Jump to content

Search the Community

Showing results for tags 'Surveillance'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 13 results

  1. By NICOLE PERLROTH February 11, 2014, 9:13 pm So much for mass protest. A consortium of Internet and privacy activists had long promoted Feb. 11 as the day the Internet would collectively stand up and shout down surveillance by the National Security Agency. The group called Tuesday, “The Day We Fight Back,” and encouraged websites to join an online campaign modeled after protests against the Stop Online Piracy Act and Protect I.P. Act two years ago, when sites like Reddit and Wikipedia and companies like Google and Facebook helped successfully topple antipiracy legislation. Instead, the protest on Tuesday barely registered. Wikipedia did not participate. Reddit — which went offline for 12 hours during the protests two years ago — added an inconspicuous banner to its homepage. Sites like Tumblr, Mozilla and DuckDuckGo, which were listed as organizers, did nothing to their homepages. The most vocal protesters were the usual suspects: activist groups like the Electronic Frontier Foundation, the American Civil Liberties Union, Amnesty International and Greenpeace. The eight major technology companies — Google, Microsoft, Facebook, AOL, Apple, Twitter, Yahoo and LinkedIn — that joined forces in December in a public campaign to “reform government surveillance” only participated Tuesday insofar as having a joint website flash the protest banner. A promotional video from the organizers of “The Day We Fight Back.” The difference may be explained by the fact that two years ago, the Internet powerhouses were trying to halt new legislation. On Tuesday, people were being asked to reverse a secret, multi-billion dollar surveillance effort by five countries that has been in place for nearly a decade. And unlike 2012, when the goal was simply to block the passage of new bills, the goal of the protests on Tuesday were more muddled. This time around, participants were urged to flash a banner on their sites that urged visitors to call their congressional representative in support of the U.S.A. Freedom Act — a bill sponsored by Representative Jim Sensenbrenner, Republican of Wisconsin, and Senator Patrick Leahy, Democrat of Vermont, which seeks to reform the N.S.A.’s metadata database. They were also asked to oppose the FISA Improvements Act, a bill proposed by Senator Dianne Feinstein that would help legalize the N.S.A.’s metadata collection program. All was not lost. By late Tuesday, some 70,000 calls had been placed to legislators and roughly 150,000 people had sent their representatives an email. But on privacy forums and Reddit, significant discussions failed to materialize. “Online petitions,” one Reddit user wrote of the protest. “The very least you can do, without doing nothing.” http://bits.blogs.nytimes.com/2014/02/11/the-day-the-internet-didnt-fight-back/?_php=true&_type=blogs&_r=0Nsane was among the 6000 website? Only Nsane Management Team would have the answer :)
  2. By Andrew Zajac and Phil Milford Feb 13, 2014 6:23 AM GMT President Barack Obama was sued by Senator Rand Paul over U.S. electronic surveillance he claims is illegal, adding to challenges that may land post-Sept. 11 government data collection in the U.S. Supreme Court. The Kentucky Republican announced today that he had filed his complaint in Washington federal court. Paul was joined as co-plaintiff by FreedomWorks Inc., a Tea Party-backed group. The filing couldnt be immediately confirmed in court records. The government is collecting phone data about U.S. citizens without any belief by defendants at the time of collection or retention or searches that any of the information is connected with international terrorism or an international terrorist organization, in violation of the U.S. Constitutions Fourth Amendment prohibition of unreasonable searches, according to a draft copy of Pauls suit provided by his office. Consumers willingness to provide companies with information about themselves to get phone service does not reflect a willingness or expectation that they are surrendering the privacy of the information, Paul said in his complaint. The suit challenges the National Security Agencys bulk collection of phone records of millions of Americans, a program disclosed last year by former agency contractor Edward Snowden. Caitlin Hayden, a spokeswoman for the National Security Council, referred a request for comment on the suit to the Justice Department. The council, a White House group, consists of administration advisers, mostly from the Cabinet and the military. Found Legal We believe the program as it exists is lawful, Hayden said by e-mail, addressing the data collection generally. It has been found to be lawful by multiple courts. And it receives oversight from all three branches of government. We remain confident that the Section 215 telephone metadata program is legal, as at least 15 judges have previously found, Peter Carr, a Justice Department spokesman, said in an e-mailed statement. White House spokesman Jay Carney declined to comment on the specific litigation. He repeated Obamas position that the program is lawful and has been upheld by courts. A federal judge in New York ruled Dec. 27 that the program is legal. The ruling came less than two weeks after a federal court in Washington said it may be illegal. The two judges came to opposite conclusions about a landmark 1979 ruling on telephone data in the pre-Internet age. A divided U.S. privacy-policy board last month concluded the NSA program is illegal and should be stopped. Minimal Usefulness The five-member Privacy and Civil Liberties Oversight Board, created by Congress under post-Sept. 11 anti-terrorism laws, said in a 238-page report that the program to collect and store the records has provided only minimal help in thwarting terrorist attacks. The NSA receives phone records from U.S. telecommunications companies and stores them in a database that can be queried to determine who is in contact with suspected terrorist organizations. The surveillance was authorized by President George W. Bush after the Sept. 11, 2001, terrorist attacks,. It has been defended as critically important to national security, according to records declassified this month by National Intelligence Director James Clapper. In the two court rulings, U.S. District Judge William H. Pauley III in Manhattan granted a government motion to dismiss a suit filed by groups led by the American Civil Liberties Union. D.C. Decision In Washington, Judge Richard Leon barred collection of metadata from the Verizon Wireless accounts of the two plaintiffs. Leon suspended the injunction for a government appeal. The ACLU appealed Pauleys ruling to the federal Court of Appeals in New York. If appeals courts uphold their respective lower courts, creating a split, the Supreme Court is more likely to take the case. The information at issue in all three cases involves metadata, which includes the numbers used to make and receive calls and their duration. It doesnt include information about the content of the communications or the names, addresses or financial information of parties, according to government filings in the Washington case. http://www.bloomberg.com/news/2014-02-12/obama-sued-by-rand-paul-over-surveillance-as-challenges-grow-1-.html
