Tag: NSA

Microsoft solves EU cloud problem

grandpa_simpson_yelling_at_cloudMicrosoft announced a number of new cloud offerings today including one which will solve the company’s European cloud problesm.

The problem is that Microsoft is US company and its country delights in spying on its allies.  The EU fears that the NSA could get a court order and force Microsoft to hand over data from its European clouds and force it not to tell anyone.

Microsoft has come up with a wizard wheeze by creating a product called Azure Deutschland — a German cloud region that will offer Azure services that come not directly from Microsoft, but from the German data trustee Deutsche Telekom.

It not only makes sure that data remains in Germany, but also means that Microsoft can’t actually get to the data itself.  By operating under a German company, the NSA can’t force Vole to do squat.

In fact, while the region offers redundancy and backup, it does so through a private network to ensure that none of the bits being backed up even go through the public Internet where they might stray onto foreign soil.

Germany has some of the strictest data privacy protection laws on the books, and Microsoft said that Deutsche Telekom will have strict protocols regarding when Microsoft is allowed access, even for support:

 

Huawei ignores US to clean up

cia-cleanerDespite being on a US spying list, China’s Huawei technologies continues to clean up.

Huawei does not have to tell us much, because it is a private company, but the world’s No.2 telecommunications equipment maker, reported a 33 percent rise in profit for 2014.

This matches company guidance, as the global adoption of fourth-generation (4G) mobile technology boosted sales.

Net profit for 2014 rose to $45.7 billion US dollars, the Shenzhen-based company told media in an earnings briefing today.

In a breakdown, its revenue from telecom operator business rose 16.4 percent year on year, to $31 billion dollars; its revenue from enterprise business reached $3.1 billion dollars, up 27.3 percent year on year; and its revenue from consumer business reached $12.1 billion dollars, up 32.6 percent year on year.

Meanwhile, the company invested $66 billion dollars in research and development, rising 29.4 percent year on year and representing 14.2 percent of its annual sales revenue.

In the past ten years, Huawei’s investment in research and development accumulated to $307 billion dollars.

Either way, despite the US’s most ironic embargo, Huawei is doing rather well.

 

Kaspersky finds more US snoops

spyMoscow-based Kaspersky Labs has uncovered more evidence indicating that the US National Security Agency is behind a particularly successful hacking group.

“Equation Group” ran the most advanced hacking operation ever uncovered and was untouched for more than 14 years.

Kaspersky researchers did not say that the hackers were the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project.

However the mountain of  evidence that Kaspersky provided  strongly implicated the spy agency.

The strongest new tie to the NSA was the string “BACKSNARF_AB25” discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed “EquationDrug.” “BACKSNARF,” according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA’s Tailored Access Operations.

“BACKSNARF” joins a host of other programming “artifacts” that tied Equation Group malware to the NSA. They include “Grok,” “STRAITACID,” and “STRAITSHOOTER.” Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the “BACKSNARF” artifact isn’t conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems tiny.

The code word is included in a report Kaspersky detailing new technical details uncovered about Equation Group.

Among other new data included in the report, the timestamps stored inside the Equation Group malware showed that members overwhelmingly worked Monday through Friday and almost never on Saturdays or Sundays. The hours in the timestamps appeared to show members working regular work days, an indication they were part of an organised software development team.

The timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US.

 

 

Wikimedia sues the NSA

Screen Shot 2015-03-10 at 14.21.01The Wikimedia Foundation, along with other human rights organisations, has taken legal action against the National Security Agency (NSA) and the US Department of Justice (DoJ).

Wikimedia, Human Rights Watch and Amnesty International, allege that the NSA surveillance programme breaks US laws on freedom of speech.

The NSA’s surveillance work violates a number of matters covered by the US Constitution, Wikimedia Foundation alleges.

According to the BBC, the executive director of the Wikimedia Foundation claims that the NSA is “training the backbone of democracy” and this activity collects data which is too wide to conform to US laws.

The Wikimedia Foundation alleges that the NSA and the DoJ have spied on Wikipedia and so violated privacy laws and challenged intellectual freedom.

The founder of Wikipedia, Jimmy Wales, hopes that the lawsuit will end the NSA’s trawling internet traffic.

