Search the Community

Several more variants of Ragtime appear in recently leaked documents. A leaked document shines new light on a surveillance program developed by the National Security Agency. The program, known as Ragtime, collects the contents of communications, such as emails and text messages, of foreign nationals under the authority of several US surveillance laws. Details of the program are held in the highest tiers of secrecy, known as exceptionally controlled information, with only a few NSA staffers having access to the program and its data. There were four known versions, according to a 2013 book, released just months before the first documents published from the cache of documents leaked by whistleblower Edward Snowden. Ragtime-A is said to involve the US-based collection of foreign-to-foreign counterterrorism data; Ragtime-B collects foreign government data that travels through the US; and Ragtime-C focuses on the nuclear counterproliferation effort. Another program stands for Ragtime-P, which is said to stand for the Patriot Act, which authorizes the collection of bulk metadata on calls and emails sent over the networks of telecom providers. A leaked court order showed Verizon was ordered to turn over customer call records to the NSA on a daily basis. Dozens of other companies have also been compelled to provide data for Ragtime. But the Ragtime program has many more versions -- including one that appears to involve Americans' data. The document was found buried in a virtual hard disk, discovered by UpGuard's Chris Vickery. The document seen by ZDNet, dated November 2011, shows the Ragtime program has eleven variants, including the four that were already known. The document alludes to Ragtime-BQ, F, N, PQ, S, and T. The eleventh version refers to Ragtime-USP. "USP" is a common term used across the intelligence community to refer to "US person," like a US citizen or lawful permanent resident. Image: ZDNet Americans are generally protected from government surveillance under the Fourth Amendment. A few exceptions exist, such as if the secretive Washington DC-based Foreign Intelligence Surveillance Court, which authorizes the government's spying activities, issues a warrant based on probable cause, such as if there is evidence of an American working for a foreign power. But the NSA has long "incidentally" collected data on Americans, reports and research have revealed. Ragtime dates back to 2002, according to a previously-leaked document. The program forms part of a wider collection of systems and databases under the STELLARWIND umbrella of warrantless surveillance programs, launched under the authority of then-president George W. Bush in response to the September 11, 2001 terrorist attacks. After a series of leaks in 2008 detailing the scope and breadth of STELLARWIND's domestic collection capability, Congress limited the government's surveillance powers. Changes to the law had an immediate impact on the Ragtime program. Although the government was barred from collecting new metadata on Americans under Ragtime-P, the NSA retained the data. Analysts with clearance were still permitted to search the database. Only a fraction of NSA staffers have the appropriate security clearance to access Ragtime's databases. One previously leaked document says analysts must have special "need to know" clearance to access the data, and any information relating to Ragtime is restricted from being shared to foreign intelligence partners. The exception is Ragtime-C, which the new document implies a level of co-operation from the UK government. The data stored in Ragtime's databases is so sensitive that their very existence is compartmentalized. The clearance level for each Ragtime version, according to the document, is "unpublished," in an effort to ensure that the programs themselves aren't widely known about across the agency. The NSA said in internal security guidance that unpublished classification markings are set for some programs "due to sensitivity and restrictive access controls." When reached, an NSA spokesperson declined to comment on Ragtime, or its purpose. News of the leak comes just weeks before Congress has to pass reforms or a reauthorization of the US government's surveillance laws. Lawmakers have until the end of the year to pass a bill to ensure powers under the Foreign Intelligence Surveillance Act are put back in the law books, or the NSA risks losing those powers at the end of the annual intelligence cycle. These are the same powers that authorized the controversial PRISM program, which collects data from servers of internet giants, the massive bulk collection of internet traffic, and the government's computer and network hacking powers. Several bills have already been floated by members of both the House and Senate. US intelligence chiefs are pushing for a permanent reauthorization of the surveillance powers, while privacy groups are fighting for greater transparency. Several members of Congress have vowed to fight the reauthorization until they learn how many Americans are swept up in section 702 surveillance. The government's spy chief has so far refused to say what that number is. Via http://www.zdnet.com/article/ragtime-program-appear-in-nsa-leaked-files/

