Tag: GCHQ

According to documents given to The Intercept by whistleblower Edward Snowden, even the newest cell phones (3G, 4G and LTE0 are not safe from the spies of the NSA and it British counterpart, GCHQ. According to the article, one of the largest manufacturers of SIM cards, which all cell phones depend on for communications, were hacked by these agencies spies who stole the encryption keys. This has given them access to even to billions of cell phones all over the world. As usual, Intercept contributors, Jeremy Scahill and Josh Begley are very thorough in their extensive article but here is the core or the report:

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt. [..]

GCHQ and the NSA could have taken any number of routes to steal SIM encryption keys and other data. They could have physically broken into a manufacturing plant. They could have broken into a wireless carrier’s office. They could have bribed, blackmailed or coerced an employee of the manufacturer or cellphone provider. But all of that comes with substantial risk of exposure. In the case of Gemalto, hackers working for GCHQ remotely penetrated the company’s computer network in order to steal the keys in bulk as they were en route to the wireless network providers. [..]

TOP-SECRET GCHQ documents reveal that the intelligence agencies accessed the email and Facebook accounts of engineers and other employees of major telecom corporations and SIM card manufacturers in an effort to secretly obtain information that could give them access to millions of encryption keys. They did this by utilizing the NSA’s X-KEYSCORE program, which allowed them access to private emails hosted by the SIM card and mobile companies’ servers, as well as those of major tech corporations, including Yahoo and Google.

In effect, GCHQ clandestinely cyberstalked Gemalto employees, scouring their emails in an effort to find people who may have had access to the company’s core networks and Ki-generating systems. The intelligence agency’s goal was to find information that would aid in breaching Gemalto’s systems, making it possible to steal large quantities of encryption keys. The agency hoped to intercept the files containing the keys as they were transmitted between Gemalto and its wireless network provider customers.

GCHQ operatives identified key individuals and their positions within Gemalto and then dug into their emails. In one instance, GCHQ zeroed in on a Gemalto employee in Thailand who they observed sending PGP-encrypted files, noting that if GCHQ wanted to expand its Gemalto operations, “he would certainly be a good place to start.” They did not claim to have decrypted the employee’s communications, but noted that the use of PGP could mean the contents were potentially valuable.

The cyberstalking was not limited to Gemalto. GCHQ operatives wrote a script that allowed the agency to mine the private communications of employees of major telecommunications and SIM “personalization” companies for technical terms used in the assigning of secret keys to mobile phone customers. Employees for the SIM card manufacturers and wireless network providers were labeled as “known individuals and operators targeted” in a top-secret GCHQ document.

According to experts who were interviewed by The Guardain, this is a huge invasive breach and may still be continuing:

Gemalto, the company targeted by the spy agencies, produces 2bn sim cards per year for clients including AT&T, Sprint, T-Mobile and Verizon. The Netherlands-based company operates in 85 countries around the world and provides cards to some 450 wireless network providers globally.

The stolen encryption keys would allow intelligence agencies to monitor mobile communications without the approval or knowledge of telecom companies and foreign governments.

Chris Soghoian, principal technologist at the American Civil Liberties Union, told the Guardian the hack would allow spies to “put an aerial up on the embassy in Berlin and listen in to anyone’s calls in the area”.

Calls made on 3G and 4G mobile networks are encrypted. But with the keys, which a GCHQ slide described as living “in the phone”, spies could access any communication made on a device unless its owner uses an extra layer of encryption.

Soghoian said the latest Snowden revelations meant that it was difficult for anyone to trust the security of a mobile phone. “It is very unlikely that this is an issue that is going to be fixed anytime soon,” he said. “There is no reason for people to trust AT&T, Verizon or anyone at this point. Their systems are hopelessly insecure.”

“The real value of this is that it allows bulk surveillance of telecoms without anyone getting caught,” Soghoian said of hacks like the one at Gemalto, which he said would allow the spy agencies to target “whoever they wanted”.

“In countries where the government will not cooperate, that’s very useful,” he said. “It’s also very useful in countries where the government would help. Germany would allow spy on a suspected terrorist but not on [Angela] Merkel.”

