cases of people who had actually been tortured and held in indefinite detention—from getting their day in court. The courts were afraid to challenge executive declarations of what would happen. Now, over the last year, we have seen—in almost every single court that has had this sort of national-security case—that they have become markedly more skeptical. People at civil-liberties organizations say it’s a sea change, and that it’s very clear judges have begun to question more critically assertions made by the executive. Even though it seems so obvious now, it is extraordinary in the context of the last decade, because courts had simply said they were not the best branch to adjudicate these claims—which is completely wrong, because they are the only nonpolitical branch. They are the branch that is specifically charged with deciding issues that cannot be impartially decided by politicians. The power of the presidency is important, but it is not determinative. Presidents should not be exempted from the same standards of reason and evidence and justification that any other citizen or civil movement should be held to.
  • ...14 more annotations...
  • The Nation: Explain the technical reform you mentioned. Snowden: We already see this happening. The issue I brought forward most clearly was that of mass surveillance, not of surveillance in general. It’s OK if we wiretap Osama bin Laden. I want to know what he’s planning—obviously not him nowadays, but that kind of thing. I don’t care if it’s a pope or a bin Laden. As long as investigators must go to a judge—an independent judge, a real judge, not a secret judge—and make a showing that there’s probable cause to issue a warrant, then they can do that. And that’s how it should be done. The problem is when they monitor all of us, en masse, all of the time, without any specific justification for intercepting in the first place, without any specific judicial showing that there’s a probable cause for that infringement of our rights.
  • Since the revelations, we have seen a massive sea change in the technological basis and makeup of the Internet. One story revealed that the NSA was unlawfully collecting data from the data centers of Google and Yahoo. They were intercepting the transactions of data centers of American companies, which should not be allowed in the first place because American companies are considered US persons, sort of, under our surveillance authorities. They say, “Well, we were doing it overseas,” but that falls under a different Reagan-era authority: EO 12333, an executive order for foreign-intelligence collection, as opposed to the ones we now use domestically. So this one isn’t even authorized by law. It’s just an old-ass piece of paper with Reagan’s signature on it, which has been updated a couple times since then. So what happened was that all of a sudden these massive, behemoth companies realized their data centers—sending hundreds of millions of people’s communications back and forth every day—were completely unprotected, electronically naked. GCHQ, the British spy agency, was listening in, and the NSA was getting the data and everything like that, because they could dodge the encryption that was typically used. Basically, the way it worked technically, you go from your phone to Facebook.com, let’s say—that link is encrypted. So if the NSA is trying to watch it here, they can’t understand it. But what these agencies discovered was, the Facebook site that your phone is connected to is just the front end of a larger corporate network—that’s not actually where the data comes from. When you ask for your Facebook page, you hit this part and it’s protected, but it has to go on this long bounce around the world to actually get what you’re asking for and go back. So what they did was just get out of the protected part and they went onto the back network. They went into the private network of these companies.
  • The Nation: The companies knew this? Snowden: Companies did not know it. They said, “Well, we gave the NSA the front door; we gave you the PRISM program. You could get anything you wanted from our companies anyway—all you had to do was ask us and we’re gonna give it to you.” So the companies couldn’t have imagined that the intelligence communities would break in the back door, too—but they did, because they didn’t have to deal with the same legal process as when they went through the front door. When this was published by Barton Gellman in The Washington Post and the companies were exposed, Gellman printed a great anecdote: he showed two Google engineers a slide that showed how the NSA was doing this, and the engineers “exploded in profanity.” Another example—one document I revealed was the classified inspector general’s report on a Bush surveillance operation, Stellar Wind, which basically showed that the authorities knew it was unlawful at the time. There was no statutory basis; it was happening basically on the president’s say-so and a secret authorization that no one was allowed to see. When the DOJ said, “We’re not gonna reauthorize this because it is not lawful,” Cheney—or one of Cheney’s advisers—went to Michael Hayden, director of the NSA, and said, “There is no lawful basis for this program. DOJ is not going to reauthorize it, and we don’t know what we’re going to do. Will you continue it anyway on the president’s say-so?” Hayden said yes, even though he knew it was unlawful and the DOJ was against it. Nobody has read this document because it’s like twenty-eight pages long, even though it’s incredibly important.
  • The big tech companies understood that the government had not only damaged American principles, it had hurt their businesses. They thought, “No one trusts our products anymore.” So they decided to fix these security flaws to secure their phones. The new iPhone has encryption that protects the contents of the phone. This means if someone steals your phone—if a hacker or something images your phone—they can’t read what’s on the phone itself, they can’t look at your pictures, they can’t see the text messages you send, and so forth. But it does not stop law enforcement from tracking your movements via geolocation on the phone if they think you are involved in a kidnapping case, for example. It does not stop law enforcement from requesting copies of your texts from the providers via warrant. It does not stop them from accessing copies of your pictures or whatever that are uploaded to, for example, Apple’s cloud service, which are still legally accessible because those are not encrypted. It only protects what’s physically on the phone. This is purely a security feature that protects against the kind of abuse that can happen with all these things being out there undetected. In response, the attorney general and the FBI director jumped on a soap box and said, “You are putting our children at risk.”
