Tag Archives: NSA

CIA-ClandestineOps

Shhh… CIA’s Declassified Archives – Highlight American Vulnerabilities

The US Central Intelligence Agency released on Thursday a trove of newly declassified “Studies in Intelligence” documents on its homepage.

The move was the result of a long-running lawsuit between the agency and a former employee Jeffrey Scudder – according to the Washington Post (see video clip below) – whose CIA stint includes a 2-year spell looking after the agency’s historical files which ultimately ended his CIA career after he submitted a request under the Freedom of Information Act to release records of old clandestine operations he believed should have been made public.

Amongst the 249 documents released, spanning from the 1970s to 2000s, there’s one labeled “Analyzing Economic Espionage” which attempts to examine foreign intelligence operations against US economic interests beyond the scope and threats of technological advances – including the focus on certain traits of Americans that make them vulnerable to foreign agents, ie. resulting in a threat to the US.

“Foreign intelligence services are more inclined to operate against American targets outside the US” and “some intelligence services that stop short of recruiting US citizens use intelligence operatives to elicit information from them; the targeted American is unwitting of his interlocutor’s intelligence connection”.

CIAclassified

The 7-page document listed “certain personality attributes that increase our vulnerability”:

- Americans like to talk. We tend to be sociable and gregarious, even with casual contacts. We want to be liked, especially by foreigners, because many of us are still trying to overcome an “ugly American” complex. We place a higher premium on candor than on guile, on trust than on discretion.

- Many Americans do not know foreign languages, which in some respects puts them at a disadvantage when living in foreign countries. This does not mean we are “innocents abroad,” but it may make us less likely to pick up clues of suspicious behavior. Americans who do not know the language of a given country may forget that nationals of that country in a position to overhear their conversations often do know English.

- Many Americans are ambitious, oriented toward job advancement and professional recognition. Inevitably, some morally weak individuals are willing to sacrifice personal integrity in pursuit of their career goals.

Snowden-AucklandDotCom

Shhh… Snowden’s Latest Appearance – Kim Dotcom’s “Moment of Truth” Event in Auckland

Above: Edward Snowden discussed online surveillance on Kim Dotcom’s Moment of Truth event in Auckland, New Zealand on September 15. Both Julian Assange and Glenn Greenwald were also present.

The event follows up on the acknowledgement by Prime Minister John Key that the Kiwi intelligence agency Government Communications Security Bureau (GCSB) had tapped into the cable but only for the purposes of a cybersecurity programme – following his earlier denial of any allegation that the GCSB had spied on New Zealanders.

New Zealanders are now waiting for Key to explain the revelations that the GCSB operates X-Keyscore in New Zealand and conducting mass surveillance on the citizens on behalf of the NSA without their knowledge.

Watch the entire event here below:

Comcast-OnTOR

Shhh… Comcast Set Record Straight on TOR

Amidst widespread reports early this week that Comcast Corporation has been discouraging customers from using the Tor Browser, the anonymous browser favored by people like Snowden and hackers alike, Comcast – the largest broadcasting and cable company in the world by revenue – has clarified that the reports were not true and the company has not asked customers to stop using Tor or any other browser.

“We have no policy against Tor, or any other browser or software. Customers are free to use their Xfinity Internet service to visit any website, use any app, and so forth.”

See Comcast’s clarification here.

NobelPeacePrize

Shhh… Norway to Arrest Nobel-nominated Snowden

The Norwegian police should arrest NSA whistle-blower and fugitive Edward Snowden if he showed up in Norway to receive the Nobel Peace Prize this December, according to a Norwegian politician.

Norwegian Right Wing Party MP Michael Tatzschner warned that bagging the prestigious prize would in no way exempt Snowden from arrest and Norway should not make a distinction between a Nobel Peace Prize winner and any other wanted American citizen.

