Daily Archives: December 25, 2014

Why I Spoke Out Against the NSA | John Napier Tye | TEDxCharlottesville
This talk was given at a local TEDx event, produced independently of the TED Conferences. NSA State Dept Whistleblower John Napier Tye is Legal Director and Campaign Director at Avaaz, the...

By: TEDx Talks

Visit link:
Why I Spoke Out Against the NSA | John Napier Tye | TEDxCharlottesville - Video

JERUSALEM The malware known as Regin linked to the National Security Agency as a tool for tapping mobile phone networks and infiltrating foreign computer systems now appears to have been developed as early as 15 years ago, making it among the first major pieces of invasive computer software built to enable government espionage.

The program was revealed last month in reports from security companies Kaspersky Lab and Symantec Corp. Soon thereafter, The Intercept published new leaks from NSA whistleblower Edward Snowden thatshed light on how programs such as Regin(pronounced Re-gen)were used to collect sensitive, technical information on more than 70 percent of the worlds cellular networks.

Between the Snowden documents and the disclosures from computer security professionals about Regin, for the first time researchers think theyve linked NSA wiretapping operations to the particular tool the agency used to accomplish it, caught in the act invading a foreign cellular network.

This is the first time weve seen it for real with our own eyes. For us it was pretty surprising, says Costin Raiu, director of Kaspersky Labs Global Research and Analysis Team.

The NSAs vast surveillance practices stockpiling of phone records, recording text messages, listening in on conversations of foreign heads of state, tapping into global fiber optic communications -- began to be revealed a year and a half ago when the Snowden documents emerged.

Now, analysis of the Regin malware provides rare insight into how such extensive hacking and wiretapping was accomplished.

Regin is not just a worm or a virus, but a malwareplatform, which can host many different types of attacks. It was built for stealth and flexibility and has been found on computers around the world, serving many different purposes.

Both Kaspersky Lab and Symantec judged Regin to not only be the work of a nation-state, but also one of the most sophisticated, if not the most sophisticated, pieces of malware in existence. Both companies also specifically noted that Regin was used against telecommunications companies and infrastructure (in addition to a variety of other targets).

Get Monitor cybersecurity news and analysis delivered straight to your inbox.

The precise way that Regin enters a computer system is still unknown, but it may involve visiting spoofed versions of well-known websites or a backdoor through an application. According to Symantec, in one case log files showed that Regin got in through an unknown exploit in Yahoo! Instant Messenger.

Here is the original post:
Regin spying tool linked to NSA among first malware meant for espionage

Eyes open: Sarah Harbi protests against the NSA outside the Department of Justice in Washington, DC. Photo: Reuters

Cyber security experts are questioning whether US President Barack Obama can make good on his assurance that intelligence agencies aren't spying on "ordinary folks."

That promise is especially dubious, experts say, in instances where Americans are communicating with US citizens living abroad and other people overseas.

"It's very clear there are enormous loopholes," said Jonathan Mayer, a cyber security fellow at Stanford University's Centre for International Security and Co-operation, who is reverse engineering the NSA surveillance program to learn how much collection if taken to extremes is legally possible. "Their rules, combined with their capabilities, cut against the classical protections built into our legal system."

Advertisement

The US National Security Agency (NSA) and the CIA are tasked with gathering foreign not domestic intelligence. Agency rules say they must have a "reasonable, articulated suspicion" about the people they target, and are required to sift through all the data they collect and eliminate any that might have been intercepted from an innocent American, on US soil or abroad.

This week the Obama Administration proposed that Congress overhaul the electronic surveillance program by having phone companies hold onto the call records as they do now.

But there remain a number of significant ambiguities that allow Americans' data to be swept up, saved and analysed, according to a series of disclosures from former intelligence contractor Edward Snowden, WikiLeaks source Private Chelsea (previously known as Bradley) Manning and the US government itself:

- Analysts need to be just "51 per cent confident" that someone is not in the US, based on phone numbers, Internet Protocol addresses and email addresses, before they can target the person.

-The NSA is allowed to store encrypted communications, domestic or foreign, at least until analysts can decrypt it to find out whether it contains information relating to national security. With widely used services like Gmail and Facebook adding encryption, this could encompass a vast amount of domestic communications.

See original here:
NSA rules leave privacy vulnerable: experts

US intelligence agencies hacked into the email servers of Chinese tech giant Huawei five years ago, around the time concerns were growing in Washington that the telecommunications equipment manufacturer was a threat to US national security, a report says.

The National Security Agency began targeting Huawei in early 2009 and quickly succeeded in gaining access to the company's client lists and email archive, German weekly Der Spiegel reported on Saturday, citing secret US intelligence documents leaked by former NSA contractor Edward Snowden.