  • The Nation: Is there a potential conflict between massive encryption and the lawful investigation of crimes? Snowden: This is the controversy that the attorney general and the FBI director were trying to create. They were suggesting, “We have to be able to have lawful access to these devices with a warrant, but that is technically not possible on a secure device. The only way that is possible is if you compromise the security of the device by leaving a back door.” We’ve known that these back doors are not secure. I talk to cryptographers, some of the leading technologists in the world, all the time about how we can deal with these issues. It is not possible to create a back door that is only accessible, for example, to the FBI. And even if it were, you run into the same problem with international commerce: if you create a device that is famous for compromised security and it has an American back door, nobody is gonna buy it. Anyway, it’s not true that the authorities cannot access the content of the phone even if there is no back door. When I was at the NSA, we did this every single day, even on Sundays. I believe that encryption is a civic responsibility, a civic duty.
  • The Nation: Some years ago, The Nation did a special issue on patriotism. We asked about a hundred people how they define it. How do you define patriotism? And related to that, you’re probably the world’s most famous whistleblower, though you don’t like that term. What characterization of your role do you prefer? Snowden: What defines patriotism, for me, is the idea that one rises to act on behalf of one’s country. As I said before, that’s distinct from acting to benefit the government—a distinction that’s increasingly lost today. You’re not patriotic just because you back whoever’s in power today or their policies. You’re patriotic when you work to improve the lives of the people of your country, your community and your family. Sometimes that means making hard choices, choices that go against your personal interest. People sometimes say I broke an oath of secrecy—one of the early charges leveled against me. But it’s a fundamental misunderstanding, because there is no oath of secrecy for people who work in the intelligence community. You are asked to sign a civil agreement, called a Standard Form 312, which basically says if you disclose classified information, they can sue you; they can do this, that and the other. And you risk going to jail. But you are also asked to take an oath, and that’s the oath of service. The oath of service is not to secrecy, but to the Constitution—to protect it against all enemies, foreign and domestic. That’s the oath that I kept, that James Clapper and former NSA director Keith Alexander did not. You raise your hand and you take the oath in your class when you are on board. All government officials are made to do it who work for the intelligence agencies—at least, that’s where I took the oath.
  • The Nation: Creating a new system may be your transition, but it’s also a political act. Snowden: In case you haven’t noticed, I have a somewhat sneaky way of effecting political change. I don’t want to directly confront great powers, which we cannot defeat on their terms. They have more money, more clout, more airtime. We cannot be effective without a mass movement, and the American people today are too comfortable to adapt to a mass movement. But as inequality grows, the basic bonds of social fraternity are fraying—as we discussed in regard to Occupy Wall Street. As tensions increase, people will become more willing to engage in protest. But that moment is not now.
  • The Nation: You really think that if you could go home tomorrow with complete immunity, there wouldn’t be irresistible pressure on you to become a spokesperson, even an activist, on behalf of our rights and liberties? Indeed, wouldn’t that now be your duty? Snowden: But the idea for me now—because I’m not a politician, and I do not think I am as effective in this way as people who actually prepare for it—is to focus on technical reform, because I speak the language of technology. I spoke with Tim Berners-Lee, the guy who invented the World Wide Web. We agree on the necessity for this generation to create what he calls the Magna Carta for the Internet. We want to say what “digital rights” should be. What values should we be protecting, and how do we assert them? What I can do—because I am a technologist, and because I actually understand how this stuff works under the hood—is to help create the new systems that reflect our values. Of course I want to see political reform in the United States. But we could pass the best surveillance reforms, the best privacy protections in the history of the world, in the United States, and it would have zero impact internationally. Zero impact in China and in every other country, because of their national laws—they won’t recognize our reforms; they’ll continue doing their own thing. But if someone creates a reformed technical system today—technical standards must be identical around the world for them to function together.
  • As for labeling someone a whistleblower, I think it does them—it does all of us—a disservice, because it “otherizes” us. Using the language of heroism, calling Daniel Ellsberg a hero, and calling the other people who made great sacrifices heroes—even though what they have done is heroic—is to distinguish them from the civic duty they performed, and excuses the rest of us from the same civic duty to speak out when we see something wrong, when we witness our government engaging in serious crimes, abusing power, engaging in massive historic violations of the Constitution of the United States. We have to speak out or we are party to that bad action.