“Norway needs to respect the agreements that we have signed,” Tatzschener told Norway’s media Dagbladet on Tuesday, with reference to international law that, given a valid US warrant, requires Norway to arrest Snowden if he arrives in the country.

MAD-Magazine-Snowden-Flee

Snowden (shown above: Photo credit to MAD magazine) has been nominated for the Peace Prize, to be announced end of the year, amid growing global support.

He was recently granted a three-year residence permit by the Russian authorities on August 1.

But the most wanted man in the world could receive Swiss asylum if he opts to travel to Switzerland to testify against the National Security Agency, according to my previous piece earlier this week.

The Swiss Attorney General has stated that Switzerland would not extradite a US citizen if the individual’s “actions constitute a political offense, or if the request has been politically motivated”.

ECHQ

Shhh… Privacy Group Took “Five Eyes” Spy Pact Inquiries to Top European Court

Privacy International, a campaigning body on issues relating to surveillance matters, has lodged on Tuesday an appeal to the European Court of Human Rights (ECHR) to publish the treaty behind the intelligence sharing amongst the “Five Eyes” after the British government declined their initial applications, which the civil liberties group branded as a violation of the right to access of information.

The Anglophone countries behind the “Five Eyes” – the US, UK, Canada, Australia and New Zealand – have a treaty that bounds them to joint cooperation in signals intelligence – they don’t spy on each other but instead share the intelligence they have collected. The Snowden revelations also revealed that the NSA shared the intelligence with a host other “third parties”.

The British Government Communications Headquarters (GCHQ), the equivalent to the American NSA, has turned down every freedom of information requests filed by Privacy International for details on how information was shared between the intelligence agencies of this global spy pact.

According to The Guardian quoting Rosa Curling of law firm Leigh Day:

“The UK’s Freedom of Information Act precludes government authorities from disclosing to the public information directly or indirectly supplied by GCHQ.

“This absolute exemption is unlawful and contrary to article 10 of the European convention on human rights, which provides for the right to freedom of expression, which includes the right to receive information.”

The ECHR, located in Strasbourg, France, is an international court set up by the European Convention on Human Rights.

edward-snowdens-russian-lawyer-hes-almost-broke

Shhh… Snowden Could Receive Swiss Asylum

The American whistleblower and most wanted fugitive Edward Snowden could receive Swiss asylum if he opts to travel to Switzerland to testify against the National Security Agency, according to Swiss newspaper SonntagsZeitung today.

The Swiss attorney general is apparently keen in Snowden’s testimony against the US intelligence agency and said to guarantee his safety, and not have him deported to the US, according to the Swiss paper based on a document they obtained: “What rules would apply if Edward Snowden is brought to Switzerland and the United States makes an extradition request”.

It will be interesting to know if there’s any other reasons why the Swiss government are keen to keep Snowden – the NSA stationed Snowden in Geneva for 3 years through 2010, deployed as undercover with diplomatic credentials.

Snowden was recently granted a three-year residence permit by the Russian authorities on August 1.

NSA-NoGlennPic

Cloud Hacks More Than Just Nude Pics

Ever Thought of More Catastrophic Consequences?

The sensational invasion last week by hackers into dozens of pictures of nude Hollywood celebrities was a wardrobe malfunction on major scale, but it is time to take a more serious look beyond the alluring pictures. The world is heading for more catastrophic consequences in the cloud.

The leaks of the celebrities’ photos went viral online after hackers used new “brute force” attacks to break into the victims’ online accounts, casting the spotlight on the security of cloud computing.

But the disturbing and often overlooked question is, why are so many companies still blindly and trustingly moving ever more data into the cloud, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances and worst of all, our personal details, is left seemingly and increasingly more vulnerable?

Please refer to my entire column here.