  3. To Protect And Infect A leaked NSA cyber-arms catalog has shed light on the technologies US and UK spies use to infiltrate and remotely control PCs, routers, firewalls, phones and software from some of the biggest names in IT. The exploits, often delivered via the web, provide clandestine backdoor access across networks, allowing the intelligence services to carry out man-in-the-middle attacks that conventional security software has no chance of stopping. And if that fails, agents can simply intercept your hardware deliveries from Amazon to install hidden gadgets that rat you out via radio communications. The 50-page top-secret document, written by an NSA division called ANT, is part of an information dump sent to German magazine Der Spiegel, and expounded upon by journalist Jacob Appelbaum in his keynote to the 30th Chaos Communication Congress in Germany on Monday. You can watch a clearly furious Appelbaum in the video below. The dossier is a glorified shopping catalog of technology for spies in the so-called "Five Eyes" alliance of the UK, the US, Canada, Australia, and New Zealand. It gives the clearest view yet of what the NSA, GCHQ and associated intelligence agencies can do with your private data, and how they manage it. Here's an easy-to-digest roundup of what was discussed. Satellite and optic-fiber communications stored According to Appelbaum, the NSA is running a two-stage data dragnet operation. The first stage is TURMOIL, which collects data traffic passively via satellite and cable taps and stores it – in some cases for up to 15 years – for future reference. The NSA does not consider this surveillance because no human operator is involved, just automatic systems. Der Spiegel gave the example of the SEA-ME-WE-4 underwater cable system, which runs from Europe to North Africa, then on to the Gulf states to Pakistan and India before terminating in the Far East. The documents show that on February 13 this year a tap was installed on the line by the NSA that gave layer-two access to all internet traffic flowing through that busy route. However, this passive capability is backed up by TURBINE, the active intervention side of the NSA, run by its Tailored Access Operations (TAO) hacking squad. By using a selection of hardware and software tools, not to mention physical measures as we'll see later on, the NSA promises that systems can be hacked "at the speed of light," and the staffers in Maryland even took time to build a LOLcat picture highlighting the capability: Sure they own you, but look at the little kitty. Credit: NSA "Tailored Access Operations is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies," the NSA said in a statement on the report, adding that TAO's "work is centered on computer network exploitation in support of foreign intelligence collection." Windows crash reports boon for spies On the subject of operating systems, Appelbaum said the documents revealed subversion techniques against Windows, Linux, and Solaris. In the case of Microsoft, the NSA is monitoring Windows software crash reports to gain insight into vulnerabilities on a target system and exploit them for its own ends. “Customers who choose to use error reports send limited information about, for example, the process, application, or device driver, that may have encountered a problem," a Microsoft spokesperson told El Reg in a statement responding to Der Spiegel's report. "Reports are then reviewed and used to improve customer experiences. Microsoft does not provide any government with direct or unfettered access to our customer’s data. We would have significant concerns if the allegations about government actions are true." NSA buys up security exploits to attack vulnerabilities When it comes to active penetration, the TAO team has a system dubbed QUANTUMTHEORY, an arsenal of zero-day exploits that it has either found itself or bought on the open market from operators like VUPEN. Once inside a computer, software dubbed SEASONEDMOTH is automatically secreted and used to harvest all activity by the target in a 30-day period. For computers and networks that have firewalls and other security systems in place, the NSA uses QUANTUMNATION, a tool that will scan defenses using software dubbed VALIDATOR to find an exploitable hole, and then use it to seize control using code dubbed COMMENDEER. A system dubbed QUANTUMCOPPER also gives the NSA the ability to interfere with TCP/IP connections and disrupt downloads to inject malicious code or merely damage fetched files. Appelbaum said such a system could be used to crash anonymizing systems like Tor by forcing an endless series of resets – and makes the designers of the Great Firewall of China look like amateurs. The website you are visiting is really not the website you want But it's a scheme dubbed QUANTUMINSERT that Appelbaum said was particularly concerning. The documents show that if a target tries to log onto Yahoo! servers, a subverted local router can intercept the request before it hits Meyer & Co's data center and redirect it to a NSA-hosted mirror site where all activity can be recorded and the connection tampered. It's not just Yahoo! in the firing line: QUANTUMINSERT can be set up to automatically attack any computer trying to access all sorts of websites. The code predominantly injects malware into religious or terrorism websites to seize control of vulnerable web browsers and their PCs. But the technology has also been spotted monitoring visits to sites such as LinkedIn and CNN.com, and will work with most major manufacturer's routers to pull off its software injection. (If you think using HTTPS will highlight any of these man-in-the-middle attacks, bear in mind it's believed that the NSA and GCHQ have penetrated the security certificate system underpinning SSL/TLS to allow the agencies' computers to masquerade as legit web servers.) According to the catalog, Cisco hardware firewalls, such as the PIX and ASA series, and Juniper Netscreen and ISG 1000 products, can have backdoors installed in their firmware to monitor traffic flowing in and out of small businesses and corporate data centers. A boot ROM nasty exists for the Huawei Eudemon firewalls, we're told; Huawei being the gigantic Chinese telcoms electronics maker. Other BIOS-level malware is available for Juniper and and Hauawei routers, according to the dossier. "At this time, we do not know of any new product vulnerabilities, and will continue to pursue all avenues to determine if we need to address any new issues. If we learn of a security weakness in any of our products, we will immediately address it," said Cisco in a blog post. "As we have stated prior, and communicated to Der Spiegel, we do not work with any government to weaken our products for exploitation, nor to implement any so-called security ‘back doors’ in our products." The cellphone network you are connected to is not the network you want Mobile communications are also wide open, it seems. The NSA catalog offers a mobile base station called the Typhon HX (priced at $175,800) that will mimic a network provider's infrastructure and collect mobile signals to decode and study; it effectively taps cellphones. Appelbaum said this type of hacking was spotted in action by the Ecuadorian embassy shortly after Julian Assange arrived as a house guest. The embassy's staff started getting welcome messages from Uganda Telecom on their mobile because the British intelligence services hadn't reconfigured their data slurping base-station correctly from a previous operation, apparently. Mobile phone SIM cards can also be easily hacked, the documents claim, using a tool dubbed MONKEYCALANDER. This exploits a flaw, only recently spotted by security researchers but used by the NSA since 2007, that allows code to be installed on a SIM card that will track and monitor an individual user's calls and location. The catalog also details an exploit called DROPOUTJEEP which claims it can gain complete control of an Apple iPhone via a backdoor, at least back in 2007 when the cyberweapon catalog was drawn up. The NSA says the DROPOUTJEEP exploit has a 100 per cent success rate, leading Applebaum to speculate that Cupertino may have helped the NSA out with the software. The first version