Skip to main content

Home/ Socialism and the End of the American Dream/ Group items matching "hardware" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Testosterone Pit - Home - NSA Revelations Kill IBM Hardware Sales in China - 0 views

www.testosteronepit.com/...m-hardware-sales-in-china.html

surveillance state NSA IBM NSA-blowback NSA-targets hardware hardware-backdoors

shared by Paul Merrell on 18 Oct 13 - No Cached
  • The first shot was fired on Monday. Teradata, which sells analytics tools for Big Data, warned that quarterly revenues plunged 21% in Asia and 19% in the Middle East and Africa. Wednesday evening, it was IBM’s turn to confess that its hardware sales in China had simply collapsed. Every word was colored by Edward Snowden’s revelations about the NSA’s hand-in-glove collaboration with American tech companies, from startups to mastodons like IBM.
  • The explanation is more obvious. In mid-August, an anonymous source told the Shanghai Securities News, a branch of the state-owned Xinhua News Agency, which reports directly to the Propaganda and Public Information Departments of the Communist Party, that IBM, along with Oracle and EMC, have become targets of the Ministry of Public Security and the cabinet-level Development Research Centre due to the Snowden revelations. “At present, thanks to their technological superiority, many of our core information technology systems are basically dominated by foreign hardware and software firms, but the Prism scandal implies security problems,” the source said, according to Reuters. So the government would launch an investigation into these security problems, the source said. Absolute stonewalling ensued. IBM told Reuters that it was unable to comment. Oracle and EMC weren’t available for comment. The Ministry of Public Security refused to comment. The Development Research Centre knew nothing of any such investigation. The Ministry of Industry and Information Technology “could not confirm anything because of the matter’s sensitivity.”
  • I’d warned about its impact at the time [read.... US Tech Companies Raked Over The Coals In China]. Snowden’s revelations started hitting in May. Not much later, the Chinese security apparatus must have alerted IT buyers in government agencies, state-owned enterprises, and major independent corporations to turn off the order pipeline for sensitive products until this is sorted out. As Mr. Loughridge’s efforts have shown, it’s hard to explain any other way that hardware sales suddenly collapsed by “40%, 50%” in China, where they’d boomed until then. This is the first quantitative indication of the price Corporate America has to pay for gorging at the big trough of the US Intelligence Community, and particularly the NSA with its endlessly ballooning budget. For once, there is a price to be paid, if only temporarily, for helping build a perfect, seamless, borderless surveillance society. The companies will deny it. At the same time, they’ll be looking for solutions. China, Russia, and Brazil are too important to just get kicked out of – and other countries might follow suit. In September, IBM announced that it would throw another billion at Linux, the open-source operating system, to run its Power System servers – the same that China had stopped buying. It seems IBM was trying to make hay of the NSA revelations that had tangled up American operating system makers. Linux, free of NSA influence, would be a huge competitive advantage for IBM. Or so it would seem. Read.... The Other Reason Why IBM Throws A Billion At Linux (With NSA- Designed Backdoor)
  • ...1 more annotation...
  • The first shot was fired on Monday. Teradata, which sells analytics tools for Big Data, warned that quarterly revenues plunged 21% in Asia and 19% in the Middle East and Africa. Wednesday evening, it was IBM’s turn to confess that its hardware sales in China had simply collapsed. Every word was colored by Edward Snowden’s revelations about the NSA’s hand-in-glove collaboration with American tech companies, from startups to mastodons like IBM.
  • Paul Merrell on 18 Oct 13
     
    It's starting to look as though the price of NSA collaboration is bankruptcy. Look for Big Blue to attempt to recover the loss from the U.S. government via some juicy deal.
Paul Merrell

Glenn Greenwald: The NSA Can "Literally Watch Every Keystroke You Make" - 0 views

www.informationclearinghouse.info/article37255.htm

surveillance state NSA NSA-backdoors China

shared by Paul Merrell on 31 Dec 13 - No Cached
  • On Sunday, the German publication Der Spiegel revealed new details about secretive hacking—a secretive hacking unit inside the NSA called the Office of Tailored Access Operations, or TAO. The unit was created in 1997 to hack into global communications traffic. Still with us, Jameel Jaffer, deputy legal director of the ACLU, director of the ACLU’s Center for Democracy, and Glenn Greenwald, the journalist who first broke the story about Edward Snowden. Glenn, can you just talk about the revelations in Der Spiegel?
  • And one of the ways that they’re doing it is that they intercept products in transit, such as if you order a laptop or other forms of Internet routers or servers and the like, they intercept it in transit, open the box, implant the malware, factory-seal it and then send it back to the user. They also exploit weaknesses in Google and YouTube and Yahoo and other services, as well, in order to implant these devices. It’s unclear to what extent, if at all, the companies even know about it, let alone cooperate in it. But what is clear is that they’ve been able to compromise the physical machines themselves, so that it makes no difference what precautions you take in terms of safeguarding the sanctity of your online activity.
  • But we’ve actually been working, ourselves, on certain stories that should be published soon regarding similar interdiction efforts. And one of the things that I think is so amazing about this, Amy, is that the U.S. government has spent the last three or four years shrilly, vehemently warning the world that Chinese technology companies are unsafe to purchase products from, because they claim the Chinese government interdicts these products and installs surveillance, backdoors and other forms of malware onto the machinery so that when you get them, immediately your privacy is compromised. And they’ve actually driven Chinese firms out of the U.S. market and elsewhere with these kinds of accusations. Congress has convened committees to issue reports making these kind of accusations about Chinese companies. And yet, at the same time, the NSA is doing exactly that which they accuse these Chinese companies of doing. And there’s a real question, which is: Are these warnings designed to steer people away from purchasing Chinese products into the arms of the American industry so that the NSA’s ability to implant these devices becomes even greater, since now everybody is buying American products out of fear that they can no longer buy Chinese products because this will happen to them?
  • ...1 more annotation...
  • And the final thing I want to say is, you know, all this talk about amnesty for Edward Snowden, and it’s so important that the rule of law be applied to him, it’s really quite amazing. Here’s Michael Hayden. He oversaw the illegal warrantless eavesdropping program implemented under the Bush administration. He oversaw torture and rendition as the head of the CIA. James Clapper lied to the face of Congress. These are felonies at least as bad, and I would say much worse, than anything Edward Snowden is accused of doing, and yet they’re not prosecuted. They’re free to appear on television programs. The United States government in Washington constantly gives amnesty to its highest officials, even when they commit the most egregious crimes. And yet the idea of amnesty for a whistleblower is considered radical and extreme. And that’s why a hardened felon like Michael Hayden is free to walk around on the street and is treated on American media outlets as though he’s some learned, wisdom-drenched elder statesman, rather than what he is, which is a chronic criminal.
  • Paul Merrell on 31 Dec 13
     
    Greenwald asks a very good question about the U.S. government accusing the Chinese government of cyber-espionage and the government's finding that Chinese-manufactured ware pose a security risk. Was that intended to drive people to purchase hardware that comes equipped with NSA backdoors? The flip side, of course, is whether the world should be beating feet to purchase their hardware from the Chinese in order to escape the NSA backdoors. Then there is the question of how those backdoors might have made their way into the hardware devices without the acquiescence of their manufacturers, who surely would have realized that their businesses might take enormous financial hits if knowledge of the backdoors became public? Bribing key staff? The manufacturers named in the Der Spiegel article surely are going to face some hard questions and they may face some very unhappy shareholders if their stock prices take a dive. It would be fun to see a shareholder's derivative class action against one of these companies for having acquiesced to NSA implantation of backdoors, leading to the disclosure and the fall in stock price. Caption the case as Wall Street, Inc. v. National Security Agency, dba Seagate Technology, PLC, then watch the feathers and blood fly.  "Seagate is the company the world trusts to store our lives - our files and photos, our libraries and histories, our science and progress."   Yes, and your stockholders trusted you not to endanger their investment by adding NSA backdoors in your products.
Paul Merrell