CellPhoneTower-Fake

Shhh… Mysterious Fake Cellphone Towers Possibly New Foreign Threats

In what seems like invasion of privacy scaling to new heights, surpassing even the most dystopian state of any hardcore Orwellian, Americans found to their horror of not only having to live with NSA snoops on all their private communications when a recent Popular Science report revealed the existence of fake cellphone towers across the US that cannot be linked to any owner or operator and set up simply to connect to nearby phones, bypassing encryption to eavesdrop on calls and read text messages.

GSMinterceptor-USmap

As many as 17 such fake cellphone towers have been discovered in July alone, with more expected to be found, according to the map above charted out in August by ESD America CEO Les Goldsmith and phone technology expert.

What’s more disturbing is that most of the fake towers are set up near US military bases which prompts the question if these were US or foreign government interceptors.

These interceptors are radio-equipped devices to overcome the onboard encryption on our phones, Android or iOS alike. Their target is actually another operating system hidden behind every phone called the baseband processor, which channels the communications between the core OS and the cellphone towers.

And these towers are unlikely to belong to the NSA as the agency can simply go the local phone carriers to suck up all the metadata, as the Snowden revelations have revealed.

It would be interesting to keep an eye on the US Federal Communications Commission which The Washington Post announced early August that it is investigating into the use and misuse of surveillance technology by criminal networks and foreign intelligence.

internet-undersea-cable

Shhh… NSA Ready for Google’s “Faster” Trans-Pacific Undersea Internet Cable

You can imagine the NSA getting impatient over free lunches following the announcement last month about Google’s proposed underseas fiber optic cable that will span the Pacific Ocean from the US west coast to Japan starting mid-2016.

The new cable dubbed “Faster” to transmit 60 terabits per second will be “easy to tap for sure”, according to a former NSA official quoted in a report by online news portal VentureBeat.

Google will cough out US$300 million to join hands with several parties – including China Mobile International, China Telecom Global, Global Transit, KDDI and SingTel – for the project which “could have big implications for Google on the public-cloud front and also for mobile needs”.

The involvement of some of these Google’s partners in this undertaking would blow the socks off many in the intelligence communities.

Intelligence agencies tapping into undersea cables have been well documented. The NSA’s British counterparts GCHQ, for example, have “Tempora” that could collect up to 21 million gigabytes of data every 24 hours as previously revealed by Edward Snowden, according to VentureBeat.

Apart from tapping communications, undersea cables are also left vulnerable exactly where they are.

scubaDivers-CutCables

Media reports had it that the Egyptian Armed Forces have arrested 3 scuba divers who tried to cut and sabotage an undersea internet cable in the Mediterranean.

Meanwhile lawyers representing the US government are in court hearings at the 2nd US Circuit Court of Appeals in Manhattan this week to defend the government’s bulk collection of telephone records from millions of Americans. Please stay tune.

syrian-internet-hack-nsa

Shhh… NSA’s Secret Technology – No-Hold-Bar Computer Penetration

The recently released book No Place to Hide by Glenn Greenwald is a page-turning thriller and I find this portion (below) really stands out:

pg118-GlennGreenwaldBook

One can’t help but wonder if this “secret technology” is beyond what’s already been known, ie. the NSA’s ability to penetrate into “air gapped” computers.

Air gapped (or air-gapped) computers are also known as “clean machines” because they are not and would never be connected to the internet – and they have to be brand new and not used computers, preferably paid by cash.

No doubt a computer that cannot be connected to the internet is pretty limited in what it can do but it is deemed absolutely safe.

These machines are usually used by the military and intelligence agencies dealing with highly sensitive or classified information.

However, it has been reported that the NSA has managed to use radio waves to break into computers disconnected to the internet.

Edward Snowden, and Wikileaks’ Julian Assange, are known to carry 3 to 4 laptops with them and it is no surprise one of these has been air gapped.

Snowden has even advised Greenwald on how to set up such a machine before the latter left New York to meet him in Hong Kong in the days building up to the Snowden revelations last year, as Greenwald wrote in his book.