of DROPOUTJEEP needed an agent to get his or her hands on the device, but remotely launched versions were promised. Also listed is flash ROM malware for compromising satellite phones, in case you felt like using that, plus exploits to remotely control Windows Mobile handsets. Speaking of Windows, NIGHTSTAND is a handy little box of tricks that can, with a range of 8 miles, transmit carefully crafted Wi-Fi traffic to potentially gain control of a PC running Windows XP and Internet Explorer. A tiny Linux-powered computer called SPARROW II can be fitted to drones to scope out poorly secured wireless networks from the skies. Your hard disk is not the device you thought it was Hard drives are also easy meat for the NSA, according to the documents. Software called IRATEMONK can be installed on the firmware in disks from Western Digital, Seagate, Maxtor, and Samsung to allow full access to the target's data and operating system. And because it's flashed onto the chips, via other remotely installed malware, the customized firmware is almost impossible to detect. This allows spies to hide and execute anything they like on the connected computer, even if the drive is wiped. If you want to see how a reprogrammed disk firmware can silently alter files, turn to this independent, earlier research. An example target of IRATEMONK cited by the NSA is a cyber-cafe of PCs. "Western Digital has no knowledge of, nor has it participated in the development of technology by government entities that create ‘implants’ on Western Digital hard drives, as Der Spiegel described," a WD spokesperson told El Reg in a statement. The parcels from Amazon are not the parcels you want On the hardware front, the TAO hacking team also has specialists in "close access operations" or "Off Net" projects where physical access is required to a target's system. This can involve intercepting laptops ordered online from Amazon and others, adding tracking hardware, and then delivering them as normal in the correct packaging, as well as breaking into private property for hardware installation. The catalog offers a number of hardware tools that can be installed by a g-man. $200,000, for example, will buy you 50 USB cables that have a secondary radio communications system called COTTONMOUTH that allows the agency to send and collect data directly through the ether. A VGA monitor cable called RAGEMASTER intercepts video signals and beams them to a nearby government snoop using a radar-based technique. A similar device exists for keyboards. Those cables were built by the NSA's ANT team, which also has a fondness for attacking and infiltrating the firmware on your PC: this is the low-level software that's not without its bugs, first to run, and boots your operating system. If this is compromised and reprogrammed using the ANT crew's SWAP program, then it's pretty much game over for the target as the whole system above the firmware can be remotely controlled and monitored as required. Another tool called WISTFULTOLL leaps upon Windows Management Instrumentation to access data on systems. HOWLERMONKEY ... Check your Ethernet ports The NSA has also developed a set of tiny surveillance electronics dubbed HOWLERMONKEY that hides within computer hardware, such as an ordinary Ethernet port, Appelbaum said. The one pictured above, dubbed FIREWALK, looks no different to a standard RJ45 socket, but can inject data into and slurp any bytes from packets coming through the physical connection automatically, and relay the information back to base via a radio link. Wireless communications can also be subverted by installing a separate Wi-Fi card dubbed BULLDOZER. Even if the user has wireless switched off by default, a PCI-connected BULLDOZER can be used to link into a nearly subverted router and collect metadata and content from targeted systems. Servers built by HP and Dell were also mentioned as an easily subverted system. Hardware dubbed GODSURGE can be fitted to a JTAG debugging port in Dell's PowerEdge machines to provide full access, and the catalog says such monitoring uses common off-the-shelf components that can't be directly attributed to the NSA. IRONCHEF, we're told, is a BIOS-level nasty designed to target HP ProLiant kit; its PowerEdge cousin is called DEITYBOUNCE. Where to find all the leaked information The full document set has now been uploaded to whistleblowing website Cryptome for public perusal. Appelbaum and the Der Spiegel team have been careful to exclude the published names of NSA staff who carry out these attacks, and the names of the people and organizations the agency has targeted. An interactive infographic summarizing the leaks can be found here. El Reg has contacted all of the companies named by Appelbaum in his presentation, but had limited response given that it’s the Christmas holidays. But if the dossier is to be believed, then there are going to be angry words between the NSA, manufacturers and hardware customers – the latter likely to be searching for more secure products. Appelbaum said that he'd tried to talk to US legislators about the situation but was continually rebuffed. Part of the problem, he said, was that politicians don't understand the technology behind such systems, and in many cases the lawmakers don’t want to acknowledge there's a problem until a political solution has been worked out. The leaked catalog is roughly six years old; new technologies developed in the mean time by the NSA (estimated annual budget: $10bn) are anyone's guess, or worst nightmares. Readers may find some cheer, or not, from the suggestion that most of these techniques are used against highly targeted individuals rather than everyone en mass: NSA analysts need the help of the FBI and CIA to install the hidden hardware snoopers, for example, either by intercepting shipments or by carrying out a so-called black bag job. The intelligence agencies argue they are combatting terrorism, a claim that is now being fought over in the US courts. Today, questions remain as to who exactly is scrutinizing these surveillance operations and to what level – and who else has their hands on these grave security vulnerabilities that the NSA is otherwise sitting on and secretly exploiting. "The real problem is who is in charge here," Jon Callas, cofounder of the Silent Circle encrypted communications system, told The Register. Referring to the secretive FISA court that supposedly oversees the NSA, Callas continued: "For us who are Americans we have the belief that we are ultimately in charge. Now it seems we have secret courts, with secret laws, so how do you run a free society under those kind of conditions?" "We have a societal belief that some things are not acceptable and while Jake can be hyperbolic, I cheer him on – sunlight is the best disinfectant." ® Bootnote With the exception of SEASONEDMOTH, there's no mention of any of these exploits having a time-limited kill switch. Presumably the NSA has means of deactivating online taps, but one wonders how much kit is out there on eBay and with dealers that still contains examples of ANT's intrusive craft. Applebaum suggests that those interested (which should include pretty much everyone in the security industry as well as IT departments purchasing on the grey market) should look for samples that use the RC6 block cipher and which emit encrypted UDP traffic. Updated to add Dell got in touch with us after publication to deny any involvement in the vulnerabilities exploited by the NSA: In a statement, Apple echoed much of what Dell and other vendors have said: Source: The Register