  • The Nation: Considering your personal experience—the risks you took, and now your fate here in Moscow—do you think other young men or women will be inspired or discouraged from doing what you did? Snowden: Chelsea Manning got thirty-five years in prison, while I’m still free. I talk to people in the ACLU office in New York all the time. I’m able to participate in the debate and to campaign for reform. I’m just the first to come forward in the manner that I did and succeed. When governments go too far to punish people for actions that are dissent rather than a real threat to the nation, they risk delegitimizing not just their systems of justice, but the legitimacy of the government itself. Because when they bring political charges against people for acts that were clearly at least intended to work in the public interest, they deny them the opportunity to mount a public-interest defense. The charges they brought against me, for example, explicitly denied my ability to make a public-interest defense. There were no whistleblower protections that would’ve protected me—and that’s known to everybody in the intelligence community. There are no proper channels for making this information available when the system fails comprehensively.
  • The government would assert that individuals who are aware of serious wrongdoing in the intelligence community should bring their concerns to the people most responsible for that wrongdoing, and rely on those people to correct the problems that those people themselves authorized. Going all the way back to Daniel Ellsberg, it is clear that the government is not concerned with damage to national security, because in none of these cases was there damage. At the trial of Chelsea Manning, the government could point to no case of specific damage that had been caused by the massive revelation of classified information. The charges are a reaction to the government’s embarrassment more than genuine concern about these activities, or they would substantiate what harms were done. We’re now more than a year since my NSA revelations, and despite numerous hours of testimony before Congress, despite tons of off-the-record quotes from anonymous officials who have an ax to grind, not a single US official, not a single representative of the United States government, has ever pointed to a single case of individualized harm caused by these revelations. This, despite the fact that former NSA director Keith Alexander said this would cause grave and irrevocable harm to the nation. Some months after he made that statement, the new director of the NSA, Michael Rogers, said that, in fact, he doesn’t see the sky falling. It’s not so serious after all.
  • The Nation: You also remind us of [Manhattan Project physicist] Robert Oppenheimer—what he created and then worried about. Snowden: Someone recently talked about mass surveillance and the NSA revelations as being the atomic moment for computer scientists. The atomic bomb was the moral moment for physicists. Mass surveillance is the same moment for computer scientists, when they realize that the things they produce can be used to harm a tremendous number of people. It is interesting that so many people who become disenchanted, who protest against their own organizations, are people who contributed something to them and then saw how it was misused. When I was working in Japan, I created a system for ensuring that intelligence data was globally recoverable in the event of a disaster. I was not aware of the scope of mass surveillance. I came across some legal questions when I was creating it. My superiors pushed back and were like, “Well, how are we going to deal with this data?” And I was like, “I didn’t even know it existed.” Later, when I found out that we were collecting more information on American communications than we were on Russian communications, for example, I was like, “Holy shit.” Being confronted with the realization that work you intended to benefit people is being used against them has a radicalizing effect.
  • The Nation: We have a sense, or certainly the hope, we’ll be seeing you in America soon—perhaps sometime after this Ukrainian crisis ends. Snowden: I would love to think that, but we’ve gone all the way up the chain at all the levels, and things like that. A political decision has been made not to irritate the intelligence community. The spy agencies are really embarrassed, they’re really sore—the revelations really hurt their mystique. The last ten years, they were getting the Zero Dark Thirty treatment—they’re the heroes. The surveillance revelations bring them back to Big Brother kind of narratives, and they don’t like that at all. The Obama administration almost appears as though it is afraid of the intelligence community. They’re afraid of death by a thousand cuts—you know, leaks and things like that.
  • The Nation: You’ve given us a lot of time, and we are very grateful, as will be The Nation’s and other readers. But before we end, any more thoughts about your future? Snowden: If I had to guess what the future’s going to look like for me—assuming it’s not an orange jumpsuit in a hole—I think I’m going to alternate between tech and policy. I think we need that. I think that’s actually what’s missing from government, for the most part. We’ve got a lot of policy people, but we have no technologists, even though technology is such a big part of our lives. It’s just amazing, because even these big Silicon Valley companies, the masters of the universe or whatever, haven’t engaged with Washington until recently. They’re still playing catch-up. As for my personal politics, some people seem to think I’m some kind of archlibertarian, a hyper-conservative. But when it comes to social policies, I believe women have the right to make their own choices, and inequality is a really important issue. As a technologist, I see the trends, and I see that automation inevitably is going to mean fewer and fewer jobs. And if we do not find a way to provide a basic income for people who have no work, or no meaningful work, we’re going to have social unrest that could get people killed. When we have increasing production—year after year after year—some of that needs to be reinvested in society. It doesn’t need to be consistently concentrated in these venture-capital funds and things like that. I’m not a communist, a socialist or a radical. But these issues have to be 
addressed.
  • Paul Merrell on 30 Oct 14
     