U.S. to China: We Hacked Your Internet Gear We Told You Not to Hack | Wired Enterprise | Wired.com - 0 views

www.wired.com/...nsa-cisco-huawei-china

surveillance state U.S. China NSA-backdoors

shared by Paul Merrell on 01 Jan 14 - No Cached
  • The headline news is that the NSA has surreptitiously “burrowed its way into nearly all the security architecture” sold by the world’s largest computer networking companies, including everyone from U.S. mainstays Cisco and Juniper to Chinese giant Huawei. But beneath this bombshell of a story from Der Spiegel, you’ll find a rather healthy bit of irony. After all, the United States government has spent years complaining that Chinese intelligence operations could find ways of poking holes in Huawei networking gear, urging both American businesses and foreign allies to sidestep the company’s hardware. The complaints grew so loud that, at one point, Huawei indicated it may abandon the U.S. networking market all together. And, yet, Der Speigel now tells us that U.S. intelligence operations have been poking holes in Huawei networking gear — not to mention hardware sold by countless other vendors in both the States and abroad. “We read the media reports, and we’ve noted the references to Huawei and our peers,” says William Plummer, a Huawei vice president and the company’s point person in Washington, D.C. “As we have said, over and over again — and as now seems to be validated — threats to networks and data integrity can come from any and many sources.”
  • Plummer and Huawei have long complained that when the U.S. House Intelligence Committee released a report in October 2012 condemning the use of Huawei gear in telephone and data networks, it failed to provide any evidence that the Chinese government had compromised the company’s hardware. Adam Segal, a senior fellow for China Studies at the Center for Foreign Relations, makes the same point. And now we have evidence — Der Spiegel cites leaked NSA documents — that the U.S. government has compromised gear on a massive scale. “Do I see the irony? Certainly the Chinese will,” Segal says, noting that the Chinese government and the Chinese press have complained of U.S hypocrisy ever since former government contractor Edward Snowden first started to reveal NSA surveillance practices last summer. “The Chinese government has been hammering home what they call the U.S.’s ulterior motives for criticizing China, and there’s been a steady drumbeat of stories in the Chinese press about backdoors in the products of U.S. companies. They’ve been going after Cisco in particular.”
  • To be sure, the exploits discussed by Der Spiegel are a little different from the sort of attacks Congress envisioned during its long campaign against Huawei and ZTE, another Chinese manufacturer. As Segal and others note, Congress mostly complained that the Chinese government could collaborate with people inside the two companies to plant backdoors in their gear, with lawmakers pointing out that Huawei’s CEO was once an officer in China’s People’s Liberation Army, or PLA, the military arm of the country’s Communist party. Der Spiegel, by contrast, says the NSA is exploiting hardware without help from anyone inside the Ciscos and the Huaweis, focusing instead on compromising network gear with clever hacks or intercepting the hardware as it’s shipped to customers. “For the most part, the article discusses typical malware exploits used by hackers everywhere,” says JR Rivers, an engineer who has built networking hardware for Cisco as well as Google and now runs the networking startup Cumulus Networks. “It’s just pointing out that the NSA is engaged in the practice and has resources that are not available to most people.” But in the end, the two types of attack have the same result: Networking gear controlled by government spies. And over the last six months, Snowden’s revelations have indicated that the NSA is not only hacking into networks but also collaborating with large American companies in its hunt for data.
  • ...2 more annotations...
  • Jim Lewis, a director and senior fellow with the Center for Strategic and International Studies, adds that the Chinese view state-sponsored espionage a little differently than the U.S. does. Both countries believe in espionage for national security purposes, but the Chinese argue that such spying might include the theft of commercial secrets. “The Chinese will tell you that stealing technology and business secrets is a way of building their economy, and that this is important for national security,” says Lewis, who has helped oversee meetings between the U.S. and the Chinese, including officers in the PLA. “I’ve been in the room when they’ve said that. The last time was when a PLA colonel said: ‘In the U.S., military espionage is heroic and economic espionage is a crime. In China, the line is not that clear.’” But here in the United States, we now know, the NSA may blur other lines in the name of national security. Segal says that although he, as an American, believes the U.S. government is on stronger ethical ground than the Chinese, other nations are beginning to question its motives. “The U.S has to convince other countries that our type of intelligence gathering is different,” he says. “I don’t think that the Brazils and the Indias and the Indonesias and the South Africas are convinced. That’s a big problem for us.”
  • The thing to realize, as the revelations of NSA snooping continue to pour out, is that everyone deserves scrutiny — the U.S government and its allies, as well as the Chinese and others you may be more likely to view with skepticism. “All big countries,” Lewis says, “are going to try and do this.”
  • Paul Merrell on 01 Jan 14
     
    Of course, we now know that the U.S. conducts electronic surveillance for a multitude of purposes, including economic. Check this group's notes tagged "NSA-targets" and/or "NSA-goals".
Paul Merrell

"We cannot trust" Intel and Via's chip-based crypto, FreeBSD developers say | Ars Technica - 0 views

arstechnica.com/...-crypto-freebsd-developers-say

surveillance state NSA-targets-backdoors hardware-backdoors BSD NSA-reform

shared by Paul Merrell on 12 Dec 13 - No Cached
  • Developers of the FreeBSD operating system will no longer allow users to trust processors manufactured by Intel and Via Technologies as the sole source of random numbers needed to generate cryptographic keys that can't easily be cracked by government spies and other adversaries. The change, which will be effective in the upcoming FreeBSD version 10.0, comes three months after secret documents leaked by former National Security Agency (NSA) subcontractor Edward Snowden said the US spy agency was able to decode vast swaths of the Internet's encrypted traffic. Among other ways, The New York Times, Pro Publica, and The Guardian reported in September, the NSA and its British counterpart defeat encryption technologies by working with chipmakers to insert backdoors, or cryptographic weaknesses, in their products. The revelations are having a direct effect on the way FreeBSD will use hardware-based random number generators to seed the data used to ensure cryptographic systems can't be easily broken by adversaries. Specifically, "RDRAND" and "Padlock"—RNGs provided by Intel and Via respectively—will no longer be the sources FreeBSD uses to directly feed random numbers into the /dev/random engine used to generate random data in Unix-based operating systems. Instead, it will be possible to use the pseudo random output of RDRAND and Padlock to seed /dev/random only after it has passed through a separate RNG algorithm known as "Yarrow." Yarrow, in turn, will add further entropy to the data to ensure intentional backdoors, or unpatched weaknesses, in the hardware generators can't be used by adversaries to predict their output.
  • "For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random," FreeBSD developers said. "It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more." In separate meeting minutes, developers specifically invoked Snowden's name when discussing the change. "Edward Snowdon [sic] -- v. high probability of backdoors in some (HW) RNGs," the notes read, referring to hardware RNGs. Then, alluding to the Dual EC_DRBG RNG forged by the National Institute of Standards and Technology and said to contain an NSA-engineered backdoor, the notes read: "Including elliptic curve generator included in NIST. rdrand in ivbridge not implemented by Intel... Cannot trust HW RNGs to provide good entropy directly. (rdrand implemented in microcode. Intel will add opcode to go directly to HW.) This means partial revert of some work on rdrand and padlock."
  • Paul Merrell on 12 Dec 13
     
