Tag Archives: NSA

Hotel-wifi

Shhh… Hotel Cyber Blues

Business travels carry a huge price tag in security risks. Hence a common (but unspoken) practice amongst sleuths is particularly noteworthy: Avoid the biggest hotels in the biggest cities.

This is relevant because a Kaspersky Lab report (below) released earlier this week found a sophisticated industrial espionage campaign aimed at business executives using in-house wireless connections in luxury hotels across Asia, with thousands of victims since 2009 who otherwise believed they were using private and secure networks.

However, the risk with using hotel internet (both LAN and wireless) connections is nothing new.

The FBI has warned 2 years ago about malware being spread across hotel wi-fi systems.

And in the scandal involving former CIA director David Petraeus and his mistress Paula Broadwell (picture below) back in 2012, the way the FBI managed to trace emails sent by Broadwell from her hotel rooms also underscored the problems associated with using supposedly secure hotel internet connections – despite her attempt to shield her identity by using anonymous email accounts, the FBI were able to find out where the emails were sent from (ie. which cities, which wi-fi locations and which hotels) which eventually led to her name.

DavidPetraeus&PaulaBroadwell-2

Previously on Shhh-cretly, several columns also highlighted the perilous voyage business travelers faced, especially in Asia and the risks go well beyond hotel internet connections. Some fellow sleuths are well aware of how some government would send their agents to break into hotel rooms when the house guests were out for the day. For example, a Shhh-cretly post 2 years ago revealed how the FBI had video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.

It also helps to know that the locks found on between 4 and 5 million hotel room doors worldwide can easily be opened by a simple hacking device.

And one is still not necessarily safe inside a hotel room, even if the door is locked and blocked. Spy gadgets may have been planted inside the room to snoop on the unwary house guests. And some rooms even have “spying walls“.

With these knowledge, some sleuths have gone to great lengths to protect themselves – such as planting a covert camera in the room, weighing a data-less laptop, with and without the battery, and the power plug before and after leaving the hotel room as well as hiding a SD card (which store all your data transferred from your laptop prior to a business trip, thus the data-less laptop) under the tongue, etc.

According to the Kaspersky report, “a key mystery remains how attackers appear to know the precise travel itinerary of each victim”.

Well, recall the Snowden revelations have also revealed that the British intelligence agency GCHQ had a secretive “Royal Concierge” program that broke into the global hotel booking system of some 350 luxury hotels for about 3 years, specifically to trace and wiretap the suites of traveling diplomats.

Now, has the world reached a state of paranoia?

Execs in Asian luxury hotels fall prey to cyber-espionage -study

By Eric Auchard
FRANKFURT Mon Nov 10, 2014 5:04am EST

Nov 10 (Reuters) – Security researchers have uncovered a sophisticated industrial espionage campaign that targets business executives in luxury hotels across Asia once they sign on to computers using in-room wireless connections they consider private and secure.

The attacks, which go well beyond typical cybercriminal operations, have claimed thousands of victims dating back to 2009 and continue to do so, Kaspersky Lab, the world’s largest private security firm, shows in a report published on Monday.

Executives from the auto, outsourced manufacturing, cosmetic and chemical industries have been hit, the security firm said. Others targeted include military services and contractors.

In 2012, the FBI issued a general warning to U.S. government officials, businessmen and academics, advising them to use caution when updating computer software via hotel Internet connections when travelling abroad (1.usa.gov/1xAP4YI).

Kaspersky’s report goes further in detailing the scale, methods and precise targeting of these attacks on top business travelers. (bit.ly/1xcU0Gs)

The movements of executives appear to be tracked as they travel, allowing attackers to pounce once a victim logs on to a hotel Wi-Fi network. Hackers cover their tracks by deleting these tools off hotel networks afterward.

“These attackers are going after a very specific set of individuals who should be very aware of the value of their information and be taking strong measures to protect it,” said Kurt Baumgartner, principal security researcher for Kaspersky, the world’s largest privately held cybersecurity firm.

Unsuspecting executives who submit their room number and surname while logging on to their hotel room’s wireless network are tricked into downloading an update to legitimate software such as Adobe Flash, Google Toolbar or Microsoft Messenger, Kaspersky said. Because attacks happen at sign-on, encrypted communications set up later offer no defence against attack.

