Group items tagged

Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.

The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists, and activist groups. The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday. The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.

The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones. A price list included in the trove lists a license of the software at almost $4 million. The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer "exploits." Exploits include techniques called "zero days" for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more." Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.

Concluding Thoughts

This case well illustrates both the challenges faced by modern law enforcement in retrieving information it needs to pursue and prosecute wrongdoers, and the threat to the privacy of innocent parties from a vigorous criminal investigation. At the time of Tamura, most individuals and enterprises kept records in their file cabinets or similar physical facilities. Today, the same kind of data is usually stored electronically, often far from the premises. Electronic storage facilities intermingle data, making them difficult to retrieve without a thorough understanding of the filing and classification systems used—something that can often only be determined by closely analyzing the data in a controlled environment. Tamura involved a few dozen boxes and was considered a broad seizure; but even inexpensive electronic storage media today can store the equivalent of millions of pages of information. 1176*1176 Wrongdoers and their collaborators have obvious incentives to make data difficult to find, but parties involved in lawful activities may also encrypt or compress data for entirely legitimate reasons: protection of privacy, preservation of privileged communications, warding off industrial espionage or preventing general mischief such as identity theft. Law enforcement today thus has a far more difficult, exacting and sensitive task in pursuing evidence of criminal activities than even in the relatively recent past. The legitimate need to scoop up large quantities of data, and sift through it carefully for concealed or disguised pieces of evidence, is one we've often recognized. See, e.g., United States v. Hill, 459 F.3d 966 (9th Cir.2006).

This pressing need of law enforcement for broad authorization to examine electronic records, so persuasively demonstrated in the introduction to the original warrant in this case, see pp. 1167-68 supra, creates a serious risk that every warrant for electronic information will become, in effect, a general warrant, rendering the Fourth Amendment irrelevant. The problem can be stated very simply: There is no way to be sure exactly what an electronic file contains without somehow examining its contents—either by opening it and looking, using specialized forensic software, keyword searching or some other such technique. But electronic files are generally found on media that also contain thousands or millions of other files among which the sought-after data may be stored or concealed. By necessity, government efforts to locate particular files will require examining a great many other files to exclude the possibility that the sought-after data are concealed there. Once a file is examined, however, the government may claim (as it did in this case) that its contents are in plain view and, if incriminating, the government can keep it. Authorization to search some computer files therefore automatically becomes authorization to search all files in the same sub-directory, and all files in an enveloping directory, a neighboring hard drive, a nearby computer or nearby storage media. Where computers are not near each other, but are connected electronically, the original search might justify examining files in computers many miles away, on a theory that incriminating electronic data could have been shuttled and concealed there.

The National Security Agency is secretly intercepting, recording, and archiving the audio of virtually every cell phone conversation on the island nation of the Bahamas. According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the “full-take audio” of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month. SOMALGET is part of a broader NSA program called MYSTIC, which The Intercept has learned is being used to secretly monitor the telecommunications systems of the Bahamas and several other countries, including Mexico, the Philippines, and Kenya. But while MYSTIC scrapes mobile networks for so-called “metadata” – information that reveals the time, source, and destination of calls – SOMALGET is a cutting-edge tool that enables the NSA to vacuum up and store the actual content of every conversation in an entire country.

All told, the NSA is using MYSTIC to gather personal data on mobile calls placed in countries with a combined population of more than 250 million people. And according to classified documents, the agency is seeking funding to export the sweeping surveillance capability elsewhere. The program raises profound questions about the nature and extent of American surveillance abroad. The U.S. intelligence community routinely justifies its massive spying efforts by citing the threats to national security posed by global terrorism and unpredictable rival nations like Russia and Iran. But the NSA documents indicate that SOMALGET has been deployed in the Bahamas to locate “international narcotics traffickers and special-interest alien smugglers” – traditional law-enforcement concerns, but a far cry from derailing terror plots or intercepting weapons of mass destruction.

By targeting the Bahamas’ entire mobile network, the NSA is intentionally collecting and retaining intelligence on millions of people who have not been accused of any crime or terrorist activity. Nearly five million Americans visit the country each year, and many prominent U.S. citizens keep homes there, including Sen. Tom Harkin (D-Iowa), Bill Gates, and Oprah Winfrey.