Without public notice or debate, the Obama administration has expanded the National Security Agency's warrantless surveillance of Americans' international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents. In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad—including traffic that flows to suspicious Internet addresses or contains malware, the documents show. The Justice Department allowed the agency to monitor only addresses and "cybersignatures"—patterns associated with computer intrusions—that it could tie to foreign governments. But the documents also note that the NSA sought to target hackers even when it could not establish any links to foreign powers. The disclosures, based on documents provided by Edward J. Snowden, the former NSA contractor, and shared with the New York Times and ProPublica, come at a time of unprecedented cyberattacks on American financial institutions, businesses, and government agencies, but also of greater scrutiny of secret legal justifications for broader government surveillance. While the Senate passed legislation this week limiting some of the NSA's authority, it involved provisions in the USA Patriot Act and did not apply to the warrantless wiretapping program. Government officials defended the NSA's monitoring of suspected hackers as necessary to shield Americans from the increasingly aggressive activities of foreign governments. But critics say it raises difficult trade-offs that should be subject to public debate. The NSA's activities run "smack into law enforcement land," said Jonathan Mayer, a cybersecurity scholar at Stanford Law School who has researched privacy issues and who reviewed several of the documents. "That's a major policy decision about how to structure cybersecurity in the US and not a conversation that has been had in public." It is not clear what standards the agency is using to select targets. It can be hard to know for sure who is behind a particular intrusion—a foreign government or a criminal gang—and the NSA is supposed to focus on foreign intelligence, not law enforcement. The government can also gather significant volumes of Americans' information—anything from private e-mails to trade secrets and business dealings—through Internet surveillance because monitoring the data flowing to a hacker involves copying that information as the hacker steals it. One internal NSA document notes that agency surveillance activities through "hacker signatures pull in a lot." Brian Hale, the spokesman for the Office of the Director of National Intelligence, said, "It should come as no surprise that the US government gathers intelligence on foreign powers that attempt to penetrate US networks and steal the private information of US citizens and companies." He added that "targeting overseas individuals engaging in hostile cyberactivities on behalf of a foreign power is a lawful foreign intelligence purpose." The effort is the latest known expansion of the NSA's warrantless surveillance program, which allows the government to intercept Americans' cross-border communications if the target is a foreigner abroad. While the NSA has long searched for specific e-mail addresses and phone numbers of foreign intelligence targets, the Obama administration three years ago started allowing the agency to search its communications streams for less-identifying Internet protocol addresses or strings of harmful computer code. The surveillance activity traces to changes that began after the Sept. 11 terrorist attacks. The government tore down a so-called wall that prevented intelligence and criminal investigators from sharing information about suspected spies and terrorists. The barrier had been erected to protect Americans' rights because intelligence investigations use lower legal standards than criminal inquiries, but policy makers decided it was too much of an obstacle to terrorism investigations. The NSA also started the warrantless wiretapping program, which caused an outcry when it was disclosed in 2005. In 2008, under the FISA Amendments Act, Congress legalized the surveillance program so long as the agency targeted only noncitizens abroad. A year later, the new Obama administration began crafting a new cybersecurity policy—including weighing whether the Internet had made the distinction between a spy and a criminal obsolete. "Reliance on legal authorities that make theoretical distinctions between armed attacks, terrorism and criminal activity may prove impractical," the White House National Security Council wrote in a classified annex to a policy report in May 2009, which was included in the NSA's internal files. About that time, the documents show, the NSA—whose mission includes protecting military and intelligence networks against intruders—proposed using the warrantless surveillance program for cybersecurity purposes. The agency received "guidance on targeting using the signatures" from the Foreign Intelligence Surveillance Court, according to an internal newsletter. In May and July 2012, according to an internal timeline, the Justice Department granted its secret approval for the searches of cybersignatures and Internet addresses. The Justice Department tied that authority to a pre-existing approval by the secret surveillance court permitting the government to use the program to monitor foreign governments. That limit meant the NSA had to have some evidence for believing that the hackers were working for a specific foreign power. That rule, the NSA soon complained, left a "huge collection gap against cyberthreats to the nation" because it is often hard to know exactly who is behind an intrusion, according to an agency newsletter. Different computer intruders can use the same piece of malware, take steps to hide their location, or pretend to be someone else. So the NSA, in 2012, began pressing to go back to the surveillance court and seek permission to use the program explicitly for cybersecurity purposes. That way, it could monitor international communications for any "malicious cyberactivity," even if it did not yet know who was behind the attack. The newsletter described the further expansion as one of "highest priorities" of the NSA director, Gen. Keith B. Alexander. However, a former senior intelligence official said that the government never asked the court to grant that authority. Meanwhile, the FBI in 2011 had obtained a new kind of wiretap order from the secret surveillance court for cybersecurity investigations, permitting it to target Internet data flowing to or from specific Internet addresses linked to certain governments. To carry out the orders, the FBI negotiated in 2012 to use the NSA's system for monitoring Internet traffic crossing "chokepoints operated by US providers through which international communications enter and leave the United States," according to a 2012 NSA document. The NSA would send the intercepted traffic to the bureau's "cyberdata repository" in Quantico, Virginia. The disclosure that the NSA and the FBI have expanded their cybersurveillance adds a dimension to a recurring debate over the post-Sept. 11 expansion of government spying powers: Information about Americans sometimes gets swept up incidentally when foreigners are targeted, and prosecutors can use that information in criminal cases. Citing the potential for a copy of data "exfiltrated" by a hacker to contain "so much" information about Americans, one NSA lawyer suggested keeping the stolen data out of the agency's regular repository for information collected by surveillance so that analysts working on unrelated issues could not query it, a 2010 training document showed. But it is not clear whether the agency or the FBI has imposed any additional limits on the data of hacking victims. In a response to questions for this article, the FBI pointed to its existing procedures for protecting victims' data acquired during investigations but also said it continually reviewed its policies "to adapt to these changing threats while protecting civil liberties and the interests of victims of cybercrimes." None of these actions or proposals had been disclosed to the public. As recently as February, when President Obama spoke about cybersecurity at an event at Stanford University, he lauded the importance of transparency but did not mention this change. "The technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical and we have to be able to have an open debate about it," Obama said. source