The same elite spying crew has used advanced keystroke-logging software and encryption-breaking at multiple hotel chains across Asia, it said.

Kaspersky declined to name the executives involved or the luxury destinations targeted but said it had informed the hotels as well as law enforcement officials in affected locations.

Ninety percent of the victims came from five countries — Japan, Taiwan, China, Russia and South Korea. Business travelers to Asia from Germany, Hong Kong, Ireland and the United States have also been duped, Baumgartner said.

The Kaspersky report said a key mystery remains how attackers appear to know the precise travel itinerary of each victim, which points to a larger compromise of hotel business networks that researchers say they are continuing to probe. (Reporting By Eric Auchard; Editing by Clara Ferreira Marques)

FacialRecognition

Shhh… US Federal Judge Calls for Scrutiny of FBI’s Facial Recognition System

A federal judge, US District Judge Tanya Chutkan, ruled last week that the FBI’s futuristic facial-recognition database requires scrutiny from open-government advocates because of the size and scope of the surveillance technology as well as privacy concerns – see story below.

Quick background: The FBI announced in late September its US$1 billion facial recognition program – the Next Generation Identification (NGI) System – was finally up and running. In development since at least 2008, “the NGI System was developed to expand the Bureau’s biometric identification capabilities, ultimately replacing the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) in addition to adding new services and capabilities”.

Privacy groups are concerned that the NGI System becomes invasive by collecting images of people suspected of no wrongdoing.

Federal Judge Says Public Has a Right to Know About FBI’s Facial Recognition Database

By Dustin Volz National Journal November 7, 2014

A federal judge has ruled that the FBI’s futuristic facial-recognition database is deserving of scrutiny from open-government advocates because of the size and scope of the surveillance technology.

U.S. District Judge Tanya Chutkan said the bureau’s Next Generation Identification program represents a “significant public interest” due to concerns regarding its potential impact on privacy rights and should be subject to rigorous transparency oversight.

“There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered,” Chutkan wrote in an opinion released late Wednesday.

Her ruling validated a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center that last year made a 2010 government report on the database public and awarded the group nearly $20,000 in attorneys’ fees. That government report revealed the FBI’s facial-recognition technology could fail up to 20 percent of the time. Privacy groups believe that failure rate may be even higher, as a search can be considered successful if the correct suspect is listed within the top 50 candidates.

“The opinion strongly supports the work of open-government organizations and validates their focus on trying to inform the public about government surveillance programs,” said Jeramie Scott, national security counsel with EPIC.

Privacy groups, including EPIC, have long assailed Next Generation Identification, which they argue could be used as an invasive means of tracking that collects images of people suspected of no wrongdoing. The program—a biometric database that includes iris scans and palm prints along with facial recognition—became “fully operational” this summer, despite not undergoing an internal review, known as a Privacy Impact Assessment, since 2008. Government officials have repeatedly pledged they would complete a new privacy audit.

FBI Director James Comey has told Congress that the database would not collect or store photos of ordinary citizens, and instead is designed to “find bad guys by matching pictures to mug shots.” But privacy groups contend that the images could be shared among the FBI and other agencies, including the National Security Agency, and even with state motor-vehicle departments.

In his testimony, given in June, Comey did not completely refute that database information could potentially be shared with states, however.

Government use of facial-recognition technology has undergone increasing scrutiny in recent years, as systems once thought to exist only in science fiction movies have become reality. TheNew York Times reported on leaks from Edward Snowden revealing that the NSA intercepts “millions of images per day” across the Internet as part of an intelligence-gathering program that includes a daily cache of some 55,000 “facial-recognition quality images.”

The Justice Department did not immediately return a request for comment regarding whether it will appeal Chutkan’s decision.

Blackberry-Encryption

Shhh… Former NSA Attorney: Encryption Behind Blackberry’s Demise & Warning to Apple and Google

The authorities hate smartphone encryption and it shows. And they’re in concerted efforts to wage a war against it.