 

New Snowden documents released

Edward_SnowdenJacob Appelbaum and Laura Poitras have just published another massive collection of classified records obtained by Edward Snowden.

Many of them, published on Der Spiegel , show that the National Security Agency and its allies are methodically preparing for future wars carried out over the internet.

Der Spiegel reports that the intelligence agencies are working towards the ability to infiltrate and disable computer networks — potentially giving them the ability to disrupt critical utilities and other infrastructure.

The NSA and GCHQ think they’re so far ahead of everyone else, they’re making jokes about it.
One of the major themes from the new documents involves the ability of Five Eyes intelligence agencies to exploit the methods of its adversaries — efforts to “steal their tools, tradecraft, targets, and take.” The NSA calls this impressive capability “fourth party collection” which sounds like a 1970’s prog rock band.

NSA and GCHQ have cracked jokes about it in top-secret slide decks. In an NSA presentation titled “fourth party opportunities,” the first slide references Daniel Day-Lewis’ “I drink your milkshake” monologue from the 2007 film There Will Be Blood.  Der Spiegel says that a NSA unit traced an attack on the Department of Defence back to China and covertly listen in on future Chinese spying efforts, including one digital infiltration of the United Nations.

GCHQ can exploit “leaky mobile apps” using a tool called “BADASS.” In it, the spy agency walks through its ability to glean personal information from metadata sent between users’ devices and mobile ad networks and analytics firms.

This is data that’s not supposed to contain personally identifiable information. Several slides are titled “Abusing BADASS for Fun and Profit.” One slide boasts: “We know how bad you are at Angry Birds.”

Der Spiegel commented: “It’s absurd: as they are busy spying, the spies are spied on by other spies. In response, they routinely seek to cover their tracks or to lay fake ones instead.”

Spies are putting off writers

spyA survey of writers around the world by the PEN American Centre has found that a significant majority said they were deeply concerned with government surveillance.

Some have said that the spying has meant they have avoided, or have considered avoiding, controversial topics in their work or censored their posts or phone calls.

More than 75 percent of respondents in countries classified as “free,” 84 percent in “partly free” countries, and 80 percent in countries that were “not free” said that they were “very” or “somewhat” worried about government surveillance in their countries.

The survey was conducted anonymously online in Autumn 2014 and yielded 772 responses from fiction and nonfiction writers and related professionals, including translators and editors, in 50 countries.

Smaller numbers said they avoided or considered avoiding writing or speaking on certain subjects, with 34 percent in countries classified as free, 44 percent in partly free countries and 61 percent in not free countries reporting self-censorship. Respondents in similar percentages reported curtailing social media activity, or said they were considering it, because of surveillance.

The executive director of the PEN American Centre, Suzanne Nossel, said that the findings, taken together with those of a 2013 PEN survey of writers in the United States, indicate that mass surveillance is significantly damaging free expression and the free flow of information around the world.

“Writers are the ones who experience encroachments on freedom of expression most acutely, or first,”. Nossel said. “The idea that we are seeing some similar patterns in free countries to those we’ve traditionally associated with unfree countries is pretty distressing.”

The survey added that mass surveillance by the United States government had damaged its reputation as a defender of free expression, with some 36 percent in other “free” countries and 32 percent in “less free” countries saying freedom of expression had less protection in the United States than in their nations.

 

NSA spys on Wikileaks

spyGoogle has told WikiLeaks that on Christmas Eve the Gmail mailboxes and account metadata of a WikiLeaks employee were turned over to law enforcement under a US federal warrant.

WikiLeaks journalist and Courage Foundation acting director Sarah Harrison displayed a redacted copy of the warrant during her presentation on source protection at the Chaos Communications Congress yesterday in Hamburg, Germany.

The warrant was dated for execution by April 5, 2012 by the United States District Court for the Eastern District of Virginia, and it was apparently part of the continuing investigation by the Justice Department into criminal charges against WikiLeaks and its founder Julian Assange.

It is not clear whose e-mail was searched and details were not provided, and Wikileaks is a little er secretive about who works there. According to a statement on the organisation’s website, “Given the high level assassination threats against WikiLeaks staff, we cannot disclose exact details about our team members.”

A Google spokesperson said in a statement: that it did not talk about individual cases to help protect all its users.