The NSA’s phone-snooping program is on its last legs after senators voted Tuesday to approve the USA Freedom Act, banning bulk collection of Americans’ data two years after the practice was revealed to the public by Edward Snowden. President Obama signed the bill late Tuesday, moving quickly to kick-start several Patriot Act powers that expired this weekend after senators missed a deadline for renewing them. But the bill, which cleared the Senate on a 67-32 vote, puts limits on a key power. Investigators still can demand businesses to turn over customers’ documents and records, but the data must be targeted to individuals or groups and cannot be done indiscriminately. The National Security Agency must end its snooping program within six months, forcing intelligence officials to set up a system that will leave the information with phone companies. Investigators will be able to submit a query only if they have a specific terrorism lead. “It’s the first major overhaul of government surveillance in decades and adds significant privacy protections for the American people,” said Sen. Patrick J. Leahy, a Vermont Democrat who led a two-year fight to end the NSA’s snooping. “Congress is ending the bulk collection of Americans’ phone records once and for all.” Supporters of the NSA program predicted that intelligence officials will not be able to get the same kinds of results if phone companies rather than government agencies hold the data. Senate Majority Leader Mitch McConnell, Kentucky Republican, said Mr. Obama will be blamed for weakening U.S. security and that the NSA program’s end was in line with the president’s opposition to detaining suspected terrorists at Guantanamo Bay, Cuba, and failing to confront the Islamic State. “The president’s efforts to dismantle our counterterrorism tools have not only been inflexible, they are especially ill-timed,” Mr. McConnell said. But it was the majority leader’s miscalculations about scheduling that backed NSA supporters into a corner. Mr. McConnell wanted the entire program to be extended and tried to use the June 1 expiration deadline to force fellow senators into a take-it-or-leave-it choice. But his colleagues, including a large percentage of Republicans, rejected his bid, sending the Senate over the deadline and undercutting Mr. McConnell’s leverage. On Tuesday, Mr. McConnell made a last-ditch effort to change the bill, doubling the six-month grace period for the NSA and requiring the government to certify that it could keep producing the same results even without storing the phone data itself. Even some senators who were sympathetic to his cause, though, voted against the amendments, saying any changes would have sent the bill back to the House and prolonged the fight, leaving the Patriot Act neutered in the meantime. Nearly half of Senate Republicans voted for the USA Freedom Act, joining all but one Democrat and a Democrat-leaning independent. The vote was a major vindication for the House, which for the second time this year has driven the legislative agenda on a major issue, striking a bipartisan compromise that senators were forced to accept. The bill also had the backing of the intelligence community, which has assured Congress that it won’t be giving up any major capabilities and can make the new system work even with the data held by phone companies instead of the NSA. Mr. Obama initially defended the program, but after several internal reviews found it to be ineffective and potentially illegal, he said he would support a congressional rewriting to end the law. The George W. Bush and Obama administrations justified the program under Section 215 of the Patriot Act, which gives federal investigators power to compel businesses to turn over customers’ documents and records. Using that power, the NSA demanded the metadata — the numbers, dates and durations involved — from all Americans’ calls. The information was stored and queried when investigators suspected a number was associated with terrorism and wanted to see who was calling whom. Backers said the program didn’t impinge on Americans’ liberty because the information, while stored by the government, wasn’t searched until there was a specific terrorism nexus. They said there were never any documented abuses of the program. But opponents said repeated reviews, including one last month by the Justice Department’s inspector general, found the program has never been responsible for a major break in a terrorism case. Given its ineffectiveness, they said, it was time to end it. Sen. Ron Wyden, an Oregon Democrat who had been battling behind closed doors for years as a member of the intelligence committee to end the program, said the vote was a first step. He said he and like-minded colleagues now will turn to other powers under the Foreign Intelligence Surveillance Act that the government uses to scoop up emails — a power Mr. Wyden said is increasingly gathering information on Americans, contrary to its intent. “This is only the beginning. There is a lot more to do,” he said. Some of Mr. Wyden’s colleagues in those fights, including Sen. Rand Paul, Kentucky Republican, voted against the USA Freedom Act. “Forcing us to choose between our rights and our safety is a false choice,” said Mr. Paul, who is running for the Republican presidential nomination and making his stand against the Patriot Act a major part of his campaign. Mr. Paul even used the obstruction powers the Senate gives to a single lawmaker to block action Sunday, sending Congress hurtling across the deadline and causing three powers to expire: the records collection, the ability to target “lone wolf” terrorists and the power to track suspected terrorists from phone to phone without obtaining a wiretap each time. The lone-wolf and wiretap powers were extended without changes. Source

WE’VE SUSPECTED IT all along—that Skynet, the massive program that brings about world destruction in the Terminator movies, was just a fictionalization of a real program in the hands of the US government. And now it’s confirmed—at least in name. As The Intercept reports today, the NSA does have a program called Skynet. But unlike the autonomous, self-aware computerized defense system in Terminator that goes rogue and launches a nuclear attack that destroys most of humanity, this one is a surveillance program that uses phone metadata to track the location and call activities of suspected terrorists. A journalist for Al Jazeera reportedly became one of its targets after he was placed on a terrorist watch list. Ahmad Muaffaq Zaidan, bureau chief for Al Jazeera’s Islamabad office, got tracked by Skynet after he was identified by US intelligence as a possible Al Qaeda member and assigned a watch list number. A Syrian national, Zaidan has scored a number of exclusive interviews with senior Al Qaeda leaders, including Osama bin Laden himself. Skynet uses phone location and call metadata from bulk phone call records to detect suspicious patterns in the physical movements of suspects and their communication habits, according to a 2012 government presentation The Intercept obtained from Edward Snowden. The presentation indicates that Skynet looks for terrorist connections based on questions such as “who has traveled from Peshawar to Faisalabad or Lahore (and back) in the past month? Who does the traveler call when he arrives?” It also looks for suspicious behaviors such as someone who engages in “excessive SIM or handset swapping” or receives “incoming calls only.” The goal is to identify people who move around in a pattern similar to Al Qaeda couriers who are used to pass communication and intelligence between the group’s senior leaders. The program tracked Zaidan because his movements and interactions with Al Qaeda and Taliban leaders matched a suspicious pattern—which is, it turns out, very similar to the pattern of journalists meeting with sources. We should note that the NSA has a second program that more closely resembles the Terminator‘s Skynet. This one is called MonsterMind, as revealed by Edward Snowden last year in an interview with WIRED and James Bamford. MonsterMind, like the film version of Skynet, is a defense surveillance system that would instantly and autonomously neutralize foreign cyberattacks against the US, and could be used to launch retaliatory strikes as well. Under this program algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat. Snowden also suggested, however, that MonsterMind could one day be designed to return fire—automatically, without human intervention—against an attacker. Because an attacker could tweak malicious code to avoid detection, a counterstrike would be more effective in neutralizing future attacks. Sounds a lot like Skynet. No word from the NSA on why they didn’t use that iconic film name for its real-world Skynet. Source

