Obama Administration NSA Spying on Americans

[American Patriot]

Government Bureaucrat: "They're onto us, the American Public. Quick, before they shut us down, let's get to work and get something on them!"

2 Hrs Ago / Technology
NSA Is Collecting Millions of Web Images for Facial Recognition Databases

Polly Mosendz

REUTERS/Maxim Shemetov

In a move that should surprise no one, anywhere, ever, the National Security Agency (you know, that government force in charge of spying on people to keep Americans safe) is working to develop facial recognition programs, using the millions images they harvest through regular surveillance.

According to a report in The New York Times, the NSA is working on creating facial recognition software that can process images from digital communications, such as emails, text messages and video conferences that it already intercepts. The project has been in the works for four years.

Unlike the FBI and state governments, the NSA does not have access to driver's license or passport photos. Instead, they are working on pulling images in an alternative way. Documents revealed through Edward Snowden claim that the NSA intercepts millions of images every day from digital communications.

As federal privacy and surveillance laws have protections for facial images, the digital communication images being pulled by the NSA are likely involving those who are overseas. If the NSA wants to collect facial images of Americans, they would need the same court approval as when emails or phone calls are collected. However, if an American is digitally communicating with someone outside of America, this could be an exception to privacy rules.

Vanee M. Vines, NSA spokesperson, issued this statement to the New York Times, "We would not be doing our job if we didn’t seek ways to continuously improve the precision of signals intelligence activities — aiming to counteract the efforts of valid foreign intelligence targets to disguise themselves or conceal plans to harm the United States and its allies." Vines notes that part of why they are seeking this method is because they do not have access to photographs in state databases, driver's license photos or passport photos. She declined to say whether the NSA collected any images from Facebook or other social media platforms.

While some Americans might find the project invasive, we already paint a very clear photo of ourselves online willingly. As Digital Shadow showed us, an entire profile (including many facial images) can be built in seconds by anyone, not just a government agency.

[American Patriot]

It goes further and deeper than anyone every thought.

New leaks show Germany's collusion with NSA

Several new Snowden-leaked documents show how closely Germany's intelligence agencies work with the NSA. But did the German government deliberately soften laws protecting privacy to make life easier for them?

This week German news magazine Der Spiegel published the largest single set of files leaked by whistleblower and former US National Security Agency contractor Edward Snowden. The roughly 50 documents show the depth of the German intelligence agencies' collusion with the NSA.
They suggest that the German Intelligence Agency (BND), the country's foreign spy agency, and the Office for the Protection of the Constitution (BfV), the German domestic spy agency, worked more closely with the NSA than they have admitted - and more than many observers thought.
NSA successes
The documents as published by Der Spiegel offer glimpses, but not a comprehensive view of what is essentially a transatlantic spy alliance. An NSA document from January 2013 shows the spirit of cooperation that existed between the NSA and first the BND and then the BfV, as well as the German Federal Office for Information Security (BSI). The documents also show that the BND has been "eager" for closer ties with the NSA on an analytical and operational level since 1962.
Germany's parliamentary committee wants to question Snowden

Among its "success stories," the documents praise how the German government was able to weaken the public's protection from surveillance. "The German government has changed its interpretation of the G10 law, which protects German citizens' communications, to allow the BND to be more flexible with the sharing of protected information with foreign partners." Germany's G10 law regulates in what circumstances its intelligence agencies are allowed to break Article 10 of the German constitution, which guarantees the privacy of letters and telecommunications.
Malte Spitz, member of the German Green party and spokesman for the Federal Association of Media and Internet policy, is always concerned when the NSA celebrates such "successes" in Europe. "The important question is whether the chancellery helped the agencies to get the permissions that made far-reaching surveillance possible by offering an alternative interpretation of the G10 law," he said.
Secretive list
Another document, entitled "JSA Restrictions," raises further questions. JSA stands for Joint SigInt Activity - in other words, joint technical investigations of the NSA and the BND at a facility in Bad Aibling, Bavaria. Since the BND, as a foreign intelligence agency, is not allowed to spy on German citizens, the document guarantees that domains ending with the German ".de" can't be investigated. Similarly excluded are all domain endings belonging to the so-called "Five Eyes" countries: Australia, New Zealand, Canada, Britain, and the US.
But since many German citizens use email addresses with endings like ".net", ".com" or ".org", the document includes a list of other Internet addresses that can't be kept under surveillance either. This list is surprisingly short - comprising just 50 names - and bizarrely random. Apart from domains that might be expected, like bundeswehr.org, mercedes-benz.com, deutsche-bank and siemens.com, the list also contains addresses that seem completely willful: like feuerwehr-ingolstadt.org, (Ingolstadt fire brigade), orgelbau.com (organ manufacturer), and seniorenheim.com (senior citizens' home).
"It would be funny if it wasn't so serious," says Andre Meister, editor of the Internet rights portal netzpolitik.org. "We don't have a .de domain - netzpolitik.org - but unfortunately we're not on the list either. So we have to assume we're being kept under surveillance." The same is true of German email services like gmx.net.
Spitz is concerned whenever the NSA boasts of success in Germany

Spitz can't make any sense of the list, and he wants answers. Why are some companies on the list and not others? Why are there no email addresses of politicians or journalists on there? Who drew up the list? Was the BND, or even the chancellor's office, involved?
Parliamentary committee
The German parliamentary committee set up to investigate NSA activities in Germany could provide answers to all these questions. It wanted to ask Edward Snowden directly, but he has refused to answer questions in Moscow, where he was granted asylum after the US revoked his passport. The Green party and the socialist Left party want to question him in Berlin, but Chancellor Angela Merkel is unlikely to want to provoke a conflict with the US.
At the start of June, parliamentarians from Germany's governing parties, the Christian Democratic Union and the Social Democratic Party had wanted to organize an informal meeting with Snowden in Moscow in early July. His lawyer said on Friday (20.06.2014), however, that this would be impossible. Now the committee has to decide how much it wants Snowden to testify. The ball is in the court of the government parties.

[American Patriot]

I don't like Greenpeace at all, but this is funny.

Activists Use Blimp to Spy on NSA’s Data Center in Utah

By wkchild on July 2, 2014 • ( 1 )
Source: Activist Post
Diverse Groups Fly Airship Over NSA’s Utah Data Center to Protest Illegal Spying





The environmental campaigning group Greenpeace, digital rights watchdog Electronic Frontier Foundation (EFF) and the Tenth Amendment Center (TAC) joined forces today to fly an airship over the NSA’s data center in Utah to protest the government’s illegal mass surveillance program.


Greenpeace flew its 135-foot-long thermal airship over the Bluffdale, UT, data center early Friday morning, carrying the message: “NSA Illegal Spying Below” along with a link steering people to a new web site, StandAgainstSpying.org, which the three groups launched with the support of a separate, diverse coalition of over 20 grassroots advocacy groups and Internet companies. The site grades members of Congress on what they have done, or often not done, to rein in the NSA.


“Rights rise or fall together,” Greenpeace Senior IT Campaigner Gary Cook said. “Greenpeace has learned firsthand that people cannot protect their right to clean air and water if our civil rights – including the right to free association and the right to be free of unreasonable searches – are stripped away.”


Read More Here: Activist Post

[American Patriot]

[American Patriot]

Snowden Used the Linux Distro Designed For Internet Anonymity

Posted by Soulskill on Tuesday April 15, 2014 @03:42PM
from the NSA-can't-make-heads-or-something-of-it dept.
Hugh Pickens DOT Com writes: "When Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. Now Klint Finley reports that Snowden also used The Amnesic Incognito Live System (Tails) to keep his communications out of the NSA's prying eyes. Tails is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. 'Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally,' writes Finley. 'This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.'

The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. 'The NSA has been pressuring free software projects and developers in various ways,' the group says. But since we don't know who wrote Tails, how do we know it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. 'With Tails,' say the distro developers, 'we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal.'"

[American Patriot]

http://www.concise-courses.com/secur...llance-course/

Concise Courses Security Blog

• Home
• Blog
• Concise Courses, Hacker Hotshots, Latest InfoSec News
• In the wake of the NSA Scandal: FREE Countersurveillance course!

In the wake of the NSA Scandal: FREE Countersurveillance course!

---

By Henry Dalziel | Information Security Blogger | Concise Courses

---

Share on twitter Share on google_plusone_share Share on linkedin Share on facebook Share on reddit Share on stumbleupon ?
By Henry Dalziel

Information Security Blogger



We have an extra special offer for our community: a completely free course Thursday July 11th titled: “NSA Spying Concerns? Learn Counterveillance!”
Graphic created by EFF and licensed under a Creative Commons license.



This course is an hour long, interactive, instructor-led training program that will teach you the basics of counter surveillance, and, how you can use certain tools and techniques to defend yourself and your network against the next generation threat of data theft and data leakage. This course is particularly suited for anyone working in IT, but specifically for information security professionals, Network Administrators, Data Security Analysts, System and Network Security Administrators, Network Security Engineers and Security Professionals.