When it received a subpoena or court order, Google check to see if it meets both the letter and the spirit of the law before complying. And if it doesn’t, it asks that the request is narrowed.

“We have a track record of advocating on behalf of our users,” a spokesGoogle said.

This is the second time a US warrant has been served at Google for data from someone connected to WikiLeaks. A sealed warrant was served to Google in 2011 for the email of a WikiLeaks volunteer in Iceland. The Justice Department has also previously sought to get metadata from WikiLeaks-connected Twitter accounts, and won a court battle with Twitter three years ago to force it to hand it over.

 

US claims it can kill VPNS with Star Trek

article-2096522-11973640000005DC-278_468x355US spooks claim that they have has VPNs in a “Vulcan death grip” and can “uncloak” any encrypted traffic. 

In a story which appears to have been written by Der Speigels Star Trek nut who was the only one in the office during the holiday break,  the  National Security Agency’s Office of Target Pursuit (OTP) has said that it maintains a team of engineers dedicated to cracking the of virtual private networks (VPNs).

A slide deck [shurely holodeck. Ed] from a presentation by a member of OTP’s VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs.  Der Speigel gleefully pointed out that the tools with names drawn from Star Trek and other bits of popular culture.

In 2010, the NSA had already developed tools to attack the most commonly used VPN encryption schemes: Secure Shell (SSH), Internet Protocol Security (IPSec), and Secure Socket Layer (SSL) encryption.

The NSA has a specific repository for capturing VPN metadata called Toygrippe. The repository stores information on VPN sessions between systems of interest, including their “fingerprints” for specific machines and which VPN services they have connected to, their key exchanges, and other connection data. VPN “fingerprints” can also be extracted from Xkeyscore, the NSA’s distributed “big data” store of all recently captured Internet traffic, to be used in identifying targets and developing an attack.

When an IPSec VPN is identified and “tasked” by NSA analysts, according to the presentation, a “full take” of its traffic is stored in Vulcandeathgrip, a VPN data repository. There are similar, separate repositories for PPTP and SSL VPN traffic dubbed Fourscore and Vulcanmindmeld.

The data is then replayed from the repositories through a set of attack scripts, which use sets of preshared keys (PSKs) harvested from sources such as exploited routers and stored in a key database called CORALREEF. Other attack methods are used to attempt to recover the PSK for each VPN session. If the traffic is of interest, successfully cracked VPNs are then processed by a system called Turtlepower and sorted into the NSA’s Xkeyscore -traffic database, and extracted content is pushed to the Pinwhale “digital network intelligence” content database.

All this can apparently move any Klingons using a technique first seen in the game Star Control II but never actually used on Star Trek.

Snowden taught companies something

Edward_SnowdenAfter years of ignoring warnings from experts, companies and individuals started to take security more seriously after the Snowden leaks, according to a new survey.

More than 39 per cent have taken steps to protect their online privacy and security because of spying revelations by one-time NSA employee Edward Snowden, according to the Centre for International Governance Innovation (CIGI).

The survey found that 43 percent of Internet users now avoid certain websites and applications and 39 percent change their passwords regularly.

The survey reached 23,376 internet users in 24 countries and was conducted between October 7 and November  12.

More than 39  percent of those surveyed indicated they are taking steps to safeguard their online data from government prying eyes.

Writing in his blog, Security specialist Bruce Schneier said that Snowden’s whistleblowing on the NSA is having an enormous impact.

“I ran the actual numbers country by country, combining data on Internet penetration with data from this survey. Multiplying everything out, I calculate that 706 million people have changed their behavior on the Internet because of what the NSA and GCHQ [a British intelligence and security organization] are doing.”

This means that two-thirds of users indicated they are more concerned today about online privacy than they were a year ago. When given a choice of various governance sources to effectively run the world-wide Internet, a majority chose the multi-stakeholder option — a “combined body of technology companies, engineers, non-governmental organizations and institutions that represent the interests and will of ordinary citizens, and governments.”

A majority indicated they would also trust an international body of engineers and technical experts to store their online data, while only 36 percent of users would trust the United States to play an important role in running the Internet.

Nearly three-quarters of the Internet users surveyed indicated they want their online data and personal information to be physically stored on a secure server in their own country.