    Hopefully, all Linux distros jump on this bandwagon.
Paul Merrell

N.S.A. Devises Radio Pathway Into Computers - NYTimes.com - 1 views

www.nytimes.com/...not-connected-to-internet.html

surveillance state NSA NSA-capabilities air-gap-penetration must-read

shared by Paul Merrell on 16 Jan 14 - No Cached
  • The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
  • The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
  • The N.S.A. and the Pentagon’s Cyber Command have implanted nearly 100,000 “computer network exploits” around the world, but the hardest problem is getting inside machines isolated from outside communications.
  • ...8 more annotations...
  • the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
  • A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.
  • Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
  • A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
  • The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.
  • One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.
  • Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
  • But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
  • Paul Merrell on 16 Jan 14
     
    Even radio transceivers emplanted in USB jacks. So now to be truly secure, we need not only an air gap but also a Faraday cage protecting the air gap. 
Paul Merrell

Inside TAO: The NSA's Shadow Network - SPIEGEL ONLINE - 0 views

www.spiegel.de/...lobal-networks-a-940969-3.html

surveillance state NSA TAO NSA-methods parallel-internet must-read

shared by Paul Merrell on 30 Dec 13 - No Cached
  • The insert method and other variants of QUANTUM are closely linked to a shadow network operated by the NSA alongside the Internet, with its own, well-hidden infrastructure comprised of "covert" routers and servers. It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with "implants" that then allow the government hackers to control the computers remotely. (Click here to read a related article on the NSA's "implants".) In this way, the intelligence service seeks to identify and track its targets based on their digital footprints. These identifiers could include certain email addresses or website cookies set on a person's computer. Of course, a cookie doesn't automatically identify a person, but it can if it includes additional information like an email address. In that case, a cookie becomes something like the web equivalent of a fingerprint.
  • Once TAO teams have gathered sufficient data on their targets' habits, they can shift into attack mode, programming the QUANTUM systems to perform this work in a largely automated way. If a data packet featuring the email address or cookie of a target passes through a cable or router monitored by the NSA, the system sounds the alarm. It determines what website the target person is trying to access and then activates one of the intelligence service's covert servers, known by the codename FOXACID. This NSA server coerces the user into connecting to NSA covert systems rather than the intended sites. In the case of Belgacom engineers, instead of reaching the LinkedIn page they were actually trying to visit, they were also directed to FOXACID servers housed on NSA networks. Undetected by the user, the manipulated page transferred malware already custom tailored to match security holes on the target person's computer. The technique can literally be a race between servers, one that is described in internal intelligence agency jargon with phrases like: "Wait for client to initiate new connection," "Shoot!" and "Hope to beat server-to-client response." Like any competition, at times the covert network's surveillance tools are "too slow to win the race." Often enough, though, they are effective. Implants with QUANTUMINSERT, especially when used in conjunction with LinkedIn, now have a success rate of over 50 percent, according to one internal document.
  • At the same time, it is in no way true to say that the NSA has its sights set exclusively on select individuals. Of even greater interest are entire networks and network providers, such as the fiber optic cables that direct a large share of global Internet traffic along the world's ocean floors. One document labeled "top secret" and "not for foreigners" describes the NSA's success in spying on the "SEA-ME-WE-4" cable system. This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India, all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle. The document proudly announces that, on Feb. 13, 2013, TAO "successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4)." With the help of a "website masquerade operation," the agency was able to "gain access to the consortium's management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network."
  • ...3 more annotations...
  • It appears the government hackers succeeded here once again using the QUANTUMINSERT method. The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure. But that was only the first step. "More operations are planned in the future to collect more information about this and other cable systems," it continues. But numerous internal announcements of successful attacks like the one against the undersea cable operator aren't the exclusive factors that make TAO stand out at the NSA. In contrast to most NSA operations, TAO's ventures often require physical access to their targets. After all, you might have to directly access a mobile network transmission station before you can begin tapping the digital information it provides.
  • To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren't connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour's work.
  • Sometimes it appears that the world's most modern spies are just as reliant on conventional methods of reconnaissance as their predecessors. Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer. These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."
  • Paul Merrell on 30 Dec 13
     
    From page 3 of a 3-page article. The entire article is well worth reading. I chose this page to bookmark because of its disclosure that NSA is intercepting new computers before they are delivered and installing hardware and software backdoors, then reshipping them to their intended recipients. Although not mentioned, this implies the complicity of package shipment companies and conceivably government mail systems and original equipment manufacturers ("OEMs").  
Gary Edwards

We Call a Top NSA Whistleblower … And Get the REAL SCOOP on Spying | Washington's Blog - 0 views

www.washingtonsblog.com/...ope-of-the-spying-program.html

William-Binney NSA-Whistleblower NSA-Patriot-Act NARUS Verint

shared by Gary Edwards on 10 Jun 13 - No Cached
  • Gary Edwards on 10 Jun 13
     
    "NSA whistleblower Thomas Drake corroborated Klein's assertions, testifying that while the NSA is using Israeli-made NARUS hardware to "seize and save all personal electronic communications." ..................... I then asked the NSA veteran Binney if the government's claim that it is only spying on metadata - and not content - was correct. We have extensively documented that the government is likely recording content as well. (And the government has previously admitted to "accidentally" collecting more information on Americans than was legal, and then gagged the judges so they couldn't disclose the nature or extent of the violations.) Binney said that was not true; the government is gathering everything, including content. Binney explained - as he has many times before - that the government is storing everything, and creating a searchable database … to be used whenever it wants, for any purpose it wants (even just going after someone it doesn't like). ..................... Binney said that former FBI counter-terrorism agent Tim Clemente is correct when he says that no digital data is safe (Clemente says that all digital communications are being recorded). Both Verint and Narus were founded in Israel in the 1990s. *** Binney next confirmed the statement of the author of the Patriot Act - Congressman Jim Sensenbrenner - that the NSA spying programs violate the Patriot Act. After all, the Patriot Act is focused on spying on external threats … not on Americans. Binney asked rhetorically: "How can an American court [FISA or otherwise] tell telecoms to cough up all domestic data?!" Update: Binney sent the following clarifying email about content collection: It's clear to me that they are collecting most e-mail in full plus other text type data on the web. As for phone calls, I don't think they would record/transcribe the approximately 3 billion US-to-US calls every day. It's more likely that they are reco
Paul Merrell

What to Do About Lawless Government Hacking and the Weakening of Digital Security | Electronic Frontier Foundation - 0 views

www.eff.org/...and-weakening-digital-security

surveillance state cybersecurity exploits government malware

shared by Paul Merrell on 13 Aug 16 - No Cached
  • Paul Merrell on 13 Aug 16
     
    It's not often that I disagree with EFF's positions, but on this one I do. The government should be prohibited from exploiting computer vulnerabilities and should be required to immediately report all vulnerabilities discovered to the relevant developers of hardware or software. It's been one long slippery slope since the Supreme Court first approved wiretapping in Olmstead v. United States, 277 US 438 (1928), https://goo.gl/NJevsr (.) Left undecided to this day is whether we have a right to whisper privately, a right that is undeniable. All communications intercept cases since Olmstead fly directly in the face of that right.
Gary Edwards

The US government has betrayed the internet. We need to take it back | Bruce Schneier | Comment is free | The Guardian - 0 views

www.theguardian.com/...t-betrayed-internet-nsa-spying

internet guardian NSA-Patriot-Act-NDAA Bruce-Schneier Liberty-Tryanny

shared by Gary Edwards on 06 Sep 13 - No Cached
  • Gary Edwards on 06 Sep 13
     
    "The USA Government has betrayed the Internet. We need to take it back. The NSA has undermined a fundamental social contract. We engineers built the Internet - and now we have to fix it and take it back." "Government and industry have betrayed the internet, and us. By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards. This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can - and should - do."
Paul Merrell

