1. NSA

Category Archives: NSA

NSA helped British steal cellphone codes

Posted on by

WASHINGTON -- Britain's electronic spying agency, in cooperation with the U.S. National Security Agency, hacked into the networks of a Dutch company to steal codes that allow both governments to seamlessly eavesdrop on mobile phones worldwide, according to the documents given to journalists by Edward Snowden.

A story about the documents posted Thursday on the website The Intercept offered no details on how the intelligence agencies employed the eavesdropping capability -- providing no evidence, for example, that they misused it to spy on people who weren't valid intelligence targets. But the surreptitious operation against the world's largest manufacturer of mobile phone data chips is bound to stoke anger around the world. It fuels an impression that the NSA and its British counterpart will do whatever they deem necessary to further their surveillance prowess, even if it means stealing information from law-abiding Western companies.

The targeted company, Netherlands-based Gemalto, makes "subscriber identity modules," or SIM cards, used in mobile phones and credit cards. One of the company's three global headquarters is in Austin, Texas. Its clients include AT&T, T-Mobile, Verizon and Sprint, the Intercept reported.

The Intercept offered no evidence of any eavesdropping against American customers of those providers, and company officials told the website they had no idea their networks had been penetrated. Experts called it a major compromise of mobile phone security.

The NSA did not immediately respond to a request for comment. In the past, former agency officials have defended using extra-legal techniques to further surveillance capabilities, saying the U.S. needs to be able to eavesdrop on terrorists and U.S. adversaries who communicate on the same networks as everyone else. The NSA, like the CIA, breaks the espionage and hacking laws of other countries to get information that helps American interests.

Still, the methods in this case may prove controversial, as did earlier Snowden revelations that the NSA was hacking transmissions among Google's data centers. The Intercept reported that British government hackers targeted Gemalto engineers around the world much as the U.S. often accuses Chinese government hackers of targeting Western companies -- stealing credentials that got the hackers into the company's networks. Once inside, the British spies stole encryption keys that allow them to decode the data that passes between mobile phones and cell towers. That allows them to ungarble calls, texts or emails intercepted out of the air.

At one point in June 2010, Britain's Government Communications Headquarters, or GCHQ, as its signals intelligence agency is known, intercepted nearly 300,000 keys for mobile phone users in Somalia, The Intercept reported. "Somali providers are not on GCHQ's list of interest," the document noted, according to the Intercept. "(H)owever, this was usefully shared with NSA."

Earlier in 2010, GCHQ successfully intercepted keys used by wireless network providers in Iran, Afghanistan, Yemen, India, Serbia, Iceland and Tajikistan, according to the documents provided to The Intercept. But the agency noted trouble breaking into Pakistan networks.

See more here:

NSA helped British steal cellphone codes

Posted in NSA

SIM card makers hacked by NSA and GCHQ leaving cell networks wide open

Posted on by

The NSA could be able to listen in on your lols.

Christian Rivera

In a new report on some of the confidential documents leaked by former NSA contractor Edward Snowden, The Intercept wrote that operatives from both the National Security Administration (NSA) and the British Government Communications Headquarters (GCHQ) joined forces in April 2010 to crack mobile phone encryption. The Mobile Handset Exploitation Team (MHET) succeeded in stealing untold numbers of encryption keys from SIM card makers and mobile networks, specifically Dutch SIM card maker Gemalto, one ofthe largest SIM manufacturers in the world. Gemalto produces 2 billion SIM cards a year, which are used all over the world.

Although the SIM card in a cell phone was originally usedto verify billing to mobile phone users, today a SIM also stores the encryption keys that protect a user's voice, text, and data-based communications and make them difficult for spies to listen in on. The mobile carrier holds the corresponding key that allows the phone to connect to the mobile carrier's network. Each SIM card is manufactured with an encryption key (called a Ki) that is physically burned into the chip. When you go to use the phone, it conducts a secret 'handshake' that validates that the Ki on the SIM matches the Ki held by the mobile company, The Intercept explains. Once that happens, the communications between the phone and the network are encrypted.