In echoing the recent messages from FBI director James Comey and GCHQ chief Robert Hannigan, former NSA general counsel Stewart Baker told the Web Summit audience in Dublin earlier this week that the moves by Google and Apple and others to encrypt user data was more hostile to western intelligence gathering than to surveillance by China or Russia.

In a conversation with Guardian special projects editor James Ball, Baker used Blackberry as an example:

Encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now – that has not ended well for Blackberry,” said Baker.

He claimed that by encrypting user data Blackberry had limited its business in countries that demand oversight of communication data, such as India and the UAE and got a bad reception in China and Russia. “They restricted their own ability to sell. We have a tendency to think that once the cyberwar is won in the US that that is the end of it – but that is the easiest war to swim.”

Baker said the market for absolute encryption was very small, and that few companies wanted all their employees’ data to be completely protected. “There’s a very comfortable techno-libertarian culture where you think you’re doing the right thing,” said Baker.

“But I’ve worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner to later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished.

This latest anti-encryption blabbing drew quick defense from Blackberry COO Marty Beard, who found Baker’s remarks “don’t make any sense”.

“Security is a topic that’s increasing in importance,” Beard told the audience at FedScoop’s FedTalks event Thursday. “It’s the reason that all G7 countries and the G20 work with BlackBerry.

“We just see it growing in importance. The increasing cybersecurity threats are exploding, security across all [technology] layers is critical.”

DigitalFingerprint

Shhh… Micah Lee on Snowden & Smuggling (Secrets) Tricks

Check out this excellent piece from Glenn Greenwald’s The Intercept on how Edward Snowden first contacted Laura Poitras and smuggled his truckloads of NSA secret documents to her with Micah Lee as the middleman.

MicahLee

Photo (above) credit: Micah Lee & Wired

Snowden-014

Shhh… Snowden Awarded Russian Private Literary Prize

Former NSA contractor-turned-fugitive Edward Snowden has bagged another award earlier this week on Monday: a private literary prize from the Zinovyev Institute, a private foundation for the study of creative writings of Russian writer and philosopher Alexander Zinovyev.

Snowden was not in attendance to receive the award given his need to keep a low profile since his asylum in Russia in August last year though he has been appearing actively at various events globally via live broadcast.

Snowden, a 2014 Nobel Peace Prize nominee, also received the Right Livelihood Award 2014 in late September.

NSAmonkeyBiz

Shhh… More NSA Shakeup Following Another Conflict of Interest?

More personnel problems at the National Security Agency…

Another conflict of interest matter has led the agency’s top spy Teresa Shea to leave her position as director of signals intelligence (SIGINT), which the NSA said last week was a “routine” transition “planned well before recent news articles”.

Shea as the SIGINT head was behind some of the most controversial mass surveillance programs disclosed by former NSA contractor Edward Snowden.

The shakeup followed a recent BuzzFeed report (below) on the financial interests of Shea and her husband James Shea. The latter was a contractor with a SIGINT “contracting and consulting” company – Telic Networks – registered to the couple’s home. He is also the vice president of another SIGINT contractor – DRS Signals Solutions – that “appears to do business with the NSA”. The sleuth Shea herself had also incorporated an “office and electronics” business at her home.

These headlines came hot on the heels of recent reports on former NSA director Keith Alexander, who had business dealings with potential conflicts of interest during and after his NSA reign in March. Furthermore, a recent Reuters report found Alexander also hired another top NSA official, chief technology officer Patrick Dowd, to work at his new cyber-security company when Dowd was still on NSA payroll.

Find out more from the following Buzzfeed report:

Exclusive: Shakeup At NSA After BuzzFeed News Reports On Potential Conflict Of Interest

Top National Security Agency official Teresa Shea is leaving her position after BuzzFeed News reported on her and her husband’s financial interests. The move comes as the NSA faces more questions about the business dealings of its former director Keith Alexander, and potential ethics conflicts. This post has been updated to include a response from the NSA.

posted on Oct. 24, 2014, at 12:28 p.m.

Aram Roston
BuzzFeed Staff

WASHINGTON — One of the nation’s top spies is leaving her position at the National Security Agency (NSA), a spokesman confirmed Friday, amid growing disclosures of possible conflicts of interest at the secretive agency.
The shakeup comes just a month after BuzzFeed News began reporting on the financial interests of the official, Teresa Shea, and her husband.