This was the second revelation in what Mike Masnick at Techdirt called “This Week In ‘The NSA Knows F**king Everything’“:

Thought that the revelations of NSA/GCHQ spying were dying out? Having some “surveillance fatigue” from all the stories that have been coming out? Have no fear — or, rather, be very very very fearful — because two big new revelations this week show just how far the NSA will go to make sure it collects everything. First up: your hard drives. Earlier this week, Kaspersky Lab revealed that the NSA (likely) has figured out ways to hide its own spyware deep in pretty much any hard drive made by the most popular hard drive manufacturers: Western Digital, Seagate and Toshiba. [..]

As the report notes, it appears that this is a kind of “sleeper” software, that is buried inside tons of hard drives, but only “turned on” when necessary. The report notes that it’s unclear as to how the NSA was getting this software in there, but that it couldn’t do it without knowing the source code of the hard drive firmware — information that is not easily accessible. A few of the hard drive manufacturers have denied working with the government on this and/or giving them access to the firmware. It’s possible they’re lying/misleading — but it’s also possible that the NSA figured out other ways to get that information.

Scahill and Begley quoted President Barack Obama who just a little over a year ago said when he addressed the NSA spying scandal: “The bottom line is that people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security and that we take their privacy concerns into account in our policies and procedures.”

Obama again has lied and Congress has failed to rein in the excesses of the NSA and the CIA.

Cross Posted from The Stars Hollow Gazette

ProPublica calls it the World of Spyraft. Along with articles by the New York Times and The Guardian, they revealed that American and British spy agencies had infiltrated the fantasy world’s of Second Life and World of War Craft:

Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe, according to newly disclosed classified documents.

Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels.

The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players, according to the documents, disclosed by the former National Security Agency contractor Edward J. Snowden. Because militants often rely on features common to video games – fake identities, voice and text chats, a way to conduct financial transactions – American and British intelligence agencies worried that they might be operating there, according to the papers.

The Guardian article reports the spying also included Xbox Live with the agencies having built mass-collection capabilities. An estimated 48 million people use Xbox Live. The documents also discussed the problem of proving terrorists were even using these venues:

One problem the paper’s unnamed author and others in the agency faced in making their case – and avoiding suspicion that their goal was merely to play computer games at work without getting fired – was the difficulty of proving terrorists were even thinking about using games to communicate.

A 2007 invitation to a secret internal briefing noted “terrorists use online games – but perhaps not for their amusement. They are suspected of using them to communicate secretly and to transfer funds.” But the agencies had no evidence to support their suspicions.

The same still seemed to hold true a year later, albeit with a measure of progress: games data that had been found in connection with internet protocol addresses, email addresses and similar information linked to terrorist groups. [..]

However, that information wasn not enough to show terrorists are hiding out as pixels to discuss their next plot. Such data could merely mean someone else in an internet cafe was gaming, or a shared computer had previously been used to play games.

According to Techdirt, the program has not caught or revealed any terrorists, plots or recruitment efforts:

According to the document (from 2008), online games like World of Warcraft and Second Life are potentially “target-rich environments” in which suspected terrorists “hide in plain sight.” (And it’s not just MMOs. Xbox Live has apparently been swept up in the surveillance efforts as well.) Despite this assertion, the documents contain no evidence that any terrorists have been uncovered by agents and analysts. In fact, experts and developers of games like these have found no evidence that terrorists are using their services to communicate or recruit new members.

The lack of any information that terrorists were using the games didn’t stop the agencies from their task. In fact, the number of spooks playing games got so big “that a “deconfliction” group was needed to avoid collisions – the intelligence agencies may have inflated the threat.”

Gamers beware.