This course will increase your knowledge of network security and monitoring techniques: which will help you with your career with regards to your security skills. Network security is clearly a priority for every business involved in any online commerce or services – so an understanding of the security dimensions is certainly a positive!
Needless to say that this is a highly topical subject at the moment with the entire NSA/ Edward Snowdon affair. Although many suspected that the US (as well as every other nation) is monitoring our communications at every level; it has now been confirmed via the PRISM project. The NSA mining our phone and social networking data, no matter what the ‘real purpose was’, is something that does irritate us and this course will examine ways to ‘sniff’ if we are being preyed upon and how we can use counter surveillance methods and tools.


There are eight key learning topics that will be explained during the course. They are:
1. An introduction to the NSA and basic spying techniques.
2. Discover methods and techniques to see whether you are being monitored!
3. Learn the basics and fundamentals of Counterveillance/ Counter surveillance
4. Discover why counterveillance has been the most important missing piece of your security posture.
5. Get to know the required tools and techniques to execute a concise countersurveillance strategy.
6. Data Leakage! Learn how to use tools and techniques to reduce data leakage.
7. Learn the best practices of Counterveillance.
8. Learn how you can become an expert within the (in demand) counterveillance field.


Bonuses for attending the course: from our sponsor: SnoopWall.
This free infosec course is sponsored by SnoopWall. They have kindly offered every subscriber to this course a certificate for one free personal usage copy of the Preview Release of SnoopWall for Android. Every student will also receive a list of the best Counterveillance Tools, a worksheet listing the best open and commercial tools for Counterveillance, direct access to the instructor – and – a certificate of achievement for passing the course!




About Your Instructor: Gary S. Miliefsky

Gary presented an excellent Hacker Hotshot web show earlier this year titled: “Bulletproof IT Security” which was excellent; one of our best web shows! Not only is he a great guy but he is highly knowledgeable, a first-class instructor, and without doubt a highly respected information security expert. Gary is the Founder of SnoopWall, the Editor of Cyber Defense Magazine and regular contributor to Hakin9 Magazine. He founded NetClarity, Inc., an internal intrusion defence company, based on a patented technology he invented. To learn more about SnoopWall click here or watch a 2 minute animated second video!



Gary sits on the Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University and he advised the National Infrastructure Advisory Council (NIAC), which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace. Clearly you are in good hands!


Summary
Take advantage! This is a superb (and free!) course, led by an experienced information security professional, sharing his knowledge in a subject which is clearly topical and of significant concern to us all. We have always promoted the concept of specializing within your career; and this is an opportunity to do exact that! Become an expert within the countersurveillance space and we literally guarantee that it will be a positive on your career.


“It’s okay honey, Congress say’s they’re heroes!”

[American Patriot]

Apparently the link is broken(?)

[American Patriot]

In NSA-intercepted data, those not targeted far outnumber the foreigners who are

Files provided by Snowden show extent to which ordinary Web users are caught in the net

• 0
• More

Target package prepared by the National Security Agency prior to the capture of Abu Hamza in January 2011
By Barton Gellman, Julie Tate and Ashkan Soltani July 5 Follow @bartongellman Follow @JulieATate
Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post.
Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else.
Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents.
The surveillance files highlight a policy dilemma that has been aired only abstractly in public. There are discoveries of considerable intelligence value in the intercepted messages — and collateral harm to privacy on a scale that the Obama administration has not been willing to address.
Among the most valuable contents — which The Post will not describe in detail, to avoid interfering with ongoing operations — are fresh revelations about a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into U.S. computer networks.

A breakdown of the cache of NSA-intercepted communications provided to the Washington Post by Edward Snowden
Months of tracking communications across more than 50 alias accounts, the files show, led directly to the 2011 capture in Abbottabad of Muhammad Tahir Shahzad, a Pakistan-based bomb builder, and Umar Patek, a suspect in a 2002 terrorist bombing on the Indonesian island of Bali. At the request of CIA officials, The Post is withholding other examples that officials said would compromise ongoing operations.
Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.
In order to allow time for analysis and outside reporting, neither Snowden nor The Post has disclosed until now that he obtained and shared the content of intercepted communications. The cache Snowden provided came from domestic NSA operations under the broad authority granted by Congress in 2008 with amendments to the Foreign Intelligence Surveillance Act. FISA content is generally stored in closely controlled data repositories, and for more than a year, senior government officials have depicted it as beyond Snowden’s reach.
The Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts.
The material spans President Obama’s first term, from 2009 to 2012, a period of exponential growth for the NSA’s domestic collection.
Taken together, the files offer an unprecedented vantage point on the changes wrought by Section 702 of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had required probable cause and a warrant from a judge. One program, code-named PRISM, extracts content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading Internet companies. Another, known inside the NSA as Upstream, intercepts data on the move as it crosses the U.S. junctions of global voice and data networks.
No government oversight body, including the Justice Department, the Foreign Intelligence Surveillance Court, intelligence committees in Congress or the president’s Privacy and Civil Liberties Oversight Board, has delved into a comparably large sample of what the NSA actually collects — not only from its targets but also from people who may cross a target’s path.

A composite image of two of the more than 5,000 private photos among data collected by the National Security Agency from online accounts and network links in the United States. The images were included in a large cache of NSA intercepts provided by former agency contractor Edward Snowden. (Images obtained by The Washington Post)



Among the latter are medical records sent from one family member to another, résumés from job hunters and academic transcripts of schoolchildren. In one photo, a young girl in religious dress beams at a camera outside a mosque.


Scores of pictures show infants and toddlers in bathtubs, on swings, sprawled on their backs and kissed by their mothers. In some photos, men show off their physiques. In others, women model lingerie, leaning suggestively into a webcam or striking risque poses in shorts and bikini tops.


“None of the hits that were received were relevant,” two Navy cryptologic technicians write in one of many summaries of nonproductive surveillance. “No additional information,” writes a civilian analyst. Another makes fun of a suspected kidnapper, newly arrived in Syria before the current civil war, who begs for employment as a janitor and makes wide-eyed observations about the state of undress displayed by women on local beaches.


By law, the NSA may “target” only foreign nationals located overseas unless it obtains a warrant based on probable cause from a special surveillance court. For collection under PRISM and Upstream rules, analysts must state a reasonable belief that the target has information of value about a foreign government, a terrorist organization or the spread of nonconventional weapons.


Most of the people caught up in those programs are not the targets and would not lawfully qualify as such. “Incidental collection” of third-party communications is inevitable in many forms of surveillance, but in other contexts the U.S. government works harder to limit and discard irrelevant data. In criminal wiretaps, for example, the FBI is supposed to stop listening to a call if a suspect’s wife or child is using the phone.


There are many ways to be swept up incidentally in surveillance aimed at a valid foreign target. Some of those in the Snowden archive were monitored because they interacted directly with a target, but others had more-tenuous links.


If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply “lurked,” reading passively what other people wrote.


“1 target, 38 others on there,” one analyst wrote. She collected data on them all.
In other cases, the NSA designated as its target the Internet protocol, or IP, address of a computer server used by hundreds of people.
The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers. Raj De, the agency’s general counsel, has testified that the NSA does not generally attempt to remove irrelevant personal content, because it is difficult for one analyst to know what might become relevant to another.


The Obama administration declines to discuss the scale of incidental collection. The NSA, backed by Director of National Intelligence James R. Clapper Jr., has asserted that it is unable to make any estimate, even in classified form, of the number of Americans swept in. It is not obvious why the NSA could not offer at least a partial count, given that its analysts routinely pick out “U.S. persons” and mask their identities, in most cases, before distributing intelligence reports.
If Snowden’s sample is representative, the population under scrutiny in the PRISM and Upstream programs is far larger than the government has suggested. In a June 26 “transparency report,” the Office of the Director of National Intelligence disclosed that 89,138 people were targets of last year’s collection under FISA Section 702. At the 9-to-1 ratio of incidental collection in Snowden’s sample, the office’s figure would correspond to nearly 900,000 accounts, targeted or not, under surveillance.
‘He didn’t get this data’


U.S. intelligence officials declined to confirm or deny in general terms the authenticity of the intercepted content provided by Snowden, but they made off-the-record requests to withhold specific details that they said would alert the targets of ongoing surveillance. Some officials, who declined to be quoted by name, described Snowden’s handling of the sensitive files as reckless.


In an interview, Snowden said “primary documents” offered the only path to a concrete debate about the costs and benefits of Section 702 surveillance. He did not favor public release of the full archive, he said, but he did not think a reporter could understand the programs “without being able to review some of that surveillance, both the justified and unjustified.”


