Tag: spy

NSA spys on Wikileaks

spyGoogle has told WikiLeaks that on Christmas Eve the Gmail mailboxes and account metadata of a WikiLeaks employee were turned over to law enforcement under a US federal warrant.

WikiLeaks journalist and Courage Foundation acting director Sarah Harrison displayed a redacted copy of the warrant during her presentation on source protection at the Chaos Communications Congress yesterday in Hamburg, Germany.

The warrant was dated for execution by April 5, 2012 by the United States District Court for the Eastern District of Virginia, and it was apparently part of the continuing investigation by the Justice Department into criminal charges against WikiLeaks and its founder Julian Assange.

It is not clear whose e-mail was searched and details were not provided, and Wikileaks is a little er secretive about who works there. According to a statement on the organisation’s website, “Given the high level assassination threats against WikiLeaks staff, we cannot disclose exact details about our team members.”

A Google spokesperson said in a statement: that it did not talk about individual cases to help protect all its users.

When it received a subpoena or court order, Google check to see if it meets both the letter and the spirit of the law before complying. And if it doesn’t, it asks that the request is narrowed.

“We have a track record of advocating on behalf of our users,” a spokesGoogle said.

This is the second time a US warrant has been served at Google for data from someone connected to WikiLeaks. A sealed warrant was served to Google in 2011 for the email of a WikiLeaks volunteer in Iceland. The Justice Department has also previously sought to get metadata from WikiLeaks-connected Twitter accounts, and won a court battle with Twitter three years ago to force it to hand it over.

 

US claims it can kill VPNS with Star Trek

article-2096522-11973640000005DC-278_468x355US spooks claim that they have has VPNs in a “Vulcan death grip” and can “uncloak” any encrypted traffic. 

In a story which appears to have been written by Der Speigels Star Trek nut who was the only one in the office during the holiday break,  the  National Security Agency’s Office of Target Pursuit (OTP) has said that it maintains a team of engineers dedicated to cracking the of virtual private networks (VPNs).

A slide deck [shurely holodeck. Ed] from a presentation by a member of OTP’s VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs.  Der Speigel gleefully pointed out that the tools with names drawn from Star Trek and other bits of popular culture.

In 2010, the NSA had already developed tools to attack the most commonly used VPN encryption schemes: Secure Shell (SSH), Internet Protocol Security (IPSec), and Secure Socket Layer (SSL) encryption.

The NSA has a specific repository for capturing VPN metadata called Toygrippe. The repository stores information on VPN sessions between systems of interest, including their “fingerprints” for specific machines and which VPN services they have connected to, their key exchanges, and other connection data. VPN “fingerprints” can also be extracted from Xkeyscore, the NSA’s distributed “big data” store of all recently captured Internet traffic, to be used in identifying targets and developing an attack.

When an IPSec VPN is identified and “tasked” by NSA analysts, according to the presentation, a “full take” of its traffic is stored in Vulcandeathgrip, a VPN data repository. There are similar, separate repositories for PPTP and SSL VPN traffic dubbed Fourscore and Vulcanmindmeld.

The data is then replayed from the repositories through a set of attack scripts, which use sets of preshared keys (PSKs) harvested from sources such as exploited routers and stored in a key database called CORALREEF. Other attack methods are used to attempt to recover the PSK for each VPN session. If the traffic is of interest, successfully cracked VPNs are then processed by a system called Turtlepower and sorted into the NSA’s Xkeyscore -traffic database, and extracted content is pushed to the Pinwhale “digital network intelligence” content database.

All this can apparently move any Klingons using a technique first seen in the game Star Control II but never actually used on Star Trek.

Internet spying proves useless to GCHQ

dn_dr_no_foto_sean_connery_james_bond_les_ambassadeurs_morland_cigarette_AA_01_01aFor all the internet spying that GCHQ has been doing, it does not appear to be helping it in its primary job of tracking down serious criminals and terrorists.

According to the Daily Telegraph, GCHQ has lost track of some of the most dangerous crime lords and has had to abort surveillance on others.

The spooks are blaming the fact that  Edward Snowden revealed their tactics, although, they pretty much would say that that anyway.

One major drug smuggling gang has been able to continue flooding the UK with Class A narcotics unimpeded for the last year after changing their operations, moaned the spooks.

More intense tracking of others has either been abandoned or not started because of fears the tactics are now too easy to spot and will force the criminals to “go dark” and be lost sight of completely.