N.S.A. Able to Foil Basic Safeguards of Privacy on Web - NYTimes.com - 1 views

www.nytimes.com/...-much-internet-encryption.html

surveillance state NSA GCHQ NSA-capabilities

shared by Paul Merrell on 06 Sep 13 - No Cached
Gary Edwards liked it
  • The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
  • The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
  • The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
  • ...11 more annotations...
  • “For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
  • Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.
  • For at least three years, one document says, GCHQ, almost certainly in collaboration with the N.S.A., has been looking for ways into protected traffic of popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document. (Google denied giving any government access and said it had no evidence its systems had been breached).
  • Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip. “And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.
  • The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus on GCHQ but include thousands from or about the N.S.A. Intelligence officials asked The Times and ProPublica not to publish this article, saying it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful privacy tools.
  • The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June. “Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.
  • Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.
  • At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.
  • Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method. Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members. Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.” “Eventually, N.S.A. became the sole editor,” the memo says.
  • But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence. A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.
  • Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
  • Paul Merrell on 06 Sep 13
     
    Lengthy article, lots of new information on NSA decryption capabilities, none of it good for those who value their data privacy.
  • Gary Edwards on 06 Sep 13
     
    Thanks Paul - nice job cutting this monster down to size :)
Paul Merrell

Clipper chip - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Clipper_chip

surveillance state NSA NSA-backdoors Clipper-chip

shared by Paul Merrell on 31 Dec 13 - No Cached
  • The Clipper chip was not embraced by consumers or manufacturers and the chip itself was no longer relevant by 1996. The U.S. government continued to press for key escrow by offering incentives to manufacturers, allowing more relaxed export controls if key escrow were part of cryptographic software that was exported. These attempts were largely made moot by the widespread use of strong cryptographic technologies, such as PGP, which were not under the control of the U.S. government.
  • Paul Merrell on 31 Dec 13
     
    But were the government attempts actually mooted? Or did they come up with other bribes for the OEMs to add NSA backdoors to their hardware? An inquiring world wishes to know. See http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html (NSA backdoors in routers and hard drives). 
Paul Merrell

Catalog Reveals NSA Has Back Doors for Numerous Devices - SPIEGEL ONLINE - 0 views

www.spiegel.de/...numerous-devices-a-940994.html

surveillance state NSA NSA-methods NSA-backdoors routers hard-drives must-read

shared by Paul Merrell on 30 Dec 13 - No Cached
  • When it comes to modern firewalls for corporate computer networks, the world's second largest network equipment manufacturer doesn't skimp on praising its own work. According to Juniper Networks' online PR copy, the company's products are "ideal" for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class." Despite these assurances, though, there is one attacker none of these products can fend off -- the United States' National Security Agency.
  • Specialists at the intelligence organization succeeded years ago in penetrating the company's digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.
  • The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA's department for Tailored Access Operations (TAO). In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet. Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.
  • ...3 more annotations...
  • These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them. This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000. In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."
  • The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access. Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.
  • Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" -- in other words, over the Internet. Others require a direct attack on an end-user device -- an "interdiction," as it is known in NSA jargon -- in order to install malware or bugging equipment. There is no information in the documents seen by SPIEGEL to suggest that the companies whose products are mentioned in the catalog provided any support to the NSA or even had any knowledge of the intelligence solutions. "Cisco does not work with any government to modify our equipment, nor to implement any so-called security 'back doors' in our products," the company said in a statement. Contacted by SPIEGEL reporters, officials at Western Digital, Juniper Networks and Huawei also said they had no knowledge of any such modifications. Meanwhile, Dell officials said the company "respects and complies with the laws of all countries in which it operates." Many of the items in the software solutions catalog date from 2008, and some of the target server systems that are listed are no longer on the market today. At the same time, it's not as if the hackers within the ANT division have been sleeping on the job. They have continued to develop their arsenal. Some pages in the 2008 catalog, for example, list new systems for which no tools yet exist. However, the authors promise they are already hard at work developing new tools and that they will be "pursued for a future release."
  • Paul Merrell on 30 Dec 13
     
    Oh, great. My router and all of my hard drives have NSA backdoors in them. And my BIOS on the Linux box may be infected with a backdoor. What are the odds that NSA has not developed similar capability for the UEFI on our two newer Windows boxes? 
Paul Merrell

Your Computer May Already be Hacked - NSA Inside? | Steve Blank - 1 views

steveblank.com/...y-already-be-hacked-nsa-inside

surveillance state NSA NSA-targets NSA-backdoors CPU-backdoors

shared by Paul Merrell on 22 Dec 13 - No Cached
  • But while the interviewer focused on the Skype revelation, I thought the most interesting part was the other claim, “that the National Security Agency already had pre-encryption stage access to email on Outlook.”  Say what??  They can see the plaintext on my computer before I encrypt it? That defeats any/all encryption methods. How could they do that? Bypass Encryption While most outside observers think the NSA’s job is cracking encrypted messages, as the Prism disclosures have shown, the actual mission is simply to read all communications. Cracking codes is a last resort.
  • The NSA has a history of figuring out how to get to messages before or after they are encrypted. Whether it was by putting keyloggers on keyboards and recording the keystrokes or detecting the images of the characters as they were being drawn on a CRT. Today every desktop and laptop computer has another way for the NSA to get inside. Intel Inside It’s inevitable that complex microprocessors have bugs in them when they ship. When the first microprocessors shipped the only thing you could hope is that the bug didn’t crash your computer. The only way the chip vendor could fix the problem was to physically revise the chip and put out a new version. But computer manufacturers and users were stuck if you had an old chip. After a particularly embarrassing math bug in 1994 that cost Intel $475 million, the company decided to fix the problem by allowing it’s microprocessors to load fixes automatically when your computer starts.
  • Starting in 1996 with the Intel P6 (Pentium Pro) to today’s P7 chips (Core i7) these processors contain instructions that are reprogrammable in what is called microcode. Intel can fix bugs on the chips by reprogramming a microprocessors microcode with a patch. This patch, called a microcode update, can be loaded into a processor by using special CPU instructions reserved for this purpose. These updates are not permanent, which means each time you turn the computer on, its microprocessor is reset to its built-in microcode, and the update needs to be applied again (through a computer’s BIOS.). Since 2000, Intel has put out 29 microcode updates to their processors. The microcode is distributed by 1) Intel or by 2) Microsoft integrated into a BIOS or 3) as part of a Windows update. Unfortunately, the microcode update format is undocumented and the code is encrypted. This allows Intel to make sure that 3rd parties can’t make unauthorized add-ons to their chips. But it also means that no one can look inside to understand the microcode, which makes it is impossible to know whether anyone is loading a backdoor into your computer.
  • ...3 more annotations...
  • Or perhaps the NSA, working with Intel and/or Microsoft, have wittingly have put backdoors in the microcode updates. A backdoor is is a way of gaining illegal remote access to a computer by getting around the normal security built-in to the computer. Typically someone trying to sneak malicious software on to a computer would try to install a rootkit (software that tries to conceal the malicious code.) A rootkit tries to hide itself and its code, but security conscious sites can discover rootkits by tools that check kernel code and data for changes. But what if you could use the configuration and state of microprocessor hardware in order to hide? You’d be invisible to all rootkit detection techniques that checks the operating system. Or what if you can make the microprocessor random number generator (the basis of encryption) not so random for a particular machine? (The NSA’s biggest coup was inserting backdoors in crypto equipment the Swiss sold to other countries.) Rather than risk getting caught messing with everyone’s updates, my bet is that the NSA has compromised the microcode update signing keys  giving the NSA the ability to selectively target specific computers. (Your operating system ensures security of updates by checking downloaded update packages against the signing key.) The NSA then can send out backdoors disguised as a Windows update for “security.” (Ironic but possible.) That means you don’t need backdoors baked in the hardware, don’t need Intel’s buy-in, don’t have discoverable rootkits, and you can target specific systems without impacting the public at large.
  • A few months ago these kind of discussions would have been theory at best, if not paranoia.
  • The Prism disclosures prove otherwise – the National Security Agency has decided it needs the ability to capture all communications in all forms. Getting inside of a target computer and weakening its encryption or having access to the plaintext of encrypted communication seems likely. Given the technical sophistication of the other parts of their surveillance net, the surprise would be if they haven’t implemented a microcode backdoor. The downside is that 1) backdoors can be hijacked by others with even worse intent. So if NSA has a microcode backdoor – who else is using it? and 2) What other pieces of our infrastructure, (routers, smartphones, military computers, satellites, etc) use processors with uploadable microcode? —— And that may be why the Russian president is now using a typewriter rather than a personal computer.
Paul Merrell