“While people may disagree about where to draw the line on publication, I know that you and The Post have enough sense of civic duty to consult with the government to ensure that the reporting on and handling of this material causes no harm,” he said.


In Snowden’s view, the PRISM and Upstream programs have “crossed the line of proportionality.”


“Even if one could conceivably justify the initial, inadvertent interception of baby pictures and love letters of innocent bystanders,” he added, “their continued storage in government databases is both troubling and dangerous. Who knows how that information will be used in the future?”


For close to a year, NSA and other government officials have appeared to deny, in congressional testimony and public statements, that Snowden had any access to the material.


As recently as May, shortly after he retired as NSA director, Gen. Keith Alexander denied that Snowden could have passed FISA content to journalists.
“He didn’t get this data,” Alexander told a New Yorker reporter. “They didn’t touch —”
“The operational data?” the reporter asked.


“They didn’t touch the FISA data,” Alexander replied. He added, “That database, he didn’t have access to.”


Robert S. Litt, the general counsel for the Office of the Director of National Intelligence, said in a prepared statement that Alexander and other officials were speaking only about “raw” intelligence, the term for intercepted content that has not yet been evaluated, stamped with classification markings or minimized to mask U.S. identities.


“We have talked about the very strict controls on raw traffic, the training that people have to have, the technological lockdowns on access,” Litt said. “Nothing that you have given us indicates that Snowden was able to circumvent that in any way.”


In the interview, Snowden said he did not need to circumvent those controls, because his final position as a contractor for Booz Allen at the NSA’s Hawaii operations center gave him “unusually broad, unescorted access to raw SIGINT [signals intelligence] under a special ‘Dual Authorities’ role,” a reference to Section 702 for domestic collection and Executive Order 12333 for collection overseas. Those credentials, he said, allowed him to search stored content — and “task” new collection — without prior approval of his search terms.


“If I had wanted to pull a copy of a judge’s or a senator’s e-mail, all I had to do was enter that selector into XKEYSCORE,” one of the NSA’s main query systems, he said.
The NSA has released an e-mail exchange acknowledging that Snowden took the required training classes for access to those systems.


‘Minimized U.S. president’


At one level, the NSA shows scrupulous care in protecting the privacy of U.S. nationals and, by policy, those of its four closest intelligence allies — Britain, Australia, Canada and New Zealand.


More than 1,000 distinct “minimization” terms appear in the files, attempting to mask the identities of “possible,” “potential” and “probable” U.S. persons, along with the names of U.S. beverage companies, universities, fast-food chains and Web-mail hosts.


Some of them border on the absurd, using titles that could apply to only one man. A “minimized U.S. president-elect” begins to appear in the files in early 2009, and references to the current “minimized U.S. president” appear 1,227 times in the following four years.


Even so, unmasked identities remain in the NSA’s files, and the agency’s policy is to hold on to “incidentally” collected U.S. content, even if it does not appear to contain foreign intelligence.


In one exchange captured in the files, a young American asks a Pakistani friend in late 2009 what he thinks of the war in Afghanistan. The Pakistani replies that it is a religious struggle against 44 enemy states.


Startled, the American says “they, ah, they arent heavily participating . . . its like . . . in a football game, the other team is the enemy, not the other teams waterboy and cheerleaders.”


“No,” the Pakistani shoots back. “The ther teams water boy is also an enemy. it is law of our religion.”


“haha, sorry thats kind of funny,” the American replies.


When NSA and allied analysts really want to target an account, their concern for U.S. privacy diminishes. The rationales they use to judge foreignness sometimes stretch legal rules or well-known technical facts to the breaking point.


In their classified internal communications, colleagues and supervisors often remind the analysts that PRISM and Upstream collection have a “lower threshold for foreignness ‘standard of proof’ ” than a traditional surveillance warrant from a FISA judge, requiring only a “reasonable belief” and not probable cause.


One analyst rests her claim that a target is foreign on the fact that his e-mails are written in a foreign language, a quality shared by tens of millions of Americans. Others are allowed to presume that anyone on the chat “buddy list” of a known foreign national is also foreign.


In many other cases, analysts seek and obtain approval to treat an account as “foreign” if someone connects to it from a computer address that seems to be overseas. “The best foreignness explanations have the selector being accessed via a foreign IP address,” an NSA supervisor instructs an allied analyst in Australia.


Apart from the fact that tens of millions of Americans live and travel overseas, additional millions use simple tools called proxies to redirect their data traffic around the world, for business or pleasure. World Cup fans this month have been using a browser extension called Hola to watch live-streamed games that are unavailable from their own countries. The same trick is routinely used by Americans who want to watch BBC video. The NSA also relies routinely on locations embedded in Yahoo tracking cookies, which are widely regarded by online advertisers as unreliable.


In an ordinary FISA surveillance application, the judge grants a warrant and requires a fresh review of probable cause — and the content of collected surveillance — every 90 days. When renewal fails, NSA and allied analysts sometimes switch to the more lenient standards of PRISM and Upstream.


“These selectors were previously under FISA warrant but the warrants have expired,” one analyst writes, requesting that surveillance resume under the looser standards of Section 702. The request was granted.


‘I don’t like people knowing’


She was 29 and shattered by divorce, converting to Islam in search of comfort and love. He was three years younger, rugged and restless. His parents had fled Kabul and raised him in Australia, but he dreamed of returning to Afghanistan.


One day when she was sick in bed, he brought her tea. Their faith forbade what happened next, and later she recalled it with shame.
“what we did was evil and cursed and may allah swt MOST merciful forgive us for giving in to our nafs [desires]”


Still, a romance grew. They fought. They spoke of marriage. They fought again.


All of this was in the files because, around the same time, he went looking for the Taliban.


He found an e-mail address on its English-language Web site and wrote repeatedly, professing loyalty to the one true faith, offering to “come help my brothers” and join the fight against the unbelievers.


On May 30, 2012, without a word to her, he boarded a plane to begin a journey to Kandahar. He left word that he would not see her again.
If that had been the end of it, there would not be more than 800 pages of anguished correspondence between them in the archives of the NSA and its counterpart, the Australian Signals Directorate.


He had made himself a target. She was the collateral damage, placed under a microscope as she tried to adjust to the loss.


Three weeks after he landed in Kandahar, she found him on Facebook.


“Im putting all my pride aside just to say that i will miss you dearly and your the only person that i really allowed myself to get close to after losing my ex husband, my dad and my brother.. Im glad it was so easy for you to move on and put what we had aside and for me well Im just soo happy i met you. You will always remain in my heart. I know you left for a purpose it hurts like hell sometimes not because Im needy but because i wish i could have been with you.”


His replies were cool, then insulting, and gradually became demanding. He would marry her but there were conditions. She must submit to his will, move in with his parents and wait for him in Australia. She must hand him control of her Facebook account — he did not approve of the photos posted there.


She refused. He insisted:


“look in islam husband doesnt touch girl financial earnigs unless she agrees but as far as privacy goes there is no room….i need to have all ur details everything u do its what im supposed to know that will guide u whether its right or wrong got it”


Later, she came to understand the irony of her reply:


“I don’t like people knowing my private life.”


Months of negotiations followed, with each of them declaring an end to the romance a dozen times or more. He claimed he had found someone else and planned to marry that day, then admitted it was a lie. She responded:


“No more games. You come home. You won’t last with an afghan girl.”


She begged him to give up his dangerous path. Finally, in September, she broke off contact for good, informing him that she was engaged to another man.
“When you come back they will send you to jail,” she warned.


They almost did.


In interviews with The Post, conducted by telephone and Facebook, she said he flew home to Australia last summer, after failing to find members of the Taliban who would take him seriously. Australian National Police met him at the airport and questioned him in custody. They questioned her, too, politely, in her home. They showed her transcripts of their failed romance. When a Post reporter called, she already knew what the two governments had collected about her.


Eventually, she said, Australian authorities decided not to charge her failed suitor with a crime. Police spokeswoman Emilie Lovatt declined to comment on the case.
Looking back, the young woman said she understands why her intimate correspondence was recorded and parsed by men and women she did not know.


“Do I feel violated?” she asked. “Yes. I’m not against the fact that my privacy was violated in this instance, because he was stupid. He wasn’t thinking straight. I don’t agree with what he was doing.”


What she does not understand, she said, is why after all this time, with the case long closed and her own job with the Australian government secure, the NSA does not discard what it no longer needs.



Jennifer Jenkins and Carol D. Leonnig contributed to this report.

[American Patriot]

The US is about to crash and burn folks.

Obama thinks Snowden is about to release something else.

This is how BADLY he wants Snowden back.


US ‘kidnaps’ Russian MP’s son to ‘exchange him for Snowden’

[Malsua]

Yeah, well if the kid was stealing credit cards, something Russians seem to have a penchant for, it may be they arrested him for good cause.