Cât de u?or te spioneaz? NSA prin Internet ?i smartphone Informa?iile pe care Edward Snowden le-a oferit lumii s-au dovedit aur pentru a în?elege cât de spiona?i suntem. Nu s-a terminat acest flux de date, iar cele mai noi arat? c? americanii ?i britanicii se descurc? atât de bine la a ne spiona, încât fac mi?to de alte state c? nu pot la fel. Spionii americani de la NSA lucreaz? îndeaproape cu cei britanici de la GCHQ, iar noile informa?ii care au ap?rut în publica?ia „Der Spiegel” arat? c? sunt atât de siguri pe ceea ce pot afla, încât î?i permit ?i glume la adresa altor ??ri. În noile documente se arat? ?i c? Alian?a Five Eyes, adic? Marea Britanie, Canada, Australia, Statele Unite ale Americii ?i Noua Zeeland?, este capabil? s? exploateze metodele folosite de adversarii s?i. Asta înseamn? c? poate s? le fure uneltele de atac cibernetic, tehnicile, le poate afla ?intele ?i s? atace înaintea lor. Unul dintre aceste cazuri e când NSA a reu?it s? intercepteze un atac asupra Departamentului de Ap?rare al SUA, i-a g?sit sursa în China ?i a putut afla mai multe despre planurile chinezilor, inclusiv unul care presupunea infiltrarea în bazele de date ale Organiza?iei Na?iunilor Unite. Dincolo de a folosi citate din filme pentru a face mi?to de opera?iunile altor ??ri – spre exemplu, I drink your milkshake din filmul „There Will Be Blood“ -, agen?ii GHHQ au un mare succes ?i în exploatarea aplica?iilor mobile printr-o unealt? denumit? BADASS. Ei pot ob?ine informa?ii din metadatele schimbate între dispozitivele utilizatorilor ?i re?elele de publicitate sau companiile de analiz?. Un alt mod, conform The Verge, prin care spionii au acces la datele de pe un iPhone, spre exemplu, recunoscut pentru standardul mai ridicat de protec?ie în fa?a spionatului fa?? de alte telefoane, este prin computerele la care îl conectezi. Datele acestea sunt din noiembrie 2010, iar Apple a oprit accesul aplica?iilor la UDID (n.r. – Unique Device Identifier) în mai 2013 tocmai pentru a proteja intimitatea utilizatorilor. Înainte de a face asta, GCHQ ?i NSA erau capabile s? urm?reasc? un dispozitiv dup? acel cod unic ?i s? aib? acces apoi la datele sale printr-un computer pe care îl exploatau. Der Spiegel scrie c? agen?ii se poart?, de cele mai multe ori, ca cei dintr-un film prost sau un thriller supraestimat. „E absurd: pe cât de ocupa?i sunt s? spioneze, pe atât de spiona?i sunt spionii la rândul lor. Drept r?spuns, ei sunt ocupa?i constant s? î?i ?tearg? urmele sau s? creeze unele false“, scrie publica?ia german?. Sursa

Security experts are still trying to assess the effects of the reported attack on SIM card manufacturer that resulted in the theft of millions of encryption keys for mobile phones around the world, but it’s safe to say that the operation has caused reverberations throughout the industry and governments in several countries. The attack, reported by The Intercept, is breathtaking in its scope and audacity. Attackers allegedly associated with the NSA and GCHQ, the British spy agency, were able to compromise a number of machines on the network of Gemalto, a global manufacturer of mobile SIM cards. The attackers have access to servers that hold the encryption keys for untold millions of mobile phones, allowing them to monitor the voice and data communication of those devices. The document on which the report is based was provided by Edward Snowden, and it says in part, “Gemalto–successfully implanted several machines and believe we have their entire network…” If true, that would mean that the attackers had access to far more than just those SIM encryption keys. Gemalto officials said in a statement that they were previously unaware of this operation. “The publication indicates the target was not Gemalto per se – it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent. We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation,” the statement says. Security researchers have said since the beginning of the NSA scandal–and before that, in some cases–that the agency and its allies have an intense interest in monitoring mobile communications. Mobile networks present different challenges than traditional computer networks do for attackers, but they are not insurmountable ones for organizations with the resources of NSA and GCHQ. Gemalto, as one of the larger SIM manufacturers on earth, would be a natural target for signals intelligence agencies, as it provides products to hundreds of wireless providers, including Verizon, AT&T and Sprint. Bruce Schneier, CTO of CO3 Systems and a noted cryptographer, said that this operation may represent the most serious revelation of the Snowden documents. “People are still trying to figure out exactly what this means, but it seems to mean that the intelligence agencies have access to both voice and data from all phones using those cards,” Schneier said on his blog. “I think this is one of the most important Snowden stories we’ve read.” The Gemalto revelation could have long-term effects for the technology industry and its relations with the government in the United States and UK. The relationships already have been strained by past revelations of NSA operations against infrastructure owned by companies such as Google, Yahoo and many others. This latest revelation likely won’t help matters. But White House officials aren’t worried. “We certainly are aware of how important it is for the United States government to work with private industry; that there are a lot of situations in which our interests are pretty cleanly aligned. And there are certainly steps that the U.S. government has taken in the name of national security that some members of private industry haven’t agreed with. But I do think that there is common ground when it comes to — and this is a principle that I’ve cited before — it’s hard for me to imagine that there are a lot of technology executives that are out there that are in a position of saying that they hope that people who wish harm to this country will be able to use their technology to do so,” Josh Earnest, White House press secretary, said during a briefing on Friday. Source