Cross posted from The Stars Hollow Gazette

Six months ago today, Glenn Greenwald published his first article about Edward Snowden’s leaks from the National Security Agency in The Guardian newspaper. British police are now examining whether Guardian staff should be investigated for terrorism offenses over their handling of data leaked by Snowden. Jeremy Scahill talks about the “war on journalism” around the world and his work to launch a new media venture with Greenwald, filmmaker Laura Poitras and eBay founder Pierre Omidy

The Guardian and the guardians

UK should be wary of prosecuting newspaper over leaks

For the past six months, western governments have been rocked by the revelations made by Edward Snowden. A former contractor to the US National Security Agency, Mr Snowden leaked vast quantities of secret data on US and British surveillance programmes to the media – in particular, The Guardian newspaper.

The Snowden disclosures have stirred impassioned debates about the nature of state snooping in the 21st century, and the adequacy of political oversight over the intelligence services. However, reactions have differed. While the US government has focused its energies on seeking to extradite Mr Snowden to face justice, in Britain there has been more enthusiasm for turning on the messenger.

This week Alan Rusbridger, The Guardian’s editor, was subjected to hostile questioning in parliament. More seriously, several MPs have been agitating for him to be prosecuted under Britain’s terror laws. The police have confirmed they are looking into the matter. Central to the case constructed by these MPs is the fact that The Guardian passed some of Mr Snowden’s documents to the New York Times to avoid being gagged by the UK courts. Sending secret information out of Britain could be an offence under the 2000 Terrorism Act.

Publication of much of the Snowden material in The Guardian has to date met the public interest test. For instance, news that the NSA has sought to crack the basic encryption used by people operating on the internet is disturbing.

Cross posted from The Stars Hollow Gazette

In a joint report by The Guardian, the New York Times, and ProPublica, courtesy of the documents leaked by Edward Snowden, it was revealed how the NSA and British GCHQ broke encryption to unlock unlock encryption used to protect emails, banking and medical records. The detailed article describes how the program, called “Bulrun,” foils the safeguards of our internet privacy:

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

A cryptographer and research professor at Johns Hopkins University, Michael Green summerizes some of the “bad things” that the NSA and GCHQ have been doing with the joint cost of $250 million per year:

   (1.) Tampering with national standards (NIST is specifically mentioned) to promote weak, or otherwise vulnerable cryptography.

   (2.) Influencing standards committees to weaken protocols.

   (3.) Working with hardware and software vendors to weaken encryption and random number generators.

   (4.) Attacking the encryption used by ‘the next generation of 4G phones‘.

   (5.) Obtaining cleartext access to ‘a major internet peer-to-peer voice and text communications system’ (Skype?)

   (6.) Identifying and cracking vulnerable keys.

   (7.) Establishing a Human Intelligence division to infiltrate the global telecommunications industry.

   (8.) And worst of all (to me): somehow decrypting SSL connections.

Columnist on civil liberties and U.S. national security issues for The Guardian, Glenn Greenwald discussed this latest revelation with Amy Goodman and Juan González of DemocracyNow!.

“It’s what lets you enter your credit card number, check your banking records, buy and sell things online, get your medical tests online, engage in private communications. It’s what protects the sanctity of the Internet.” [..]

“The entire system is now being compromised by the NSA and their British counterpart, the GCHQ,” Greenwald says. “Systematic efforts to ensure that there is no form of human commerce, human electronic communication, that is ever invulnerable to their prying eyes.”

Security technologist and a fellow at the Berkman Center for Internet and Society at Harvard Law School, Bruce Schneiner said, in an article at The Guardian, that the public has been betrayed by the US government and that the NSA has undermined the social contract with the public. He proposes that since it was engineers who built the internet, it is time that they “fix it”.

One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order. If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don’t cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers. [..]

Two, we can design. We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.

We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems – these will be harder for the NSA to subvert.

Prof. Schneiner also offers a guide to staying secure and gives five piece of advice:

1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it’s work for them. The less obvious you are, the safer you are.

2) Encrypt your communications. Use TLS. Use IPsec. Again, while it’s true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you’re much better protected than if you communicate in the clear.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it’s pretty good.

4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It’s prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.

5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it’s harder for the NSA to backdoor TLS than BitLocker, because any vendor’s TLS has to be compatible with every other vendor’s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it’s far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

These are some of the programs he has been using: GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit and Password Safe. He also advises the use of a Linux operating system.