To steal the SIM encryption keys, MHET exploited a weakness in SIM manufacturers' business routinethat SIM card manufacturers tend to deliver the corresponding Kis to mobile carriers via e-mail or File Transfer Protocol. By doing basic cyberstalking of Gemalto employees, the NSA and GCHQ were able to pilfer millions of SIM Kis, which have a slow turnover rate (your phone's Ki will likely remain the same as long as you keep the SIM in the phone) and can be used to decrypt data that has been stored for months or even years.

Gemalto not only makes SIM cards, but it also makes chips that are placed into EMV credit cards as well as the chips built into next-generation United States passports. Paul Beverly, a Gemalto executive vice president, told The Intercept that the company's security team began an audit on Wednesday and could find no evidence of the hacks. The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesnt happen again, and also to make sure that theres no impact on the telecom operators that we have served in a very trusted manner for many years, Beverly said. Gemalto's clients include hundreds of wireless networks around the world, including all four major carriers in the US.

According to the documents procured by The Intercept, MHET was able to use the NSA's XKeyscore to mine the e-mail accounts and Facebook profiles of engineers at major telecom companies and SIM card manufacturing companies, looking for clues that would get them into the SIM Ki trove. (XKeyscore is a program designed by the NSA to reassemble and analyse the data packets it finds traveling over a network. XKeyscore is powerful enough to be able to pull up the full content of users' Web browser sessions, and it can even generate a full replay of a network session between two Internet addresses, as Ars reported in 2013.) Eventually, MHET learned enough to be able to plant malware on several of Gemalto's internal servers.

In the course of trying to break into Gemalto's internal network, the NSA and GCHQ looked for employees using encryption as preferred targets. The spy agencies also expanded their surveillance to include mobile phone companies and networks, as well as other SIM manufacturers. The Intercept explained:

In one instance, GCHQ zeroed in on a Gemalto employee in Thailand who they observed sending PGP-encrypted files, noting that if GCHQ wanted to expand its Gemalto operations, he would certainly be a good place to start. They did not claim to have decrypted the employees communications, but noted that the use of PGP could mean the contents were potentially valuable.

See the article here:

SIM card makers hacked by NSA and GCHQ leaving cell networks wide open

Posted in NSA

The NSA has reportedly found ways to avoid even the strongest security measures

Posted on by

The U.S. intelligence community has found ways to avoid even the strongest of security measures and practices, a new report from Moscow-based Kaspersky Lab suggests, demonstrating a range of technological accomplishments that place the nation's hackers as among the most sophisticated and well resourced in the world.

Hackers who are part of what the cybersecurity researchers call "Equation Group" have been operating under the radar for at least 14years, deploying a range of malware that could infect hard drives in a wayalmost impossible to remove and cold hide code in USB storage devicesto infiltratenetworks kept separate from the Internet for security purposes.

Kaspersky's report did not say the U.S. government wasbehind the group. But it did say the group was closely linked to Stuxnet -- malware widely reported to have been developed by the National Security Agency and Israel that was used in an attack against Iran's uranium enrichment program -- along with other bits of data that appear to align with previous disclosures. Reuters further linked the NSA to the Kaspersky report, citing anonymous former employees of the agency who confirmed Kaspersky's analysis.

NSA spokesperson Vanee Vines said in a statement that the agency was aware of the report, but would not comment publicly on any allegations it raises.

The Kaspersky report shows a highly sophisticated adversarythat has found ways to worm itself into computers with even the strongest of security measures in place. This matches up with what we know about other NSA efforts from documents leaked by former NSA contractor Edward Snowden, which showed efforts to undermine encryption and evade the protections major tech companies used to guard user data.

But the new report paints a more detailed picture of the breadth of the agency's reported offensive cyber arsenal. And unlike other recent revelations about U.S. government snooping, which have largely come from Snowden, the insights from Kaspersky came from examining attacks found in the digital wild. Victims were observed in more than 30 countries, withIran, Russia, Pakistan and Afghanistan having among the highest infection rates, according to the report.

