Search the Community
Showing results for tags 'surveillance'.
Found 7 results
China's repeated hacking of the Internet Border Gateway Protocol (BGP): "China's Maxim Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking." Merge lecturata impreuna cu citeva articole mai vechi, Repeated attacks hijack huge chunks of Internet traffic, researchers warn , The New Threat: Targeted Internet Traffic Misdirection , The Emergence Of A Theme , Surveillance without Borders: The “Traffic Shaping” Loophole and Why It Matters si arhiva Snowden, tehnica folosita in Yemen.
New Snowden documents reveal secret memos expanding spying
socket posted a topic in Stiri securitateWithout public notice or debate, the Obama administration has expanded the National Security Agency's warrantless surveillance of Americans' international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents. In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad—including traffic that flows to suspicious Internet addresses or contains malware, the documents show. The Justice Department allowed the agency to monitor only addresses and "cybersignatures"—patterns associated with computer intrusions—that it could tie to foreign governments. But the documents also note that the NSA sought to target hackers even when it could not establish any links to foreign powers. The disclosures, based on documents provided by Edward J. Snowden, the former NSA contractor, and shared with the New York Times and ProPublica, come at a time of unprecedented cyberattacks on American financial institutions, businesses, and government agencies, but also of greater scrutiny of secret legal justifications for broader government surveillance. While the Senate passed legislation this week limiting some of the NSA's authority, it involved provisions in the USA Patriot Act and did not apply to the warrantless wiretapping program. Government officials defended the NSA's monitoring of suspected hackers as necessary to shield Americans from the increasingly aggressive activities of foreign governments. But critics say it raises difficult trade-offs that should be subject to public debate. The NSA's activities run "smack into law enforcement land," said Jonathan Mayer, a cybersecurity scholar at Stanford Law School who has researched privacy issues and who reviewed several of the documents. "That's a major policy decision about how to structure cybersecurity in the US and not a conversation that has been had in public." It is not clear what standards the agency is using to select targets. It can be hard to know for sure who is behind a particular intrusion—a foreign government or a criminal gang—and the NSA is supposed to focus on foreign intelligence, not law enforcement. The government can also gather significant volumes of Americans' information—anything from private e-mails to trade secrets and business dealings—through Internet surveillance because monitoring the data flowing to a hacker involves copying that information as the hacker steals it. One internal NSA document notes that agency surveillance activities through "hacker signatures pull in a lot." Brian Hale, the spokesman for the Office of the Director of National Intelligence, said, "It should come as no surprise that the US government gathers intelligence on foreign powers that attempt to penetrate US networks and steal the private information of US citizens and companies." He added that "targeting overseas individuals engaging in hostile cyberactivities on behalf of a foreign power is a lawful foreign intelligence purpose." The effort is the latest known expansion of the NSA's warrantless surveillance program, which allows the government to intercept Americans' cross-border communications if the target is a foreigner abroad. While the NSA has long searched for specific e-mail addresses and phone numbers of foreign intelligence targets, the Obama administration three years ago started allowing the agency to search its communications streams for less-identifying Internet protocol addresses or strings of harmful computer code. The surveillance activity traces to changes that began after the Sept. 11 terrorist attacks. The government tore down a so-called wall that prevented intelligence and criminal investigators from sharing information about suspected spies and terrorists. The barrier had been erected to protect Americans' rights because intelligence investigations use lower legal standards than criminal inquiries, but policy makers decided it was too much of an obstacle to terrorism investigations. The NSA also started the warrantless wiretapping program, which caused an outcry when it was disclosed in 2005. In 2008, under the FISA Amendments Act, Congress legalized the surveillance program so long as the agency targeted only noncitizens abroad. A year later, the new Obama administration began crafting a new cybersecurity policy—including weighing whether the Internet had made the distinction between a spy and a criminal obsolete. "Reliance on legal authorities that make theoretical distinctions between armed attacks, terrorism