Those surveyed also indicated that 64 percent are concerned about government censorship of the Internet and 62 percent are worried about government agencies from countries other than the US secretly monitoring their online activities

Another notable finding was that 83 percent of people believe that affordable access to the internet should be a basic human right.

 

US warns of Chinese cyberwar again

HQ of the National Security AgencyThe head of the NSA told politicians at the House of Representatives Intelligence Committee on cyber threats that China could invade and close down vital American computer systems.

Admiral Michael Rogers,who runs the NSA, told the committee that China and one or two other countries could attack power utilities, aviation and financial firms.

China and other countries have the ability to enter these kind of systems and to shut down the networks.

This isn’t the first time the USA has accused China of mounting cyber attacks, but it’s something that the Chinese government resolutely denies.

According to Reuters, a foreign ministry representative said that China absolutely banned cyber hacking and accused the USA of making cyber attacks on it and other nations.

The NSA still harvests phone records in the USA but earlier this week a bill to regulate surveillance failed and the agency will wait until a law is passed before making any major changes in its strategies and tactics.

Russians hacked into White House nets – report

thewhitehouseThe Washington Post claimed that hackers, backed by the Russian government, have penetrated some White House computer nets.

Unnamed  sources insisting on anonymity told the Post that the hacks were into “unclassified” networks and that there’s no evidence that classified computers had been compromised.

A White Office official said that admins noted the activities straight away meaning there was some disruption to web services.

The National Security Agency (NSA), the FBI and the Secret Service have been invoked to assist with inquiries into the hackers.

The Russian government has not, so far, commented on the alleged intrusion. But it’s thought that hackers have targeted computers at NATO, official Ukraine sites, and companies supplying the US defence with kit.

The White House said that people try to hack US computers on a regular basis but the country has a military wing called US Cyber Command which can defend – or attack – intruders.

British spooks can spy without a warrant

james_bond_movie_poster_006British spooks have been using the systems set up by the US National Security Agency to spy on everyone without a warrant.

The agreement between the NSA and GCHQ means that the internet and phone data of Americans is in the hands of the Brits without legal oversight.

The data, once obtained, can be kept for up to two years. GCHQ was forced to reveal that it can request and receive vast quantities of raw, unanalysed data collected from foreign governments it partners with during legal proceedings in a closed court hearing in a case brought by various international human-rights organisations, including Privacy International, Liberty UK, and Amnesty International.

It is well known that the NSA and GCHQ share intelligence data with one another, as part of a long-standing surveillance partnership, but this is the first time the British government has disclosed that it does not require a warrant to access data collected and maintained by its American chums. This flies in the face of statements made by an oversight committee of the British Parliament in July of last year.

At the time, Parliament was told that “in each case where GCHQ sought information from the US, a warrant for interception, signed by a minister, was already in place.”  Clearly GCHQ forgot to mention mass data which it mines for data.

NSA boss had cash stashed in tech companies

KeithAlexanderFormer top spook Keith Alexander, who served as its director from August 2005 until March 2014, had thousands of dollars of investments during his tenure in a handful of technology firms

It seems that he did not think that when he warned the American public that it was at “greater risk” from a terrorist attack in the wake of the Snowden disclosures the companies he was investing in would make more money.

Alexander was very honest about it. Each year he had reported his investments, but he also ticked the checked box next to this statement: “Reported financial interests or affiliations are unrelated to assigned or prospective duties, and no conflicts appear to exist.”

The documents were obtained and published Friday by Vice News as the result of a Freedom of Information Act request and subsequent lawsuit against the NSA brought by Vice News reporter Jason Leopold.

From 2008 through 2013, document that as of 2008, Alexander had as much as $50,000 invested in Synchronoss, a cloud storage firm. Synchronoss provides services to major mobile phone providers, including AT&T, Verizon and others.

He had cash in  Datascension, a “data gathering and research company.” Public trades in the firm were suspended by the Securities and Exchange Commission in August 2014 due to “a lack of current and accurate information” about it.

Pericom, a semiconductor company makes hardware for “DVR solutions for the CCTV security and surveillance markets,” also appears in his portfolio, with investments up to $15,000 appearing as of 2008.