Brazil Looks to Break from U.S.-Centric Internet | TIME.com - 0 views

world.time.com/...reak-from-u-s-centric-internet

surveillance state NSA NSA-blowback Brazil Internet-Balkanization

shared by Paul Merrell on 25 Sep 13 - No Cached
  • Brazil plans to divorce itself from the U.S.-centric Internet over Washington’s widespread online spying, a move that many experts fear will be a potentially dangerous first step toward fracturing a global network built with minimal interference by governments. President Dilma Rousseff ordered a series of measures aimed at greater Brazilian online independence and security following revelations that the U.S. National Security Agency intercepted her communications, hacked into the state-owned Petrobras oil company’s network and spied on Brazilians who entrusted their personal data to U.S. tech companies such as Facebook and Google. The leader is so angered by the espionage that on Tuesday she postponed next month’s scheduled trip to Washington, where she was to be honored with a state dinner. Internet security and policy experts say the Brazilian government’s reaction to information leaked by former NSA contractor Edward Snowden is understandable, but warn it could set the Internet on a course of Balkanization.
  • “The global backlash is only beginning and will get far more severe in coming months,” said Sascha Meinrath, director of the Open Technology Institute at the Washington-based New America Foundation think tank. “This notion of national privacy sovereignty is going to be an increasingly salient issue around the globe.” While Brazil isn’t proposing to bar its citizens from U.S.-based Web services, it wants their data to be stored locally as the nation assumes greater control over Brazilians’ Internet use to protect them from NSA snooping. The danger of mandating that kind of geographic isolation, Meinrath said, is that it could render inoperable popular software applications and services and endanger the Internet’s open, interconnected structure.
  • The effort by Latin America’s biggest economy to digitally isolate itself from U.S. spying not only could be costly and difficult, it could encourage repressive governments to seek greater technical control over the Internet to crush free expression at home, experts say. In December, countries advocating greater “cyber-sovereignty” pushed for such control at an International Telecommunications Union meeting in Dubai, with Western democracies led by the United States and the European Union in opposition.
  • ...5 more annotations...
  • Rousseff says she intends to push for international rules on privacy and security in hardware and software during the U.N. General Assembly meeting later this month. Among Snowden revelations: the NSA has created backdoors in software and Web-based services. Brazil is now pushing more aggressively than any other nation to end U.S. commercial hegemony on the Internet. More than 80 percent of online search, for example, is controlled by U.S.-based companies. Most of Brazil’s global Internet traffic passes through the United States, so Rousseff’s government plans to lay underwater fiber optic cable directly to Europe and also link to all South American nations to create what it hopes will be a network free of U.S. eavesdropping.
  • More communications integrity protection is expected when Telebras, the state-run telecom company, works with partners to oversee the launch in 2016 of Brazil’s first communications satellite, for military and public Internet traffic. Brazil’s military currently relies on a satellite run by Embratel, which Mexican billionaire Carlos Slim controls. Rousseff is urging Brazil’s Congress to compel Facebook, Google and all companies to store data generated by Brazilians on servers physically located inside Brazil in order to shield it from the NSA. If that happens, and other nations follow suit, Silicon Valley’s bottom line could be hit by lost business and higher operating costs: Brazilians rank No. 3 on Facebook and No. 2 on Twitter and YouTube. An August study by a respected U.S. technology policy nonprofit estimated the fallout from the NSA spying scandal could cost the U.S. cloud computing industry, which stores data remotely to give users easy access from any device, as much as $35 billion by 2016 in lost business.
  • Brazil also plans to build more Internet exchange points, places where vast amounts of data are relayed, in order to route Brazilians’ traffic away from potential interception. And its postal service plans by next year to create an encrypted email service that could serve as an alternative to Gmail and Yahoo!, which according to Snowden-leaked documents are among U.S. tech giants that have collaborated closely with the NSA. “Brazil intends to increase its independent Internet connections with other countries,” Rousseff’s office said in an emailed response to questions from The Associated Press on its plans. It cited a “common understanding” between Brazil and the European Union on data privacy, and said “negotiations are underway in South America for the deployment of land connections between all nations.” It said Brazil plans to boost investment in home-grown technology and buy only software and hardware that meet government data privacy specifications.
  • While the plans’ technical details are pending, experts say they will be costly for Brazil and ultimately can be circumvented. Just as people in China and Iran defeat government censors with tools such as “proxy servers,” so could Brazilians bypass their government’s controls. International spies, not just from the United States, also will adjust, experts said. Laying cable to Europe won’t make Brazil safer, they say. The NSA has reportedly tapped into undersea telecoms cables for decades. Meinrath and others argue that what’s needed instead are strong international laws that hold nations accountable for guaranteeing online privacy.
  • “There’s nothing viable that Brazil can really do to protect its citizenry without changing what the U.S. is doing,” he said. Matthew Green, a Johns Hopkins computer security expert, said Brazil won’t protect itself from intrusion by isolating itself digitally. It will also be discouraging technological innovation, he said, by encouraging the entire nation to use a state-sponsored encrypted email service. “It’s sort of like a Soviet socialism of computing,” he said, adding that the U.S. “free-for-all model works better.”
  • Paul Merrell on 25 Sep 13
     
    So both Brazil and the European Union are planning to boycott the U.S.-based cloud industry, seizing on the NSA's activities as legal grounds. Under the various GATT series of trade agreements, otherwise forbidden discriminatory actions taken that restrict trade in aid of national security are exempt from redress through the World Trade Organization Dispute Resolution Process. So the NSA voyeurs can add legalizing economic digital discrimination against the U.S. to its score card.
Paul Merrell

Lawsuit accuses IBM of hiding China risks amid NSA spy scandal | Reuters - 0 views

www.reuters.com/...-lawsuit-idUSBRE9BB1BP20131212

surveillance state NSA NSA-blowback IBM shareholder-lawsuit litigation

shared by Paul Merrell on 16 Dec 13 - No Cached
  • (Reuters) - IBM Corp has been sued by a shareholder who accused it of concealing how its ties to what became a major U.S. spying scandal reduced business in China and ultimately caused its market value to plunge more than $12 billion. IBM lobbied Congress hard to pass a law letting it share personal data of customers in China and elsewhere with the U.S. National Security Agency, in a bid to protect its intellectual property rights, according to a complaint filed in the U.S. District Court in Manhattan.The plaintiff in the complaint, Louisiana Sheriffs' Pension & Relief Fund, said this threatened IBM hardware sales in China, particularly given a program known as Prism that let the NSA spy on that country through technology companies such as IBM.
  • The Baton Rouge pension fund said the revelation of Prism and related disclosures by former NSA contractor Edward Snowden caused Chinese businesses and China's government to abruptly cut ties with the world's largest technology services provider.It said this led IBM on October 16 to post disappointing third-quarter results, including drops in China of 22 percent in sales and 40 percent in hardware sales.While quarterly profit rose 6 percent, revenue dropped 4 percent and fell well below analyst forecasts.IBM shares fell 6.4 percent on October 17, wiping out $12.9 billion of the Armonk, New York-based company's market value.The lawsuit names IBM, Chief Executive Virginia Rometty and Chief Financial Officer Mark Loughridge as defendants, and says they should be held liable for the company's failure to reveal the risks of its lobbying and its NSA ties sooner.
  • The case is Louisiana Sheriffs' Pension & Relief Fund v. International Business Machines Corp et al, U.S. District Court, Southern District of New York, No. 13-08818.
Paul Merrell