Shea was the director of signals intelligence, or SIGINT, which involves intercepting and decoding electronic communications via phones, email, chat, Skype, and radio. It’s widely considered the most important mission of the NSA, and includes some of the most controversial programs disclosed by former contractor Edward Snowden, including the mass domestic surveillance program.

The NSA provided a statement Friday that said Teresa Shea’s “transition” from the SIGINT director job was routine and “planned well before recent news articles.” The agency indicated she would remain employed, but did not provide specifics.

The Sheas did not respond to a message left at their home telephone number.

In September, BuzzFeed News reported that a SIGINT “contracting and consulting” company was registered at Shea’s house, even while she was the SIGINT director at NSA. The resident agent of the company, Telic Networks, was listed as James Shea, her husband.

Mr. Shea is also the vice president of a major SIGINT contractor that appears to do business with the NSA. The company, DRS Signals Solutions, is a subsidiary of DRS Technologies, which itself is a subsidiary of Italian-owned Finmeccanica SPA.

Last week BuzzFeed News also reported Shea herself had incorporated an “office and electronics” business at her house, and that the company owned a six-seat airplane and a condominium in the resort town of Hilton Head, South Carolina.

Over the past month, Teresa and James Shea haven’t returned phone calls, and the NSA has declined to comment about any specifics, beyond explaining how the agency tries to address conflict of interest issues in general, and to say that “the agency takes Federal ethics laws quite seriously.”

In April, Adm. Michael Rogers took over as director of the NSA, and it was expected he might shuffle staff. One intelligence source said Shea’s departure from her job appeared to be due in part to the “optics” of a top NSA official coming under scrutiny by the press for her and her husband’s business dealings. The other said the press disclosures may have nothing to do with her leaving.

In a statement Friday, NSA spokesman Michael Halbig said that “NSA considers regular rotations of senior leaders as a catalyst for achieving diverse, fresh perspectives on the nation’s critical national security challenges.”

He added that “We value her leadership as a senior leader and look forward to her continued contribution to the mission to help defend the nation.”

Since she would no longer be director of SIGINT, presumably potential conflicts stemming from her husband’s role as a SIGINT contractor, with a SIGINT company at their home, would be alleviated.

Shea, as SIGINT director, presided over most of the NSA operations disclosed by Snowden. The most controversial of those is the mass domestic surveillance program, under which the agency collects data on virtually every phone call Americans make, domestically or overseas, from a cell phone or a landline. But other operations included disclosures that calls by the leaders of foreign allies were intercepted, and that a vast amount of electronic communications were collected from American internet companies such as Google and Yahoo.

Last week, the NSA came under increasing pressure because of the business dealings of former director Keith Alexander, who left the agency in March.

Reuters disclosed that Alexander hired another top NSA official to work at his company, even while the scientist continued to work at the NSA. Reuters said the NSA had begun a review of the unusual agreement, under which NSA Chief Technology Officer Patrick Dowd was to work 20 hours a week at Alexander’s company, Ironnet Cybersecurity, while still working for the U.S. government.

This week, after the controversy erupted, the company said Dowd would no longer work there.

AshkanSoltani

Shhh… FTC New Appointee Ashkan Soltani Irks NSA Top Guns

The US Federal Trade Commission announced last week the appointment of Ashkan Soltani as the FTC’s chief technologist starting November, where he would advise on technology and policy issues for the same agency where he had previously served as a technical expert and staff technologist.

But what made his appointment stands out was other aspects of his resume. Soltani is a renowned and outspoken security researcher and has served as a technical expert for several state attorney general. Most notably, he was recently involved in investigative journalism, as a media consultant at the Washington Post helping Barton Gellman and other reporters on the technical and security aspects of the Snowden documents – and sharing their 2014 Pulitzer Prize for Public Service – plus other spells at The Wall Street Journal and The New York Times.

His latest appointment has upset NSA top guns, drawing criticisms from former NSA director Michael Hayden (and CIA director from 2006 to 2009):

I’m not trying to demonize this fella, but he’s been working through criminally exposed documents and making decisions about making those documents public.

and former NSA general counsel Stewart Baker:

I don’t think anyone who justified or exploited Snowden’s breach of confidentiality obligations should be trusted to serve in government.

