What's new
  • As of today ICMag has his own Discord server. In this Discord server you can chat, talk with eachother, listen to music, share stories and pictures...and much more. Join now and let's grow together! Join ICMag Discord here! More details in this thread here: here.

The SNOWDEN Saga continues...

gaiusmarius

me
Veteran
N.S.A. Devises Radio Pathway Into Computers

N.S.A. Devises Radio Pathway Into Computers

well well, look what we have here...

N.S.A. Devises Radio Pathway Into Computers

By DAVID E. SANGER and THOM SHANKERJAN. 14, 2014


http://www.nytimes.com/2014/01/15/u...puters-not-connected-to-internet.html?hp&_r=0

WASHINGTON — The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.

While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.

The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
Related Coverage

President Obama spoke to reporters before a cabinet meeting at the White House on Tuesday morning. Mr. Obama’s speech on spying guidelines is scheduled for Friday.
Obama to Place Some Restraints on SurveillanceJAN. 14, 2014

The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.

The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.

Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”

“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”

No Domestic Use Seen

There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.

“N.S.A.'s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”

Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.

President Obama is scheduled to announce on Friday what recommendations he is accepting from an advisory panel on changing N.S.A. practices. The panel agreed with Silicon Valley executives that some of the techniques developed by the agency to find flaws in computer systems undermine global confidence in a range of American-made information products like laptop computers and cloud services.

Embracing Silicon Valley’s critique of the N.S.A., the panel has recommended banning, except in extreme cases, the N.S.A. practice of exploiting flaws in common software to aid in American surveillance and cyberattacks. It also called for an end to government efforts to weaken publicly available encryption systems, and said the government should never develop secret ways into computer systems to exploit them, which sometimes include software implants.

Richard A. Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group’s reasoning in an email last week, saying that “it is more important that we defend ourselves than that we attack others.”

“Holes in encryption software would be more of a risk to us than a benefit,” he said, adding: “If we can find the vulnerability, so can others. It’s more important that we protect our power grid than that we get into China’s.”

From the earliest days of the Internet, the N.S.A. had little trouble monitoring traffic because a vast majority of messages and searches were moved through servers on American soil. As the Internet expanded, so did the N.S.A.'s efforts to understand its geography. A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.

A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.

That map suggests how the United States was able to speed ahead with implanting malicious software on the computers around the world that it most wanted to monitor — or disable before they could be used to launch a cyberattack.

A Focus on Defense

In interviews, officials and experts said that a vast majority of such implants are intended only for surveillance and serve as an early warning system for cyberattacks directed at the United States.

“How do you ensure that Cyber Command people” are able to look at “those that are attacking us?” a senior official, who compared it to submarine warfare, asked in an interview several months ago.

“That is what the submarines do all the time,” said the official, speaking on the condition of anonymity to describe policy. “They track the adversary submarines.” In cyberspace, he said, the United States tries “to silently track the adversaries while they’re trying to silently track you.”

If tracking subs was a Cold War cat-and-mouse game with the Soviets, tracking malware is a pursuit played most aggressively with the Chinese.

The United States has targeted Unit 61398, the Shanghai-based Chinese Army unit believed to be responsible for many of the biggest cyberattacks on the United States, in an effort to see attacks being prepared. With Australia’s help, one N.S.A. document suggests, the United States has also focused on another specific Chinese Army unit.

Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China — perhaps through front companies — from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.

At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.

“The argument is not working,” said Peter W. Singer of the Brookings Institution, a co-author of a new book called “Cybersecurity and Cyberwar.” “To the Chinese, gaining economic advantage is part of national security. And the Snowden revelations have taken a lot of the pressure off” the Chinese. Still, the United States has banned the sale of computer servers from a major Chinese manufacturer, Huawei, for fear that they could contain technology to penetrate American networks.

An Old Technology

The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.

In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.

One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.

The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.

Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.

Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.

The N.S.A. refused to talk about the documents that contained these descriptions, even after they were published in Europe.

“Continuous and selective publication of specific techniques and tools used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies,” Ms. Vines, the N.S.A. spokeswoman, said.

But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.

One feature of the Stuxnet attack was that the technology the United States slipped into Iran’s nuclear enrichment plant at Natanz was able to map how it operated, then “phone home” the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program.

But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.

On Sunday, according to the semiofficial Fars news agency, Iran’s Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting — and making no mention of what are suspected of being its own attacks on Saudi Arabia’s largest oil producer.
 

trichrider

Kiss My Ring
Veteran
NSA Data Have No Impact on Terrorism: Report


By Chris Strohm Jan 13, 2014 1:07 PM PT

National Security Agency surveillance protesters, organized by the "Stop Watching Us"...

A public policy group says a review of U.S. terrorist arrests shows the government’s collection of bulk phone records does little to prevent terrorism, adding fuel to a debate over whether the spy program should be ended.