  4. By JOSH KELLER, ALICIA PARLAPIANO, DAVID E. SANGER and CHARLIE SAVAGEJAN. 17, 2014 President Obama announced on Friday that he will place new limits on intelligence agencies’ bulk collection of phone call records. But he rejected some other recommendations to rein in surveillance made by a panel of outside advisers. Phone Records Documents released in June reveal that the N.S.A. has been systematically collecting logs of every Americans’ phone calls and storing the data for five years. Agency analysts may examine call records of people up to three links (or “hops”) removed from any number for which they decide there is “reasonable, articulable suspicion” of ties to terrorism. Mr. Obama says he wants to find a way not to have the government collect records in bulk, but rather keep them in private hands. In the meantime, analysts will now be able to examine only records of people two hops away from a suspect number. And the N.S.A. must obtain a court order ahead of time from a judge who agrees that the standard of suspicion has been, with an exception for after-the-fact court review in a fast-moving exigency. There are two options for doing this. One is to require each telecommunications provider to retain its customers’ calling records for a certain time and store the data in a way that the government could quickly get access it – and cross-reference it with other providers’ records. The other is to create a private consortium that would comingle the records. Mr. Obama says there are difficulties with both options, and has directed his administration to study options and work with Congress to come up with a solution. Mr. Obama has rejected the idea of scrapping the program entirely, as some lawmakers and civil libertarians have called for, saying he wants to retain its capabilities but restructure it to reduce the possibility of abuses. Aides said Mr. Obama would like to get the N.S.A. out of the business of holding the data at all, so it was deemed to make little sense to order the agency to purge the data more quickly. That leaves open the question of how long telecommunications providers or a consortium would be required to retain the records. Emails and Phone Calls Mr. Obama said he would ask the attorney general and the director of national intelligence to come up with ideas for additional restrictions on government’s ability to retain, search and use the communications of Americans that were “incidentally” collected without a warrant. National Security Letters National Security Letters are subpoenas the F.B.I. can use to compel businesses to turn over a range of records about their customers, like financial transactions or data on communications, while gagging the recipients from talking about them. The F.B.I. uses the device tens of thousands of times a year, and it objected to losing the power to issues them unless a court approved. Mr. Obama rejected the recommendation to impose a court approval requirement. But he is ending the open-ended secrecy, saying the gag orders will expire after a fixed period in most cases. And he said providers would be allowed to say more to the public about the scope and scale of the orders they receive. Foreign Leaders and Foreign Nationals Disclosures that the N.S.A. has been eavesdropping on foreign leaders, including the cellphone of Chancellor Angela Merkel of Germany, led to a diplomatic crisis for the Obama administration in October. Mr. Obama said he would generally ban the practice for “close friends and allies” and a senior administration official said this list included “dozens” of leaders of foreign countries, without specifying them. The administration did not address whether the U.S. would spy on other top officials from those countries. Recent disclosures revealed that the N.S.A. collects vast amounts of information from overseas telecommunications networks, vacuuming up metadata in bulk and intercepting the contents of communications. Mr. Obama said that new safeguards would limit the duration that the government can hold personal information about foreigners and restrict its use. While he acknowledged the United State’s responsibility to ask “tough questions” about its technological capabilities, he made clear that foreigners overseas do not enjoy the same protections as U.S. citizens. “This is not unique to America,” he said. “Few, if any, spy agencies around the world constrain their activities beyond their own borders.” Fisa Court Structure A senior official said the advocates would be called on only in cases presenting novel and important privacy law issues. The panel would apparently not have the authority to monitor the court’s caseload and independently decide when a case warranted its presence. Currently, Chief Justice John G. Roberts Jr., selects all the judges who serve a term of extra duty on the secret court, and he has used that power to overwhelmingly pick Republican-appointed judges. Critics have called for diversifying the court by having other Supreme Court justices, or the chief judges of the appeals courts, play a role. Administration officials said that Mr. Obama would accept that kind of a change if Congress made it. Cybersecurity and Encryption In July, The New York Times reported that the N.S.A. had been collecting previously undiscovered “zero day” flaws in common computer programs and using them for mounting cyberattacks. White House says the recommendation is now under review by the security council to “review and, as necessary, adjust existing processes.’’ Documents released in September revealed that the agency had been working to weaken encryption standards so it could more easily crack secure systems. White House says its cybersecurity and science and technology offices are reviewing the issues and “we support the recommendation’s aim to protect the standards for commercial encryption.’’ Agency Organization and Security In 2009, Defense Secretary Robert M. Gates combined into one position the heads of the N.S.A., which is responsible for gathering intelligence, and the Cyber Command, the military's cyberwarfare unit. Mr. Obama has already rejected the recommendation to split command of the N.S.A. from the Cyber Command. The public debate over the scope of N.S.A. surveillance started when a former N.S.A. contractor, Edward J. Snowden, secretly made copies of four hard drives worth of top-secret documents and then leaked them. While Mr. Obama acknowledged Mr. Snowden’s role in starting the debate over privacy and national security, he did not address recommendations to secure classified information. http://www.nytimes.com/interactive/2014/01/17/us/nsa-changes-graphic.html?hp&_r=0
  5. Published time: January 20, 2014 22:58 The overwhelming majority of Americans said that President Obama’s recent speech regarding changes to the National Security Agency had little to no effect on their opinion on the surveillance programs, according to a poll released Monday. In a highly anticipated speech last Friday, Obama said that the NSA would continue to collect metadata on millions of Americans, but the agency would need a judge’s approval and would also have to turn the information over to a third party instead of storing it in the NSA’s databases. A poll conducted by the Pew Research Center and USA Today has found that Obama’s speech, which came after an intelligence review board recommended the NSA discontinue the collection of phone metadata immediately, did little to change their opinion. Of the 1,504 adults polled between January 15 and 19, half said they had heard nothing about the President’s proposed changes and another 41 percent said they only heard “a little bit.” A mere eight percent said they heard a lot about potential changes. Researchers also found that fewer US citizens are in favor of the agency’s mass surveillance than when Edward Snowden first leaked classified documents in June of last year. In July, just weeks after the first Snowden documents were published by the Guardian and the Washington Post, 50 percent of Americans said