One of the most sophisticatedattacks launched by theEquation Group lodged malware deep into hard drives, according to Kaspersky. It worked by reprogramming the proprietary code, called firmware, built into the hard drives themselves. That allowed for persistent storage hidden inside a target system that could survive the hard drive being reformatted or an operating system being reinstalled, the report says.

The code uncovered by Kaspersky suggests the malware was designed to work ondisk drives of more than a dozen major manufacturers -- including those from Seagate, Western Digital, Toshiba, IBM and Samsung. But the report also notes that this particular technique seemed to be rarely deployed, suggesting that it was used only on the most valuable victims or in unusual circumstances.

The Kaspersky report also said the group found ways to hide malicious files within aWindows operating system database on the targets' computer known as the registry -- encrypting and stashing the files so that they would be impossible to detect using antivirus software.

Equation Group also found ways to infiltratesystemsthat were kept off the Internet for security purposes -- commonly known as "air-gapped" networks. Malware used by the hackers relied on infected USB sticks to map out such networks -- or even remotely deploy code on them, according to the report.

Go here to see the original:

The NSA has reportedly found ways to avoid even the strongest security measures

Posted in NSA

Jeb Bush: NSA Bulk Telephone Records Collection Hugely Important

Posted on by

Video:Jeb Bush Backs NSA Powers

Former Florida Gov. Jeb Bush, who is seriously considering a run for the White House in 2016, said Wednesday that the National Security Agencys program that collects bulk telephone records was hugely important, throwing his support behind the practice as Congress debates whether to reauthorize or limit it.

At an event on foreign policy hosted by the Chicago Council on Global Affairs, Mr. Bush, a Republican, said, For the life of me, I dont understand the debate over the metadata program.

The programs many supporters say it helps the U.S. government prevent terrorist attacks. But its critics believe it exists with little oversight and few boundaries and could allow the government to spy on U.S. citizens.

Mr. Bushs comments are significant, as the legal authority that allows the program to exist is set to expire in June. Congress is weighing whether to rework the program in a way that would strip the NSA of some of its powers.

Details of the NSAs metadata bulk collection program were exposed in 2013 by former NSA contractor Edward Snowden, prompting a vigorous national debate over how much power the government should have to spy on people.

Mr. Bushs support for the metadata program puts him in sharp contrast with another likely GOP White House candidate, Sen. Rand Paul of Kentucky.

Mr. Paul is a critic of the NSA, and has joined a class-action lawsuit against the Obama administration over the NSAs spying practices. He also voted against a bill that would restrain some of the NSAs powers last year, saying it didnt go far enough.

Mr. Paul is popular with the libertarian wing of the GOP, and Mr. Bush as he made evident during his comments in Chicago supports more government spending on the military and a broader military influence.

Messrs. Bush and Paul will likely square off over the privacy issue on the campaign trail but also during GOP debates.

More here:

Jeb Bush: NSA Bulk Telephone Records Collection Hugely Important

Posted in NSA

Not Only the NSA Knows How to Make Unerasable Malware

Posted on by

Hacking tools that burrow inside hard disk drives could also be made by nongovernment hackers.

Over the weekend Russian security company Kaspersky described a suite of extremely sophisticated hacking tools that since 2008 have been used to infiltrate government, military, and corporate computers in 30 countries around the world. Reuters reports that it was the work of the U.S. National Security Agency.

Kasperskys most striking finding was that the toolkit of what it calls the Equation Group could inject malware into the software embedded inside hard disk drives. Not only is that firmware invisible to conventional security software, but malicious code hidden inside it can emerge to take over a computer even after its hard disk has been carefully erased. Costin Raiu, a researcher with Kaspersky, told the New York Times that the technique rendered investigators like him practically blind.

That impressive trick sets a new bar for the sophistication in malware caught in the wild. And it has led to speculation that the NSA had assistance from hard drive manufacturers, for example by getting access to details on how their firmware worked.

But despite suggestions it would be just about impossible for even the NSA to reverse-engineer hard drive firmware without such help, it appears to be well within its reachand that of many others, too. In recent years hackers and researchers with budgets far smaller than the NSAs have reverse-engineered the firmware of hard drives and other devices and demonstrated their own invisible malware.