The nonprofit New America Foundation, based in Washington, analyzed cases involving 225 people recruited by al-Qaeda or other terrorist groups and charged in the U.S. since the Sept. 11, 2001, attacks. The majority of cases started with traditional techniques, such as use of “informants, tips from local communities, and targeted intelligence operations,” according to a report today from the group, which has been critical of the NSA spy programs.

“Our investigation found that bulk collection of American phone metadata has had no discernible impact on preventing acts of terrorism and only the most marginal of impacts on preventing terrorist-related activity, such as fundraising for a terrorist group,” Peter Bergen, director of the foundation’s national security program, said in a statement.

The Espionage Act »

The National Security Agency’s collection and use of bulk phone records, such as numbers dialed and call durations, is one of several surveillance programs exposed by former government contractor Edward Snowden. The disclosures have prompted calls both domestically and overseas for the U.S. to discontinue or alter the programs.

Obama Decisions

President Barack Obama plans on Jan. 17 to announce his decisions on whether to alter spy programs, which could include requiring Verizon Communications Inc. (VZ), AT&T Inc. (T) and other phone companies to retain phone records for the government.

New America Foundation receives funding from both public and private sources, including the Bill and Melinda Gates Foundation and the U.S. Department of State, according to the group’s website. The foundation researches and analyzes a range of topics, including the inner workings of al-Qaeda, global economics and the U.S. education system. The Open Technology Institute, its technology arm, is in a coalition of privacy groups opposed to NSA’s data collection programs.

NSA Director Keith Alexander and Director of National Intelligence James Clapper had defended the use of bulk records as being essential to disrupting dozens of domestic and international terrorist plots when it was first exposed in June by Snowden. They since have backed off those claims.

Foiled Plots

Alexander told the Senate Judiciary Committee Oct. 2 that the program has helped stop only one or two terrorist plots inside the U.S. since it was begun in 2006. Clapper offered a new rationale for the program during the hearing, saying it can be used to provide “peace of mind” that there aren’t terrorist plots in the works.

A White House advisory panel appointed by Obama concluded in a Dec. 18 report the phone records program “was not essential to preventing attacks” and information needed to disrupt terrorist plots “could readily have been obtained in a timely manner using conventional” court orders.

The five members of the Review Group on Intelligence and Communications Technology are scheduled to testify tomorrow before the Senate Judiciary Committee.

The review group recommended putting limits on the NSA, including prohibiting the agency from collecting and storing billions of phone records. Instead, the data should be held by Verizon, AT&T and other carriers or a third party and only accessed by the NSA with a court warrant, the panel said.

Senator Patrick Leahy, a Vermont Democrat and chairman of the Judiciary Committee, has introduced legislation in line with the group’s recommendation.

‘Move Quickly’

The bulk metadata program is “a valuable tool” and “one of many programs the intelligence community uses to identify, track, and disrupt the activities of our adversaries, including terrorists,” Michael Birmingham, spokesman for the Office of the Director of National Intelligence, said in an e-mail.

“Neither this nor any other singular intelligence program can, by itself, ensure our national security,” he said. “The intelligence community has said that it would support modifications to the program that maintain the capability it provides, strengthens oversight and addresses concerns about civil liberties and privacy.”

Senator Dianne Feinstein, a California Democrat and chairman of the Senate intelligence committee, has vowed to kill legislation that would end the program. Carriers may have to spend $60 million a year to retain the phone records and face burdensome litigation, Feinstein said in a Jan. 9 interview.

‘Prevent Attack’

“This is to prevent an attack,” Feinstein said of the bulk phone records program. “You’ve got to move quickly when you have someone that is a known foreign terrorist calling into this country.”

Requiring the phone companies keep the records “presents a huge civil situation,” she said. “Would every detective or every attorney want to get the records?”

NSA spokeswoman Vanee Vines didn’t respond to a request for comment.

Kevin Bankston, policy director for the New American Foundation’s Open Technology Institute, has been part of a coalition of privacy advocates calling for the end of the collection of bulk phone records.

The foundation describes its work as “responsible to the changing conditions and problems of our 21st Century information-age economy,” according to the website. The foundation’s board chairman is Google Inc. Chairman Eric Schmidt, an Obama supporter.

http://www.bloomberg.com/news/2014-01-13/nsa-data-has-no-discernible-impact-on-terrorism-report.html
 

Harry Gypsna

Dirty hippy Bastard
Veteran
At least open-source is, by it's nature, peer reviewed. Even if the NSA could modify a code base for nefarious means, it would be detected by the 1% who care about such things, who will in turn inform the rest of us that something doesn't look right. We need open source encryption software. Actually, it doesn't really matter for the case of encryption, since quantum computing will be able to crack any current day encryption methods when the technology matures.