Nearly half (50 out of 101) of all federal agencies have still not updated their Freedom of Information Act regulations to comply with Congress's 2007 FOIA amendments, and even more agencies (55 of 101) have FOIA regulations that predate and ignore President Obama's and Attorney General Holder's 2009 guidance for a "presumption of disclosure," according to the new National Security Archive FOIA Audit released today to mark Sunshine Week. Congress amended the Freedom of Information Act in 2007 to prohibit agencies from charging processing fees if they missed their response deadlines, to include new online journalists in the fee waiver category for the media, to order agencies to cooperate with the new FOIA ombudsman (the Office of Government Information Services, OGIS), and to require reports of specific data on their FOIA output, among other provisions co-authored by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX). But half the government has yet to incorporate these changes in their regulations, according to the latest National Security Archive FOIA Audit. After President Obama's "Day One" commitments to open government, Attorney General Eric Holder issued new FOIA guidance on March 19, 2009, declaring that agencies should adopt a "presumption of disclosure," encourage discretionary releases if there was no foreseeable harm (even if technically covered by an exemption), proactively post the records of greatest public interest online, and remove "unnecessary bureaucratic hurdles" from the FOIA process. But five years later, the Archive found a majority of agencies have old regulations that simply ignore this guidance.

The Archive's FOIA Audit also highlights some good news this Sunshine Week: New plans from both the House of Representatives and White House have the potential to compel delinquent agencies to update their regulations. "Both Congress and the White House now recognize the problem of outdated FOIA regulations, and that is something to celebrate," said Archive director Tom Blanton. "But new regs should not follow the Justice Department's terrible lead, they must follow the best practices already identified by the FOIA ombuds office and FOIA experts." "If and when this important FOIA reform occurs, open government watchdogs must be vigilant to ensure that the agencies' updated regulations are progressive, rather than regressive, and embrace best practices to ensure that more documents are released to requesters, more quickly" said Nate Jones, the Archive's FOIA coordinator.

In 2011, the back-to-back Rosemary Award-winning Department of Justice proposed FOIA regulations that would have — among many other FOIA setbacks — allowed the Department to lie to FOIA requesters, eliminated online-only publications from receiving media fee status, and made it easier to destroy records. After intense pushback by openness advocates, the DOJ temporarily pulled these regulations, and Pustay claimed, "some people misinterpreted what we were trying to do, misconstrued some of the provisions, and didn't necessarily understand some of the fee guidelines." Pustay also claimed — to an incredulous Senate Judiciary Committee — that updating FOIA regulations to conform with the 2007 OPEN Government Act was merely optional and "not required." National Security Archive director Tom Blanton warned in his own 2013 Senate testimony that these terrible "vampire" regulations were not gone for good. This year, Pustay testified that the Department of Justice has indeed resubmitted its FOIA regulations for OMB approval; their content is unknown to the public.

Today EFF is pleased to announce Let’s Encrypt, a new certificate authority (CA) initiative that we have put together with Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to clear the remaining roadblocks to transition the Web from HTTP to HTTPS.Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP website, you are always vulnerable to problems, including account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every website is HTTPS by default.With a launch scheduled for summer 2015, the Let’s Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button.

The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires. We’re all familiar with the warnings and error messages produced by misconfigured certificates. These warnings are a hint that HTTPS (and other uses of TLS/SSL) is dependent on a horrifyingly complex and often structurally dysfunctional bureaucracy for authentication.

The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let’s Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds. You can help test and hack on the developer preview of our Let's Encrypt agent software or watch a video of it in action here:

Documents released by US whistleblower Edward Snowden show the Communications Security Establishment Canada (CSEC) used airport Wi-Fi to track passengers from around the world. Travelers passing through a major Canadian airport were potentially caught up in a vast electronic surveillance net, which allowed the nation’s electronic spy agency to track the wireless devices of thousands of airline passengers - even for days after they had departed the terminal, a document obtained by CBC News revealed. The document shows the spy agency was then able to track travelers for a week or more as the unwitting passengers, together with their wireless devices, visited other Wi-Fi "hot spots" in locations across Canada, and across the border at American airports.

After reviewing details of the leaked information, one of Canada's leading authorities on internet security says the secret operation was almost certainly illegal. "I can't see any circumstance in which this would not be unlawful, under current Canadian law, under our Charter, under CSEC's mandates," Professor Ronald Deibert, an internet security expert at the University of Toronto, told CBC News. It remains unclear from the leaked data how CSEC was able to infiltrate so many wireless devices to see who was using them, both on Canadian territory and beyond.