and criminal activity may prove impractical," the White House National Security Council wrote in a classified annex to a policy report in May 2009, which was included in the NSA's internal files. About that time, the documents show, the NSA—whose mission includes protecting military and intelligence networks against intruders—proposed using the warrantless surveillance program for cybersecurity purposes. The agency received "guidance on targeting using the signatures" from the Foreign Intelligence Surveillance Court, according to an internal newsletter. In May and July 2012, according to an internal timeline, the Justice Department granted its secret approval for the searches of cybersignatures and Internet addresses. The Justice Department tied that authority to a pre-existing approval by the secret surveillance court permitting the government to use the program to monitor foreign governments. That limit meant the NSA had to have some evidence for believing that the hackers were working for a specific foreign power. That rule, the NSA soon complained, left a "huge collection gap against cyberthreats to the nation" because it is often hard to know exactly who is behind an intrusion, according to an agency newsletter. Different computer intruders can use the same piece of malware, take steps to hide their location, or pretend to be someone else. So the NSA, in 2012, began pressing to go back to the surveillance court and seek permission to use the program explicitly for cybersecurity purposes. That way, it could monitor international communications for any "malicious cyberactivity," even if it did not yet know who was behind the attack. The newsletter described the further expansion as one of "highest priorities" of the NSA director, Gen. Keith B. Alexander. However, a former senior intelligence official said that the government never asked the court to grant that authority. Meanwhile, the FBI in 2011 had obtained a new kind of wiretap order from the secret surveillance court for cybersecurity investigations, permitting it to target Internet data flowing to or from specific Internet addresses linked to certain governments. To carry out the orders, the FBI negotiated in 2012 to use the NSA's system for monitoring Internet traffic crossing "chokepoints operated by US providers through which international communications enter and leave the United States," according to a 2012 NSA document. The NSA would send the intercepted traffic to the bureau's "cyberdata repository" in Quantico, Virginia. The disclosure that the NSA and the FBI have expanded their cybersurveillance adds a dimension to a recurring debate over the post-Sept. 11 expansion of government spying powers: Information about Americans sometimes gets swept up incidentally when foreigners are targeted, and prosecutors can use that information in criminal cases. Citing the potential for a copy of data "exfiltrated" by a hacker to contain "so much" information about Americans, one NSA lawyer suggested keeping the stolen data out of the agency's regular repository for information collected by surveillance so that analysts working on unrelated issues could not query it, a 2010 training document showed. But it is not clear whether the agency or the FBI has imposed any additional limits on the data of hacking victims. In a response to questions for this article, the FBI pointed to its existing procedures for protecting victims' data acquired during investigations but also said it continually reviewed its policies "to adapt to these changing threats while protecting civil liberties and the interests of victims of cybercrimes." None of these actions or proposals had been disclosed to the public. As recently as February, when President Obama spoke about cybersecurity at an event at Stanford University, he lauded the importance of transparency but did not mention this change. "The technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical and we have to be able to have an open debate about it," Obama said. source
Some 30 percent of American adults say they have altered their digital behavior in the wake of Edward Snowden’s NSA spying revelations in order to hide information from the government. In Spring 2013, Snowden, a then NSA contractor working for Booz Allen Hamilton, remotely accessed the NSA’s Ft. Meade networks from a satellite office on Hawaii and stole a massive trove of secret documents detailing the U.S. signals intelligence agency’s extensive surveillance capabilities and spying operations. Nearly two years after the initial release, Snowden, now exiled in Russia, is still publishing new revelatory documents about the NSA and its partner’s activities. The Pew Research Center conducted a survey, seeking to determine the extent to which these revelations have changed the way people communicate and behave online as well as people’s approval of and opinions about surveillance. In all, 87 percent of respondents were aware of the NSA’s spying operations to some extent. Among those, 34 percent had actively changed their online behavior. That group