Privacy International (PI) is calling on people to sign up to be part of a mass request for confirmation they have been spied on by Five Eyes spy agencies and to demand the removal of captured information. Would-be signatories are being asked to submit their name and email address to the organisation, which will then pass them on to Britain's Investigatory Powers Tribunal tasked with determining if the sharing of NSA-intercepted material with the UK's GCHQ spy agency was illegal. The requests would cover a prodigious amount of data numbering billions of records hoovered up by the NSA and shared with the GCHQ until December last year. PI will not reveal if agencies other than the NSA collected data, and would cover only that shipped to the GCHQ. This could conceivably include data captured by any Five Eyes agency and shared with the GCHQ via the NSA. The offer came on the heels of the tribunal's ruling this month in favour of Privacy International that the mass funnelling of intelligence information between Britain and the United States was illegal prior to December. That decision made on the grounds that rules governing the exchange were secret opened an avenue for users to request the tribunal examine and notify if their data was illegally obtained and, if found in breach, for the information to be destroyed. The British charity dubbed the ruling a "major victory against the Five Eyes" group of nations which includes Australia, New Zealand and Canada, and said it was possible only due to the flurry of NSA leaks from Edward Snowden. "Through their secret intelligence sharing relationship with the NSA, GCHQ has had intermittently unrestricted access to PRISM - NSA's means of directly accessing data and content handled by some of the world’s largest Internet companies, including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple," deputy director Eric King said at the time. "GCHQ's access to NSA material therefore makes up the large bulk of all surveillance material handled by the security services; some ex- GCHQ staffers estimated that 95 per cent of all signals intelligence material handled at GCHQ is American. "The extraordinary implications of [the] judgement is that all historical sharing of raw intelligence between NSA and GCHQ took place without an adequate legal framework, and thus was unlawful." The Tribunal will likely be swamped if the campaign takes off. Probes could trawl records collected from NSA programmes UPSTREAM, CO-TRAVELLER, and DISHFIRE, the former having intercepted some 160 billion records from its top five programmes in one month alone. Privacy International said requests could take years to be fulfilled. New requests could be made to discover the data collected by individual agencies to current day if the charity was successful in its appeal with the European Court of Human Rights against the decision that the data shared between the US and UK spy agencies was kosher due to the policies of the arrangement being made public as a result of the legal action Source

https://bitcoinmagazine.com/6021/bitcoin-is-not-quantum-safe-and-how-we-can-fix/

Snowden: NSA employees routinely pass around intercepted nude photos "These are seen as the fringe benefits of surveillance positions," Snowden says. Edward Snowden has revealed that he witnessed “numerous instances” of National Security Agency (NSA) employees passing around nude photos that were intercepted “in the course of their daily work.” In a 17-minute interview with The Guardian filmed at a Moscow hotel and published on Thursday, the NSA whistleblower addressed numerous points, noting that he could “live with” being sent to the US prison facility at Guantanamo Bay, Cuba. He also again dismissed any notion that he was a Russian spy or agent—calling those allegations “bullshit.” If Snowden’s allegations of sexual photo distribution are true, they would be consistent with what the NSA has already reported. In September 2013, in a letter from the NSA’s Inspector General Dr. George Ellard to Sen. Chuck Grassley (R-IA), the agency outlined a handful of instances during which NSA agents admitted that they had spied on their former love interests. This even spawned a nickname within the agency, LOVEINT—a riff on HUMINT (human intelligence) or SIGINT (signals intelligence). “You've got young enlisted guys, 18 to 22 years old,” Snowden said. “They've suddenly been thrust into a position of extraordinary responsibility where they now have access to all of your private records. In the course of their daily work they stumble across something that is completely unrelated to their work in any sort of necessary sense. For example, an intimate nude photo of someone in a sexually compromising position. But they're extremely attractive. “So what do they do? They turn around in their chair and show their co-worker. The co-worker says: ‘Hey that's great. Send that to Bill down the way.’ And then Bill sends it to George and George sends it to Tom. And sooner or later this person's whole life has been seen by all of these other people. It's never reported. Nobody ever knows about it because the auditing of these systems is incredibly weak. The fact that your private images, records of your private lives, records of your intimate moments have been taken from your private communications stream from the intended recipient and given to the government without any specific authorization without any specific need is itself a violation of your rights. Why is that in a government database?” Then Alan Rusbridger, The Guardian’s editor-in-chief, asked: “You saw instances of that happening?” “Yeah,” Snowden responded. “Numerous?” “It's routine enough, depending on the company that you keep, it could be more or less frequent. These are seen as the fringe benefits of surveillance positions." Update 5:27pm CT: In an e-mail sent to Ars, NSA spokeswoman Vanee Vines wrote: "NSA is a professional foreign-intelligence organization with a highly trained workforce, including brave and dedicated men and women from our armed forces. As we have said before, the agency has zero tolerance for willful violations of the agency’s authorities or professional standards, and would respond as appropriate to any credible allegations of misconduct." However, she declined to respond to direct questions as to the veracity of Snowden's allegations or if anyone at NSA had ever been terminated or otherwise punished for engaging in such behavior. Snowden: NSA employees routinely pass around intercepted nude photos | Ars Technica