    Remarkable interview. Snowden finally gets asked some questions about politics. 
Paul Merrell

Leaked docs show spyware used to snoop on US computers | Ars Technica - 0 views

arstechnica.com/...-used-to-snoop-on-us-computers

surveillance state Gamma-Group FinFisher zero-day-exploits Vupen-Security MSOffice MSIE Acrobat

shared by Paul Merrell on 10 Aug 14 - No Cached
  • Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
  • The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists, and activist groups. The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday. The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.
  • The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones. A price list included in the trove lists a license of the software at almost $4 million. The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer "exploits." Exploits include techniques called "zero days" for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more." Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.
  • ...2 more annotations...
  • Many of Gamma's product brochures have previously been published by the Wall Street Journal and Wikileaks, but the latest trove shows how the products are getting more sophisticated. In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user's machine, and found that it could not be blocked by most antivirus software. Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker.
  • The documents also describe a "country-wide" surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target's computer. The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak. On Reddit, a user called PhineasFisher claimed responsibility for the leak. "Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents," the user wrote. The name on the @GammaGroupPR Twitter account is also "Phineas Fisher." GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company's malware was used to target activists in Bahrain. In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.
Paul Merrell

Exclusive: Secret contract tied NSA and security industry pioneer | Reuters - 0 views

www.reuters.com/...rity-rsa-idUSBRE9BJ1C220131220

surveillance state NSA RSA NSA-backdoors software-backdoors

shared by Paul Merrell on 21 Dec 13 - No Cached
  • (Reuters) - As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned. Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.
  • The earlier disclosures of RSA's entanglement with the NSA already had shocked some in the close-knit world of computer security experts. The company had a long history of championing privacy and security, and it played a leading role in blocking a 1990s effort by the NSA to require a special chip to enable spying on a wide range of computer and communications products.
  • The RSA deal shows one way the NSA carried out what Snowden's documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools. NSA documents released in recent months called for using "commercial relationships" to advance that goal, but did not name any security companies as collaborators.
  • ...2 more annotations...
  • The NSA came under attack this week in a landmark report from a White House panel appointed to review U.S. surveillance policy. The panel noted that "encryption is an essential basis for trust on the Internet," and called for a halt to any NSA efforts to undermine it.
  • From RSA's earliest days, the U.S. intelligence establishment worried it would not be able to crack well-engineered public key cryptography. Martin Hellman, a former Stanford researcher who led the team that first invented the technique, said NSA experts tried to talk him and others into believing that the keys did not have to be as large as they planned.
  • Paul Merrell on 21 Dec 13
     
    Reuters gives the NSA's history of introducing backdoors in encryption standards a deep look, focusing on RSA's acceptance of a $10 million NSA bribe post-9/11 to implement the NSA-created Dual Elliptic Curve standard for generating "random" numbers, which had what Bruce Schneier described as a "back door." A tip of the hat to Miro for alerting me to this article.
Paul Merrell

Operation AURORAGOLD: How the NSA Hacks Cellphone Networks Worldwide - 0 views

firstlook.org/...nsa-auroragold-hack-cellphones

surveillance state NSA NSA-methods cell-network-penetration AURORAGOLD

shared by Paul Merrell on 06 Dec 14 - No Cached
  • In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.
  • According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.
  • Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.
  • ...11 more annotations...
  • “Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming. “Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”
  • The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”
  • The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.
  • By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices. The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.
  • The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.” Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.” The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.” The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.
  • One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries. The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone. The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.
  • Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3. The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption. In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)
  • The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.
  • The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had already found ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries. The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback. According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.
  • Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.” “NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.
  • Documents published with this article: AURORAGOLD – Project Overview AURORAGOLD Working Group IR.21 – A Technology Warning Mechanism AURORAGOLD – Target Technology Trends Center support to WPMO NSA First-Ever Collect of High-Interest 4G Cellular Signal AURORAGOLD Working Aid WOLFRAMITE Encryption Attack OPULENT PUP Encryption Attack NSA/GCHQ/CSEC Network Tradecraft Advancement Team
  • Paul Merrell on 06 Dec 14
     
    Notice that they've cracked even 4G.
Paul Merrell

Cy Vance's Proposal to Backdoor Encrypted Devices Is Riddled With Vulnerabilities | Jus... - 0 views