accounted for 30 percent of the entire research sample, which consisted of 475 randomly selected adults. In nearly every scenario tested, younger adults were more likely to have disapproved of spying and made changes in light of the revelations. Men were more likely to have heard more about surveillance than woman and college graduates more likely than people with only a high school diploma or less. In general, the more informed the respondent was about government surveillance, the more likely that person was to either disapprove of spying or change online behavior because of it. Specifically, 17 percent of respondents changed the privacy settings on their social media accounts, 15 percent reported to use social media less often, 15 percent said they’ve avoided certain mobile applications and 13 percent have uninstalled apps. In addition, 14 percent claimed they speak more in person instead of communicating online or via phone and 13 percent have avoided using certain terms in online communications. Anecdotally, many respondents reported self-censoring themselves online to avoid communicating about or searching for information that could be deemed threatening, even when such searches were merely out of curiosity and such conversations were in jest. Numerically speaking, 18 percent claim to have changed the way they send emails, 17 percent reported changes in search behavior, 15 percent said they changed social networking tendencies and 15 percent say they are using their cell phones differently. A quarter of those who were aware of NSA surveillance reported having deployed more complicated passwords as a result. More than half of those surveyed, 57 percent to be exact, say it is “unacceptable” for the government to monitor the communications of U.S. citizens. Not surprisingly if you’ve been following the revelations, Americans are comfortable with their government targeting foreigners for surveillance, but not themselves. However, most respondents said they are losing confidence that the public interest is being served by surveillance programs. The public is evenly split about the capacity of the judicial system to balance privacy rights with intelligence needs. Specifically, 82 percent believe it is acceptable to monitor communications of suspected terrorists, 60 percent believe it is acceptable to monitor the communications of American leaders, another 60 percent think it is okay to monitor the communications of foreign leaders, 54 percent say it is acceptable to monitor communications from foreign citizens and only 40 percent fell it is okay for the government to monitor ordinary U.S. citizens. Respondents were more accepting of surveillance when they were asked about its use in specific scenarios such as monitoring people who have visited sites containing child pornography or anti-American sentiments, those who had communicated with”an imam who preached against infidels,” those who used search engines to research weapons and explosives, made unusual banking withdrawals, used encryption to hide files and people who follow others on social media who say hateful things about American leaders. Just 10 percent of respondents say they have used an alternative search engine that does not track search history. Only five percent have added privacy-enhancing browser plug-ins. Four percent have adopted mobile encryption for calls and text messages, three percent have used proxy servers can help them avoid surveillance, two percent have adopted email encryption programs such as Pretty Good Privacy (PGP), two percent have used anonymity software such as Tor and only one percent have used locally-networked communications such as FireChat. These low adoption rates may well relate to another finding stating that more than half of respondents believe it would be too difficult to increase their security and privacy online. 53 percent have not adopted or considered using a search engine that doesn’t keep track of a user’s search history and another 13 percent said they don’t even know about these tools. 46 percent have not adopted or considered using email encryption programs and another 31 percent said they didn’t know such things existed. 43 percent have not adopted or considered adding privacy-enhancing browser plug-ins while 31 percent did not know about these plug-ins. 41 percent haven’t adopted or considered using proxies with an additional 33 percent having no awareness of them. And 40 percent have not adopted or considered using anonymity software such as Tor while another 39 percent don’t even know about Tor. Source