Testosterone Pit - Home - The Other Reason Why IBM Throws A Billion At Linux (With NSA- Designed Backdoor) - 0 views

www.testosteronepit.com/...billion-at-linux-with-nsa.html

surveillance state NSA Linux Linux-backdoor Solaris FreeBSD Darwin

shared by Paul Merrell on 18 Oct 13 - No Cached
  • IBM announced today that it would throw another billion at Linux, the open-source operating system, to run its Power System servers. The first time it had thrown a billion at Linux was in 2001, when Linux was a crazy, untested, even ludicrous proposition for the corporate world. So the moolah back then didn’t go to Linux itself, which was free, but to related technologies across hardware, software, and service, including things like sales and advertising – and into IBM’s partnership with Red Hat which was developing its enterprise operating system, Red Hat Enterprise Linux. “It helped start a flurry of innovation that has never slowed,” said Jim Zemlin, executive director of the Linux Foundation. IBM claims that the investment would “help clients capitalize on big data and cloud computing with modern systems built to handle the new wave of applications coming to the data center in the post-PC era.” Some of the moolah will be plowed into the Power Systems Linux Center in Montpellier, France, which opened today. IBM’s first Power Systems Linux Center opened in Beijing in May. IBM may be trying to make hay of the ongoing revelations that have shown that the NSA and other intelligence organizations in the US and elsewhere have roped in American tech companies of all stripes with huge contracts to perfect a seamless spy network. They even include physical aspects of surveillance, such as license plate scanners and cameras, which are everywhere [read.... Surveillance Society: If You Drive, You Get Tracked].
  • Then another boon for IBM. Experts at the German Federal Office for Security in Information Technology (BIS) determined that Windows 8 is dangerous for data security. It allows Microsoft to control the computer remotely through a “special surveillance chip,” the wonderfully named Trusted Platform Module (TPM), and a backdoor in the software – with keys likely accessible to the NSA and possibly other third parties, such as the Chinese. Risks: “Loss of control over the operating system and the hardware” [read.... LEAKED: German Government Warns Key Entities Not To Use Windows 8 – Links The NSA.
  • It would be an enormous competitive advantage for an IBM salesperson to walk into a government or corporate IT department and sell Big Data servers that don’t run on Windows, but on Linux. With the Windows 8 debacle now in public view, IBM salespeople don’t even have to mention it. In the hope of stemming the pernicious revenue decline their employer has been suffering from, they can politely and professionally hype the security benefits of IBM’s systems and mention in passing the comforting fact that some of it would be developed in the Power Systems Linux Centers in Montpellier and Beijing. Alas, Linux too is tarnished. The backdoors are there, though the code can be inspected, unlike Windows code. And then there is Security-Enhanced Linux (SELinux), which was integrated into the Linux kernel in 2003. It provides a mechanism for supporting “access control” (a backdoor) and “security policies.” Who developed SELinux? Um, the NSA – which helpfully discloses some details on its own website (emphasis mine): The results of several previous research projects in this area have yielded a strong, flexible mandatory access control architecture called Flask. A reference implementation of this architecture was first integrated into a security-enhanced Linux® prototype system in order to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. The architecture has been subsequently mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel, spawning a wide range of related work.
  • ...1 more annotation...
  • Among a slew of American companies who contributed to the NSA’s “mainstreaming” efforts: Red Hat. And IBM? Like just about all of our American tech heroes, it looks at the NSA and other agencies in the Intelligence Community as “the Customer” with deep pockets, ever increasing budgets, and a thirst for technology and data. Which brings us back to Windows 8 and TPM. A decade ago, a group was established to develop and promote Trusted Computing that governs how operating systems and the “special surveillance chip” TPM work together. And it too has been cooperating with the NSA. The founding members of this Trusted Computing Group, as it’s called facetiously: AMD, Cisco, Hewlett-Packard, Intel, Microsoft, and Wave Systems. Oh, I almost forgot ... and IBM. And so IBM might not escape, despite its protestations and slick sales presentations, the suspicion by foreign companies and governments alike that its Linux servers too have been compromised – like the cloud products of other American tech companies. And now, they’re going to pay a steep price for their cooperation with the NSA. Read...  NSA Pricked The “Cloud” Bubble For US Tech Companies
Paul Merrell

Transcript: Comey Says Authors of Encryption Letter Are Uninformed or Not Fair-Minded | Just Security - 0 views

justsecurity.org/...-letter-uninformed-fair-minded

surveillance state FBI Comey encryption backdoors

shared by Paul Merrell on 21 May 15 - No Cached
  • Earlier today, FBI Director James Comey implied that a broad coalition of technology companies, trade associations, civil society groups, and security experts were either uninformed or were not “fair-minded” in a letter they sent to the President yesterday urging him to reject any legislative proposals that would undermine the adoption of strong encryption by US companies. The letter was signed by dozens of organizations and companies in the latest part of the debate over whether the government should be given built-in access to encrypted data (see, for example, here, here, here, and here for previous iterations). The comments were made at the Third Annual Cybersecurity Law Institute held at Georgetown University Law Center. The transcript of his encryption-related discussion is below (emphasis added).
  • Increasingly, communications at rest sitting on a device or in motion are encrypted. The device is encrypted or the communication is encrypted and therefore unavailable to us even with a court order. So I make a showing of probable cause to a judge in a criminal case or in an intelligence case to the Foreign Intelligence Surveillance Court judge that the content of a particular defense or a particular communication stream should be collected to our statutory authority, and the judge approves, increasingly we are finding ourselves unable to read what we find or we’re unable to open a device. And that is a serious concern. I am actually — I think encryption is a good thing. I think there are tremendous societal benefits to encryption. That’s one of the reasons the FBI tells people not only lock your cars, but you should encrypt things that are important to you to make it harder for thieves to take them.
  • A group of tech companies and some prominent folks wrote a letter to the President yesterday that I frankly found depressing. Because their letter contains no acknowledgment that there are societal costs to universal encryption. Look, I recognize the challenges facing our tech companies. Competitive challenges, regulatory challenges overseas, all kinds of challenges. I recognize the benefits of encryption, but I think fair-minded people also have to recognize the costs associated with that. And I read this letter and I think, “Either these folks don’t see what I see or they’re not fair-minded.” And either one of those things is depressing to me. So I’ve just got to continue to have the conversation. I don’t know the answer, but I don’t think a democracy should drift to a place where suddenly law enforcement people say, “Well, actually we — the Fourth Amendment is an awesome thing, but we actually can’t access any information.”
  • ...2 more annotations...
  • But we have a collision going on in this country that’s getting closer and closer to an actual head-on, which is our important interest in privacy — which I am passionate about — and our important interest in public safety. The logic of universal encryption is inexorable that our authority under the Fourth Amendment — an amendment that I think is critical to ordered liberty — with the right predication and the right oversight to obtain information is going to become increasingly irrelevant. As all of our lives become digital, the logic of encryption is that all of our lives will be covered by strong encryption, therefore all of our lives — I know there are no criminals here, but including the lives of criminals and terrorists and spies — will be in a place that is utterly unavailable to court ordered process. And that, I think, to a democracy should be very, very concerning. I think we need to have a conversation about it. Again, how do we strike the right balance? Privacy matters tremendously. Public safety, I think, matters tremendously to everybody. I think fair-minded people have to recognize that there are tremendous benefits to a society from encryption. There are tremendous costs to a society from universal strong encryption. And how do we think about that?
  • We’ve got to have a conversation long before the logic of strong encryption takes us to that place. And smart people, reasonable people will disagree mightily. Technical people will say it’s too hard. My reaction to that is: Really? Too hard? Too hard for the people we have in this country to figure something out? I’m not that pessimistic. I think we ought to have a conversation.
  • Paul Merrell on 21 May 15
     