Among the people whose emails the NSA was able to read were Huawei president Ren Zhengfei, the magazine said.

The operation, which Der Spiegel claims was co-ordinated with the CIA, FBI and White House officials, also netted source codes for Huawei products.

Advertisement

One aim was to exploit the fact that Huawei equipment is widely used to route voice and data traffic around the world, according to the report.

But the NSA was also concerned that the Chinese government itself might use Huawei's presence in foreign networks for espionage purposes, it said.

In 2012, the House Intelligence Committee recommended that Huawei be barred from doing business in the US, citing the threat that its equipment could enable Chinese intelligence services to tamper with American communications networks.

Huawei didn't immediately respond to a request for comment late on Saturday.

In January, the company rejected a previous Der Spiegel report claiming that its equipment was vulnerable to hacking.

The rest is here:
NSA targeted Chinese tech giant Huawei

The National Security Agency may have violated U.S. law for over a decade with the unauthorized surveillance of U.S. citizens'overseas communications, according to new reports on the agency's intelligence collection practices released by the NSA on Wednesday.

The U.S. spy agency released the highly confidential reports in response to a Freedom of Information Act lawsuit filed by the American Civil Liberties Union (ACLU).According to documents posted on the NSA website on Christmas Eve, the examples of violations include sending data on Americans to unauthorized recipients, storing such data on unprotected computers and retaining them after they were meant to be destroyed, according to Bloomberg.

In general, each NSA report contains similar categories of information, including an overview of recent oversight activities signals intelligence activities affecting certain protected categories; and descriptions of specific incidents which may have been unlawful or contrary to applicable policies, NSA said, on its website.

The reports include a series of quarterly and annual accounts that have been made available to the presidents Intelligence Oversight Board, Bloombergreported, adding that the reports cover the period between the fourth quarter of 2001 and the second quarter of 2013.

In one instance of an unauthorized surveillance practice, in 2012, an NSA analyst searched a U.S. organization in a raw traffic database without formal authorization because the analyst incorrectly believed that he was authorized to query due to a potential threat, according to the fourth-quarterreportfrom 2012. The surveillance found nothing suspicious.

Another report revealed an incident, also in 2012, when an analyst searched her spouses personal telephone directory without his knowledge to obtain names and telephone numbers for targeting. According to the report, the analyst was advised to cease her activities.

The ACLU, which filed the lawsuit to access the NSA reports, claimed that the intelligence information collected by the spy agency was sometimes misused.

The government conducts sweeping surveillance under this authority -- surveillance that increasingly puts Americans data in the hands of the NSA, Patrick C. Toomey, staff attorney with the ACLUs National Security Project, told Bloomberg in an e-mail. Despite that fact, this spying is conducted almost entirely in secret and without legislative or judicial oversight.

Meanwhile, the NSA said that it has multi-layered protections in place to ensure that no further errors occur in intelligence-gathering and retention.

The vast majority of compliance incidents involve unintentional technical or human error. In the very few cases that involve the intentional misuse of a signals intelligence system, a thorough investigation is completed, NSA said in an executive summary. NSA goes to great lengths to ensure compliance with the Constitution, laws and regulations.

Read the original here:
NSA Reports Show Agency May Have Violated Laws For A Decade By Spying On Americans

Washington: The US National Security Agency has created a surveillance system that is recording all the phone calls in an undisclosed foreign country, allowing it to play back any conversation up to 30 days later, the Washington Post reported on Tuesday.

The newspaper cited unnamed sources with direct knowledge of the system as well as documents supplied by former NSA contractor Edward Snowden, who since last year has leaked extensive data revealing sweeping US spying activities.

The newspaper said that at the request of US officials, it was withholding details that could be used to identify the nation where the system is being used or others where it might be used in the future. The Post cited documents that envisioned similar US spying operations in other nations.

Mr Snowden again spoke from his Russian exile on Tuesday, addressing a conference audience in Vancouver through a screen and a remote-controlled robot.

Advertisement

"There are absolutely more revelations to come," he said. "Some of the most important reporting to be done is yet to come."

The voice interception program is known as MYSTIC and started in 2009, with its "retrospective retrieval" capability, called RETRO, reaching full strength in 2011 against the first target nation.

A classified summary of the system said the collection effort was recording "every single" conversation nationwide in the first target country, storing billions of conversations in a 30-day rolling buffer that clears out the oldest calls as new ones are made.

A senior manager for the program likened it to a time machine that can replay voices from any phone call without the need to identify a person for spying in advance.

Current and former US officials quoted anonymously said large numbers of conversations involving Americans would be gathered using the system.

See original here:
NSA records all calls in targeted foreign nation :report