But setting up and maintaining such a machine is more complex than one would initially think. Here’s a guide on the 10 rules to follow if you are still keen to have a clean machine.

2Reagan-Sign

Shhh… Mass Spying First Triggered By Executive Order 12333 Signed By Reagan

It was often widely believed the massive NSA snooping as revealed by the Snowden revelations was triggered by the aftermath of 9/11 during the Bush era but it now emerged that it’s the Executive Order 12333 issued and signed by then US President Ronald Reagan in 1981 that paved the leeway to intelligence agencies sweeping up vast quantities of Americans’ data.

This “twelve triple three”, as it’s known within the government circles, offers the underlying framework for the vast collection of metadata – including email contents, social network chats and messaging details to anything that surfs past the Internet on an incidental basis – even when Americans are not specifically targeted as it would be otherwise forbidden under the Foreign Intelligence Surveillance Act (FISA) of 1978

In a May 2014 interview with NBC, former NSA contractor Edward Snowden said that he specifically asked his colleagues at the NSA whether an executive order could override existing statutes. (They said it could not.) Snowden’s lawyer, Jesselyn Radack, said her client was specifically “referring to EO 12333”, according to a report by Ars Technica.

“President Ronald Reagan signed EO 12333 within his first year in office, 1981, largely as a response to the perceived weakening of the American intelligence apparatus by his two immediate predecessors, Presidents Gerald Ford and Jimmy Carter. Later, EO 12333 was amended three times by President George W. Bush between 2003 and 2008,” according to the report.

“Bush’s reasons for strengthening EO 12333 were similar. After the United States faced another existential threat in the immediate aftermath of the September 11 attacks, Bush—and later President Barack Obama—used EO 12333 to expand American surveillance power.”

And the rest was history.

But let’s not forget Glenn Greenwald said in this recent book No Place To Hide that the personal motto of former NSA chief Keith Alexander was “Collect it all”. Period?

ChinaOS

Shhh… (Another) New Chinese OS by October

A new homegrown Chinese operating system aimed to sweep aside foreign rivals like Microsoft, Google and Apple could be expected this coming October, according to a Xinhua news report Sunday.

The new OS would first target desktops with smartphones and other mobile devices to follow, according to Ni Guangnan who heads the development launched in March.

Now, it’s not that China has not attempted to create its very own OS. There was a Chinese Linux OS launched some years ago for mobile devices, dubbed the China Operating System (COS). It was developed as a joint effort by a company ‘Shanghai Liantong’, ISCAS (Institute of Software at the Chinese Academy of Sciences) and the Chinese Government. But it failed to take off and was later discontinued.

But the Chinese determination to have its very own system has risen a few bars recently, not least further sparked by the Snowden revelations that the American NSA planted “backdoor” surveillance tools on US-made hardware. Similarly the US have long been suspicious of China-made devices – Hmmm, is it still possible to get laptops with NO parts made in China? Check out my earlier column here if you are keen.

More recently, after the US made poster-boys of 5 Chinese military officers they accused of cyber-espionage in May, China swiftly banned government use of Windows 8. Just last month, it was also reported that as many as 10 Apple products were pulled out of a government procurement list as the spate of mistrusts continued.

China also lamented early last year that Google had too much control over its smartphone industry via its Android mobile operating system and has discriminated against some local firms.

Any bets on a fake Chinese OS any time soon – and sooner than October?

tor-project

Shhh… In TOR We (Can Still) Trust?

The BBC reported over the weekend that some NSA and GCHQ sleuths have been covertly tipping off developers of the Tor network as they were tasked to crack the code and find vulnerabilities in the cyber-tool most hated by the US and UK intelligence agencies, following a BBC interview with Andrew Lewman from the Tor Project.

“There are plenty of people in both organizations who can anonymously leak data to us to say – maybe you should look here, maybe you should look at this to fix this,” he said. “And they have.”