[American Patriot]

I dont care why they said they did it. lol

Nothing is what it seems anymore

[American Patriot]

As end of Russia visa approaches, Edward Snowden seeks extension

Edward Snowden, the former NSA analyst who leaked a trove of files on the agency's intelligence programs, in June 2013. (The Guardian)

Carol J. Williams contact the reporter
RussiaPersonal Data CollectionMoscow (Russia)National SecurityEdward SnowdenU.S. Secret ServiceNational Security Agency

Fugitive whistleblower Edward Snowden applies to extend asylum permission in Russia
Despite hints he would like to leave Russia, NSA leaker Edward Snowden asks to extend asylum

Fugitive national security contractor Edward Snowden has filed the paperwork to extend his refuge in Russia as the July 31 expiration of his asylum grant approaches, his lawyer told Russian media on Wednesday.
Snowden has indicated in interviews during his yearlong stay in Russia that he would like to move on elsewhere or even come home to the United States if he could be assured of getting a fair trial on the espionage charges the U.S. Justice Department has filed against him.
------------
FOR THE RECORD

Bloomberg's Peter Cook reflects on the year that has passed since Edward Snowden spoke out about NSA surveillance tactics and the impact it has had on U.S. surveillance programs.

An earlier version of this post misspelled Pentagon papers leaker Daniel Ellsberg's last name as Ellsburg.
------------
But with little indication from Washington that any deal to repatriate him is in the offing, the 31-year-old fired by the National Security Agency last year after leaking reams of classified information has apparently hedged his bets and gotten a jump on the bureaucratic process of extending his Russian visa.
"We have filed documents to extend his stay on the territory of Russia," attorney Anatoly Kucherena told the Interfax news agency.

lRelated

Europe

Son of Russian lawmaker nabbed in Maldives on U.S. fraud charges

See all related
8

Snowden was granted temporary asylum on Aug. 1 last year after being marooned for more than a month in the transit zone of Moscow's Sheremetyevo International Airport. He had arrived without a visa for Russia en route to a self-imposed exile in Cuba but was unable to travel on because his U.S. passport had been revoked.
Felony charges were filed against the NSA contractor after he revealed classified program files that showed massive surveillance of private citizens' emails, phone calls and texts in pursuit of terrorists' communications.

Related story: Leaked NSA document allegedly shows spying on American Muslim leaders Brian Bennett

Snowden has said he violated his security clearance conditions to draw attention to the domestic snooping he believes is in violation of U.S. law. The practices he exposed through collaboration with a journalist for the British newspaper The Guardian included clandestine surveillance of millions of foreign citizens' communications as well as Americans'. He took the stolen data files first to Hong Kong and then to Russia in his thwarted bid to escape to Latin America, raising concerns that Beijing and Moscow now have access to national security secrets.

cComments

• A Visa extension is highly unlikely, the Russians bilked him for all he was worth a long time ago. Snow Job is old news, his most recent leak was the FBI spying on U.S. Muslims "Yawn". He has nothing else to offer anyone and will be thrown to the wolves. But wait, the Wolves don't want him...
  Fareed Ansari
  at 11:59 AM July 09, 2014

Add a comment See all comments
8

Snowden's revelations damaged U.S. relations with an array of foreign governments and sparked national debate on whether the pursuit of terror suspects has led to excessive intrusion into the personal lives of millions of people around the world. His grant of asylum in Russia has also added to the volume of irritations between Washington and Moscow, which are already divided over the war in Syria, human rights and more recently Russian aggression against Ukraine.

Related story: Germany summons U.S. envoy over spy case The Associated Press

In a May interview with NBC's Brian Williams, Snowden said he missed the United States but worried that he would have little chance of getting a fair trial if he returned to face the three felony charges that have been filed against him, each carrying a 10-year prison term on conviction. He compared his situation with that of Pentagon Papers leaker Daniel Ellsberg, a former military analyst who secretly photocopied and distributed the 7,000-page study that revealed the U.S. government had knowledge that the Vietnam War couldn't be won.
But U.S. Secretary of State John F. Kerry retorted after the NBC interview that Snowden, unlike Ellsberg, has refused to take responsibility for his willful disclosure of U.S. intelligence.
"If this man is a patriot, he should stay in the United States and make his case,” Kerry said. "Edward Snowden is a coward, he is a traitor, and he has betrayed his country. And if he wants to come home tomorrow to face the music, he can do so."
Snowden's situation came into the news on Tuesday when it was disclosed that U.S. Secret Service agents had arrested a Russian computer hacker in the Maldives and transferred him to the U.S. territory of Guam, nearly 5,000 miles away, to face charges associated with the theft of retailers' computer databases containing 600,000 consumers' credit card information. Roman Seleznev, 30, was described by the Secret Service as "one of the world's most prolific traffickers of stolen financial information."
The suspect's father, Russian lawmaker Valery Seleznev, told Russian media he suspected his son had been arrested on bogus charges to give the U.S. government someone to offer in trade for the extradition of Snowden.
Follow @cjwilliamslat for the latest international news 24/7

[Phil Fiord]

Tails now archived, just in case. That is all.

[American Patriot]

FISA Court Judges Keep Buying Verizon Stock; Wonder What They Know…

By kchild2013 on July 29, 2014 • ( )
Source: TechDirt, by Mike Masnick, Jul 29th 2014
from the foia-ftw dept
Lee Fang, over at Vice, has quite a revelation based on some FOIA requests. It seems that the various judges on the FISA Court who keep approving the NSA’s requests for bulk data from the telcos… also seem to keep buying Verizon stock.

On May 28 last year, Judge James Zagel, a FISA Court member since 2008, purchased stock in Verizon. In June of this year, Zagel signed off on a government request to the FISA Court to renew the ongoing metadata collection program.
He’s not the only one. We filed a request to the courts for the personal finance statements for all of the FISA Court judges. About a month ago, federal judges began turning in their disclosures, which cover the calendar year of 2013. The disclosures show that FISA Court Judge Susan Wright purchased Verizon stock valued at $15,000 or less on October 22. FISA Court Judge Dennis Saylor has owned Verizon stock, and last year collected a dividend of less than $1,000. The precise amount and value of each investment is unclear—like many government ethics disclosures, including those for federal lawmakers, investments amounts are revealed within certain ranges of value.

While this may not be a true sign of corruption, it at least raises some basic ethics questions. As Fang notes, ethics rules say that judges need to recuse themselves from cases where they have a financial stake in the outcome.

Continue reading…
Share this:

[vector7]

Congress Quietly Passes Bill Allowing Feds Unlimited Access to Your Private Communications

By Shawn M. Griffiths



Dec 11, 2014

By Shawn M. Griffiths

On Wednesday, December 10, Congress passed a bill called the “Intelligence Authorization Act for 2015.” Not very many people have heard of this bill, much less its passage since the media’s main focus is on the CIA torture report. However, the Act contains language that U.S. Representative Justin Amash (R-Mich) calls “the most egregious sections of law” he has encountered during his time in Congress.

“It grants the executive branch virtually unlimited access to the communications of every American,” Amash explains.

H.R. 4681, the “Intelligence Authorization Act for 2015,” was introduced in May and authorizes appropriations for the government’s intelligence agencies and intelligence-related activities for FY 2014-2015. This includes the activities of all federal intelligence, defense, law enforcement, and security agencies and departments. The bill initially passed the House 345-59.


On Tuesday, the Senate passed the bill by voice-vote on the same day the CIA torture report summary from the Senate Intelligence Committee released. A voice-vote essentially means the bill was declared “passed” without the vote being recorded and not very many lawmakers needed to be present for its passage.


However, Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) added an amendment to the bill that created a new Section 309, requiring it to go back to the House for approval.

Initially, Section 309 required “the heads of the DNI, CIA, DIA, NSA, NRO, and NGA to ensure that there is a full financial audit of their respective entities each year and that each audit contains an unqualified opinion of the entity’s financial statements.” It required “the chief financial officer of each entity to provide an annual audit report to Congress.”

The new Section 309, according to Amash, “authorizes ‘the acquisition, retention, and dissemination’ of nonpublic communications, including those to and from U.S. persons. The section contemplates that those private communications of Americans, obtained without a court order, may be transferred to domestic law enforcement for criminal investigations.”

“To be clear, Sec. 309 provides the first statutory authority for the acquisition, retention, and dissemination of U.S. persons’ private communications obtained without legal process such as a court order or a subpoena. The administration currently may conduct such surveillance under a claim of executive authority, such as E.O. 12333. However, Congress never has approved of using executive authority in that way to capture and use Americans’ private telephone records, electronic communications, or cloud data.” – Rep. Justin Amash, letter to fellow members of Congress

On the same day Feinstein decried the actions of the CIA (infringing on the civil liberties of others by using torture) on the Senate floor, she stealthy added an amendment to an appropriations bill that gives the executive branch and law enforcement agencies virtually unlimited access to the private communications of persons (citizens or non-citizens) in the United States without approval from a judge.