they were in favor of the measures, believing they were necessary to fight terrorism. Now, though, 40 percent approve of the far-reaching programs and 53 percent disapprove. The NSA review board previously suggested in December that the intelligence agency turn over the phone metadata to a phone company or other third party to reduce the risk of government abuse. It also recommended that the NSA be required to seek approval from a judge in order to sift through that information. Obama said Friday that those suggestions will be the new basis for his NSA reforms. But nearly half of the citizens polled, 48 percent, say there are still not sufficient safeguards on what internet and phone data the government is permitted to collect. Even fewer, just 41 percent, said that there are adequate limits on the data collection as a whole. Support for the NSA program was clearer when researchers examined party lines. In June 2013 45 percent of Republicans approved of the surveillance while 51 percent disapproved. Seven months later, 37 percent approved and 56 percent disapproved. Democrats, perhaps out of loyalty to the Obama administration, said in June that they approved of the NSA by 58 percent, with only 38 percent speaking against the policies. By January, the number who approve had fallen to 46 percent while the number who disapproved jumped to 48 percent. “Among those that did hear about the proposals, large majorities of Republicans (86%) and independents (78%) say these changes will not make much difference when it comes to protecting people’s privacy,” the Pew Research Center wrote Monday. “Among Democrats who have heard of the changes, 56% say they won’t make much difference.” http://rt.com/usa/obama-nsa-speech-trust-doubt-917 :)
  6. Ten meltdowns in 13 months cause damage worth hundreds of thousands of dollars and baffle investigators at Utah facility Electrical surges at a huge new National Security Agency data centre have reportedly fried equipment, melted metal and caused fiery explosions, delaying its opening for a year. Ten meltdowns over the past 13 months have caused hundreds of thousands of dollars' worth of damage to machinery and baffled investigators at the agency's data storage complex in Utah, the Wall Street Journal reported on Tuesday. The surges have apparently prevented the NSA from using computers at its biggest data centre, a key element in its ability to store and process information from electronic snooping. A spokesperson, Vanee Vines, suggested in a statement that the 247-acre site, which encompasses 1.2m sq ft of enclosed space, was getting back on track. “The failures that occurred during testing have been mitigated. A project of this magnitude requires stringent management, oversight, and testing, before the government accepts any building.” However, the cause of eight of the 10 surges, known as arc fault failures, remain disputed, and investigators have not ruled out further meltdowns, which were compared to flashes of lightning inside a 2ft box. The $1.7bn facility, two years in the making, was due to host supercomputers to store gargantuan quantities of data from emails, phone calls, Google searches and other sources. Sited on an unused swath of the national guard base near Bluffdale, a town outside Salt Lake City, it comprises four 25,000 sq ft halls filled with servers and cables, plus an additional 900,000 sq ft of space for technical support and administration. It was due to open next month. Construction passed largely unnoticed until Edward Snowden's revelations about NSA surveillance put his former employer under intense scrutiny. Experts have disagreed on the centre's potential. Some said it will just store data; others envisaged a capacity to not just store but analyse and break codes, enabling technicians to potentially snoop on millions of Americans and foreigners for decades to come. William Binney, a mathematician who worked at the NSA for almost 40 years and helped automate its worldwide eavesdropping, said Utah's computers could store data at the rate of 20 terabytes – the equivalent of the Library of Congress – per minute. The NSA chose Bluffdale largely because of cheap electricity. The centre uses 65 megawatts to run computers and keep them cool, racking up more than $1m in costs per month. The first electrical surge was on August 2012. The most recent occurred last month. The US army corps of engineers, which is overseeing construction of the facility, said the cause of the problems had been identified and that a contractor was now correcting it. The centre would be “completely reliable” before being handed over to the NSA, said Norbert Suter, the corps' chief of construction operations. Other testimony cast doubt on that, saying 30 independent experts had conducted 160 tests over 50,000 hours, and still did not agree on what caused eight of the 10 surges, nor on ways to prevent future surges. The Journal report, citing documents and interviews, said builders cut corners, back-up generators failed tests, a cooling system remained untested and some technicians questioned the adequacy of the electrical control system. David Eskelson, a spokesman for Rocky Mountain Power and Pacific Corp, which supplies electricity to the centre, said it was not to blame. “Our engineers conducted detailed studies to confirm – with NSA’s concurrence – that Rocky Mountain Power’s system was not the source of any of the problems.” KlingStubbins, an architectural firm which designed the electrical system, referred questions to the army corps of engineers. Mark Reid, Bluffdale's city manager, had no information on the surges. “Any time you start a new building I know you always have problems. But I deal with water, not electricity. I have no idea what they're doing up there.” The muddle underlined the NSA's expanding need for data centre management expertise, mixing electrical, computer and organisational skills. It has advised the University of Utah on a new data-management course which will offer internships at the Bluffdale facility. Source: The Guardian
  7. Oliver Stone, John Cusack, Maggie Gyllenhaal and Wil Wheaton are among showbiz figures who are stepping into the debate over the National Security Agency surveillance programs, appearing in a public service announcement that calls for an end to the monitoring. “Everybody is at risk for getting caught up in the NSA dragnet,” Stone says in the 3 minute, 26 second spot, which also features Daniel Ellsberg, Rep. John Conyers (D-Mich.) and Phil Donahue. The spot was directed by Brian Knappenberger and produced by the Electronic Frontier Foundation. The video is an effort to garner support for an Oct. 26 rally in Washington called Stop Watching Us, organized by more than 100 public interest groups that are demanding that Congress investigate the NSA spying programs. The video is one of the first major pushes against the program using celebrity figures since news of Edward Snowden’s leaks of information about the program was first published. Source: Variety