In the same report on these reactions, there’s an interesting reader’s comment:

Applesauce-Oath

Hayden and Baker seem to think they took a different oath: to protect the American people from “terrorists” at all costs. And maybe to profit from investing in surveillance companies“? See my earlier posts on Keith Alexander’s business ventures during and after his NSA tenure.

BrowseAnonymously2

Shhh… Privacy: Tor Guide on Browsing Anonymously

Here’s an interesting chart on how to use Tor to browse the web anonymously:

TorInfographics

The Tor Project is a free software and an open network that shields your online identity and thus helps you maintain privacy by defending against network surveillance:

But Tor can still be compromised and multiple layers of security is recommended:

Emmys

Shhh… The Guardian Bagged An Emmy

Congratulations to The Guardian for winning an Emmy award in New York Tuesday night for its groundbreaking coverage on the Snowden revelations.

The multimedia interactive feature NSA Decoded by The Guardian emerged the winner in the new approaches: current news category at the news and documentary Emmy awards.

The interactive coverage, which includes interviews and discussions with key players like journalist Glenn Greenwald, former NSA employees, senators and members of US congress, helps the audience understand the facts and implications of Edward Snowden’s disclosures last year about the NSA’s mass surveillance program.

The Guardian has also won in April, along with the Washington Post, the Pulitzer prize for public service for their groundbreaking coverage of the Snowden revelations.

TimBerners-Lee

Shhh… Tim Berners-Lee on the Web & Privacy

Tim Berners-Lee, the inventor of the web 25 years ago and director of the World Wide Web Consortium, spoke at the Web We Want Festival last Saturday whereby he, according to The Guardian, also called on Saturday for a bill of rights that would guarantee the independence of the internet and ensure users’ privacy.

“If a company can control your access to the internet, if they can control which websites they go to, then they have tremendous control over your life,” the British computer scientist said. “If a government can block you going to, for example, the opposition’s political pages, then they can give you a blinkered view of reality to keep themselves in power.

“Suddenly the power to abuse the open internet has become so tempting both for government and big companies.”

Below is Tim Berners-Lee at a TED Talk earlier this year.

Phone-encrypt

Shhh… Apple & Google Phones Too Secure?

This may as well be the best ever advertisement any company would die for…

FBI director James Comey criticized on Thursday that the encryption in the latest operating systems of Apple and Google phones were so secure that law enforcement officials would have no access to information stored on those devices even with valid warrants and asked why companies would “market something expressly to allow people to place themselves beyond the law”.

“There will come a day when it will matter a great deal to the lives of people … that we will be able to gain access,” Mr Comey reportedly told the media.

“I want to have that conversation [with companies responsible] before that day comes.”

Law enforcement agencies place premiums on their forensic abilities to search sensitive data like photos, messages and web histories on smartphones – and also on old plain vanilla cellular phones to some extent – to solve some serious crimes: mobile phones increasingly perform and even replace what we used to do with our computers but thanks to the convergence of technologies, law enforcement and investigators are now able to use mobile phone forensic, much like computer forensic techniques, to retrieve data, including deleted data, from the phones as they did on computers.

The comments from Comey came hot on the heels of news last week that Apple’s latest mobile operating system, iOS 8, is so well encrypted that even Apple Inc. cannot unlock their mobile devices. Google meanwhile is also adopting its latest encryption format for its new (to be released) Android operating system that the company would be unable to unlock.

Question: Has Comey approached the NSA for help?

CIA

Shhh… CIA Stand-down in Western Europe?

The CIA has undertaken an unprecedentedly long stand-down on friendly Western European allies following the recent furor in the aftermath of an exposed German agent and accumulated impacts from the Snowden revelations in order to re-examine its strategy, according to current and former US officials, which if true would prove an unfortunate timing for the United States given its concerns about Europe’s response to Russian aggression and monitoring of European extremists in Syria.

The so-called pause means CIA officers based in Europe have to withdraw covert clandestine meetings to gather intelligence from their well-placed sources, or roping in new recruits for that matter, though they are not barred from meeting their counterparts in the host country and conduct joint operations with host country services, according to the Associated Press.