The bill was then rushed to the House floor on Wednesday for a voice-vote without much debate. While Amash went before the House to demand a roll call vote, there was not enough time to stop the bill. It passed 325-100, with 9 lawmakers not voting. Forty-fiveRepublicans and 55 Democrats voted “Nay.”

Here is a list of the 100 lawmakers who voted “Nay.” Was yours one of them?

Amash (R-Mich.)
Bass (D-Calif.)
Bentivolio (R-Mich.)
Blumenauer (D-Ore.)
Bonamici (D-Ore.)
Brat (R-Va.)
Bridenstine (R-Okla)
Brooks (R-Ala.)
Broun (R-Ga.)
Burgess (R-Texas)
Chu (D-Calif.)
Clark (D-Mass.)
Clarke (D-N.Y.)
Clawson (R-Fla.)
Cohen (D-Tenn.)
Conyers (D-Mich.)
Cummings (D-Md.)
DeFazio (D-Ore.)
DelBene (D-Wash.)
DesJarlais (R-Tenn.)
Doggett (D-Texas)
Doyle (D-Penn.)
Duncan (R-S.C.)
Duncan (R-Tenn.)
Eshoo (D-Calif.)
Farr (D-Calif.)
Garamendi (D-Calif.)
Garcia (D-Fla.)
Garrett (R-N.J.)
Gibson (R-N.Y.)
Gohmert (R-Texas)
Gosar (R-Ariz.)
Gowdy (R-S.C.)
Graves (R-Ga.)
Grayson (D-Fla.)
Griffith (R-Va.)
Grijalva (D-Ariz.)
Gutiérrez (D-Ill.)
Hahn (D-Calif.)
Hanabusa (D-Hawaii)
Hastings (D-Fla)
Heck (D-Wash.)
Holt (D-N.J.)
Honda (D-Calif.)
Huelskamp (R-Kan.)
Huffman (D-Calif.)
Jackson Lee (D-Texas)
Jones (R-N.C.)
Jordan (R-Ohio)
Kaptur (D-Ohio)
Kildee (D-Mich)
Kingston (R-Ga.)
Labrador (R-Idaho)
Lee (D-Calif.)
Lewis (D-Ga.)
Lofgren (D-Calif.)
Lowenthal (D-Calif.)
Lummis (R-Wyo.)
Massie (R-Ky.)
Matsui (D-Calif.)
McClintock (R-Calif.)
McCollum (D-Minn.)
McDermott (D-Wash.)
McGovern (D-Mass.)
Meadows (R-N.C.)
Mica (R-Fla.)
Moore (D-Wis.)
Mulvaney (R-S.C).
Nadler (D-N.Y.)
Nugent (R-Fla.)
O’Rourke (D-Texas)
Pallone (D-N.J.)
Perry (R-Penn.)
Pocan (D-Wis.)
Poe (R-Texas)
Polis (D-Colo.)
Posey (R-Fla.)
Rangel (D-N.Y.)
Ribble (R-Wis.)
Roe (R-Tenn.)
Rohrabacher (R-Calif.)
Salmon (R-Ariz.)
Sanford (R-S.C.)
Schakowsky (D-Ill.)
Scott, Austin (R-Ga.)
Sensenbrenner (R-Wis.)
Serrano (D-N.Y.)
Speier (D-Calif.)
Stockman (R-Texas)
Swalwell (D-Calif.)
Takano (D-Calif.)
Tierney (D-Mass.)
Tipton (R-Colo.)
Velázquez (D-N.Y.)
Waters (D-Calif.)
Weber (R-Texas)
Welch (D-Vt.)
Woodall (R-Ga.)
Yarmuth (D-Ky.)
Yoho (R-Fla.)

Note: It is not fully clear how many of these lawmakers voted against the bill because of the new Section 309.

[Phil Fiord]

Lame duck congress. really. It seems its a last hoorah for those going out.

[vector7]

The Digital Arms Race: NSA Preps America for Future Battle

By Jacob Appelbaum, Aaron Gibson, Claudio Guarnieri, Andy Müller-Maguhn, Laura Poitras, Marcel Rosenbach, Leif Ryge, Hilmar Schmundt and Michael Sontheimer

The NSA's mass surveillance is just the beginning. Documents from Edward Snowden show that the intelligence agency is arming America for future digital wars -- a struggle for control of the Internet that is already well underway.

Normally, internship applicants need to have polished resumes, with volunteer work on social projects considered a plus. But at Politerain, the job posting calls for candidates with significantly different skill sets. We are, the ad says, "looking for interns who want to break things."

Politerain is not a project associated with a conventional company. It is run by a US government intelligence organization, the National Security Agency (NSA). More precisely, it's operated by the NSA's digital snipers with Tailored Access Operations (TAO), the department responsible for breaking into computers.

Potential interns are also told that research into third party computers might include plans to "remotely degrade or destroy opponent computers, routers, servers and network enabled devices by attacking the hardware." Using a program called Passionatepolka, for example, they may be asked to "remotely brick network cards." With programs like Berserkr they would implant "persistent backdoors" and "parasitic drivers". Using another piece of software called Barnfire, they would "erase the BIOS on a brand of servers that act as a backbone to many rival governments."

An intern's tasks might also include remotely destroying the functionality of hard drives. Ultimately, the goal of the internship program was "developing an attacker's mindset."

The internship listing is eight years old, but the attacker's mindset has since become a kind of doctrine for the NSA's data spies. And the intelligence service isn't just trying to achieve mass surveillance of Internet communication, either. The digital spies of the Five Eyes alliance -- comprised of the United States, Britain, Canada, Australia and New Zealand -- want more.

The Birth of D Weapons

According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.

During the 20th century, scientists developed so-called ABC weapons -- atomic, biological and chemical. It took decades before their deployment could be regulated and, at least partly, outlawed. New digital weapons have now been developed for the war on the Internet. But there are almost no international conventions or supervisory authorities for these D weapons, and the only law that applies is the survival of the fittest.

Canadian media theorist Marshall McLuhan foresaw these developments decades ago. In 1970, he wrote, "World War III is a guerrilla information war with no division between military and civilian participation." That's precisely the reality that spies are preparing for today.

The US Army, Navy, Marines and Air Force have already established their own cyber forces, but it is the NSA, also officially a military agency, that is taking the lead. It's no coincidence that the director of the NSA also serves as the head of the US Cyber Command. The country's leading data spy, Admiral Michael Rogers, is also its chief cyber warrior and his close to 40,000 employees are responsible for both digital spying and destructive network attacks.

Surveillance only 'Phase 0'

From a military perspective, surveillance of the Internet is merely "Phase 0" in the US digital war strategy. Internal NSA documents indicate that it is the prerequisite for everything that follows. They show that the aim of the surveillance is to detect vulnerabilities in enemy systems. Once "stealthy implants" have been placed to infiltrate enemy systems, thus allowing "permanent accesses," then Phase Three has been achieved -- a phase headed by the word "dominate" in the documents. This enables them to "control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0)." Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation. The internal documents state that the ultimate goal is "real time controlled escalation".

One NSA presentation proclaims that "the next major conflict will start in cyberspace." To that end, the US government is currently undertaking a massive effort to digitally arm itself for network warfare. For the 2013 secret intelligence budget, the NSA projected it would need around $1 billion in order to increase the strength of its computer network attack operations. The budget included an increase of some $32 million for "unconventional solutions" alone.

In recent years, malware has emerged that experts have attributed to the NSA and its Five Eyes alliance based on a number of indicators. They include programs like Stuxnet, used to attack the Iranian nuclear program. Or Regin, a powerful spyware trojan that created a furor in Germany after it infected the USB stick of a high-ranking staffer to Chancellor Angela Merkel. Agents also used Regin in attacks against the European Commission, the EU's executive, and Belgian telecoms company Belgacom in 2011.

Given that spies can routinely break through just about any security software, virtually all Internet users are at risk of a data attack.

The new documents shed some new light on other revelations as well. Although an attack called Quantuminsert has been widely reported by SPIEGEL and others, documentation shows that in reality it has a low success rate and it has likely been replaced by more reliable attacks such as Quantumdirk, which injects malicious content into chat services provided by websites such as Facebook and Yahoo. And computers infected with Straitbizarre can be turned into disposable and non-attributable "shooter" nodes. These nodes can then receive messages from the NSA's Quantum network, which is used for "command and control for very large scale active exploitation and attack." The secret agents were also able to breach mobile phones by exploiting a vulnerability in the Safari browser in order to obtain sensitive data and remotely implant malicious code.

In this guerilla war over data, little differentiation is made between soldiers and civilians, the Snowden documents show. Any Internet user could suffer damage to his or her data or computer. It also has the potential to create perils in the offline world as well. If, for example, a D weapon like Barnfire were to destroy or "brick" the control center of a hospital as a result of a programming error, people who don't even own a mobile phone could be affected.