    Considering that I'm over 10 times as likely to die from a police shoooting as I am from a terrorist attack, how about we begin this conversation, Mr. Comey, by you providing formal notice to everyone who's had the telephone metadata gathered or searched all dates on which such gatherings and searches were conducted so citizens can file suit for violation of their privacy rights? Note that the Second U.S. Circuit Court of Appeals held last week that the FBI exceeded statutory authority in gathering and searching that information. Because the gathering and searching was not authorized, that would bring the gathering and searching under the protections of the Privacy Act, including the FBI duty to account for the disclosures  and to pay at least the statutory minimum $1,500 in damges per incident.  Then I would like to have an itemization of all of the commercial software and hardware products that your agency and or your buddies at NSA built backdoors into.  Then your resignation for millions of violations of the Privacy Act would be deeply appreciated. Please feel free to delegate the above mentioned tasks to your successor. 
Paul Merrell

Putin's Lightning War in Syria - 0 views

www.counterpunch.org/...putins-lightning-war-in-syria

war & peace Russia Syria ISIL Quds-force Hezbollah

shared by Paul Merrell on 05 Oct 15 - No Cached
  • For more than a year, the United States has been playing patty-cake with an army of homicidal maniacs who call themselves ISIS. On Monday, Russian President Vladimir Putin announced that he’d had enough of Washington’s song-and-dance and was planning to bring a little Russian justice to the terrorist militias that had killed 225,000 Syrians and ripped the country to shreds. In language that could not be more explicit, Putin said to the General Assembly: “We can no longer tolerate the currents state of affairs in the world”.  Less than 48 hours later, Russian bombers were raining down precision-guided munitions on terrorist strongholds across western Syria sending the jihadi vermin scrambling for cover. That’s how you fight terrorism if you’re serious about it.   Bravo, Putin.
  • Putin’s blitz caught the entire western political establishment flat-footed. Even now, three days into the air campaign, neither the administration nor the policy wonks at the many far-right think tanks in Washington have even settled on an approach, much less a strategy, to developments on the ground. What’s clear, is that Putin’s action has surprised everyone including the media which to-this-day hasn’t even settled on it’s talking points. This is extraordinary. Ask yourself this, dear reader: How can our political and military leaders watch Moscow deploy its troops, warplanes and military hardware to a theater where the US is carrying out major operations and have absolutely no plan of how deal with those forces if they are sent into battle? If you are convinced, as I am, that we are governed by numbskulls, you will certainly find confirmation of that fact in recent events.
  • But while the Obama administration is frantically searching for a strategy, Putin’s air-squadrons are unleashing holy hell on the sociopaths, the head-choppers and the other assorted vipers that comprise the Islamic State.  And Mr. Putin is getting plenty of help too, particularly from the crack-troops in the Iranian Quds forces and from the ferocious militia that defeated the IDF in two separate conflicts, Hezbollah, the Army of God. Check this out from Reuters: “Hundreds of Iranian troops have arrived in Syria in the last 10 days and will soon join government forces and their Lebanese Hezbollah allies in a major ground offensive backed by Russian air strikes, two Lebanese sources told Reuters…. “The (Russian) air strikes will in the near future be accompanied by ground advances by the Syrian army and its allies,” said one of the sources familiar with political and military developments in the conflict…. “The vanguard of Iranian ground forces began arriving in Syria: soldiers and officers specifically to participate in this battle. They are not advisors … we mean hundreds with equipment and weapons. They will be followed by more,” the second source said. Iraqis would also take part in the operation, the source said.”
  • ...5 more annotations...
  • (“Assad allies, including Iranians, prepare ground attack in Syria: sources“, Reuters) A military alliance between Moscow, Tehran and Hezbollah? You’re darn tootin’, and you can thank Barack Obama and his lunatic regime change plan for that development. Many critics of Putin’s action have said that “He doesn’t know what he’s doing” or “He’ll get bogged down” or “It’ll be another Vietnam”. Wrong. The fact is, Putin is more a devotee of the Powell Doctrine than any of the morons at the Pentagon. And he is particularly mindful of Rule Number 5 which states: “Is there a plausible exit strategy to avoid endless entanglement?” Has Putin thought about that or has he merely blundered ahead impulsively like US leaders are so apt to do?  Here’s what he said on September 30:
  • “We naturally have no intention of getting deeply entangled in this conflict. We will act strictly in accordance with our set mission. First, we will support the Syrian army only in its lawful fight against terrorist groups. Second, our support will be limited to airstrikes and will not involve ground operations. Third, our support will have a limited timeframe and will continue only while the Syrian army conducts its anti-terrorist offensive.” Bingo. In other words, he’s going to bomb these jokers into oblivion and let Quds brigade and Hezbollah mop up afterwards. There will be no Russian boots-on-the-ground. The Russian airforce will get precise intelligence on ISIS locations from Syrian agents on the battlefield which will minimize civilian casualties and limit damage to critical infrastructure. It will also make mincemeat out of anyone on the receiving end of the bombardment. Does anyone seriously believe that  ISIS and the disparate rabble of “moderate” throat-slitters that receive CIA funding are going to be able to withstand this impending onslaught?
  • No way. Putin’s going to cut through these guys like a tornado through a trailer park.  Yes, ISIS has had some success against the bedraggled Iraqi and Syrian armies. But now they’re up-against the A Team where they are clearly out of their league.  Rolling up these cutthroats is going to take a lot less time than anyone figured. Russian bombers are already destroying ammo dumps, fuel depots, heavy military hardware, command posts, anything that enhances ISIS’s ability to wage war.  The new anti-terror coalition is going to cut supply lines and hang the jihadis out to dry. And the whole operation is going to be wrapped up before Uncle Sam even get’s his boots laced.  This is from Iran’s Press TV: “A senior member of Russia’s parliament says an ongoing air campaign by Moscow against militants operating in Syria is going to intensify. Alexei Pushkov, who serves as the chairman of the Committee for International Affairs at the Russian State Duma, said Friday that Moscow will be intensifying its attacks against the militants in Syria while studying the risks associated with an extensive operation.
  • “There is always a risk of being bogged down, but in Moscow, we are talking about an operation of three to four months,” Alexei Pushkov said, Reuters reported. Russia started to launch coordinated airstrikes on the positions of militants in Syria on Wednesday. The move came shortly after members of the Russian upper house of the parliament, the Federation Council, authorized the operations in Syria.” (Press TV) There’s not going to be any pussyfooting around. Putin’s going to go straight for the jugular and then head for the exits.
  • Do you think they’ve figured this out at the White House yet?  Do you think they understand that Iranian troops and Hezbollah are not going to distinguish between the “moderate” terrorists and the “extreme” terrorists; that they’re simply going to “kill them all and let God sort it out”.  Do you think they realize that Washington’s Middle East policy just collapsed and that the funding of jihadis and dreams of regime change just ended for good?  Do you think they grasp that Washington’s role as guarantor of global security has just been transferred to Vladimir Putin who has put himself and his country at risk to defend the fundamental principles of international law, national sovereignty and self determination? Here’s Putin again:  “We are supporting the government of Syria in the fight against a terrorist aggression. We are offering and will continue to offer it necessary military-technical assistance. We must continue a dialogue for the sake of reaching consensus. But it’s impossible to achieve real success as long as bloodshed continues and people don’t feel secure. We won’t achieve anything until we defeat terrorism in Syria.” Putin is leading a coalition in the fight against terror. We should all be grateful for that.
  • Paul Merrell on 05 Oct 15
     