A new wave of documents from Edward Snowden's cache of National Security Agency data published by Der Spiegel demonstrates how the agency has used its network exploitation capabilities both to defend military networks from attack and to co-opt other organizations' hacks for intelligence collection and other purposes. In one case, the NSA secretly tapped into South Korean network espionage on North Korean networks to gather intelligence. The documents were published as part of an analysis by Jacob Appelbaum and others working for Der Spiegel of how the NSA has developed an offensive cyberwarfare capability over the past decade. According to a report by the New York Times, the access the NSA gained into North Korea's networks—which initially leveraged South Korean "implants" on North Korean systems, but eventually consisted of the NSA's own malware—played a role in attributing the attack on Sony Pictures to North Korean state-sponsored actors. Included with the documents released by Der Spiegel are details on how the NSA built up its Remote Operations Center to carry out "Tailored Access Operations" on a variety of targets, while also building the capability to do permanent damage to adversaries' information systems, including internal NSA newsletter interviews and training materials. Also included was a malware sample for a keylogger, apparently developed by the NSA and possibly other members of the "Five Eyes" intelligence community, which was also included in the dump. The code appears to be from the Five Eyes joint program "Warriorpride," a set of tools shared by the NSA, the United Kingdom's GCHQ, the Australian Signals Directorate, Canada's Communications Security Establishment, and New Zealand's Government Communications Security Bureau. It's not clear from the report whether the keylogger sample came from the cache of documents provided by former NSA contractor Edward Snowden or from another source. As of now, Appelbaum and Der Spiegel have not yet responded to a request by Ars for clarification. However, Appelbaum has previously published content from the NSA, including the NSA's ANT catalog of espionage tools, that were apparently not from the Snowden cache. Pwning the pwners The core of the NSA's ability to detect, deceive, block, and even repurpose others' cyber-attacks, according to the documents, are Turbine and Turmoil, components of the Turbulence family of Internet surveillance and exploitation systems. These systems are also connected to Tutelage, an NSA system used to monitor traffic to and from US military networks, to defend against attacks on Department of Defense systems. When an attack on a DoD network is detected through passive surveillance (either through live alerts from the Turmoil surveillance filters or processing by the Xkeyscore database), the NSA can identify the components involved in the attack and take action to block it, redirect it to a false target to analyze the malware used in the attack, or do other things to disrupt or deceive the attacker. This all happens outside of DOD's networks, on the public Internet, using "Quantum" attacks injected into network traffic at a routing point. But the NSA can also use others' cyberattacks for its own purposes, including hijacking botnets operated by other actors to spread the NSA's own "implant" malware. Collection of intelligence of a target using another actor's hack of that target is referred to within the signals intelligence community as "fourth party collection." By discovering an active exploit by another intelligence organization or other attacker on a target of interest, the NSA can opportunistically ramp up collection on that party as well, or even use it to distribute its own malware to do surveillance. In a case study covered in one NSA presentation, the NSA's Tailored Access Office hijacked a botnet known by the codename "Boxingrumble" that had primarily targeted the computers of Chinese and Vietnamese dissidents and was being used to target the DOD's unclassified NIPRNET network. The NSA was able to deflect the attack and fool the botnet into treating one of TAO's servers as a trusted command and control (C&C or C2) server. TAO then used that position of trust, gained by executing a DNS spoofing attack injected into the botnet's traffic, to gather intelligence from the bots and distribute the NSA's own implant malware to the targets. Using QuantumDNS, a DNS injection attack against botnet traffic, the NSA was able to make infected PCs believe its server was part of the command and control network. / The NSA then used its position within the botnet to drop the NSA's own "insert" onto affected computers in the botnet. Spying on spies spying on spies spying... Things get even more interesting in the case of the NSA's urgent need to gather more intelligence from North Korea's networks. In a question-and-answer posting to the NSA's intranet, an NSA employee recounted a "fifth party" collection that occurred when the NSA hacked into South Korea's exploit of North Korean computers—and ended up collecting data from North Korea's hack of someone else: That meant that at one point, the NSA was collecting information via a South Korean implant that had in turn been collected by a North Korean implant. It's not clear whether the NSA's TAO used the existing South Korean malware as an avenue to drop its own, as happened with the "Boxingrumble" botnet. The poster also noted another occasion when, during an attempt to hack into another target they were trying to exploit, the NSA discovered, "there was another actor that was also going against them and having great success because of a zero day they wrote." The NSA captured the zero day exploit in its passive collection and "were able to repurpose it," the NSA employee recounted. "Big win." Source

The US National Security Agency (NSA) has offered some sort of apology for pushing insecure cryptography solutions to businesses, describing it as a "regrettable" move. Michael Wertheimer, director of research at the NSA, made the admission about the agency's support of the widely criticised Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) in a letter published by the American Mathematical Society (PDF). Dual EC DRBG is a random number generator used by numerous encryption systems that was supported by the NSA throughout the 2000s. The NSA endorsement was a key factor that led the US National Institute of Standards and Technology (NIST) to list the generator as trustworthy. Security firm RSA subsequently integrated Dual EC DRBG into its widely used BSAFE toolkits, despite research from Microsoft and private experts, including cryptography expert Bruce Schneier, suggesting there were backdoors in the system. Reports subsequently broke alleging that the NSA paid RSA $10m to load the tool with the flawed algorithm. RSA has consistently denied this claim. The allegations gained new weight in 2014 when documents leaked by Edward Snowden suggested that ties between the NSA and RSA were deeper than first thought. Addressing these claims, Wertheimer said: "With hindsight, the NSA should have ceased supporting the Dual EC DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. "In truth, I can think of no better way to describe our failure to drop support for the Dual EC DRBG algorithm as anything other than regrettable." He added that the reason for the continued support was a mistaken belief that deploying a new algorithm would be too costly. "The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm," read the letter. "Indeed, we support NIST's April 2014 decision to remove the algorithm. Furthermore, we realise that our advocacy for the Dual EC DRBG casts suspicion on the broader body of work the NSA has done to promote secure standards." Wertheimer went on to apologise to the maths research community and request that they "continue" to trust the NSA. "NSA mathematicians are fighters in the war on international terrorism, weapons of mass destruction proliferation, narcotics trafficking and piracy," read the report. "It is my sincerest hope that the American Mathematical Society will always see NSA mathematicians as an important part of its membership. "I further hope that dialogue on important issues will always be respectful, informed and focused on inclusivity." The claim has divided the security community, some expressing sympathy towards the NSA and others questioning its cries of innocence. Professor Alan Woodward, of the School of Computer Science at University of Surrey, told V3 that the dangers of pushing a faulty security system far outweigh the benefits for intelligence agencies, such as the NSA. "It is worth remembering that part of the NSA's role is to help secure US government communications as well as gathering foreign intelligence," he said. "It's a bit of a truism but worth repeating: if you deliberately weaken encryption for one set of people whom you consider adversaries, you will weaken it for those you seek to protect as well. "I can imagine that the NSA and every single other signals interception organisation are looking for ways to decrypt internet-based communications. "But I think most realise the dangers of trying to deliberately weaken what is in use. At least I really hope they do." Matthew Green, assistant research professor at the Information Security Institute of Johns Hopkins University, was less positive, pointing out that the NSA still hasn't said why it pushed the standard in the first place, given its technical expertise. "On closer examination, the letter doesn't express regret for the inclusion of Dual EC DRBG in national standards," he noted in a public post. "The transgression Dr Wertheimer identifies is merely that the NSA continued to support the algorithm after major questions were raised. That's bizarre. "It troubles me to see such confusing statements in a publication of the American Mathematical Society. As a record of history, Dr Wertheimer's letter leaves much to be desired, and could easily lead people to the wrong understanding. "Given the stakes, we deserve a more exact accounting of what happened with Dual EC DRBG. I hope someday we'll see that." Wertheimer's comments come during a heated debate about encryption. UK prime minister David Cameron announced plans on 13 January to block encrypted services as a part of a wave of new surveillance laws. Source