Intelligence agencies have adopted "plausible deniability" as their guiding principle for Internet operations. To ensure their ability to do so, they seek to make it impossible to trace the author of the attack.

It's a stunning approach with which the digital spies deliberately undermine the very foundations of the rule of law around the globe. This approach threatens to transform the Internet into a lawless zone in which superpowers and their secret services operate according to their own whims with very few ways to hold them accountable for their actions.

Attribution is difficult and requires considerable forensic effort. But in the new documents there are at least a few pointers. Querty, for example, is a keylogger that was part of the Snowden archive. It's a piece of software designed to surreptitiously intercept all keyboard keys pressed by the victim and record them for later inspection. It is an ordinary, indeed rather dated, keylogger. Similar software can already be found in numerous applications, so it doesn't seem to pose any acute danger -- but the sourcecode contained in it does reveal some interesting details. They suggest that this keylogger might be part of the large arsenal of modules that that belong to the Warriorpride program, a kind of universal Esperanto software used by all the Five Eyes partner agencies that at times was even able to break into iPhones, among other capabilities. The documents published by SPIEGEL include sample code from the keylogger to foster further research and enable the creation of appropriate defenses.

'Just a Bunch of Hackers'

The men and women working for the Remote Operations Center (ROC), which uses the codename S321, at the agency's headquarters in Fort Meade, Maryland, work on one of the NSA's most crucial teams, the unit responsible for covert operations. S321 employees are located on the third floor of one of the main buildings on the NSA's campus. In one report from the Snowden archive, an NSA man reminisces about how, when they got started, the ROC people were "just a bunch of hackers." Initially, people worked "in a more ad hoc manner," the report states. Nowadays, however, procedures are "more systematic". Even before NSA management massively expanded the ROC group during the summer of 2005, the department's motto was, "Your data is our data, your equipment is our equipment."

The agents sit in front of their monitors, working in shifts around the clock. Just how close the NSA has already gotten to its aim of "global network dominance" is illustrated particularly well by the work of department S31177, codenamed Transgression.

The department's task is to trace foreign cyber attacks, observe and analyze them and, in the best case scenario, to siphon off the insights of competing intelligence agencies. This form of "Cyber Counter Intelligence" counts among the most delicate forms of modern spying.

Other Spies

In addition to providing a view of the US's own ability to conduct digital attacks, Snowden's archive also reveals the capabilities of other countries. The Transgression team has access to years of preliminary field work and experience at its disposal, including databases in which malware and network attacks from other countries are cataloged.

The Snowden documents show that the NSA and its Five Eyes partners have put numerous network attacks waged by other countries to their own use in recent years. One 2009 document states that the department's remit is to "discover, understand (and) evaluate" foreign attacks. Another document reads: "Steal their tools, tradecraft, targets and take."

In 2009, an NSA unit took notice of a data breach affecting workers at the US Department of Defense. The department traced an IP address in Asia that functioned as the command center for the attack. By the end of their detective work, the Americans succeeded not only in tracing the attack's point of origin to China, but also in tapping intelligence information from other Chinese attacks -- including data that had been stolen from the United Nations. Afterwards, NSA workers in Fort Meade continued to read over their shoulders as the Chinese secretly collected further internal UN data. "NSA is able to tap into Chinese SIGINT collection," a report on the success in 2011 stated. SIGINT is short for signals intelligence.

The practice of letting other intelligence services do the dirty work and then tapping their results is so successful that the NSA even has a name for it: "Fourth Party Collection." And all countries that aren't part of the Five Eye alliance are considered potential targets for use of this "non-traditional" technique -- even Germany.

'Difficult To Track, Difficult To Target'

The Snowden documents show that, thanks to fourth party collection, the NSA succeeded in detecting numerous incidents of data spying over the past 10 years, with many attacks originating from China and Russia. It also enabled the Tailored Access Operations (TAO) to track down the IP address of the control server used by China and, from there, to detect the people responsible inside the Peoples' Liberation Army. It wasn't easy, the NSA spies noted. The Chinese had apparently used changing IP addresses, making them "difficult to track; difficult to target." In the end, though, the document states, they succeeded in exploiting a central router.

The document suggests that things got more challenging when the NSA sought to turn the tables and go after the attacker. Only after extensive "wading through uninteresting data" did they finally succeed in infiltrating the computer of a high-ranking Chinese military official and accessing information regarding targets in the US government and in other governments around the world. They also were able to access sourcecode for Chinese malware.

But there have also been successful Chinese operations. The Snowden documents include an internal NSA assessment from a few years ago of the damage caused. The report indicates that the US Defense Department alone registered more than 30,000 known incidents; more than 1,600 computers connected to its network had been hacked. Surprisingly high costs are listed for damage assessment and network repair: more than $100 million.

Among the data on "sensitive military technologies" hit in the attack were air refueling schedules, the military logistics planning system, missile navigation systems belonging to the Navy, information about nuclear submarines, missile defense and other top secret defense projects.

The desire to know everything isn't, of course, an affliction only suffered by the Chinese, Americans, Russians and British. Years ago, US agents discovered a hacking operation originating in Iran in a monitoring operation that was codenamed Voyeur. A different wave of attacks, known as Snowglobe, appears to have originated in France.

Transforming Defenses into Attacks

The search for foreign cyber attacks has long since been largely automated by the NSA and its Five Eyes partners. The Tutelage system can identify incursions and ensure that they do not reach their targets.

The examples given in the Snowden documents are not limited to attacks originating in China. The relatively primitive Low Orbit Ion Cannon (LOIC) is also mentioned. The name refers to malware used by the protest movement Anonymous to disable target websites. In that instance, one document notes, Tutelage was able to recognize and block the IP addresses being used to conduct the denial of service attack.

The NSA is also able to transform its defenses into an attack of its own. The method is described as "reverse engineer, repurpose software" and involves botnets, sometimes comprising millions of computers belonging to normal users onto which software has been covertly installed. They can thus be controlled remotely as part of a "zombie army" to paralyze companies or to extort them. If the infected hosts appear to be within the United States, the relevant information will be forwarded to the FBI Office of Victim Assistance. However, a host infected with an exploitable bot could be hijacked through a Quantumbot attack and redirected to the NSA. This program is identified in NSA documents as Defiantwarrior and it is said to provide advantages such as "pervasive network analysis vantage points" and "throw-away non-attributable CNA (eds: computer network attack) nodes". This system leaves people's computers vulnerable and covertly uses them for network operations that might be traced back to an innocent victim. Instead of providing protection to private Internet users, Quantumbot uses them as human shields in order to disguise its own attacks.

NSA specialists at the Remote Operations Center (ROC) have an entire palette of digital skeleton keys and crowbars enabling access to even the best protected computer networks. They give their tools aggressive-sounding names, as though they were operating an app-store for cyber criminals: The implant tool "Hammerchant" allows the recording of Internet-based phone calls (VoIP). Foxacid allows agents to continually add functions to small malware programs even after they have been installed in target computers. The project's logo is a fox that screams as it is dissolved in acid. The NSA has declined to comment on operational details but insists that it has not violated the law.

But as well developed as the weapons of digital war may be, there is a paradox lurking when it comes to breaking into and spying on third party networks: How can intelligence services be sure that they won't become victims of their own methods and be infiltrated by private hackers, criminals or other intelligence services, for example?

To control their malware, the Remote Operation Center operatives remain connected to them via their own shadow network, through which highly sensitive telephone recordings, malware programs and passwords travel.

The incentive to break into this network is enormous. Any collection of VPN keys, passwords and backdoors is obviously of very high value. Those who possess such passwords and keys could theoretically pillage bank accounts, thwart military deployments, clone fighter jets and shut down power plants. It means nothing less than "global network dominance".

But the intelligence world is a schizophrenic one. The NSA's job is to defend the Internet while at the same time exploiting its security holes. It is both cop and robber, consistent with the motto adhered to by spies everywhere: "Reveal their secrets, protect our own."

As a result, some hacked servers are like a bus during rush hour, with people constantly coming and going. The difference, though, is that the server's owner has no idea anyone is there. And the presumed authorities stand aside and do nothing.

'Unwitting Data Mules'

It's absurd: As they are busy spying, the spies are spied on by other spies. In response, they routinely seek to cover their tracks or to lay fake ones instead. In technical terms, the ROC lays false tracks as follows: After third-party computers are infiltrated, the process of exfiltration can begin -- the act of exporting the data that has been gleaned. But the loot isn't delivered directly to ROC's IP address. Rather, it is routed to a so-called Scapegoat Target. That means that stolen information could end up on someone else's servers, making it look as though they were the perpetrators.

Before the data ends up at the Scapegoat Target, of course, the NSA intercepts and copies it using its mass surveillance infrastructure and sends it on to the ROC. But such cover-up tactics increase the risk of a controlled or uncontrolled escalation between the agencies involved.