Apple, Microsoft, Facebook, Google, Yahoo! – and many, many others – have appealed to American politicians and g-men to rein in mass digital surveillance this May, and bring the intelligence community under some kind of effective oversight. "It has been nearly two years since the first news stories revealed the scope of the United States’ surveillance and bulk collection activities," the group wrote in an open letter to President Obama, congressional leaders, and the heads of the NSA and US Department of Justice. "Now is the time to take on meaningful legislative reforms to the nation’s surveillance programs that maintain national security while preserving privacy, transparency, and accountability." And, presumably, prevent future annoying headlines like this and this appearing on the web. The tech goliaths are members of the Reform Government Surveillance coalition, along with pro-privacy and civil-rights warriors. The group has been piling on the pressure over global spying, which they say hurts their business. In their latest open letter, the gang call for reform of the USA PATRIOT Act, which is up for renewal shortly. On May 31 this year, Section 215 of the act (or to give it its full and faintly ridiculous name, the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act) expires. Section 215 is the part of the anti-terror law that the NSA uses to justify snooping on everyone's phone metadata. The group is pressing that the section be allowed to expire on June 1 without being reauthorized. Section 214, which covers pen registers and trap and trace devices, will also expire on that date. The group says that if they are renewed, proper oversight is needed by an independent third party. With the sections of the Patriot Act coming up for renewal, there's an increasing amount of pressure to curb the blanket spying revealed by whistleblower Edward Snowden. Earlier this week, a bipartisan bill was introduced into the US House of Representatives to abolish the PATRIOT Act altogether, but El Reg suspects Satan will go to work on a snowplow before it passes. Source
Tech Companies, Privacy Advocates Call for NSA Reform
Aerosol posted a topic in Stiri securitateA group of technology companies, non-profits and privacy and human rights organizations have sent a letter to President Barack Obama, the director of national intelligence and a wide range of Congressional leaders, calling for an end to the bulk collection of phone metadata under Section 215 of the USA PATRIOT Act. The letter, sent by dozens of organizations and companies, comes at a time when legislators in the United States are considering a new bill that would repeal the Patriot Act altogether. That measure likely will face stiff opposition in the House of Representatives, but less-sweeping reforms may be on the table as well. In the letter, representatives from the EFF, CloudFlare, Silent Circle, the ACLU, Mozilla, Human Rights Watch and many other organizations say that whatever form the changes take, Section 215 collection needs to end once and for all. “There must be a clear, strong, and effective end to bulk collection practices under the USA PATRIOT Act, including under the Section 215 records authority and the Section 214 authority regarding pen registers and trap & trace devices. Any collection that does occur under those authorities should have appropriate safeguards in place to protect privacy and users’ rights,” the letter says. The legal authority for the National Security Agency’s bulk collection of telephone metadata derives from Section 215 of the Patriot Act, and that section is due to expire on June 1. Lawmakers are considering a variety of possible reforms to the authority, but many in the security, technology and privacy communities have been advocating for the elimination of that authority altogether. In 2014, President Obama released a plan that would change the bulk collection under Section 215 and would keep all of the records with the telecom providers. The government would then need to get orders from the Foreign Intelligence Surveillance Court in order to access specific records. In addition to calling for an end to the Section 215 bulk collection, the organizations that sent the new letter to Obama and lawmakers said that any bill must “contain transparency and accountability mechanisms for both government and company reporting, as well as an appropriate declassification regime for Foreign Intelligence Surveillance Court decisions.” The Section 215 bulk collection was the first piece of the massive surveillance revelations from Edward Snowden that began in 2013. Though many other NSA programs have been revealed in the ensuing two years, the telephone metadata collection has remained one of more controversial ones. “It has been nearly two years since the first news stories revealed the scope of the United States’ surveillance and bulk collection activities. Now is the time to take on meaningful legislative reforms to the nation’s surveillance programs that maintain national security while preserving privacy, transparency, and accountability. We strongly encourage both the White House and Members of Congress to support the above reforms and oppose any efforts to enact any legislation that does not address them,” the letter says. Source