In a new article in an academic math journal, the NSA’s director of research says that the agency’s decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a “regrettable” choice. Michael Wertheimer, the director of researcher at the National Security Agency, wrote in a short piece in Notices, a publication of the American Mathematical Society, that even during the standards development process for Dual EC many years ago, members of the working group focused on the algorithm raised concerns that it could have a backdoor in it. The algorithm was developed in part by the NSA and cryptographers were suspect of it from the beginning. Then, in 2007, well into the life of Dual EC, researchers at Microsoft delivered a talk at a conference that detailed the potential for a backdoor in the algorithm. Still, both the NSA and NIST, which approves technical standards for the United States government, stood by the algorithm. Dual EC was mostly forgotten until late 2013 when allegations emerged that the NSA may have had a secret $10 million contract with RSA Security that prompted the vendor to make Dual EC–which was then known to be weak–the default random number generator in some of its key crypto products. NIST last year removed Dual EC from its guidance on random number generators. “I wrote about it in 2007 and said it was suspect. I didn’t like it back then because it was from the government,” crypto pioneer Bruce Schneier told Threatpost in September 2013. “It was designed so that it could contain a backdoor. Back then I was suspicious, now I’m terrified.” The NSA came under heated criticism for the Dual EC episode, and now one of the agency’s top officials has said it was a mistake for the NSA not to have withdrawn its support for the algorithm after the weaknesses were raised years ago. “With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable,” Wertheimer wrote in a piece in Notices’ February issue. “The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm. Indeed, we support NIST’s April 2014 decision to remove the algorithm. Furthermore, we realize that our advocacy for the DUAL_EC_DRBG casts suspicion on the broader body of work NSA has done to promote secure standards. Indeed, some colleagues have extrapolated this single action to allege that NSA has a broader agenda to ‘undermine Internet encryption.'” Wertheimer said that the agency is trying to combat that perception by changing the way that it contributes to standards efforts in order to be more transparent and accountable. “One significant, and correct, change is that all NSA comments will be in writing and published for review. In other words, we will be open and transparent about our cryptographic contributions to standards. In addition, we will publish algorithms before they are considered for standardization to allow more time for public scrutiny,” Wertheimer wrote. “With these measures in place, even those not disposed to trust NSA’s motives can determine for themselves the appropriateness of our submissions, and we will continue to advocate for better security in open-source software, such as Security Enhancements for Linux and Security Enhancements for Android.” Source

Agen?ia american? NSA spioneaz? cu ajutorul Angry Birds. Mai bine spus, prin telefoanele mobile care au pe ele popularul joc cu p?s?rile furioase. Un nou set de documente sustrase de Edward Snowden ?i publicate în pres? arat? c? spionii americani folosesc aplica?iile desc?rcate pe telefoanele mobile pentru a afla informa?ii despre posesorii lor. Datele pe care le afl? agen?ii americani, prin aceste aplica?ii, sunt de la modelul telefonului ?i dimensiunea ecranului, pân? la detalii personale, precum vârst?, sex ?i locul în care se afl? de?in?torul aparatului. Cantit??i masive de date sunt colectate cu ajutorul acestor aplica?ii. NSA a f?cut o prioritate din exploatarea telefoanelor mobile pentru ob?inerea de informa?ii ?i a cheltuit nu mai pu?in de un miliard de dolari în acest sens. Sursa + video : NSA spioneaz? posesorii de telefoane mobile cu ajutorul jocului Angry Birds

NEW YORK - A US judge ruled Friday that the National Security Agency's mass surveillance of telephone calls is lawful, fanning a legal conflict likely to be decided ultimately by the Supreme Court. Federal judge William Pauley in New York threw out a petition from the American Civil Liberties Union and said the program was vital in preventing an Al-Qaeda terror attack on American soil. Ten days earlier, however, another federal judge in Washington had deemed that NSA surveillance is probably unconstitutional, laying the groundwork for a protracted series of legal challenges. "The question for this court is whether the government's bulk telephony metadata program is lawful. This court finds it is," said the 54-page ruling published in New York on Friday. The scale by which NSA indiscriminately gathers data on millions of private calls was exposed by intelligence whistleblower Edward Snowden, sparking an international and domestic outcry. Protected by judicial checks and executive and congressional oversight, Pauley said the program does not violate the US Constitution's fourth amendment right against unreasonable searches and seizures. "There is no evidence that the government has used any of the bulk telephony metadata it collected for any purpose other than investigating and disrupting terrorist attacks," he wrote. The judge sided with US spy chiefs who say that by connecting the dots between archived calls and terrorist suspects, US officials can keep the country safe. The NSA hoovers up information about virtually every telephone call to, from and within the United States, and says it is the only way to discern patterns left behind by foreign terror groups. The judge quoted the 2004 report by the 9/11 Commission -- the panel which investigated the 2001 Al-Qaeda attack on the United States -- as saying it was a false choice between liberty and security, as "nothing is more apt to imperil civil liberties than the success of a terrorist attack on American soil." "As the September 11th attacks demonstrate, the cost of missing such a thread can be horrific. Technology allowed Al-Qaeda to operate decentralized and plot international terrorist attacks remotely," he wrote. "The bulk telephony metadata collection program represents the government's counter-punch: connecting fragmented and fleeting communications to reconstruct and eliminate Al-Qaeda's terror network." The judge quoted examples in which NSA phone monitoring in 2009 exposed an Al-Qaeda plot to bomb the New York subway, and cite a plot by convicted Pakistani-American terrorist David Headley to bomb a Danish newspaper office. "Unintentional violations of guidelines," Pauley said, appeared to have stemmed from "human error" and "incredibly complex computer programs" and had been rectified where discovered. This month, an official panel handed President Barack Obama a review of the NSA's surveillance program along with more than 40 recommendations to install safeguards and limit its scope. But the administration is not expected to significantly curtail the mission, and Snowden remains a fugitive from US justice who has been granted temporary asylum in Russia. Source: New York Judge Rules NSA Phone Surveillance Lawful | SecurityWeek.Com