It's not just computers, of course, that can be systematically broken into, spied on or misused as part of a botnet. Mobile phones can also be used to steal information from the owner's employer. The unwitting victim, whose phone has been infected with a spy program, smuggles the information out of the office. The information is then retrieved remotely as the victim heads home after work. Digital spies have even adopted drug-dealer slang in referring to these unsuspecting accomplices. They are called "unwitting data mules."

NSA agents aren't concerned about being caught. That's partly because they work for such a powerful agency, but also because they don't leave behind any evidence that would hold up in court. And if there is no evidence of wrongdoing, there can be no legal penalty, no parliamentary control of intelligence agencies and no international agreement. Thus far, very little is known about the risks and side-effects inherent in these new D weapons and there is almost no government regulation.

Edward Snowden has revealed how intelligence agencies around the world, led by the NSA, are doing their best to ensure a legal vacuum in the Internet. In a recent interview with the US public broadcaster PBS, the whistleblower voiced his concerns that "defense is becoming less of a priority than offense."

Snowden finds that concerning. "What we need to do," he said, "is we need to create new international standards of behavior."


http://www.spiegel.de/international/...1013409-2.html

Other articles referenced in the piece that you might want to peruse are the following:


NSA Docs on Network Attacks and Exploitation

• Excerpt from the secret NSA budget on computer network operations / Code word GENIE
• Document about the expansion of the Remote Operations Center (ROC) on endpoint operations
• Document explaining the role of the Remote Operations Center (ROC)
• Interview with an employee of NSA's department for Tailored Access Operations about his field of work
• Supply-chain interdiction / Stealthy techniques can crack some of SIGINT's hardest targets
• Classification guide for computer network exploitation (CNE)
• NSA training course material on computer network operations
• Overview of methods for NSA integrated cyber operations
• NSA project description to recognize and process data that comes from third party attacks on computers
• Exploring and exploiting leaky mobile apps with BADASS
• Overview of projects of the TAO/ATO department such as the remote destruction of network cards
• iPhone target analysis and exploitation with Apple's unique device identifiers (UDID)
• Report of an NSA Employee about a Backdoor in the OpenSSH Daemon
• NSA document on QUANTUMSHOOTER, an implant to remote-control computers with good network connections from unknown third parties

NSA Docs on Malware and Implants

• CSEC document about the recognition of trojans and other "network based anomaly"
• The formalized process through which analysts choose their data requirement and then get to know the tools that can do the job
• QUANTUMTHEORY is a set of technologies allowing man-on-the-side interference attacks on TCP/IP connections (includes STRAIGHTBIZARRE and DAREDEVIL)
• Sample code of a malware program from the Five Eyes alliance

NSA Docs on Exfiltration

• Explanation of the APEX method of combining passive with active methods to exfiltrate data from networks attacked
• Explanation of APEX shaping to put exfiltrating network traffic into patterns that allow plausible deniability
• Presentation on the FASHIONCLEFT protocol that the NSA uses to exfiltrate data from trojans and implants to the NSA
• Methods to exfiltrate data even from devices which are supposed to be offline
• Document detailing SPINALTAP, an NSA project to combine data from active operations and passive signals intelligence
• Technical description of the FASHIONCLEFT protocol the NSA uses to exfiltrate data from Trojans and implants to the NSA

NSA Docs on Fourth Party Access

• Description of an NSA employee on fifth party access / When the targeted fourth party has someone under surveillance who puts others under surveillance
• 4th party collection / Taking advantage of non-partner computer network exploitation activity
• Combination of offensive and defensive missions / How fourth-party missions are being performed
• Overview of the TRANSGRESSION program to analyze and exploit foreign CNA/CNE exploits
• NSA example SNOWGLOBE, in which a suspected French government trojan is analyzed to find out if it can be helpful for own interests
• NSA fourth party access / "I drink your milkshake"
• NSA Program TUTELAGE to instrumentalize third party attack tools
• Codename BYZANTINE HADES / NSA research on the targets of Chinese network exploitation tools, the targets and actors
• CSEC document on the handling of existing trojans when trojanizing computers
• Analysis of Chinese methods and performed actions in the context of computer network exploitation

NSA Docs on Botnet Takeovers

• Overview on the NSA use of bots and the DEFIANTWARRIOR program
• HIDDENSALAMANDER / Program for the recognition of botnet activity and options for takeover of clients and data

[vector7]

Now We Know The Plan: More Surveillance and a Patriot Act For Europe

Mac Slavo January 15th, 2015

The irony is almost worse than 9/11.

Then, President Bush responded by stating, with bravado, that they attacked us because they hate our freedoms.
This time, the attack against the publication of satirical Mohammed cartoon, was not only an act of terrorism, but an attack on the spirit of free speech.

And the government response this time? After staging a photo op of world leaders, various heads of state have proposed new waves of surveillance and repressive attempts to ban encryption and violate the freedom of speech in communication devices through new spy policies and laws.

On Sunday, as more than 3 million people flooded the streets of Paris in support of the free speech principles that Charlie Hebdo embodied, a group of 12 European ministers issued a joint statement calling for internet service providers to more swiftly report and remove online material “that aims to incite hatred and terror.”

Establishing a framework to enhance police work and intelligence sharing concerning the actions of alleged terrorists and extremists, the joint statement from 12 European ministers and U.S. Attorney General Eric Holder declares the intent to: “counter violent extremism” and “fight against radicalization, notably on the Internet,” in part through the “swift reporting [and removal] of material that aims to incite hatred and terror.” Meanwhile, it aims to beef European border control, “step up the detection and screening of travel movements” and enhance law enforcement, particularly in “working to reduce the supply of illegal firearms throughout Europe.”

Although the statement takes a vow of respect and “scrupulous observance of fundamental freedoms, a forum for free expression, in full respect of the law,” it doesn’t hold much water with the focus on new surveillance and police powers to chill free speech in the name of fighting radicalization. It seems the terrorists have once again won before the fight has even begun.

The irony should be perfectly palpable, but instead leaders in Europe and the U.S. seem oblivious to the fact that they are, pound for pound, violating many more rights than the terrorists ever could… yet they are not exactly stopping and catching terrorist either. (As a side note, in case the Europeans don’t know, Eric Holder is a pretty poor partner in the effort to reduce the supply of illegal firearms, since he was caught deliberately arming Mexican drug cartels in the Fast and Furious scandal).

The spirit of freedom is hardly embodied by the leaders of the so-called “free world.”

As Ron Paul noted:

“The mainstream media immediately decided that the shooting was an attack on free speech. Many in the US preferred this version of “they hate us because we are free,” which is the claim that President Bush made after 9/11. They expressed solidarity with the French and vowed to fight for free speech. But have these people not noticed that the First Amendment is routinely violated by the US government?”
“Another lesson from the attack is that the surveillance state that has arisen since 9/11 is very good at following, listening to, and harassing the rest of us–but is not very good at stopping terrorists.”

Specifically, France has already proposed new terrorism-surveillance laws – despite have just passed legislation for new powers in November – while the Anglo power are meeting to ramp up security and UK Prime Minister David Cameron has proposed ridiculous and draconian powers to breach encrypted communications.

Unfortunately, it is par for the course. Problem-reaction-solution.

Quite often, when attacks happen, fear sets in, and forces antithetical to freedom set in, attempting to control and ‘protect’ society, failing profoundly while trampling over society’s most cherished values. America lived through an entire decade of this nightmare after 9/11. Jillian York, of the Electronic Frontier Foundation, commented:

“Nearly every major terrorist attack in the past couple of decades has been followed by new legislation of some kind. France just pushed through new anti-terror regulations in November, and the [prime minister] is already saying that more will be necessary. Where does it stop? These politicians haven’t demonstrated the need for more surveillance, yet it’s always their go-to ‘solution.’”

“Mass surveillance doesn’t only infringe on our privacy, but also our ability to speak freely. The knowledge, or even the perception of surveillance, can prompt writers to think twice before touching upon a given issue.”

It seems that, egged on by the horror of terrorism, all the governments are capable of doing is more spying, surveillance, invasion of privacy and repression – even though it clearly doesn’t work. From the Verge:

“[I]nstead of trying to address problems with the existing expansive surveillance powers, governments merely see these crises and fearful times as an opportunity to simply to ask for more,” Mike Rispoli, spokesman for the London-based watchdog Privacy International, wrote in a blog post Tuesday. “Short of creating a society in which thoughts themselves are monitored and controlled by the State, no amount of surveillance powers endowed upon our governments can ensure that all acts of fanaticism and violence can be predicted and prevented.”

UK Prime Minister David Cameron actually proposed banning encryption as a response to the Hebdo Charlie attacks – and caught a wave
of criticism from the tech savvy who now run the consumer and computing world.