That raises the prospect that multiple national intelligence agenciesand perhaps even groups without government backingcould be using the technique. Few, if any, security researchers are on the lookout for such attacks because they are essentially invisible.

Anyone looking to get started hacking hard drive firmware would be well advised to start with this page on the subject from prolific hacker Jereom Domburg. In 2013 he gave several talks on his research and showed how it enabled him to remotely take over a server with a hard disk made by Western Digital, a leading manufacturer whose drives were also targeted by Equation Group.

Also in 2013, academic researchers independently went even further and developed several proof-of-concept attacks against a hard disk from a different manufacturer. They showed how a disks firmware could be infected remotely, and made a system to communicate over the Internet with the unerasable malware to send commands and copy data such as encryption keys. This line from the academic papers summary has gained new plausibility after what we learned over the weekend:

The difficulty of implementing such an attack is not limited to the area of government cyber-warfare; rather, it is well within the reach of moderately funded criminals, botnet herders and academic researchers.

At the Black Hat security conference last summer, two researchers described how they had reverse engineered the firmware of USB sticks to hide code inside that can silently take over a computer.

Originally posted here:

Not Only the NSA Knows How to Make Unerasable Malware

Posted in NSA

RecentR TV (09.02.15) Die Verschwrung hinter NSA, Snowden und den Koch-Brdern – Video

Posted on by


RecentR TV (09.02.15) Die Verschwrung hinter NSA, Snowden und den Koch-Brdern
Bereits vor der Entstehung der amerikanischen Behrde fr Fernmeldeaufklrung NSA lieferten westliche Konzerne alle ntige Technologie in den Osten um die Sowjets zu einer ansehnlichen...

By: Alexander Benesch

Read more here:

RecentR TV (09.02.15) Die Verschwrung hinter NSA, Snowden und den Koch-Brdern - Video

Posted in NSA

NSA planted surveillance software on hard drives, report says

Posted on by

Security vendor Kaspersky outs a group capable of inserting spying software onto hard drives around the world, while Reuters fingers the NSA as the culprit.

Is the NSA behind a sophsticated way of implanting spyware on hard drives?

The National Security Agency is able to infect hard drives with surveillance software to spy on computers, Reuters said on Tuesday, citing information from cyber researchers and former NSA operatives.

In a new report, Kaspersky revealed the existence of a group dubbed The Equation Group capable of directly accessing the firmware of hard drives from Western Digital, Seagate, Toshiba, IBM, Micron, Samsung and other drive makers. As such, the group has been able to implant spyware on hard drives to conduct surveillance on computers around the world.

In a blog posted on Monday, Kaspersky said this threat has been around for almost 20 years and "surpasses anything known in terms of complexity and sophistication of techniques." The security researcher called the group "unique almost in every aspect of their activities: they use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims."

Surveillance software implanted on hard drives is especially dangerous as it becomes active each time the PC boots up and thus can infect the computer over and over again without the user's knowledge. Though this type of spyware could have surfaced on a "majority of the world's computers," Kaspersky cited thousands or possibly tens of thousands of infections across 30 different countries.

Infected parties and industries include government and diplomatic institutions, as well as those involved in telecommunications, aerospace, energy, nuclear research, oil and gas, military and nanotechnology. Also, included are Islamic activists and scholars, mass media, the transportation sector, financial institutions and companies developing encryption technologies.

And who's responsible for this sophisticated spyware?

Kaspersky didn't name names but did say that the group has ties to Stuxnet, a virus used to infect Iran's uranium enrichment facility. The NSA has been accused of planting Stuxnet, leading Reuters to finger the agency as the source behind the hard drive spyware, especially based on outside information.

Kaspersky's analysis was right, a former NSA employee told Reuters, adding that the agency valued this type of spyware as highly as Stuxnet. Another "former intelligence operative" said that the NSA developed this method of embedding spyware in hard drives but said he didn't know which surveillance efforts used it.

Originally posted here:

NSA planted surveillance software on hard drives, report says

Posted in NSA

  1. NSA