The Tor network has been favored by those who sought internet privacy and animosity. The free software conceals the location and usage of its users from anyone conducting network surveillance and traffic analysis. In other words, Tor shields one’s identity: It is difficult if not impossible to trace the internet activity of any Tor users. No wonder Tor is championed by the military, political activists, law enforcements, whistleblowers and of course, Edward Snowden.

Unfortunately, given what Tor is, it is also known as the gateway to the “dark web” as criminals and terrorists love it as well.

So it was no surprise when the Snowden revelations revealed both the NSA and GCHQ have been trying to crack Tor.

In fact, the NSA hates Tor so much it was also reported that the agency was not only targeting and cracking the Tor network but it had been taking digital fingerprints of anyone who are even remotely interested in privacy – including fans of the Linux Journal web site and anyone visiting the homepage of the Tor-powered Linux operating system Tails.

Tails-DVD

So what motivated those NSA and GCHQ spies to secretly contact the Tor developers? Lewman had an explanation:

“It’s sort of funny because it also came out that GCHQ heavily relies on Tor working to be able to do a lot of their operations.
“So you can imagine one part of GCHQ is trying to break Tor, the other part is trying to make sure it’s not broken because they’re relying on it to do their work.

Find out more about using Tor from my earlier column.

US1stPatent

Shhh… NSA Patents

Photo above: The first US patent granted to Samuel Hopkins on July 31, 1790 (Source: http://explorepahistory.com/displayimage.php?imgId=1-2-988 ).

The Foreign Policy magazine recently published an interesting piece on the number of patents the US National Security Agency has been granted by the American government since 1979.

These patents are behind the more than 270 spying devices, methods and designs used by the NSA’s “tens of thousands of cryptologists, mathematicians, and computer scientists who routinely come up with novel ways to protect — and steal — electronic data”, according to Foreign Policy.

NSApatents

Interestingly, as the chart above from the magazine shows, the NSA obtained 127 patents since 2005 – almost as many patents as it did in the previous 25 years – the year the former NSA director Keith Alexander came onboard.

Alexander retired from the NSA in March and announced last month he will seek as many as nine new patents for a computer security system he’s building at the private security firm he has co-founded, IronNet Cybersecurity, Inc.

KeithAlexander

His announcement has raised eyebrows (like the photo above) and when asked whether he was cashing in on classified information he has learned at the NSA, Alexander said he didn’t develop the idea while working at the agency.

“If I retired from the Army as a brain surgeon, wouldn’t it be OK for me to go into private practice and make money doing brain surgery?” he said.

“I’m a cyber guy. Can’t I go to work and do cyber stuff?”

NSApatentsDB

Check out the Foreign Policy link to the list of NSA Patents.

Five eye -2

Shhh… Beyond the NSA’s “Five Eyes”

The “Five Eyes” (FVEY) countries comprising of the US, UK, Canada, Australia and New Zealand are bound by a treaty for joint cooperation in signals intelligence – they don’t spy on each other but instead share the intelligence they have collected.

But the US also share with a host of other “third parties” as revealed in the recent book “No Place to Hide” by Glenn Greenwald. See the list of these countries at 1:50 of this clip.

portscanner-for-windows-7-matrix

Shhh… German Paper Reveals GCHQ’s Hacienda Program for Internet Colonization

The German news site Heise Online revealed late last week that British intelligence agency GCHQ has a “Hacienda” program to search for vulnerable systems across 27 countries that could be compromised by the British agency and its spy-counterparts in other countries, including the US, Canada, Australia and New Zealand.

Hacienda

The GCHQ reportedly used port scanning, which hackers used to find systems they can potentially penetrate, as a “standard tool” against the entire nations it targeted.

“It should also be noted that the ability to port-scan an entire country is hardly wild fantasy; in 2013, a port scanner called Zmap was implemented that can scan the entire IPv4 address space in less than one hour using a single PC,” according to Heise.