Until 2013 he had money squirreled away in RF Micro Devices, a company that makes “high-performance semiconductor components” for “aerospace and defence markets,” among others. RF Micro Devices has done $10.5 million worth of business with the government, including $9.5 million of the Department of Defence.

Alexander has been a little controversial since leaving the NSA. He founded a company called IronNet Cybersecurity, which offers protection services to banks for up to $1 million per month. This has led some cynics to suggest he is advising companies how to avoid the sort of snooping he set up while working at the NSA.

 

Snowden did not seem too worried about snooping

snowdenThe NSA has poured cold water on the central plank of Edward Snowden’s statements that he was worried about overwhelming government spying and could not make anyone listen.

Snowden said that he had complained to his fellow workers about the snooping programmes but had to take action when no one listened.

The NSA said that it had reviewed all of Edward Snowden’s available emails in addition to interviewing NSA employees and contractors to determine if he had ever raised concerns internally about the agency’s vast surveillance programs.

According to documents the government filed in a federal court last Friday, NSA officials were unable to find any evidence Snowden ever had shared his concerns with anyone.

In a sworn declaration, David Sherman, the NSA’s associate director for policy and records, said the agency launched a “comprehensive” investigation after journalists began to write about top-secret NSA spy programs upon obtaining documents Snowden leaked to them.

The investigation included searches of any records where emails Snowden sent raising concerns about NSA programs “would be expected to be found within the agency.”

Sherman said the NSA searched sent, received, and deleted emails from Snowden’s account and emails “obtained by restoring back-up tapes.”

Still, the agency says it did not find any evidence that Snowden attempted to address his concerns internally — as he has said he did — before leaking the documents.

This is problematic for Snowden’s supporters because VICE News filed a case against the NSA earlier this year seeking copies of emails in which Snowden raised concerns about spy programs he believed were unconstitutional.

However if he did not then some of Snowden’s reputation as a whistleblower suffers. If Snowden was really concerned about the antics of the NSA he never even mentioned his concerns to his colleagues.   Of course that might mean that he simply did not want to end up unemployed, or given a nice walk around a German forest somewhere, but it could also mean that he was not concerned about snooping.

Of course, there is the small matter if you believe the spooks, whose reputation for truth is about on a par with Robert Maxwell’s.

So far, the NSA has found a single email Snowden sent to the NSA’s general counsel in April 2013 in which he raised a question about NSA legal authorities in training materials.

That email poses a question about the relative authority of laws and executive orders — it does not register concerns about NSA’s intelligence activities.

 

NSA recruits cyberbots

TerminatorWhistleblower Edward Snowden claims that the NSA is building a cyberbot which could wage an automatic cyber-war without needing humans.

Snowden said that the agency is developing a cyber defence system that would instantly and autonomously neutralise foreign cyberattacks against the US, and could be used to launch retaliatory strikes.

Dubbed MonsterMind, the project makes it clear that US spooks do not read enough science fiction and have no real idea about what could possibly go wrong.

Snowden told Wired  that the system involves algorithms which would scour massive repositories of metadata and analyse it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat.

Apparently, it is not exactly rocket science. If the NSA knows how a malicious algorithm generates certain attacks, this activity may produce patterns of metadata that can be spotted.

However it is a little like a digital version of the Star Wars initiative President Reagan proposed in the 1980s in that it would probably cost a bomb and never actually do what it says it will.

To make matters worse, Snowden suggests MonsterMind could one day be designed to return fire—automatically, without human intervention—against the attacker. However, whatever way it does this, it could break the internet and there will almost certainly be collateral damage.

For example if the hacker operated through a proxy in a third party country, MonsterMind would cheerfully destroy computers in that country. Microsoft has experience of the effects of following such a policy, when it attempted to take out two botnets it disabled thousands of domains that had nothing to do with the malicious activity Microsoft was trying to stop.

Spotting malicious attacks in the manner Snowden describes would, he says, require the NSA to collect and analyze all network traffic flows in order to design an algorithm that distinguishes normal traffic flow from anomalous, malicious traffic.

This would mean that the NSA would have to be intercepting all traffic flows and violating the Fourth Amendment.

It would also require sensors placed on the internet backbone to detect anomalous activity.