    The inimitable Mike Whitney.
Paul Merrell

Sorry for letting them snoop? Dell apologizes for 'inconvenience' caused by NSA backdoor - RT USA - 0 views

rt.com/...ell-appelbaum-30c3-apology-027

surveillance state NSA NSA-methods backdoors NSA-backdoors hardware

shared by Paul Merrell on 01 Jan 14 - No Cached
  • Security researcher Jacob Appelbaum dropped a bombshell of sorts earlier this week when he accused American tech companies of placing government-friendly backdoors in their devices. Now Texas-based Dell Computers is offering an apology. Or to put it more accurately, Dell told an irate customer on Monday that they “regret the inconvenience” caused by selling to the public for years a number of products that the intelligence community has been able to fully compromise in complete silence up until this week. Dell, Apple, Western Digital and an array of other Silicon Valley-firms were all name-checked during Appelbaum’s hour-long presentation Monday at the thirtieth annual Chaos Communication Congress in Hamburg, Germany. As RT reported then, the 30-year-old hacker-cum-activist unveiled before the audience at the annual expo a collection of never-before published National Security Agency documents detailing how the NSA goes to great lengths to compromise the computers and systems of groups on its long list of adversaries.
  • Spreading viruses and malware to infect targets and eavesdrop on their communications is just one of the ways the United States’ spy firm conducts surveillance, Appelbaum said. Along with those exploits, he added, the NSA has been manually inserting microscopic computer chips into commercially available products and using custom-made devices like hacked USB cables to silently collect intelligence. One of the most alarming methods of attack discussed during his address, however, comes as a result of all but certain collusion on the part of major United States tech companies. The NSA has information about vulnerabilities in products sold by the biggest names in the US computer industry, Appelbaum said, and at the drop off a hat the agency has the ability of launching any which type of attack to exploit the flaws in publically available products.
  • The NSA has knowledge pertaining to vulnerabilities in computer servers made by Dell and even Apple’s highly popular iPhone, among other devices, Appelbaum told his audience. “Hey Dell, why is that?” Appelbaum asked. “Love to hear your statement about that.”
  • ...4 more annotations...
  • Appelbaum didn’t leave Dell off the hook after revealing just that one exploit known to the NSA, however. Before concluding his presentation, he displayed a top-secret document in which the agency makes reference to a hardware implant that could be manually installed onto Dell PowerEdge servers to exploit the JTAG debugging interface on its processor — a critical circuitry component that apparently contains a vulnerability known to the US government. “Why did Dell leave a JTAG debugging interface on these servers?” asked Appelbaum. “Because it’s like leaving a vulnerability in. Is that a bugdoor, or a backdoor or just a mistake? Well hopefully they will change these things or at least make it so that if you were to see this, you would know that you have some problems. Hopefully Dell will release some information about how to mitigate this advance persistent threat.” Appelbaum also provoked Apple by acknowledging that the NSA boasts of being able to hack into any of their mobile devices running the iOS operating system. “Either they have a huge collection of exploits that work against Apple products — meaning they are hoarding information about critical systems American companies product and sabotaging them — or Apple sabotages it themselves,” he said.
  • @DellCares @dellcarespro Inconvenience? You got to be F*ckin kidding me! You place an NSA bug in our servers and call it an inconvenience? — Martijn Wismeijer (@twiet) December 31, 2013
  • TechDirt reporter Mike Masnick noticed early Tuesday that Dell’s official customer service Twitter account opted to issue a cookie-cutter response that drips of insincerity. “Thanks you for reaching out and regret the inconvenience,” the Dell account tweeted to Wismeijer. “Our colleagues at @DellCaresPro will be able to help you out.” “Inconvenience? You got to be F*ckin kidding me!” Wismeijer responded. “You place an NSA bug in our servers and call it an inconvenience?”
  • Security researcher Jacob Appelbaum dropped a bombshell of sorts earlier this week when he accused American tech companies of placing government-friendly backdoors in their devices. Now Texas-based Dell Computers is offering an apology. Or to put it more accurately, Dell told an irate customer on Monday that they “regret the inconvenience” caused by selling to the public for years a number of products that the intelligence community has been able to fully compromise in complete silence up until this week. Dell, Apple, Western Digital and an array of other Silicon Valley-firms were all name-checked during Appelbaum’s hour-long presentation Monday at the thirtieth annual Chaos Communication Congress in Hamburg, Germany. As RT reported then, the 30-year-old hacker-cum-activist unveiled before the audience at the annual expo a collection of never-before published National Security Agency documents detailing how the NSA goes to great lengths to compromise the computers and systems of groups on its long list of adversaries.
Paul Merrell

Ferguson Police Militarization: Cash Flowed To Lawmakers Who Voted To 'Militarize' Police - 0 views

www.ibtimes.com/oted-militarize-police-1659804

war & peace police-militarization corruption Congress

shared by Paul Merrell on 23 Aug 14 - No Cached
  • As local law enforcement has deployed martial tactics against those protesting the police killing of an 18-year-old in Ferguson, Missouri, a debate is suddenly raging over how municipal police forces came to resemble military units. A new report suggests the trend may, in part, have to do with campaign contributions to congressional lawmakers. At issue is the federal government’s so-called 1033 Program, which permits the Pentagon to give military hardware to local police departments. 
  • The group’s new report looked at a June congressional vote on legislation, offered by U.S. Rep. Alan Grayson, D-Fla., that would have blocked the Pentagon from spending resources on transferring military hardware to local police agencies. The bill was defeated 62-355.  According to data compiled by Maplight, the lawmakers “voting to continue funding the 1033 Program have received, on average, 73 percent more money from the defense industry than representatives voting to defund it.” In all, the average lawmaker voting against the bill received more than $50,000 in campaign donations from the defense industry in the last two years. The report also found that of the 59 lawmakers who received more than $100,000  from defense contractors in the last two years, only four voted for Grayson’s legislation. Though thought of as a political force primarily in federal policymaking, the defense industry also spends on state politics, which influences law enforcement procurement decisions. According to data compiled by the National Institute for Money in State Politics, more than $8 million of campaign contributions has been dumped into state elections in the last decade by military contractors and their employees.
  • Police officials say the equipment helps them better secure local communities. By contrast groups such as the American Civil Liberties Union have recently launched a national campaign to demilitarize local police departments. That campaign got a boost this week when Republican Sen. Rand Paul of Kentucky, a prospective 2016 presidential candidate, published an editorial in Time magazine echoing the ACLU’s message in the wake of the Ferguson shooting.  “When you couple this militarization of law enforcement with an erosion of civil liberties and due process that allows the police to become judge and jury — national security letters, no-knock searches, broad general warrants, pre-conviction forfeiture — we begin to have a very serious problem on our hands,” he wrote.
1 - 20 of 70 Next › Last »
Showing 20 items per page