They have also been stuffed up because telecoms companies are no longer grassing up customers and are refusing to hand over evidence on the likes of drug smugglers or fraudsters because they do not pose a “direct threat to life”.

“We have specific evidence of where key targets have changed their communication behaviour as a direct result of what they have read.

Apparently gangs have moved to more secure forms of communication or moved entirely on to the dark web where it is far harder to track them. However GCHQ seems to want people to believe that serious criminals were not using the dark web before Snowden and that James Bond can only get into Internet places which can be searched by Google.

All that major drug smuggling network did to make it become invisible is to change a few lines of code in its web-pages which stopped its actions being seen by search engines.

Intelligence officers are now electing not to order deeper surveillance on targets, in the hope of gaining sufficient evidence to prosecute them, because they fear it could alert them to the fact they are being watched.

Of course GCHQ’s answer to the problem is to bring in even more internet spying because that worked so well before.

Adobe spies on Epub users

indians-010aAdobe has been spying on users  of Digital Editions 4, the newest version of its Epub app.

For some reason Adobe’s Epub app, seemed to be sending an lot of data to Adobe’s servers and hacker mates of the Digital Reader  have confirmed that Adobe is tracking users in the app and uploading the data to their servers.

Benjamin Daniel Mussler, the security researcher who found the security hole on Amazon.com, has also confirmed it to be true.

Adobe is gathering data on the ebooks that have been opened, which pages users read, and in what order. However, it gets worse. All of the data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text to allow any spook, Chinese hacker, private eye, to hack into the stream and read it.

Just when you think Adobe could not be dumber, the outfit is not just tracking what users are doing in its own app; it is also scanning your computer and gathering the metadata from all of the ebooks sitting on your hard drive too. Once it has read every ebook it uploads that data to Adobe’s servers too.

Nate Hoffelder  the hack who found the breach described it as a “privacy and security breach so big that [he is] still trying to wrap my head around the technical aspects, much less the legal aspects.”

To be fair this kind of mistake is common as lots have been caught sending data in clear text, and others have been caught scraping data without permission. LG was caught in a very similar privacy violation last November when one of their Smart TVs was shown to be uploading metadata from a user’s private files to LG’s servers in clear text.

It is probably not deliberate, just what security experts technically call “bloody stupid”.

The  software has violated so many privacy laws in the US, goodness knows how many it will have broken in a civilised country like Germany where privacy is taken more seriously. The Frankfurt Book Fair is coming up later this week. Adobe will be exhibiting at the trade show so we guess that the Germans will be interrogating a few executive – that ways to make you talk, apparently.

 

Backdoors save children, claims US

back doorUS Attorney General Eric Holder has backed police who fear that a client-side encryption in consumer devices will make their job difficult.

But Holder has a novel argument for this gross invasion of privacy – he is trying to convince people that it will save childrens’  lives.

Speaking before the Global Alliance Against Child Sexual Abuse Online, Holder insisted that it was possible to permit law enforcement to do its job while still adequately protecting personal privacy.

However, rapid access to customers’ phone data can help law enforcement to protect victims and combat the activities of sexual predators and kidnappers.

Holder’s comments have been prompted by security features which encrypt the data on the device based on a cipher derived from the personal security passcode that the owner generates.

His view appears to be that the American people will suffer any atrocity provided a child is able to grow up until they reach an age where they can lose all their privacy.

Police are increasingly worried that they will no longer be able to depend on desk-bound, net-based investigation and might have to get out onto the streets again.

 

US confirms Chinese government behind hacks

1220aA US Senate panel has ruled that hackers associated with the Chinese government have repeatedly infiltrated the computer systems of US airlines, technology companies and other contractors involved in the movement of US troops and military equipment.

The Senate Armed Services Committee’s year-long probe found the military’s US Transportation Command, or Transcom, was aware of only two out of at 20 such cyber intrusions within a single year.

It found gaps in reporting requirements and a lack of information sharing among US government bodies which left the US military oblivious to the computer compromises of its contractors.

Democratic Senator Carl Levin of Michigan, the committee’s chairman was keen to focus on the Chinese hackers rather that the big defence industry’s cock-ups.

He said that the peacetime intrusions into the networks of key defence contractors are more evidence of China’s aggressive actions in cyberspace.