Prime Minister David Cameron said the government should be allowed to read encrypted messages on smartphone apps like WhatsApp and Snapchat, adding that the Paris attacks proved the need for greater government access. Experts say an outright ban on these apps wouldn’t be wise or even feasible, but privacy advocates say Cameron’s comments speak to larger, more troubling trends.

Chastised as being both ‘draconian’ and ‘dim-witted,’ Cameron’s proposed policy is noted as both “ill-thought out and scary” at the same time – a true governement mix of “idiocy” and “draconian.” Cameron stated in his speech:

“In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to mobile communications,” Cameron said. “The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not.”

As the Guardian reported:

Independent computer security expert Graham Cluley said: “It’s crazy. Cameron is living in cloud cuckoo land if he thinks that this is a sensible idea, and no it wouldn’t be possible to implement properly.”

Encryption is the backbone of security that allows modern banking, commerce and communication in the digital world.

Encryption is what protects your private details when you send your bank details to a server. It’s required for governments and companies when they store customer information, to protect it from hackers and others. And it’s built right in to whole hosts of messaging applications, including iMessage and WhatsApp.

Tech firms are obviously not going to do business without encryption, so they are instead making preparations to leave the UK if this becomes policy, or likewise, to stop doing business in the UK if British laws would keep global firms from operating as usual.

Eris Industries, which uses open-source cryptography, has said it is already making plans to leave the UK if the Conservative party is re-elected with this policy in its programme.

It is true that terrorists use encryption, much as in real life they use bank accounts, locks, money transfer services and public transport. If the presence of terrorists on a given service is reason enough to shut it down, we’ll find there’s really no form of civil society left to defend.

“We must avoid knee jerk reactions,” said Graham. “In particular, I am concerned about any compromising of effective encryption for consumers of online services.”

“Citizens, businesses, and nation states need to protect themselves. Internet companies are understandably offering their customers online services that are better encrypted following recent security incidents,” said Graham.

The Open Rights Group stated:

“Cameron’s plans appear dangerous, ill-thought out and scary,” said Jim Killock, director of the Open Rights Group. “Having the power to undermine encryption will have consequences for everyone’s personal security. It could affect not only our personal communications but also the security of sensitive information such as bank records, making us all more vulnerable to criminal attacks.”

Wow… that is some civil liberties blowback. Enough to take us back a few notches in the Internet era and make a visit to the dark ages.


http://www.shtfplan.com/headline-new...ssary_01152015

[vector7]

This may already be in place here working behind the scenes gathering metadata of online activity, where we browse, purchases and social media.

China Just Launched the Most Frightening Game Ever — and Soon It Will Be Mandatory

Claire Bernish
December 21, 2015

(ANTIMEDIA) Oceania, China — As if further proof were needed Orwell’s dystopia is now upon us, China has now gamified obedience to the State. Though that is every bit as creepily terrifying as it sounds, citizens may still choose whether or not they wish to opt-in — that is, until the program becomes compulsory in 2020. “Going under the innocuous name of ‘Sesame Credit,’ China has created a score for how good a citizen you are,” explains Extra Credits’ video about the program. “The owners of China’s largest social networks have partnered with the government to create something akin to the U.S. credit score — but, instead of measuring how regularly you pay your bills, it measures how obediently you follow the party line.”


In the works for years, China’s ‘social credit system’ aims to create a docile, compliant citizenry who are fiscally and morally responsible by employing a game-like format to create self-imposed, group social control. In other words, China gamified peer pressure to control its citizenry; and, though the scheme hasn’t been fully implemented yet, it’s already working — insidiously well.

Zheping Huang, a reporter for Quartz, chronicled his own experience with the social control tool in October, saying that “in the past few weeks I began to notice a mysterious new trend. Numbers were popping up on my social media feeds as my friends and strangers on Weibo [the Chinese equivalent to Twitter] and WeChat began to share their ‘Sesame Credit scores.’ The score is created by Ant Financial, an Alibaba-affiliated company that also runs Alipay, China’s popular third-party payment app with over 350 million users. Ant Financial claims that it evaluates one’s purchasing and spending habits in order to derive a figure that shows how creditworthy someone is.”

However, according to a translation of the “Planning Outline for the Construction of a Social Credit System,” posted online by Oxford University’s China expert, Rogier Creemers, it’s nightmarishly clear the program is far more than just a credit-tracking method. As he described it, “The government wants to build a platform that leverages things like big data, mobile internet, and cloud computing to measure and evaluate different levels of people’s lives in order to create a gamified nudging for people to behave better.”

While Sesame Credit’s roll-out in January has been downplayed by many, the American Civil Liberties Union, among others, urges caution, saying:
“The system is run by two companies, Alibaba and Tencent, which run all the social networks in China and therefore have access to a vast amount of data about people’s social ties and activities and what they say. In addition to measuring your ability to pay, as in the United States, the scores serve as a measure of political compliance. Among the things that will hurt a citizen’s score are posting political opinions without prior permission, or posting information that the regime does not like, such as about the Tiananmen Square massacre that the government carried out to hold on to power, or the Shanghai stock market collapse. It will hurt your score not only if you do these things, but if any of your friends do them.” And, in what appears likely the goal of the entire program, added, “Imagine the social pressure against disobedience or dissent that this will create.”

Social pressure, of course, can be highly effective given the right circumstances. China seems to have found exactly that in the intricate linking of people’s scores to their contacts, which can be seen publicly by anyone — and then upping the ante through score-based incentives and rewards. Rick Falkvinge pointed out a startling comparison:

“The KGB and the Stasi’s method of preventing dissent from taking hold was to plant so-called agents provocateurs in the general population, people who tried to make people agree with dissent, but who actually were arresting them as soon as they agreed with such dissent. As a result, nobody would dare agree that the government did anything bad, and this was very effective in preventing any large-scale resistance from taking hold. The Chinese way here is much more subtle, but probably more effective still.”

As Creemers described to Dutch news outlet, de Volkskrant, “With the help of the latest internet technologies, the government wants to exercise individual surveillance. The Chinese aim […] is clearly an attempt to create a new citizen.”

Chinese internet specialist at the Swedish Institute of International Affairs, Johan Lagerkvist, said the system is“very ambitious in scope, including scrutinizing individual behavior and what books people read. It’s Amazon’s consumer tracking with an Orwellian political twist.”

James Corbett has been tracking the implementation of Sesame Credit for some time. Introducing the ubiquitous tracking system for a recent episode of the Corbett Report, he mused:

“Coming soon to a New World Order near you: social credit! Earn points by behaving like the government wants you to behave! Get penalized if you don’t act like a doubleplusgood citizen! What could be more fun?”

Indeed, because mandatory enrollment in Sesame Credit is still a few years away, its true effectiveness won’t be measurable for some time. But even a reporter’s usual wariness appears knocked off-kilter, as Zheping Huang summarized his personal experience: “Even if my crappy credit score doesn’t mean much now, it’s in my best interest I suppose to make sure it doesn’t go too low.”

And that, of course, is precisely why gamifying State obedience is so terrifying.

http://theantimedia.org/china-just-l...-be-mandatory/

[vector7]

Surprise: At the End, Obama Administration Gave NSA Broad New Powers

By Michael Walsh February 15, 2017


(AP Photo/Patrick Semansky, File)

This story, from the Jan. 12, 2017, edition of the New York Times, was little-remarked upon at the time, but suddenly has taken on far greater significance in light of current events:

In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections.

The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches.
Sponsored

The change means that far more officials will be searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.

One of the central questions behind the Mike Flynn flap that should have been asked but largely wasn't is: who was wiretapping the general? The answer, we know now, was the National Security Agency, formerly known as No Such Agency, the nation's foremost signals-intelligence (SIGINT) collection department.
The Empire Strikes Back

Once compartmentalized to avoid injuring private citizens caught up in the net of the Black Widow (as we all are already) and her technological successors, the NSA was suddenly handed greater latitude in what it could share with other, perhaps more politicized bodies of the intelligence community.

Why?

Let's call the roster of the bad guys:

Attorney General Loretta E. Lynch signed the new rules, permitting the N.S.A. to disseminate “raw signals intelligence information,” on Jan. 3, after the director of national intelligence, James R. Clapper Jr., signed them on Dec. 15, according to a 23-page, largely declassified copy of the procedures.

Previously, the N.S.A. filtered information before sharing intercepted communications with another agency, like the C.I.A. or the intelligence branches of the F.B.I. and the Drug Enforcement Administration. The N.S.A.’s analysts passed on only information they deemed pertinent, screening out the identities of innocent people and irrelevant personal information.

Now, other intelligence agencies will be able to search directly through raw repositories of communications intercepted by the N.S.A. and then apply such rules for “minimizing” privacy intrusions.

https://pjmedia.com/trending/2017/02...ad-new-powers/