We already have open source encryption using the LUKS linux standard. TAILS comes with an open source GPG and full disc encryption built in. You can't do the hidden OS thing like True crypt ((Which is being audited right now)), but you can do hidden volume and encrypt things like USB sticks.

If they were anywhere close to cracking 4096 keys, they wouldn't have made it a crime carrying a 4 year sentence (here in the UK) to not give them your password, and as I understand it there have been court cases on that topic in the US too, and whether it comes under the 5th amendment.
I think that is pathetic, making it a crime not to give them your password. The way I see it, the password is my front door. If they want to come in my house, I can open the door, or they can kick it in...But here, they are so ass-hurt that they don't have the capability to kick the "door" in, so they've made it a legal obligation to open it for them.

As it stands, the experts believe we have about 20 years before 4096 keys are at risk. 2048 a lot sooner, if you are still using 1024, you should change it.
 

MrDanky

Member
although obama decided to try and calm the public today with his speech on the n-ess-a, ill say it again :no law will ever stop this spy train…..
 

gaiusmarius

me
Veteran
very interesting interview with Snowden, thanks for posting. it seems the journalists that he gave the documents to, still have things to reveal that they haven't shared so far. he really is a smart dude, leaving it up to the journalists he decided to share with what they think is in the public interest and he will only talk about stuff thats already been reported on. kinda smart too, for his own potential future legal safety.
 

idiit

Active member
Veteran
^
Our "rule of law" is an illusion.

^yes. ppl who make a grand living and live a grand lifestyle and can send their kids to the elite academic programs find it hard to bite the nipple ( the system) that has fed them so generously.

the system is corrupt and only feeds the top. the bottom (90%) are losing freedoms, savings, legal and constitutional ( in america) rights.

snowden's comments "we are their boss" is not understood by the 1%. they fancy themselves our rulers. the underlying 9% that are nothing but well fed puppets that are implementing, enforcing and concealing the 1% globalist agenda; are bought and paid for little whores whose social status and lifestyle depend on their puppet master's generosity.
 

idiit

Active member
Veteran
At a classified briefing for members of Congress which took place on Wednesday, members found out that Snowden took with him:

a complete roster of absolutely every employee and official of the entire US Government.
The names, home addresses, unlisted personal home telephone and personal cellular phone numbers, dates of birth and social security numbers of every person involved in any way, with any department of the US Government.
The files include elected officials, Cabinet appointees, Judges, and **ALL** law enforcement agency employees including sworn officers.
Similar files with the personal information of EVERY government contractor and all employees of that contractor!
Similar files with all the personal information of EVERY Bank Corporation, their operating officers and their Boards of Directors, including all current and former members of the Federal Reserve
Similar files with all the personal information about anyone holding any type of license from the Government such as Doctors, Lawyers, Stock Brokers, Commodities Traders . . . . and many more.
Similar files with all the personal information of EVERY non-bank Corporation in the U.S., including their operating officers and Boards of Directors.
Snowden has made it clear that if he is arrested, if he vanishes, or if he “dies” from any cause whatsoever, ALL of the information in his possession will be published publicly.

TRN has confirmed that, working through Julian Assange and his “WikiLeaks” organization, copies of the encrypted data have already been distributed to more than one-thousand, two hundred (1200) web sites around the world. Those sites have agreed to conceal the information until such time as contact with Snowden is “lost.” Once contact is lost, the sites have been told they will receive the Decryption keys via CD ROM, E-mail and P2P / Bit-Torrent file transfer. Once the decryption keys are sent, the sites have been instructed to wait a specific amount of time to confirm Snowden’s disappearance, arrest or death and upon expiration of that time period, to publish the decrypted materials.

Making the situation all the more dire for the government is that Snowden has made clear he will release some of the information under certain “other” circumstances. For instance, if Martial Law is declared in the US or if any elections are canceled for any reason, all the government employee info goes out. If an economic collapse takes place, all the Banker/Stock Broker/Commodities Trader information goes out. If Corporations start hyper-inflating prices, all the information about them, their officers and Board of Directors will go out.

Snowden literally has the most powerful people in the United States in an inescapable stranglehold. If any of the things articulated above take place, everyone throughout the country will know exactly who to blame and exactly where they live. One can only speculate that under the right conditions, it might not be long until those responsible for the problems of our country, faced consequences for their actions; consequences delivered one at a time, in the dark of night, when there is no help . . . . and no escape.
emphasis mine

^^ snippet.