But cybersecurity expert Dmitri Alperovitch, chief technology officer with the security firm Crowdstrike, said that China had for years shown a keen interest in the logistical patterns of the U.S. military.

While its military uses secret or top-secret networks that are not on the Internet, but the US private companies hired by the US do not.

In the year beginning June 1, 2012, there were about 50 intrusions or other cyber events into the computer networks of Transcom contractors, the 52-page report stated.

At least 20 of those were successful intrusions attributed to an “advanced persistent threat,” a term used to designate sophisticated threats commonly associated with attacks against governments. All of those intrusions were attributed to China.

Senator Jim Inhofe of Oklahoma, the committee’s top Republican, called for a “central clearinghouse” that makes it easy for contractors to report suspicious cyber activity.

 

Snowden did not seem too worried about snooping

snowdenThe NSA has poured cold water on the central plank of Edward Snowden’s statements that he was worried about overwhelming government spying and could not make anyone listen.

Snowden said that he had complained to his fellow workers about the snooping programmes but had to take action when no one listened.

The NSA said that it had reviewed all of Edward Snowden’s available emails in addition to interviewing NSA employees and contractors to determine if he had ever raised concerns internally about the agency’s vast surveillance programs.

According to documents the government filed in a federal court last Friday, NSA officials were unable to find any evidence Snowden ever had shared his concerns with anyone.

In a sworn declaration, David Sherman, the NSA’s associate director for policy and records, said the agency launched a “comprehensive” investigation after journalists began to write about top-secret NSA spy programs upon obtaining documents Snowden leaked to them.

The investigation included searches of any records where emails Snowden sent raising concerns about NSA programs “would be expected to be found within the agency.”

Sherman said the NSA searched sent, received, and deleted emails from Snowden’s account and emails “obtained by restoring back-up tapes.”

Still, the agency says it did not find any evidence that Snowden attempted to address his concerns internally — as he has said he did — before leaking the documents.

This is problematic for Snowden’s supporters because VICE News filed a case against the NSA earlier this year seeking copies of emails in which Snowden raised concerns about spy programs he believed were unconstitutional.

However if he did not then some of Snowden’s reputation as a whistleblower suffers. If Snowden was really concerned about the antics of the NSA he never even mentioned his concerns to his colleagues.   Of course that might mean that he simply did not want to end up unemployed, or given a nice walk around a German forest somewhere, but it could also mean that he was not concerned about snooping.

Of course, there is the small matter if you believe the spooks, whose reputation for truth is about on a par with Robert Maxwell’s.

So far, the NSA has found a single email Snowden sent to the NSA’s general counsel in April 2013 in which he raised a question about NSA legal authorities in training materials.

That email poses a question about the relative authority of laws and executive orders — it does not register concerns about NSA’s intelligence activities.

 

Anonymous takes the Nintendo

urinalsNever mind pouring buckets of ice on your head, a group of Anonymous protestors have been literally taking the wee when it comes to complaining about British spying.

A video has been posted online that appears to show activists from the We Are Anonymous group drinking their own urine in protest at GCHQ.

The police refused to accept a potty full of urine on behalf of GCHQ so activists ceremoniously drank it.

People taking part in the four-day-long peaceful protest were warned by the long arm of the law that they were not allowed to take snaps of GCHQ spies as they popped inside for a meeting with Moneypenny and M.

Activists who are angry at reports that GCHQ and its American sister agency NSA have developed large programmes of mass surveillance of phone and internet traffic, organised the protest over the weekend.

Gloucestershire Police told protesters that there was a small matter of legality standing in the way of them snapping pictures of staff based at Cheltenham.

Other than the potty protest, the rest of the weekend was a bit of a damp squib. The protest got off to a slow start yesterday with confusion over when the protests would take place and only a handful of people turned up.

 

IBM gets thumbs up for Lenovo sale

thumbs-up-or-downUS regulators have approved the sale of IBM’s server business to the Chinese outfit, Lenovo.

There had been fears that the deal would be put on ice because the US is currently going through a McCarthy era paranoia over all things Chinese. The NSA was scared that the Chinese would start installing backdoors into their servers, probably because that is just the sort of thing that they would do.

IBM has already divested $16 billion in annual revenue over the past decade from low-margin businesses like personal computers and printers.

However, despite the fact that there was some concern about the deal by the Committee on Foreign Investment agreed that it was probably safe.