The CSEC is specifically tasked with gathering foreign intelligence by intercepting overseas phone and internet traffic, and is forbidden by law from collecting information on Canadians - or foreigners in Canada - without a court warrant. As CSEC Chief John Forster recently stated: "I can tell you that we do not target Canadians at home or abroad in our foreign intelligence activities, nor do we target anyone in Canada. "In fact, it's prohibited by law. Protecting the privacy of Canadians is our most important principle." However analysts who were privy to the document say that airline passengers in a Canadian airport were clearly on the territory of Canada. CSEC spokesperson Lauri Sullivan told the Star, an online Canadian news outlet, that the “classified document in question is a technical presentation between specialists exploring mathematical models built on everyday scenarios to identify and locate foreign terrorist threats.”

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices. In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations. But the NSA recognized that managing a massive network of implants is too big a job for humans alone.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”

12 August 1988  Cover, pages 10-12   Somebody's  listening  . . . and they don't give a damn about personal privacy or commercial confidence. Project 415 is a top-secret new global surveillance system. It can tap into a billion calls a year in the UK alone. Inside Duncan Campbell on how spying entered the 21st century . . .  They've got it taped In the booming surveillance industry they spy on whom they wish, when they wish, protected by barriers of secrecy, fortified by billions of pounds worth of high, high technology. Duncan Campbell reports from the United States on the secret Anglo-American plan for a global electronic spy system for the 21st century capable of listening in to most of us most of the time   American, British and Allied intelligence agencies are soon to embark on a massive, billion-dollar expansion of their global electronic surveillance system. According to information given recently in secret to the US Congress, the surveillance system will enable the agencies to monitor and analyse civilian communications into the 21st century. Identified for the moment as Project P415, the system will be run by the US National Security Agency (NSA). But the intelligence agencies of many other countries will be closely involved with the new network, including those from Britain, Australia, Germany and Japan--and, surprisingly, the People's Republic of China. New satellite stations and monitoring centres are to be built around the world, and a chain of new satellites launched, so that NSA and its British counterpart, the Government Communications Headquarters (GCHQ) at Cheltenham, may keep abreast of the burgeoning international telecommunications traffic.

Both the new and existing surveillance systems are highly computerised. They rely on near total interception of international commercial and satellite communications in order to locate the telephone or other messages of target individuals. Last month, a US newspaper, the Cleveland Plain Dealer, revealed that the system had been used to target the telephone calls of a US Senator, Strom Thurmond. The fact that Thurmond, a southern Republican and usually a staunch supporter of the Reagan administration, is said to have been a target has raised fears that the NSA has restored domestic, electronic, surveillance programmes. These were originally exposed and criticised during the Watergate investigations, and their closure ordered by President Carter. After talking to the NSA, Thurmond later told the Plain Dealer that he did not believe the allegation. But Thurmond, a right-wing Republican, may have been unwilling to rock the boat. Staff members of the Permanent Select Committee on Intelligence said that staff were "digging into it" despite the "stratospheric security classification" of all the systems involved. The Congressional officials were first told of the Thurmond interception by a former employee of the Lockheed Space and Missiles Corporation, Margaret Newsham, who now lives in Sunnyvale, California. Newsham had originally given separate testimony and filed a lawsuit concerning corruption and mis-spending on other US government "black" projects. She has worked in the US and Britain for two corporations which manufacture signal intelligence computers, satellites and interception equipment for NSA, Ford Aerospace and Lockheed. Citing a special Executive Order signed by President Reagan. she told me last month that she could not and would not discuss classified information with journalists. But according to Washington sources (and the report in the Plain Dealer, she informed a US Congressman that the Thurmond interception took place at Menwith Hill, and that she p

A secret listening agreement, called UKUSA (UK-USA), assigns parts of the globe to each participating agency. GCHQ at Cheltenham is the co-ordinating centre for Europe, Africa and the Soviet Union (west of the Ural Mountains). The NSA covers the rest of the Soviet Union and most of the Americas. Australia--where another station in the NSA listening network is located in the outback--co-ordinates the electronic monitoring of the South Pacific, and South East Asia.