www.justsecurity.org/...evices-riddled-vulnerabilities

surveillance state encryption-backdoors Vance tyranny right-to-whisper

shared by Paul Merrell on 11 Dec 15 - No Cached
  • Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.
  • Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.
  • Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.
  • ...8 more annotations...
  • In addition to his weak reasoning for why it would be feasible to create backdoors to encrypted devices without creating undue security risks or harming privacy, Vance makes several flawed policy-based arguments in favor of his proposal. He argues that criminals benefit from devices that are protected by strong encryption. That may be true, but strong encryption is also a critical tool used by billions of average people around the world every day to protect their transactions, communications, and private information. Lawyers, doctors, and journalists rely on encryption to protect their clients, patients, and sources. Government officials, from the President to the directors of the NSA and FBI, and members of Congress, depend on strong encryption for cybersecurity and data security. There are far more innocent Americans who benefit from strong encryption than there are criminals who exploit it. Encryption is also essential to our economy. Device manufacturers could suffer major economic losses if they are prohibited from competing with foreign manufacturers who offer more secure devices. Encryption also protects major companies from corporate and nation-state espionage. As more daily business activities are done on smartphones and other devices, they may now hold highly proprietary or sensitive information. Those devices could be targeted even more than they are now if all that has to be done to access that information is to steal an employee’s smartphone and exploit a vulnerability the manufacturer was required to create.
  • Privacy is another concern that Vance dismisses too easily. Despite Vance’s arguments otherwise, building backdoors into device encryption undermines privacy. Our government does not impose a similar requirement in any other context. Police can enter homes with warrants, but there is no requirement that people record their conversations and interactions just in case they someday become useful in an investigation. The conversations that we once had through disposable letters and in-person conversations now happen over the Internet and on phones. Just because the medium has changed does not mean our right to privacy has.
  • Vance attempts to downplay this serious risk by asserting that anyone can use the “Find My Phone” or Android Device Manager services that allow owners to delete the data on their phones if stolen. However, this does not stand up to scrutiny. These services are effective only when an owner realizes their phone is missing and can take swift action on another computer or device. This delay ensures some period of vulnerability. Encryption, on the other hand, protects everyone immediately and always. Additionally, Vance argues that it is safer to build backdoors into encrypted devices than it is to do so for encrypted communications in transit. It is true that there is a difference in the threats posed by the two types of encryption backdoors that are being debated. However, some manner of widespread vulnerability will inevitably result from a backdoor to encrypted devices. Indeed, the NSA and GCHQ reportedly hacked into a database to obtain cell phone SIM card encryption keys in order defeat the security protecting users’ communications and activities and to conduct surveillance. Clearly, the reality is that the threat of such a breach, whether from a hacker or a nation state actor, is very real. Even if companies go the extra mile and create a different means of access for every phone, such as a separate access key for each phone, significant vulnerabilities will be created. It would still be possible for a malicious actor to gain access to the database containing those keys, which would enable them to defeat the encryption on any smartphone they took possession of. Additionally, the cost of implementation and maintenance of such a complex system could be high.
  • Vance also suggests that the US would be justified in creating such a requirement since other Western nations are contemplating requiring encryption backdoors as well. Regardless of whether other countries are debating similar proposals, we cannot afford a race to the bottom on cybersecurity. Heads of the intelligence community regularly warn that cybersecurity is the top threat to our national security. Strong encryption is our best defense against cyber threats, and following in the footsteps of other countries by weakening that critical tool would do incalculable harm. Furthermore, even if the US or other countries did implement such a proposal, criminals could gain access to devices with strong encryption through the black market. Thus, only innocent people would be negatively affected, and some of those innocent people might even become criminals simply by trying to protect their privacy by securing their data and devices. Finally, Vance argues that David Kaye, UN Special Rapporteur for Freedom of Expression and Opinion, supported the idea that court-ordered decryption doesn’t violate human rights, provided certain criteria are met, in his report on the topic. However, in the context of Vance’s proposal, this seems to conflate the concepts of court-ordered decryption and of government-mandated encryption backdoors. The Kaye report was unequivocal about the importance of encryption for free speech and human rights. The report concluded that:
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online. … States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. Additionally, the group of intelligence experts that was hand-picked by the President to issue a report and recommendations on surveillance and technology, concluded that: [R]egarding encryption, the U.S. Government should: (1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
  • The clear consensus among human rights experts and several high-ranking intelligence experts, including the former directors of the NSA, Office of the Director of National Intelligence, and DHS, is that mandating encryption backdoors is dangerous. Unaddressed Concerns: Preventing Encrypted Devices from Entering the US and the Slippery Slope In addition to the significant faults in Vance’s arguments in favor of his proposal, he fails to address the question of how such a restriction would be effectively implemented. There is no effective mechanism for preventing code from becoming available for download online, even if it is illegal. One critical issue the Vance proposal fails to address is how the government would prevent, or even identify, encrypted smartphones when individuals bring them into the United States. DHS would have to train customs agents to search the contents of every person’s phone in order to identify whether it is encrypted, and then confiscate the phones that are. Legal and policy considerations aside, this kind of policy is, at the very least, impractical. Preventing strong encryption from entering the US is not like preventing guns or drugs from entering the country — encrypted phones aren’t immediately obvious as is contraband. Millions of people use encrypted devices, and tens of millions more devices are shipped to and sold in the US each year.
  • Finally, there is a real concern that if Vance’s proposal were accepted, it would be the first step down a slippery slope. Right now, his proposal only calls for access to smartphones and devices running mobile operating systems. While this policy in and of itself would cover a number of commonplace devices, it may eventually be expanded to cover laptop and desktop computers, as well as communications in transit. The expansion of this kind of policy is even more worrisome when taking into account the speed at which technology evolves and becomes widely adopted. Ten years ago, the iPhone did not even exist. Who is to say what technology will be commonplace in 10 or 20 years that is not even around today. There is a very real question about how far law enforcement will go to gain access to information. Things that once seemed like merely science fiction, such as wearable technology and artificial intelligence that could be implanted in and work with the human nervous system, are now available. If and when there comes a time when our “smart phone” is not really a device at all, but is rather an implant, surely we would not grant law enforcement access to our minds.
  • Policymakers should dismiss Vance’s proposal to prohibit the use of strong encryption to protect our smartphones and devices in order to ensure law enforcement access. Undermining encryption, regardless of whether it is protecting data in transit or at rest, would take us down a dangerous and harmful path. Instead, law enforcement and the intelligence community should be working to alter their skills and tactics in a fast-evolving technological world so that they are not so dependent on information that will increasingly be protected by encryption.
Paul Merrell