  8. (AP) Merkel calls Obama to complain about surveillance By GEIR MOULSON and JOHN-THOR DAHLBURG Associated Press BERLIN German Chancellor Angela Merkel complained to President Barack Obama on Wednesday after learning that U.S. intelligence may have targeted her mobile phone, saying that would be "a serious breach of trust" if confirmed. For its part, the White House denied that the U.S. is listening in on Merkel's phone calls now. "The president assured the chancellor that the United States is not monitoring and will not monitor the communications of the chancellor," White House spokesman Jay Carney said. "The United States greatly values our close cooperation with Germany on a broad range of shared security challenges." However, Carney did not specifically say that that U.S. had never monitored or obtained Merkel's communications. The German government said it responded after receiving "information that the chancellor's cellphone may be monitored" by U.S. intelligence. It wouldn't elaborate, but German news magazine Der Spiegel, which has published material from NSA leaker Edward Snowden, said its research triggered the response. Merkel spokesman Steffen Seibert said in a statement the chancellor made clear to Obama in a phone call that "she views such practices, if the indications are confirmed ... as completely unacceptable." Merkel said among close partners such as Germany and the U.S., "there must not be such surveillance of a head of government's communication," Seibert added. "That would be a serious breach of trust. Such practices must be stopped immediately." Carney, the White House spokesman, said the U.S. is examining Germany's concerns as part of an ongoing review of how the U.S. gathers intelligence. The White House has cited that review in responding to similar spying concerns from France, Brazil and other countries. U.S. allies knew that the Americans were spying on them, but they had no idea how much. As details of National Security Agency spying programs have become public, citizens, activists and politicians in countries from Latin America to Europe have lined up to express shock and outrage at the scope of Washington's spying. Merkel had previously raised concerns over the electronic eavesdropping issue when Obama visited Germany in June, has demanded answers from the U.S. government and backed calls for greater European data protection. Wednesday's statement, however, was much more sharply worded and appeared to reflect frustration over the answers provided so far by the U.S. government. Merkel called for U.S. authorities to clarify the extent of surveillance in Germany and to provide answers to "questions that the German government asked months ago," Seibert said. Overseas politicians are also using the threat to their citizens' privacy to drum up their numbers at the polls _ or to distract attention from their own domestic problems. Some have even downplayed the matter to keep good relations with Washington. After a Paris newspaper reported the NSA had swept up 70.3 million French telephone records in a 30-day period, the French government called the U.S. ambassador in for an explanation and put the issue of personal data protection on the agenda of the European Union summit that opens Thursday. "Why are these practices, as they're reported _ which remains to be clarified _ unacceptable? First because they are taking place between partners, between allies, and then because they clearly are an affront to private life," Najat Vallaud-Belkacem, the French government spokeswoman, said Wednesday. But the official French position _ that friendly nations should not spy on each another _ can't be taken literally, a former French foreign minister said. "The magnitude of the eavesdropping is what shocked us," Bernard Kouchner said in a radio interview. "Let's be honest, we eavesdrop too. Everyone is listening to everyone else. But we don't have the same means as the United States, which makes us jealous. " The French government, which until this week had been largely silent in the face of widespread U.S. snooping on its territory, may have other reasons to speak out now. The furor over the NSA managed to draw media attention away from France's controversial expulsion of a Roma family at a time when French President Francois Hollande's popularity is at a historic low. Just 23 percent of French approve of the job he is doing, according to a recent poll. In Germany, opposition politicians, the media and privacy activists have been vocal in their outrage over the U.S. eavesdropping. Up until now, Merkel had worked hard to contain the damage to U.S.-German relations and refrained from saying anything bad about the Americans. Merkel has said previously her country was "dependent" on cooperation with the American spy agencies _ crediting an American tip as the reason that security services foiled an Islamic terror plot in 2007 that targeted U.S. soldiers and citizens in Germany. In Italy, major newspapers reported that a parliamentary committee was told the U.S. had intercepted phone calls, emails and text messages of Italians. Premier Enrico Letta raised the topic of spying during a visit Wednesday with Secretary of State John Kerry. A senior State Department official said Kerry made it clear the Obama administration's goal was to strike the right balance between security needs and privacy expectations. Few countries have responded as angrily to U.S. spying than Brazil. President Dilma Rousseff took the extremely rare diplomatic step of canceling a visit to Washington where she had been scheduled to receive a full state dinner this week. Analysts say her anger is genuine, though also politically profitable, for Rousseff faces a competitive re-election campaign next year. David Fleischer, a political scientist at the University of Brasilia, said since the Sept. 11 attacks Brazilian governments knew the Americans had stepped up spying efforts. "But what the government did not know was that Dilma's office had been hacked as well," Fleischer said. Information the NSA collected in Mexico appears to have largely focused on drug-fighting policies or government personnel trends. But the U.S. agency also allegedly spied on the emails of two Mexican presidents, Enrique Pena Nieto, the incumbent, and Felipe Calderon. The Mexican government has reacted cautiously, calling the targeting of the presidents "unacceptable." Pena Nieto has demanded an investigation but hasn't cancelled any visits or contacts, a strategy that Mexico's opposition and some analysts see as weak. "Other countries, like Brazil, have had responses that are much more resounding than our country," said Sen. Gabriela Cuevas of Mexico's conservative National Action Party. Yet Mexico has much-closer economic and political ties to the United States that the Mexican government apparently does not want to endanger. Beyond politics, the NSA espionage has been greeted with relative equanimity in Mexico, since the government has had close intelligence cooperation with the United States for years in the war on drugs. "The country we should really be spying on now is New Zealand, to see if we can get enough information so the national team can win a qualifying berth at the World Cup," Mexican columnist Guadalupe Loaeza wrote. The two rivals play Nov. 13. Source: BreitBart
  9. The National Security Agency recorded information about more than 124 billion phone calls during a 30-day period earlier this year, including around 3 billion calls from U.S. sources, according to a tally from top-secret documents released by multiple news outlets. Documents revealing details about the NSA’s Boundless Informant program show that information regarding billions of phone calls and computer communications was collected by the agency from across the world. Boundless Informant “allows users to select a country on a map and view the meta data volume and select details about the collections against that country,” according to the Guardian, which first reported on the top secret program earlier this year. Multiple leaked screenshots of the Boundless Informant program show that information on around 124.8 billion phone calls were collected in just 30-days this year, according to documents released by the Guardian and other news sites. The documents provide a window into the sheer volume of data being collected by the NSA as late as March of this year, according to the Guardian. Critics of the NSA’s multiple data collection programs, which include PRISM, argue that innocent Americans run the risk of having their personal