Lenovo has been through the secretive CFIUS process three times before and has won approval each time. In this case, it is believed that it argued that all the top-secret server operations would remain under the control of IBM.

CFIUS, an interagency group chaired by the Treasury Secretary, reviews deals that could bring U.S. businesses under foreign ownership and is required by law to assess any transaction involving a state-owned firm.

Lenovo said in a statement that it remains on track to close the IBM server deal by the end of the year.

In fact the deal is more likely to help Lenovo sell its gear in China and the company is less concerned about its US sales. Lenovo has many contacts to sell goods to Chinese companies and Beijing is trying to localize its IT purchases in the wake of revelations about US spying.

NSA makes many become one

shoe phoneBoffins at Carnegie Mellon University, sponsored by the US’s number one spying outfit, has come up with a programming Esperanto which unites all different programming languages under a single umbrella.

Any excitement about the development is that since it is funded by the NSA it will be full of backdoors which can harvest personal details on behalf of the US government, but you can still admire the technology.

Dubbed Wyvern which was a mythical dragon-like thing that only has two legs instead of four it helps programmers design apps and websites without having to rely on a whole bunch of different stylesheets and different amalgamations spread across different files.

Jonathan Aldrich, the researcher developing the language, wrote in his blog that Web applications are written as a poorly-coordinated mishmash of artifacts written in different languages, file formats, and technologies. For example, a web application may consist of JavaScript code on the client, HTML for structure, CSS for presentation, XML for AJAX-style communication, and a mixture of Java, plain text configuration files, and database software on the server.

“This diversity increases the cost of developers learning these technologies. It also means that ensuring system-wide safety and security properties in this setting is difficult, he said.

This creates security problems, which was why the NSA was interested. After all it has protect its own systems from hackers.

Wyvern can automatically tell what language a person is programming in, based solely on the type of data that’s being manipulated. That means that if the language detects you are editing a database, for instance, it’ll automatically assume you’re using SQL. The language is still a prototype and is all open saucy

US spooks in Snowden panic

spyUS spooks have uncovered what they think is another Edward Snowden who has been secretly leaking classified info to the great unwashed.

The Secret Service is thinking of asking the US Department of Justice to open a criminal investigation into the suspected leak of a classified counter-terrorism document to a news website.

A document which was published in The Intercept provides a statistical breakdown of the types of people whose names and personal information appear on two government data networks listing people with supposed connections to militants.

The Intercept is co-founded by Grenn Greenwald, the reporter who worked with Edward Snowden but the document was dated August 2013, after Snowden left the US.

Since Snowden is not thought to have had access to US networks after May, officials to suspect the drop may have come from a second leaker.

The document talked about the Terrorist Identities Datamart Environment database (TIDE) and the Terrorist Screening Database.

It said 680,000 names were “watchlisted” in the Terrorist Screening Database, an unclassified data network which is used to draw up more selective government watchlists.

The file also showed that 280,000 of the 680,000 people are described by the government as having “no recognised terrorist group affiliation.”

More lists include a “no fly” list totalling 47,000 people who are supposed to be banned from air travel, and a further “selectee list” of 16,000 people who are supposed to get extra screening.

The screening database is taken from TIDE, a larger, ultra-classified database which contains 320,000 more names.

This is not the first time the Intercept has a big scoop that has put the fear of god into the spooks. It has also published a lengthy document setting out the criteria and procedures by which names are placed into terrorist watchlist databases.

Dutch can outsource spying

dutch-childrenThe Dutch courts have ruled that while the government is forbidden to snoop on its citizens over the internet, it is allowed to use data stolen from them by the American spooks.

The Hague District Court Dutch ruled that intelligence services can receive bulk data that might have been obtained by the US National Security Agency (NSA) through mass data interception programs, even though collecting data that way is illegal under Dutch law.

A civil case filed by a coalition of defence lawyers, privacy advocates and journalists who sued the Dutch government wanted a court order to stop the AIVD and MIVD from obtaining data from foreign intelligence agencies that was not obtained in accordance with European and Dutch law.

NSA’s mass data collection programs violate human rights guaranteed by international and European treaties including the European Convention on Human Rights (ECHR), the lawyers argued.

However, the court said that under Dutch law, Dutch intelligence services are allowed to collaborate with the NSA. The NSA in turn is bound by US law which, in general, does not conflict with the human rights convention privacy requirements.