Warrantless airport seizure of laptop "cannot be justified," judge rules | Ars Technica - 0 views

arstechnica.com/...annot-be-justified-judge-rules

surveillance state warrantless-search laptop border-search-&-seizure litigation

shared by Paul Merrell on 15 May 15 - No Cached
  • The US government's prosecution of a South Korean businessman accused of illegally selling technology used in aircraft and missiles to Iran was dealt a devastating blow by a federal judge. The judge ruled Friday that the authorities illegally seized the businessman's computer at Los Angeles International Airport as he was to board a flight home. The authorities who were investigating Jae Shik Kim exercised the border exception rule that allows the authorities to seize and search goods and people—without court warrants—along the border and at airport international terminals. US District Court judge Amy Berman Jackson of the District of Columbia noted that the Supreme Court has never directly addressed the issue of warrantless computer searches at an international border crossing, but she ruled (PDF) the government used Kim's flight home as an illegal pretext to seize his computer. Authorities then shipped it 150 miles south to San Diego where the hard drive was copied and examined for weeks, but the judge said the initial seizure "surely cannot be justified." After considering all of the facts and authorities set forth above, then, the Court finds, under the totality of the unique circumstances of this case, that the imaging and search of the entire contents of Kim’s laptop, aided by specialized forensic software, for a period of unlimited duration and an examination of unlimited scope, for the purpose of gathering evidence in a pre-existing investigation, was supported by so little suspicion of ongoing or imminent criminal activity, and was so invasive of Kim’s privacy and so disconnected from not only the considerations underlying the breadth of the government’s authority to search at the border, but also the border itself, that it was unreasonable.
  • "The government points to its plenary authority to conduct warrantless searches at the border. It posits that a laptop computer is simply a 'container' that was examined pursuant to this authority, and it submits that the government’s unfettered right to search cargo at the border to protect the homeland is the beginning and end of the matter," the judge wrote. Evidence discovered on his computer of his alleged involvement in the conspiracy that won an indictment is now suppressed, and it cannot be used against him according to the ruling. The authorities took the man's computer in 2012 for national security reasons but allowed him to board his flight home. The government did not comment on the decision. Judge Berman Jackson questioned whether the border search exception should apply to laptops because they carry much more private information than, say, a briefcase. Judge Jackson cited last year's Supreme Court case, known as Riley, in which the justices ruled unanimously that the authorities generally may not search the mobile phones of those they arrest unless they have a court warrant.
  • The Supreme Court said that "Modern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse. A conclusion that inspecting the contents of an arrestee’s pockets works no substantial additional intrusion on privacy beyond the arrest itself may make sense as applied to physical items, but any extension of that reasoning to digital data has to rest on its own bottom." Seizing on that high court opinion, Judge Berman Jackson wrote: Applying the Riley framework, the national security concerns that underlie the enforcement of export control regulations at the border must be balanced against the degree to which Kim’s privacy was invaded in this instance. And as was set forth above, while the immediate national security concerns were somewhat attenuated, the invasion of privacy was substantial: the agents created an identical image of Kim’s entire computer hard drive and gave themselves unlimited time to search the tens of thousands of documents, images, and emails it contained, using an extensive list of search terms, and with the assistance of two forensic software programs that organized, expedited, and facilitated the task. Based upon the testimony of both Special Agent Hamako and Special Agent Marshall, the Court concludes that wherever the Supreme Court or the Court of Appeals eventually draws the precise boundary of a routine border search, or however either Court ultimately defines a forensic – as opposed to a conventional – computer search, this search was qualitatively and quantitatively different from a routine border examination, and therefore, it was unreasonable given the paucity of grounds to suspect that criminal activity was in progress.
  • Paul Merrell on 15 May 15
     
    The court's decision indicates that the Feds can still do a border search of a laptop but that they cross the line when they seize the computer for later forensic examination without a warrant. In this case, the government conducted the forensic examination before obtaining a warrant.
Gary Edwards

Google News - 0 views

news.google.com/?ar=1375736082

cloud computing nsa

shared by Gary Edwards on 05 Aug 13 - No Cached
  • Gary Edwards on 05 Aug 13
     
    This isn't surprising. But why does the author think the NSA or anyone else in the US government would care? The political extortion benefits of the massive global spying program to government and politicians far outweigh the profit/loss consequences to private cloud computing companies. excerpt: "Foreign competitors think they can grow market share in cloud computing because of concerns raised by the National Security Agency's PRISM program and other government collection of electronic data from third parties. U.S. cloud computing companies could lose $22 billion to $35 billion in revenue over the next three years because of foreign customers' concerns about the privacy of their data, according to Daniel Castro, a senior analyst at the Information Technology & Innovation Forum. Foreign companies, particularly in Europe, already were making aggressive moves to win more of the cloud market, which is expected to be a $207 billion industry by 2016. Now they've got a compelling argument to make, especially to Europeans who currently are using U.S. cloud companies. "If European cloud customers cannot trust the United States government, then maybe they won't trust U.S. cloud providers either," Nellie Kroes, European commissioner for digital affairs, told The Guardian last month. "If I were an American cloud provider, I would be quite frustrated with my government right now." A survey conducted in June and July by the Cloud Security Alliance found that 10 percent of foreign cloud industry participants had cancelled a project with a U.S. cloud computing provider, and 56 percent said they would be less likely to use an American company."
Paul Merrell