Director of National Intelligence James Clapper reportedly said Thursday that the US is assuming more risks given its pullback from spying on “specific targets”.

The stand-down was part of the fallout from the July 2 arrest of a 31-year old employee of the German intelligence service who later confessed he worked for the CIA. The CIA station chief in Berlin was (unprecedentedly) forced out of Germany a few days later, which underscored the German stance on the US who have already been stung from earlier Snowden revelations that the NSA had been tapping on the mobile phone of German Chancellor Angela Merkel.

While such halts are common after an operation was compromised they were “never this long or this deep”, which has been in effect for about 2 months now.

Now the question is, would a NSA stand-down follow? Bet not and probably never.

CIA-ClandestineOps

Shhh… CIA’s Declassified Archives – Highlight American Vulnerabilities

The US Central Intelligence Agency released on Thursday a trove of newly declassified “Studies in Intelligence” documents on its homepage.

The move was the result of a long-running lawsuit between the agency and a former employee Jeffrey Scudder – according to the Washington Post (see video clip below) – whose CIA stint includes a 2-year spell looking after the agency’s historical files which ultimately ended his CIA career after he submitted a request under the Freedom of Information Act to release records of old clandestine operations he believed should have been made public.

Amongst the 249 documents released, spanning from the 1970s to 2000s, there’s one labeled “Analyzing Economic Espionage” which attempts to examine foreign intelligence operations against US economic interests beyond the scope and threats of technological advances – including the focus on certain traits of Americans that make them vulnerable to foreign agents, ie. resulting in a threat to the US.

“Foreign intelligence services are more inclined to operate against American targets outside the US” and “some intelligence services that stop short of recruiting US citizens use intelligence operatives to elicit information from them; the targeted American is unwitting of his interlocutor’s intelligence connection”.

CIAclassified

The 7-page document listed “certain personality attributes that increase our vulnerability”:

- Americans like to talk. We tend to be sociable and gregarious, even with casual contacts. We want to be liked, especially by foreigners, because many of us are still trying to overcome an “ugly American” complex. We place a higher premium on candor than on guile, on trust than on discretion.

- Many Americans do not know foreign languages, which in some respects puts them at a disadvantage when living in foreign countries. This does not mean we are “innocents abroad,” but it may make us less likely to pick up clues of suspicious behavior. Americans who do not know the language of a given country may forget that nationals of that country in a position to overhear their conversations often do know English.

- Many Americans are ambitious, oriented toward job advancement and professional recognition. Inevitably, some morally weak individuals are willing to sacrifice personal integrity in pursuit of their career goals.

Snowden-AucklandDotCom

Shhh… Snowden’s Latest Appearance – Kim Dotcom’s “Moment of Truth” Event in Auckland

Above: Edward Snowden discussed online surveillance on Kim Dotcom’s Moment of Truth event in Auckland, New Zealand on September 15. Both Julian Assange and Glenn Greenwald were also present.

The event follows up on the acknowledgement by Prime Minister John Key that the Kiwi intelligence agency Government Communications Security Bureau (GCSB) had tapped into the cable but only for the purposes of a cybersecurity programme – following his earlier denial of any allegation that the GCSB had spied on New Zealanders.

New Zealanders are now waiting for Key to explain the revelations that the GCSB operates X-Keyscore in New Zealand and conducting mass surveillance on the citizens on behalf of the NSA without their knowledge.

Watch the entire event here below:

Comcast-OnTOR

Shhh… Comcast Set Record Straight on TOR

Amidst widespread reports early this week that Comcast Corporation has been discouraging customers from using the Tor Browser, the anonymous browser favored by people like Snowden and hackers alike, Comcast – the largest broadcasting and cable company in the world by revenue – has clarified that the reports were not true and the company has not asked customers to stop using Tor or any other browser.

“We have no policy against Tor, or any other browser or software. Customers are free to use their Xfinity Internet service to visit any website, use any app, and so forth.”

See Comcast’s clarification here.