Since raw data is shared in bulk, less stringent safeguards are necessary than would apply when the data is examined and used, the court said. It added that there would be a big difference between receiving data and using it for individual cases.

The court said it only ruled on general grounds, assessing the actions of the state in general. It suggested the outcome could be different when individual lawsuits or complaints were filed with the relevant institutions.

The lawyers bringing the case were furious and dubbed it “incomprehensible.”

In a statement, they said that innocent citizens’ privacy rights should prevail over the interests of intelligence services. Because the data exchanged in bulk involves information on many innocent people, safeguards that are more stringent are needed.

They plan to appeal the ruling.

The internet belong US

pressieThe US government has ruled that if data is on the internet, anywhere in the world, it has to be turned over to one of its spying organisations for processing.

President Barack Obama’s administration is insisting that that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas.

This means that anyone who uses an iPhone anywhere in the world will see their data inside a US government database.

Microsoft and Apple insist that enforcement of US law stops at the border, but the government seems to think that it rules the world.

A magistrate judge has already sided with the government’s position, ruling in April that “the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.”

Microsoft appealed   and the case is set to be heard in two weeks.

The US government said that content stored online is not protected by Fourth Amendment protections as data stored in the physical world. It quoted a law put out by President Ronald Reagan called the  Stored Communications Act (SCA).  This said that overseas records must be handed over domestically when a valid subpoena, order, or warrant forces them. No one thought that the SCA stuffed up the Fourth Amendment so there is no need to change the laws.

However Microsoft said Congress has not authorised the issuance of warrants that reach outside US territory. It points out that the government cannot issue a warrant allowing federal agents to break down the doors of Microsoft’s Dublin facility.

Microsoft said that consumer trust in US companies is low in the wake of the Edward Snowden revelations and the government will make overseas operations impossible.

It has the backing of Apple, AT&T, Cisco, and Verizon agree. Verizon said if the government wins, it would produce “dramatic conflict with foreign data protection laws.” Apple and Cisco said (PDF) that the tech sector would be blacklisted by foreign governments.

Recently the senior counsel for the Irish Supreme Court wrote in a recent filing that a US-Ireland “Mutual Legal Assistance Treaty” was a way for the US government to obtain the e-mail held on Microsoft’s external servers.

 

GCHQ uses internet as a toy

chamberThe British spy agency GCHQ has developed tools to seed the internet with false information.

According to security writer Glenn Greenwald  the British spooks have the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplify” sanctioned messages on YouTube, and censor video content judged to be “extremist.”

GCHQ’s capabilities were found amongst documents provided by NSA whistleblower Edward Snowden.  The British even use a trick to connect two unsuspecting phone users together in a call.

The software tools were built by backroom boffins working for GCHQ’s Joint Threat Research Intelligence Group (JTRIG). It appears to be a clear indication that the British are using  propaganda and internet deception. We have seen already the use of “fake victim blog posts,” “false flag operations,” “honey traps” and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.

However the GCHQ document called “JTRIG Tools and Techniques” https://firstlook.org/theintercept/document/2014/07/14/jtrig-tools-techniques/ shows just what sort of skulduggery the British are up to online.

According to Greenwald, the document us designed to notify other GCHQ units of JTRIG’s “weaponised capability” when it comes to the dark internet arts, and “serves as a sort of hacker’s buffet for wreaking online havoc”.

Samsung pushing into Blackberry’s security territory

shoe phoneSamsung is managing to take over Blackberry’s mobile customers by promising them a layer of security to the standard Android.

Blackberry was always able to target business customers and government contracts because of its encrypted network system.

However it is starting to look like that is coming unstuck. Samsung is close to signing deals for its devices with the FBI and the US Navy, which have been traditional Blackberry customers.

Blackberry’s offerings have been looking somewhat out of date in comparison to the Android phones out there, however Blackberry has been able to claim that it was much more secure than anything else on the market.

That is where Samsung’s  KNOX slots into the market.  Samsung is touting it as a “comprehensive enterprise mobile solution” . KNOX addresses the mobile security needs of enterprise IT without invading the privacy of its employees.

In addition Samsung has hired executives away from BlackBerry, creating an enterprise-focused division within the company, and collaborating with third-party software firms.

Getting high profile contracts is an import step.  In the US Samsung also appears to be doing well, winning corporate customers from companies like American Airlines.