Hackers Stole Secrets of U.S. Government Workers' Sex Lives - The Daily Beast - 0 views

www.thedailybeast.com/...ernment-workers-sex-lives.html

surveillance state OPM-computer-breach Snowden China

shared by Paul Merrell on 26 Jun 15 - No Cached
  • It was already being described as the worst hack of the U.S. government in history. And it just got much worse.A senior U.S. official has confirmed that foreign hackers compromised the intimate personal details of an untold number of government workers. Likely included in the hackers’ haul: information about workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity.Those details, which are now presumed to be in the hands of Chinese spies, are found in the so-called “adjudication information” that U.S. investigators compile on government employees and contractors who are applying for security clearances. The exposure suggests that the massive computer breach at the Office of Personnel Management is more significant and potentially damaging to national security than officials have previously said.
  • Three former U.S. intelligence officials told The Daily Beast that the adjudication information would effectively provide dossiers on current and former government employees, as well as contractors. It gives foreign intelligence agencies a roadmap for finding people with access to the government’s most highly classified secrets.Obama administration officials had previously acknowledged the breach of information that applicants voluntarily disclose on a routine questionnaire, called Standard Form 86, but the theft of the more detailed and wide-ranging adjudication information appears to have gone overlooked.
  • “Whoever compromised the adjudication information is going to have clear knowledge, beyond what’s in the SF86, about who the best targets for espionage are in the United States,” Michael Adams, a computer security expert who served more than two decades in the U.S. Special Operations Command, told The Daily Beast. “This is the most successful cyber attack in the history of the United States,” owing to the amount and quality of the information that was stolen, Adams said. U.S. intelligence officers spend years trying to recruit foreign spies to gather the kinds of details and insights that are contained in adjudication information, one former senior U.S. official said. This official, who requested anonymity, added that adjudication information would give foreign intelligence services “enormous leverage” over U.S. personnel whom they might forcibly interrogate for information or try to recruit.
  • ...4 more annotations...
  • The adjudication process had a broad scope, taking into account the SF86 questionnaire, reports from background investigations, interviews with the applicant's family members and associates, his or her employment history, and for people seeking high-level clearances, the results of polygraph investigations.Seymour said such records “span an employee’s career” and could stretch back as far as 30 years. Officials have said that as many as 18 million people may have been affected by the breach. Asked specifically what information the hackers had obtained, Seymour told lawmakers that she preferred to answer later in a “classified session.” Seymour didn’t specify how many people’s information was stolen. But the OPM oversees background investigations, which comprise a key part of the adjudication process, for more than 90 percent of security clearance applicants, according to the Congressional Research Service. An OPM spokesman didn’t respond to a request for comment in time for publication.
  • A former senior U.S. intelligence official, who asked to remain anonymous, said the OPM breach would cause more damage to national security operations and personnel than the leaks by Edward Snowden about classified surveillance by the National Security Agency.“This is worse than Snowden, because at least programs that were running before the leaks could be replaced or rebuilt,” the former official said. “But OPM, that’s the gift that keeps on giving. You can’t rebuild people.”Adjudicators are in a powerful position because in deciding whether to recommend granting a security clearance, they have access to the entire scope of an applicant’s file and are told to make a subjective analysis.“The adjudication process is the careful weighing of a number of variables known as the whole-person concept,” according to official guidelines. “Available, reliable information about the person, past and present, favorable and unfavorable, should be considered in reaching a determination.”
  • By design, adjudication is an invasive process, meant to unearth risk factors including drug and alcohol abuse, extramarital affairs, a history of violence, and other events that speak to a person’s “trustworthiness” and their susceptibility to blackmail or being recruited to spy for a foreign government.For instance, “compulsive gambling is a concern, as it may lead to financial crimes including espionage,” the guidelines say. Adjudicators are told to note “a pattern of compulsive, self-destructive, or high risk sexual behavior,” “relapse after diagnosis of alcohol abuse,” and “emotionally unstable, irresponsible, dysfunctional, violent, paranoid, or bizarre behavior,” among other warning signs in 13 categories. Some of the embarrassing personal details found in some adjudications have been made public. That’s what happens after an applicant who was denied a security clearance launched an appeal.
  • Armed with such intimate details of a person’s worst moments, foreign spies would have unprecedented advantage against their U.S. adversaries. And the news is especially bad for people who hold the highest levels of clearance, which require more rigorous background checks, noted Adams, the computer security expert. “The higher up you go in your sensitivity levels, the more data that’s in your adjudication file,” he said.
Paul Merrell

NSA Director Finally Admits Encryption Is Needed to Protect Public's Privacy - 0 views

www.mintpressnews.com/...213028

surveillance state encryption NSA Comey

shared by Paul Merrell on 25 Jan 16 - No Cached
  • NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress
  • At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.
  • Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
  • ...2 more annotations...
  • Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”
  • Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
Paul Merrell