NobelPeacePrize

Shhh… Norway to Arrest Nobel-nominated Snowden

The Norwegian police should arrest NSA whistle-blower and fugitive Edward Snowden if he showed up in Norway to receive the Nobel Peace Prize this December, according to a Norwegian politician.

Norwegian Right Wing Party MP Michael Tatzschner warned that bagging the prestigious prize would in no way exempt Snowden from arrest and Norway should not make a distinction between a Nobel Peace Prize winner and any other wanted American citizen.

“Norway needs to respect the agreements that we have signed,” Tatzschener told Norway’s media Dagbladet on Tuesday, with reference to international law that, given a valid US warrant, requires Norway to arrest Snowden if he arrives in the country.

MAD-Magazine-Snowden-Flee

Snowden (shown above: Photo credit to MAD magazine) has been nominated for the Peace Prize, to be announced end of the year, amid growing global support.

He was recently granted a three-year residence permit by the Russian authorities on August 1.

But the most wanted man in the world could receive Swiss asylum if he opts to travel to Switzerland to testify against the National Security Agency, according to my previous piece earlier this week.

The Swiss Attorney General has stated that Switzerland would not extradite a US citizen if the individual’s “actions constitute a political offense, or if the request has been politically motivated”.

ECHQ

Shhh… Privacy Group Took “Five Eyes” Spy Pact Inquiries to Top European Court

Privacy International, a campaigning body on issues relating to surveillance matters, has lodged on Tuesday an appeal to the European Court of Human Rights (ECHR) to publish the treaty behind the intelligence sharing amongst the “Five Eyes” after the British government declined their initial applications, which the civil liberties group branded as a violation of the right to access of information.

The Anglophone countries behind the “Five Eyes” – the US, UK, Canada, Australia and New Zealand – have a treaty that bounds them to joint cooperation in signals intelligence – they don’t spy on each other but instead share the intelligence they have collected. The Snowden revelations also revealed that the NSA shared the intelligence with a host other “third parties”.

The British Government Communications Headquarters (GCHQ), the equivalent to the American NSA, has turned down every freedom of information requests filed by Privacy International for details on how information was shared between the intelligence agencies of this global spy pact.

According to The Guardian quoting Rosa Curling of law firm Leigh Day:

“The UK’s Freedom of Information Act precludes government authorities from disclosing to the public information directly or indirectly supplied by GCHQ.

“This absolute exemption is unlawful and contrary to article 10 of the European convention on human rights, which provides for the right to freedom of expression, which includes the right to receive information.”

The ECHR, located in Strasbourg, France, is an international court set up by the European Convention on Human Rights.

edward-snowdens-russian-lawyer-hes-almost-broke

Shhh… Snowden Could Receive Swiss Asylum

The American whistleblower and most wanted fugitive Edward Snowden could receive Swiss asylum if he opts to travel to Switzerland to testify against the National Security Agency, according to Swiss newspaper SonntagsZeitung today.

The Swiss attorney general is apparently keen in Snowden’s testimony against the US intelligence agency and said to guarantee his safety, and not have him deported to the US, according to the Swiss paper based on a document they obtained: “What rules would apply if Edward Snowden is brought to Switzerland and the United States makes an extradition request”.

It will be interesting to know if there’s any other reasons why the Swiss government are keen to keep Snowden – the NSA stationed Snowden in Geneva for 3 years through 2010, deployed as undercover with diplomatic credentials.

Snowden was recently granted a three-year residence permit by the Russian authorities on August 1.

NSA-NoGlennPic

Cloud Hacks More Than Just Nude Pics

Ever Thought of More Catastrophic Consequences?

The sensational invasion last week by hackers into dozens of pictures of nude Hollywood celebrities was a wardrobe malfunction on major scale, but it is time to take a more serious look beyond the alluring pictures. The world is heading for more catastrophic consequences in the cloud.

The leaks of the celebrities’ photos went viral online after hackers used new “brute force” attacks to break into the victims’ online accounts, casting the spotlight on the security of cloud computing.

But the disturbing and often overlooked question is, why are so many companies still blindly and trustingly moving ever more data into the cloud, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances and worst of all, our personal details, is left seemingly and increasingly more vulnerable?

Please refer to my entire column here.