Thursday, 06 February 2014 20:28 http://kauilapele.wordpress.com/201...names-home-addresses-and-other-personal-info/
 

gaiusmarius

me
Veteran
yeah i have to say some of the above is hard to believe.

i don't mean about the amount of data he has, but where is the source for his saying he will leak this part or that part if this or that happens. if he really said so why not publicly.

i do believe he might have used an automated program to trawl and copy everything, although if true, it kinda puts him in the super duper spy category. rather then being a plain whistle blower. his last interview he mentioned nothing that would indicate the above is true, i guess time will tell. i did read that the NSA heads aid said in an 9interview that Snowden basically has the keys to the kingdom. so i guess it could be true. although i want to see the interview or article by Snowden where he makes those specific threats. the only threat directly attributed to him was if he should be killed or disappeared everything would be released.
 

idiit

Active member
Veteran
although if true, it kinda puts him in the super duper spy category. rather then being a plain whistle blower.

^^ snowden is probably a super duper undercover spy imo. to think otherwise would be contrary to the evidence at hand.

i don't pretend to know, i suspect.

this is a truly great story and snowden is a true hero imo.
 

gaiusmarius

me
Veteran
check it out, seems amazing that he was able to do what he did.

Snowden used common web crawler tool to collect NSA files

http://rt.com/usa/snowden-crawler-nsa-files-227/

Whistleblower Edward Snowden used “inexpensive” and “widely available” software to gain access to at least 1.7 million secret files, The New York Times reported, quoting senior intelligence officials investigating the breach.

The collection process was “quite automated,” a senior intelligence official revealed. Snowden used “web crawler” software to “search, index and back up” files. The program just kept running, as Snowden went about his daily routine.

“We do not believe this was an individual sitting at a machine and downloading this much material in sequence,” the official said.

Investigators concluded that Snowden’s attack was not highly sophisticated and should have been easily detected by special monitors. The web crawler can be programmed to go from website to website, via embedded links in each document, copying everything it comes across.

The whistleblower managed to set the right algorithm for the web crawler, indicating subjects and how far to follow the links, according to the report. At the end of the day, Snowden was able to access 1.7 million files including documents on internal NSA networks and internal “wiki" materials, used by analysts to share information across the world.

Reportedly, Snowden had full access to the NSA’s files, as part of his job as the technology contractor in Hawaii, managing computer systems in a faraway outpost that focused on China and North Korea.

Officials added that the files were accessible because the Hawaii outpost was not upgraded with the latest security measures.

The web crawler used by Snowden was similar to, but not as advanced as the Googlebot crawler, used by Google and its search engine to access billions of websites and download their contents for fast search results.

The whistleblower did raise some flags while working in Hawaii, prompting questions about his work, but he was able to ward off criticism successfully.

“In at least one instance when he was questioned, Mr. Snowden provided what were later described to investigators as legitimate-sounding explanations for his activities: As a systems administrator he was responsible for conducting routine network maintenance. That could include backing up the computer systems and moving information to local servers, investigators were told,” according to the report.

Snowden admitted in June to taking an undisclosed number of documents, which in the last half-year have been regularly relied on by the international media for a number of high-profile reports about the US National Security Agency and its British counterpart, GCHQ. He was then granted political asylum by Russia and now resides in Moscow.

The leaks have unveiled a number of previously unreported NSA operations, including those involving dragnet surveillance programs that put the digital lives of millions, if not billions, of individuals across the world into the possession of the US government
 

idiit

Active member
Veteran
Whistleblower Edward Snowden used “inexpensive” and “widely available” software to gain access to at least 1.7 million secret files, The New York Times reported, quoting senior intelligence officials investigating the breach.

^ cover story that seems implausible to me.
 

bentom187

Active member
Veteran
Whistleblower Edward Snowden used “inexpensive” and “widely available” software to gain access to at least 1.7 million secret files, The New York Times reported, quoting senior intelligence officials investigating the breach.
^ cover story that seems implausible to me.


Indeed ,it seems to be a excuse to have more internet security or perhaps the TSA at every staples store. I really don't see how its a benefit to us, to have them keep secret all the illegal stuff they are doing to us.

In any event...... Everybody get real scared and vigilant,
maybe sacrifice some of your freedom's for the greater good.

HSVDk9V_zps7301b360.jpg
 

idiit

Active member
Veteran
Can American States Rein In An Out-Of-Control Federal Spy Agency?

The American people aren’t falling for NSA’s propaganda. They want the rogue agency reined in.

But Obama refuses to rein in the NSA, Dianne Feinstein says that Congress “doesn’t have the votes” to do anything about mass surveillance, and at least some judges are supporting the NSA’s spying (and it’s not clear what the Supreme Court will do).

But states are trying to fight back …

Legislation has been introduced in 10 states (and counting) proposing one or both of the following:

(1) Cutting off water, electricity or other resources to NSA facilities within the state

(2) Prohibiting the state’s cooperation with the NSA; for example, sharing data about its citizens, or university research support for NSA

For information about the state legislation:

http://www.washingtonsblog.com/2014/02/11-states-fight-back-nsa-spying.html
 

Latest posts

Latest posts

Top