“The list of targeted services includes ubiquitous public services such as HTTP and FTP, as well as common administrative protocols such as SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration).”

Hacienda27countries

The same argument holds for those who still harbor the self-comforting thought of being “nobody”, “just an ordinary law-abiding citizen”, “small potato”, etc and thus not a surveillance target: it may not be you that they are interested but the people you “know”, “work with”, “chat with”, “befriend with”, “live with”, etc.

“Using this logic, every device is a target for colonization, as each successfully exploited target is theoretically useful as a means to infiltrating another possible target” and “Firewalls are unlikely to offer sufficient protection”, said the Heise report.

Message+in+a+bottle

Shhh… New Secure NSA-Proof Chat & Messaging Solutions like Bleep and Tox

If you are looking for Skype-alternatives because you are concerned with reports of its security issues – given Skype’s alleged “background” problems and refusal to reveal its encryption method – then take comfort that there are a host of options available you’ll be spoiled with choices.

Most recently BitTorrent, best associated with making the peer-to-peer (P2P) software that allows users to download the same file from multiple sources simultaneously, has announced the launch of a pre-alpha version of its secure chat and voice-message service called BitTorrent Bleep.

Bleep

In order to counter mass surveillance and eavesdropping, Bleep enables users to make calls and send messages over the Internet without using any central server to direct traffic. What BitTorrent did was to apply the same P2P technology used for decentralized file sharing to Bleep so there is no way one could track and peep at the conversations. In essence, Bleep is a decentralized communication platform specifically designed to protect user metadata and anonymity.

And in short, every messages a user sent out is just a “Bleep” to the recipients. Sounds good? The only problem for now is that Bleep is currently limited to Windows 7 or 8 users, although there will be support for more operating systems later.

On the other hand, there is also TOX, a Free and Open Source Software (FOSS – ie. one can verify its code, unlike Skype) initiative and secure alternative to an all-in-one communication platform that guarantees full privacy and secure message delivery.

TOX

Tox takes pride in being a configuration-free P2P Skype replacement.

“Configuration-free means that the user will simply have to open the program and without any account configuration will be capable of adding people to his or her’s friends list and start conversing with them,” according to the TOX homepage.

And finally, here’s a list of ten other Skype alternatives to explore.

2Snowden-Bolshoi

Shhh… NSA Missed Snowden’s Clues

The NSA had all along claimed Snowden stole 1.7 million files but Snowden told WIRED in an exclusive interview that there were apparently much more as the agency somehow missed his “digital bread crumbs“.

“I figured they would have a hard time,” Snowden said of his evidence trail. “I didn’t figure they would be completely incapable.”

Shhh… What’s this Google’s “Project Zero”?

Several reports have surfaced the last 24 hours about Google’s “Project Zero”, essentially the online search giant’s very own in-house super-geeks team of security researchers and hackers now devoted to finding security flaws in non-Google, third-party software “across the internet”, especially zero-day flaws (newly discovered bugs) – also known as “zero-day” vulnerabilities, those hackable bugs that are exploited by criminals, state-sponsored hackers and intelligence agencies.

Now the question is, is this a Google PR stunt? Read this and that articles and decide for yourself.

Shhh… GCHQ’s Hacking Tools Leaked

The latest Snowden revelations include a leaked document that lists the cyber-spy tools and techniques used by the American NSA’s UK counterpart GCHQ, according to a BBC News report.

More disturbing point: the GCHQ apparently used its toolbox to find ways to “alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things”.

Shhh… Guide to Safer Computing

The (Globe & Mail) Paranoid Computer User’s Guide to Privacy, Security and Encryption

A nice reference and handy guide.

Post-Snowden, the US Reaps a Security Whirlwind

Post-Snowden, the US Reaps a Security Whirlwind

From China with Love

It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.

There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.

Snowden said his biggest fear is that nothing would change following his bold decision a year ago.

You can find the entire column here.