Documents Reveal Canada's Secret Hacking Tactics - The Intercept - 0 views

firstlook.org/...acking-cyberwar-secret-arsenal

surveillance state CSE NSA false-flag social media

shared by Paul Merrell on 24 Mar 15 - No Cached
  • Canada’s electronic surveillance agency has secretly developed an arsenal of cyberweapons capable of stealing data and destroying adversaries’ infrastructure, according to newly revealed classified documents. Communications Security Establishment, or CSE, has also covertly hacked into computers across the world to gather intelligence, breaking into networks in Europe, Mexico, the Middle East and North Africa, the documents show. The revelations, reported Monday by CBC News in collaboration with The Intercept, shine a light for the first time on how Canada has adopted aggressive tactics to attack, sabotage and infiltrate targeted computer systems. The latest disclosures come as the Canadian government debates whether to hand over more powers to its spies to disrupt threats as part of the controversial anti-terrorism law, Bill C-51.
  • Christopher Parsons, a surveillance expert at the University of Toronto’s Citizen Lab, told CBC News that the new revelations showed that Canada’s computer networks had already been “turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?” According to documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden, CSE has a wide range of powerful tools to perform “computer network exploitation” and “computer network attack” operations. These involve hacking into networks to either gather intelligence or to damage adversaries’ infrastructure, potentially including electricity, transportation or banking systems. The most well-known example of a state-sponsored “attack” operation involved the use of Stuxnet, a computer worm that was reportedly developed by the United States and Israel to sabotage Iranian nuclear facilities. One document from CSE, dated from 2011, outlines the range of methods the Canadian agency has at its disposal as part of a “cyber activity spectrum” to both defend against hacking attacks and to perpetrate them. CSE says in the document that it can “disable adversary infrastructure,” “control adversary infrastructure,” or “destroy adversary infrastructure” using the attack techniques. It can also insert malware “implants” on computers to steal data.
  • According to one top-secret NSA briefing paper, dated from 2013, Canada is considered an important player in global hacking operations. Under the heading “NSA and CSEC cooperate closely in the following areas,” the paper notes that the agencies work together on “active computer network access and exploitation on a variety of foreign intelligence targets, including CT [counter terrorism], Middle East, North Africa, Europe, and Mexico.” (The NSA had not responded to a request for comment at time of publication. The agency has previously told The Intercept that it “works with foreign partners to address a wide array of serious threats, including terrorist plots, the proliferation of weapons of mass destruction, and foreign aggression.”) Notably, CSE has gone beyond just adopting a range of tools to hack computers. According to the Snowden documents, it has a range of “deception techniques” in its toolbox. These include “false flag” operations to “create unrest,” and using so-called “effects” operations to “alter adversary perception.” A false-flag operation usually means carrying out an attack, but making it look like it was performed by another group — in this case, likely another government or hacker. Effects operations can involve sending out propaganda across social media or disrupting communications services. The newly revealed documents also reveal that CSE says it can plant a “honeypot” as part of its deception tactics, possibly a reference to some sort of bait posted online that lures in targets so that they can be hacked or monitored.
  • ...1 more annotation...
  • The apparent involvement of CSE in using the deception tactics suggests it is operating in the same area as a secretive British unit known as JTRIG, a division of the country’s eavesdropping agency, Government Communications Headquarters, or GCHQ. Last year, The Intercept published documents from Snowden showing that the JTRIG unit uses a range of effects operations to manipulate information online, such as by rigging the outcome of online polls, sending out fake messages on Facebook across entire countries, and posting negative information about targets online to damage their reputations.
Gary Edwards

Jim Kunstler's 2014 Forecast - Burning Down The House | Zero Hedge - 0 views

www.zerohedge.com/...14-forecast-burning-down-house

Banksters

shared by Gary Edwards on 08 Jan 14 - No Cached
  • Gary Edwards on 08 Jan 14
     
    Incredible must read analysis. Take away: the world is going to go "medevil". It's the only way out of this mess. Since the zero hedge layout is so bad, i'm going to post as much of the article as Diigo will allow: Jim Kunstler's 2014 Forecast - Burning Down The House Submitted by Tyler Durden on 01/06/2014 19:36 -0500 Submitted by James H. Kunstler of Kunstler.com , Many of us in the Long Emergency crowd and like-minded brother-and-sisterhoods remain perplexed by the amazing stasis in our national life, despite the gathering tsunami of forces arrayed to rock our economy, our culture, and our politics. Nothing has yielded to these forces already in motion, so far. Nothing changes, nothing gives, yet. It's like being buried alive in Jell-O. It's embarrassing to appear so out-of-tune with the consensus, but we persevere like good soldiers in a just war. Paper and digital markets levitate, central banks pull out all the stops of their magical reality-tweaking machine to manipulate everything, accounting fraud pervades public and private enterprise, everything is mis-priced, all official statistics are lies of one kind or another, the regulating authorities sit on their hands, lost in raptures of online pornography (or dreams of future employment at Goldman Sachs), the news media sprinkles wishful-thinking propaganda about a mythical "recovery" and the "shale gas miracle" on a credulous public desperate to believe, the routine swindles of medicine get more cruel and blatant each month, a tiny cohort of financial vampire squids suck in all the nominal wealth of society, and everybody else is left whirling down the drain of posterity in a vortex of diminishing returns and scuttled expectations. Life in the USA is like living in a broken-down, cob-jobbed, vermin-infested house that needs to be gutted, disinfected, and rebuilt - with the hope that it might come out of the restoration process retaining the better qualities of our heritage.
1 - 20 of 231 Next › Last »
Showing 20 items per page