communications monitored. Its defenders maintain that the program has been a key tool in the fight against terrorism. It is unlikely that the NSA examined the content of all of these calls, though it seems possible that the security organization could single out any of the snatched calls and other communications. The sheer extent of the NSA’s data collection effort were compiled from the multiple sources and organized on Wednesday by members of intelligence website Cryptome, which regularly publishes government documents and other information. Much of the information recorded by the NSA appears to have originated in the greater Middle East. The majority of the calls monitored by the NSA appeared to have emanated from Pakistan and Afghanistan, where 13.76 billion and 21.98 billion calls were respectively collected over the time period, according to the Boundless Informant “heat map” revealed by the Guardian. About 1.73 billion calls, or “DNRs” (Dialed numbers recorded), were collected from Iran, while 1.64 billion were traced back to Jordan. Additionally, some 6.28 billion calls from India were collected. Perhaps the most controversial element of the program is its efforts to collect both phone and computer data from Western nations that have friendly relations with the United States. Boundless Informant appears to have collected information from hundreds of million calls traced back to Germany in a single 30-day-period, according to documents published by Der Spiegel Online. Spain accounted for another 61 million and Italy for 46 million, according to the published screenshots and tallies posted to Cryptome. France’s Le Monde newspaper alleged this week that the NSA recorded more than 70 million phone calls through January of this year. However, U.S. Director of National Intelligence James Clapper immediately rejected the claim. Another 97 billion bits of information were pulled by the NSA from global computer networks, according to the map and original story by the Guardian. Source: The Washington Free Beacon
  10. The website for the United States National Security Agency suddenly went offline Friday. NSA.gov has been unavailable globally as of late Friday afternoon, and Twitter accounts belonging to people loosely affiliated with the Anonymous hacktivism movement have suggested they are responsible. Twitter users @AnonymousOwn3r and @TruthIzSexy both were quick to comment on the matter, and implied that a distributed denial-of-service attack, or DDoS, may have been waged as an act of protest against the NSA. Allegations that those users participated in the DDoS — a method of over-loading a website with too much traffic — are currently unverified, and @AnonymousOwn3r has previously taken credit for downing websites in a similar fashion, although those claims have been largely contested. The crippling of NSA.gov comes amid a series of damning national security documents that have been disclosed without authorization by former intelligence contractor Edward Snowden. The revelations in the leaked documents have impassioned people around the globe outraged by evidence of widespread surveillance operated by the NSA, and a massive “Stop Watching Us” rally is scheduled for Saturday in Washington, DC. DDoS attacks are illegal in the United States under the Computer Fraud and Abuse Act, or CFAA, and two cases are currently underway in California and Virginia in which federal judges are weighing in on instances in which members of Anonymous allegedly used the technique to take down an array of sites during anti-copyright campaigns waged by the group in 2010 and 2011. In those cases, so-called hacktivsits are reported to have conspired together to send immense loads of traffic to targeted websites, rendering them inaccessible due to the overload. Source: RT
  11. N.S.A. Foils Much Internet Encryption (The New York Times)The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents. Associated PressThis undated photo released by the United States government shows the National Security Agency campus in Fort Meade, Md. The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth. The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated. The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world. “For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.” When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!” An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year. In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects. The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features. The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say. Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by leaders of Al Qaeda about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work. But some experts say the N.S.A.’s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications. Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network. For at least three years, one document says, GCHQ, almost certainly in collaboration with the N.S.A., has been looking for ways into protected traffic of popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document. (Google denied giving any government access and said it had no evidence its systems had been breached). “The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.” Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip. “And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information. “The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort,” he said. “This is the golden age of spying.” A Vital Capability The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus on GCHQ but include thousands from or about the N.S.A. Intelligence officials asked The Times and ProPublica not to publish this article, saying it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful privacy tools. The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June. “Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted. The documents make clear that the N.S.A. considers its ability to decrypt information a vital capability, one in which it competes with China, Russia and other intelligence powers. “In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” a 2007 document said. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.” The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of an American Civil War battle. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century. Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ” Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources. Ties to Internet Companies When the N.S.A. was founded, encryption was an obscure technology used mainly by diplomats and military officers. Over the last 20 years, it has become ubiquitous. Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to a Web address. Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware. According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” Sigint is the acronym for signals intelligence, the technical term for electronic eavesdropping. By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws, according to the documents. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments. In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times. The 2013 N.S.A. budget request highlights “partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses” — that is, to allow more eavesdropping. At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service. Microsoft asserted that it had merely complied with “lawful demands” of the government, and in some cases, the collaboration was clearly coerced. Some companies have been asked to hand the government the encryption keys to all customer communications, according to people familiar with the government’s requests. Executives who refuse to comply with secret court orders can face fines or jail time. N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it. How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.” Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method. Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members. Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.” “Eventually, N.S.A. became the sole editor,” the memo says. Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections. The N.S.A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products to the agency with the goal of improving American cybersecurity. But a top-secret N.S.A. document suggests that the agency’s hacking division uses that same program to develop and “leverage sensitive, cooperative relationships with specific industry partners” to insert vulnerabilities into Internet security products. By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key. That proposal met a backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union. All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global technology edge. By 1996, the White House backed down. But soon the N.S.A. began trying to anticipate and thwart encryption tools before they became mainstream. “Every new technology required new expertise in exploiting it, as soon as possible,” one classified document says. Each novel encryption effort generated anxiety. When Mr. Zimmermann introduced the Zfone, an encrypted phone technology, N.S.A. analysts circulated the announcement in an e-mail titled “This can’t be good.” But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them. By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300. But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence. A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum. But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known. “These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple ‘fact of’ could alert the adversary and result in immediate loss of the capability,” a GCHQ document outlining the Bullrun program warned. Corporate Pushback Since Mr. Snowden’s disclosures ignited criticism of overreach and privacy infringements by the N.S.A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying. Google, Yahoo, Microsoft and Facebook have pressed for permission to reveal more about the government’s requests for cooperation. One e-mail encryption company, Lavabit, closed rather than comply with the agency’s demands for customer information; another, Silent Circle, ended its e-mail service rather than face such demands. In effect, facing the N.S.A.’s relentless advance, the companies surrendered. Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.” Source: The New York Times And here's a follow up article: Secret Documents Reveal N.S.A. Campaign Against Encryption
  12. The House of Representatives last night overwhelmingly passed an amendment to the Department of Defense Appropriations Act that would cut funding for two programs that grant intelligence agencies access to the private data and communications of U.S. citizens. The amendment shows that Congress is willing to adjust and follow a different tactic to rein in government surveillance powers after a more straightforward legislative approach failed last month. Privacy and civil rights advocates heralded that first effort, known as the USA FREEDOM Act, as a promising step toward controlling government spying powers when it came out of its committee. However, once it hit the House floor for debate, the broader Congress summarily crippled the committee’s efforts by vaguely defining key terms in the FREEDOM Act. The new bill was sponsored by U.S. Reps. Jim Sensenbrenner (R-Wis.), Zoe Lofgren (D-Calif.), Thomas Massie (R-Ky.) and a bipartisan group of lawmakers. In a 293 (ayes) to 139 (noes) to 1 (present) vote, the Massie-Lofgren Amendment passed. Lawmakers say it will close off two so-called backdoors. According to the amendment’s sponsors, one would be shut by prohibiting the search of government databases for information pertaining to U.S. citizens without a warrant, and the other would prohibit the National Security Agency and Central Intelligence Agency from requiring actual technological backdoors into products. In the Electronic Frontier Foundation’s (EFF) words, the amendment would block the NSA from using any of its funding from this Defense Appropriations Bill to conduct such warrantless searches. In addition, the amendment would prohibit the NSA from using its budget to mandate or request that private companies and organizations add backdoors to the encryption standards that are meant to keep you safe on the web. “This amendment will reinstate an important provision that was stripped from the original USA FREEDOM Act to further protect the Constitutional rights of American citizens,” the Sensenbrenner, Lofgren, and Massie said. “Congress has an ongoing obligation to conduct oversight of the intelligence community and its surveillance authorities.” Congressional officials claim the bill is supported by both major parties. In addition to that, the bill is reportedly supported by tech firms, civil rights groups, and political action committees, including the American Civil Liberties Union, the Liberty Coalition, the EFF, Google, FreedomWorks, Campaign for Liberty, Demand Progress, and the Center for Democracy and Technology. In a statement, the EFF described the move as important first step in reining in the NSA and applauded the House for its efforts. Like the passage of a stand-alone bill, in order to become law, the amendment must be passed by the Senate and signed by the president. The amendment’s additional sponsors included Reps. John Conyers (D-Mich.), Ted Poe (R-Texas), Tulsi Gabbard (D-Hawaii), Jim Jordan (R-Ohio), Robert O’Rourke (D-Texas), Justin Amash (R-Mich.), Rush Holt (D-N.J.), Jerrold Nadler (D-N.Y.) and Tom Petri (R-Wis.). Source
  13. Britain's electronic eavesdropping center GCHQ faces legal action from seven internet service providers who accuse it of illegally accessing "potentially millions of people's private communications," campaigners said Wednesday. The claim threatens fresh embarrassment for the British authorities after leaks by fugitive NSA worker Edward Snowden showed GCHQ was a key player in covert US surveillance operations globally. The complaint has been filed at a London court by ISPs Riseup and May First/People Link of the US, GreenNet of Britain, Greenhost of the Netherlands, Mango of Zimbabwe, Jinbonet of South Korea and the Chaos Computer Club of Germany, plus campaigners Privacy International. They claim that GCHQ carried out "targeted operations against internet service providers to conduct mass and intrusive surveillance." The move follows a series of reports by German magazine Der Spiegel which claimed to detail GCHQ's illicit activities. These reportedly included targeting a Belgian telecommunications company, Belgacom, where staff computers were infected with malware in a "quantum insert" attack to secure access to customers. The legal complaint says this was "not an isolated attack" and alleges violations of Britain's Human Rights Act and the European Convention of Human Rights. "These widespread attacks on providers and collectives undermine the trust we all place on the internet and greatly endangers the world's most powerful tool for democracy and free expression," said Eric King, Privacy International's deputy director. Britain's Foreign Office did not immediately comment. GCHQ, which stands for Government Communications Headquarters, employs around 5,500 people and is housed in a giant doughnut-shaped building in the sleepy town of Cheltenham, southwest England. Snowden's leaks claimed that the NSA had been secretly funding GCHQ to the tune of £100 million ($160 million, 120 million euros) over the last three years. Source
  • Create New...