CellPhoneTower-Fake

Shhh… Mysterious Fake Cellphone Towers Possibly New Foreign Threats

In what seems like invasion of privacy scaling to new heights, surpassing even the most dystopian state of any hardcore Orwellian, Americans found to their horror of not only having to live with NSA snoops on all their private communications when a recent Popular Science report revealed the existence of fake cellphone towers across the US that cannot be linked to any owner or operator and set up simply to connect to nearby phones, bypassing encryption to eavesdrop on calls and read text messages.

GSMinterceptor-USmap

As many as 17 such fake cellphone towers have been discovered in July alone, with more expected to be found, according to the map above charted out in August by ESD America CEO Les Goldsmith and phone technology expert.

What’s more disturbing is that most of the fake towers are set up near US military bases which prompts the question if these were US or foreign government interceptors.

These interceptors are radio-equipped devices to overcome the onboard encryption on our phones, Android or iOS alike. Their target is actually another operating system hidden behind every phone called the baseband processor, which channels the communications between the core OS and the cellphone towers.

And these towers are unlikely to belong to the NSA as the agency can simply go the local phone carriers to suck up all the metadata, as the Snowden revelations have revealed.

It would be interesting to keep an eye on the US Federal Communications Commission which The Washington Post announced early August that it is investigating into the use and misuse of surveillance technology by criminal networks and foreign intelligence.

internet-undersea-cable

Shhh… NSA Ready for Google’s “Faster” Trans-Pacific Undersea Internet Cable

You can imagine the NSA getting impatient over free lunches following the announcement last month about Google’s proposed underseas fiber optic cable that will span the Pacific Ocean from the US west coast to Japan starting mid-2016.

The new cable dubbed “Faster” to transmit 60 terabits per second will be “easy to tap for sure”, according to a former NSA official quoted in a report by online news portal VentureBeat.

Google will cough out US$300 million to join hands with several parties – including China Mobile International, China Telecom Global, Global Transit, KDDI and SingTel – for the project which “could have big implications for Google on the public-cloud front and also for mobile needs”.

The involvement of some of these Google’s partners in this undertaking would blow the socks off many in the intelligence communities.

Intelligence agencies tapping into undersea cables have been well documented. The NSA’s British counterparts GCHQ, for example, have “Tempora” that could collect up to 21 million gigabytes of data every 24 hours as previously revealed by Edward Snowden, according to VentureBeat.

Apart from tapping communications, undersea cables are also left vulnerable exactly where they are.

scubaDivers-CutCables

Media reports had it that the Egyptian Armed Forces have arrested 3 scuba divers who tried to cut and sabotage an undersea internet cable in the Mediterranean.

Meanwhile lawyers representing the US government are in court hearings at the 2nd US Circuit Court of Appeals in Manhattan this week to defend the government’s bulk collection of telephone records from millions of Americans. Please stay tune.

syrian-internet-hack-nsa

Shhh… NSA’s Secret Technology – No-Hold-Bar Computer Penetration

The recently released book No Place to Hide by Glenn Greenwald is a page-turning thriller and I find this portion (below) really stands out:

pg118-GlennGreenwaldBook

One can’t help but wonder if this “secret technology” is beyond what’s already been known, ie. the NSA’s ability to penetrate into “air gapped” computers.

Air gapped (or air-gapped) computers are also known as “clean machines” because they are not and would never be connected to the internet – and they have to be brand new and not used computers, preferably paid by cash.

No doubt a computer that cannot be connected to the internet is pretty limited in what it can do but it is deemed absolutely safe.

These machines are usually used by the military and intelligence agencies dealing with highly sensitive or classified information.

However, it has been reported that the NSA has managed to use radio waves to break into computers disconnected to the internet.

Edward Snowden, and Wikileaks’ Julian Assange, are known to carry 3 to 4 laptops with them and it is no surprise one of these has been air gapped.

Snowden has even advised Greenwald on how to set up such a machine before the latter left New York to meet him in Hong Kong in the days building up to the Snowden revelations last year, as Greenwald wrote in his book.

But setting up and maintaining such a machine is more complex than one would initially think. Here’s a guide on the 10 rules to follow if you are still keen to have a clean machine.