If you own a world-renowned Security Product or a Service, National Security Agency (NSA) is ready to pay you 10 Million or more bribe for keeping intentional backdoor for them. According to an exclusive report published by Reuters, there is a secret deal between the NSA and respected encryption company RSA to implement a flawed security standard as the default protocol in its products. Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak. So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily. Recommending bad cryptographic standard is one thing, but accepting 10 million to deliberately implement is something very shameful for a respected Security company. The new revelation is important, cryptographer and Security expert Bruce Schneier said, because it confirms more suspected tactics that the NSA employs. "You think they only bribed one company in the history of their operations? What's at play here is that we don't know who's involved," he said. RSA, now owned by computer storage firm EMC Corp, and has maintained its stand of not colluding with NSA to compromise the security of its products, "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," Both the NSA and RSA haven't directly acknowledged the deal. But after Snowden revelations, What is the RSA's credibility or of other American software and networking companies? Source: NSA paid $10 Million bribe to RSA Security for Keeping Encryption Weak Also, published on: - Reuters - The Register

WASHINGTON - The CIA pays AT&T more than $10 million a year to provide phone records with possible links to suspected terrorists, the New York Times reported Thursday, citing government officials. The arrangement is voluntary and there is no court order requiring the company to cooperate with the Central Intelligence Agency, officials told the Times. The program differs from controversial data collection by the National Security Agency, which receives phone records or other "meta-data" from telecommunications companies through court orders. The CIA passes on phone numbers of suspected militants abroad and AT&T then sifts through its database for records of phone calls that can identify foreigners with terror links, the newspaper reported. Most of the logs handed over by AT&T are related to foreign-to-foreign calls, the report said. For international calls that include one end in the United States, the company does not reveal the identity of the Americans and hides several digits of their phone numbers, which allows the CIA to comply with a ban on domestic spying, it said. The Central Intelligence Agency could choose to refer a hidden number to the FBI, which could then issue a subpoena demanding AT&T divulge the information, according to the report. An AT&T spokesman did not confirm or deny the program but said the firm acted in accordance with laws in the United States and in foreign countries. "In all cases, whenever any governmental entity anywhere seeks information from us, we ensure that the request and our response are completely lawful and proper," spokesman Mark Siegel told AFP. But he added: "We do not comment on questions concerning national security." Without verifying the existence of the program, the CIA said its intelligence gathering does not violate the privacy of Americans. "The CIA protects the nation and upholds the privacy rights of Americans by ensuring that its intelligence collection activities are focused on acquiring foreign intelligence and counterintelligence in accordance with US laws," said spokesman Todd Ebitz. The CIA is usually associated with gathering intelligence through spies in the field while the NSA focuses on eavesdropping abroad and code-breaking. But an unnamed intelligence official told the Times that the CIA sometimes needs to check phone records in "time-sensitive situations" and be able to act with speed and agility. The report offered the first indication that the CIA had a role in electronic data collection as leaks from a former intelligence contractor, Edward Snowden, have sparked a global firestorm around the NSA's digital spying. US Internet communications firms have voiced complaints that they are legally required to cooperate with the NSA's "data mining." Industry advocates have expressed concerns that NSA spying revelations could turn consumers in the US and abroad against the American technology companies. Source: CIA Paid AT&T for Phone Records: Report | SecurityWeek.Com

Aerial image of the Government Communications Headquarters (GCHQ) in Cheltenham, Gloucestershire. Photo: Ministry of Defence/Wikipedia The British spy agency GCHQ has secretly tapped more than 200 fiber-optic cables carrying phone and internet traffic and has been sharing data with the U.S. National Security Agency, according to a news report. The spy operation, which included placing intercepts at the landing points of transatlantic undersea cables where they surface in the U.K., has allowed the Government Communications Headquarters (GCHQ) to become the top interceptor of phone and internet data in the world, according to the Guardian newspaper, which broke the story based on documents leaked by former NSA systems administrator Edward Snowden. One part of the operation, codenamed Tempora, has been operating for about 18 months and allows the agency to tap large volumes of data siphoned from the cables and store it for up to 30 days for sifting and analyzing. Each of the cables carries about 10 gigabits of data per second, which the paper likened to sending all of the information in all the books in the British Library through the cables 192 times every 24 hours. Filters allow the agency to reduce the amount of traffic it records — one filter cuts out about 30 percent of traffic just by eliminating peer-to-peer downloads — while still collecting vast amounts of data that get sifted by analysts. Some 850,000 NSA employees and U.S. private contractors with top secret clearance have access to GCHQ databases and as of May last year, at least 750 analysts from the U.K. and NSA were tasked specifically with sifting through the data, using more than 70,000 search terms related to security, terrorist activity and organized crime. Search terms focus on subjects, phone numbers and email addresses of interest. The tapping was conducted in cooperation with commercial companies that own and operate the cables, the paper noted. “There’s an overarching condition of the licensing of the companies that they have to co-operate in this,” an unnamed source told the paper. “Should they decline, we can compel them to do so. They have no choice.” The tapping began as a trial in 2008 and within two years the GCHQ achieved top eavesdropper status among the nations known as the Five Eyes of electronic eavesdropping — U.S., U.K., Canada, Australia and New Zealand. GCHQ reportedly now “produces larger amounts of metadata than NSA” as a result of the program. During a 2008 visit to the GCHQ’s listening station at Menwith Hill NSA Director Gen. Keith Alexander reportedly remarked: “Why can’t we collect all the signals all the time? Sounds like a good summer project for Menwith.” The program has been justified for allowing the agencies to identify new techniques used by terrorists to thwart security checks, to uncover terrorist activities during the planning stages and to track child exploitation networks and aid in cybersecurity defenses against network attacks. Via

Mi s-a parut interesant ce au facut cei de la NSA pentru copii:) aici daca invata de mici sa faca chestiile astea e tare:)