While some lawmakers claim that a threat information-sharing bill, called CISA, was amended with substantial privacy provisions – privacy experts worry that that the bill still lacks enough protections. Last Thursday, the Senate Intelligence Committee approved the Cybersecurity Information Sharing Act (CISA) in a 14 to 1 vote (that followed a closed door session where several amendments were added to the bill). The legislation, which is said to advocate information-sharing between private companies and government to thwart cyberattacks like the one's striking Sony and Anthem, was strongly contested by the American Civil Liberties Union (ACLU), Electronic Frontier Foundation (EFF), and other privacy rights groups and security experts earlier this month, who said that the bill lacked ample privacy protections in its drafted form. Now that the text of the newly amended bill is available (PDF), grievances remain for some concerning the process through which companies would share information with the government. In a Thursday interview, Gabe Rottman, legislative counsel for the ACLU, told SCMagazine.com that “it's not clear that there would be adequate privacy protections on the front-end when the information is shared with the government.” “Once that information is shared, it can flow through the government, including to the Department of Defense, which includes the NSA,” he explained. Notably, Sen. Ron Wyden, the sole lawmaker to vote against the bill last week, said in a statement that, “If information-sharing legislation does not include adequate privacy protections then that's not a cybersecurity bill – it's a surveillance bill by another name.” In his interview with SCMagazine, ACLU's Rottman added that the scope of surveillance programs revealed by Edward Snowden have shown the government's “tendency to stretch the law as far as it will go,” to further surveillance. “Here, the information would go to DHS, but it could be shared it in real-time without a privacy sweep, including with the National Security Agency,” Rottman said. Source
New York Judge Rules NSA Phone Surveillance Lawful
aelius posted a topic in Stiri securitateNEW YORK - A US judge ruled Friday that the National Security Agency's mass surveillance of telephone calls is lawful, fanning a legal conflict likely to be decided ultimately by the Supreme Court. Federal judge William Pauley in New York threw out a petition from the American Civil Liberties Union and said the program was vital in preventing an Al-Qaeda terror attack on American soil. Ten days earlier, however, another federal judge in Washington had deemed that NSA surveillance is probably unconstitutional, laying the groundwork for a protracted series of legal challenges. "The question for this court is whether the government's bulk telephony metadata program is lawful. This court finds it is," said the 54-page ruling published in New York on Friday. The scale by which NSA indiscriminately gathers data on millions of private calls was exposed by intelligence whistleblower Edward Snowden, sparking an international and domestic outcry. Protected by judicial checks and executive and congressional oversight, Pauley said the program does not violate the US Constitution's fourth amendment right against unreasonable searches and seizures. "There is no evidence that the government has used any of the bulk telephony metadata it collected for any purpose other than investigating and disrupting terrorist attacks," he wrote. The judge sided with US spy chiefs who say that by connecting the dots between archived calls and terrorist suspects, US officials can keep the country safe. The NSA hoovers up information about virtually every telephone call to, from and within the United States, and says it is the only way to discern patterns left behind by foreign terror groups. The judge quoted the 2004 report by the 9/11 Commission -- the panel which investigated the 2001 Al-Qaeda attack on the United States -- as saying it was a false choice between liberty and security, as "nothing is more apt to imperil civil liberties than the success of a terrorist attack on American soil." "As the September 11th attacks demonstrate, the cost of missing such a thread can be horrific. Technology allowed Al-Qaeda to operate decentralized and plot international terrorist attacks remotely," he wrote. "The bulk telephony metadata collection program represents the government's counter-punch: connecting fragmented and fleeting communications to reconstruct and eliminate Al-Qaeda's terror network." The judge quoted examples in which NSA phone monitoring in 2009 exposed an Al-Qaeda plot to bomb the New York subway, and cite a plot by convicted Pakistani-American terrorist David Headley to bomb a Danish newspaper office. "Unintentional violations of guidelines," Pauley said, appeared to have stemmed from "human error" and "incredibly complex computer programs" and had been rectified where discovered. This month, an official panel handed President Barack Obama a review of the NSA's surveillance program along with more than 40 recommendations to install safeguards and limit its scope. But the administration is not expected to significantly curtail the mission, and Snowden remains a fugitive from US justice who has been granted temporary asylum in Russia. Source: New York Judge Rules NSA Phone Surveillance Lawful | SecurityWeek.Com