Moderators: Elvis, DrVolin, Jeff
Do you get phone calls from nowhere?
Robert Fisk
Sunday 22 December 2013
About a year ago, I began to recieve a wonderful series of calls from America and London
My Lebanese mobile phone has long been the victim of gremlins who would surely make Edward Snowden lick his lips. For months, I have received calls from Canada which registered on my receiver to a series of non-existent numbers with the direct-dial code of Turkey.
Then I began to receive, about a year ago, a wonderful series of calls from America and London which registered on my mobile as follows: 00 278. I called the number, and a recorded voice asked me to leave a message.
Difficult to do – since no country exists with a 278 suffix. A glance at direct-dial codes suggests this mythical nation must be somewhere in southern Africa between Kenya (254), Uganda (256), Zambia (260), Lesotho (266), Botswana (267), the Comoros (269) and Eritrea (291). What outlandish listening post in this non-state is wasting its time on my phone, I ask myself?
Why, only last week, a call to my Lebanese mobile from an Irish telephone registered as a number in Madrid (00 349 12020000). Once more, the number did not exist. Same with a call from an acquaintance in Tehran who called me on Friday; his number came up on my phone with a British 00 44 1269 code and a number which, yet again – like the code itself – is a fake. Any other readers suffering the same problems?
Then again, when I arrived in the Tajik capital of Dushanbe in 2008, my Lebanese mobile welcomed me to Russia. And when I stood on the northern bank of the Amu Darya river (classical Oxus) which separates Tajikistan from Afghanistan, my mobile welcomed me to the United Arab Emirates.
Then I knew for certain that my phone was in the hands of US intelligence.
NSA and Corporate Cooperation Revealed
Posted: 12/31/2013 8:51 am
The latest NSA revelations reveal deeper and more insidious intrusions into our lives, and show deeper collusion between the government and private enterprise. If you really, really think this is OK because you have "nothing to hide," you better be darn sure that's the case.
Back Doors
It is now apparent that the NSA co-opted nearly every piece of electronics present in our lives. Der Spiegel reports that the NSA has found ways to slither through most firewalls and work around most security systems. This dirty work is done primarily via malware, computer code created by the NSA that is implanted in the targeted device to do the NSA's bidding. This malware most commonly creates a "back door," a new, hidden pathway into some computer system.
NSA Lies about BIOS Attacks
We also learn that the NSA, which only recently used the American TV news magazine 60 Minutes to warn about a new form of Chinese cyberattack, actually employs the very same technique. NSA Information Assurance Director Debora Plunkett spoke in near-apocalyptic terms:
[She] revealed the discovery by one of her 3,000 analysts of a secret computer weapon that could destroy any computer it infected. She would not name its origin, but 60 Minutes has learned it was engineered in China. The NSA allowed Plunkett to talk about it for the first time in detail. She says it was called the Bios Plot, for the foundational component, the Bios, that all computers have that performs basic functions like turning on the operating system and activating the hardware. The attack on the Bios would have been disguised as a request for a software update. If the user clicked on it, the virus would turn their computer into "a brick," says Plunkett.
"One of our analysts actually saw that the nation-state had the intention to develop and deliver, to actually use this capability to destroy computers," Plunkett says. If successful, says Plunket, "Think about the impact of that across the entire globe. It could literally take down the U.S. economy." The NSA quietly worked with computer manufacturers to eliminate this vulnerability.
However, quite apart from "quietly working with computer manufacturers to eliminate" a BIOS attack, the NSA quietly worked to exploit BIOS attacks of its own making. Der Spiegel tells us:
[NSA] developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access.
A Look How Deep the Rabbit Hole Goes
In a way, however, the most insidious technique the NSA employs is in a way one of the simplest. Der Spiegel reveals that the NSA intercepts computers and other electronic hardware being shipped to a "target," alters them, and then sends them on to be received and used by the target, albeit with the NSA software and/or hardware installed.
Let's break this down.
Once the NSA identifies a "target" (whom we'll refer here to as "You"), the NSA needs to know when You order a new laptop they want to intercept. That means the NSA has to spy on Your credit card, Your online activities and/or probe into the ordering systems of places like Amazon, Dell and the like. Perhaps there is a sort of "no fly" list distributed to manufacturers that requires notification to the NSA when someone like You on it buys something. Or all of the above.
The NSA then must know when and how Your laptop will be sent to you. That means they need to have been accessing the computer systems of Amazon, Dell and the like, and/or UPS, Fedex and other shippers. Or all of the above.
The NSA then has to have physical access to the warehouse of the shipping company. Or, the shipping company has to agree to mark your package, and deliver it instead to an NSA location. That all means the shipping companies are in on the NSA plot, or the NSA has to be hacking into the shipping companies' data systems and substituting their address for Yours.
Once in NSA hands, Your package has to be opened, and Your laptop must be altered in some undetectable way. They can't steam open a box like a letter in the old movies; someone has to open it physically and then get it all buttoned up again without a trace. Does the NSA have a way to unstick packing tape and reseal internal bags, or do they have a ready supply from Dell and Apple of packing materials?
Lastly, the NSA has to return the package into the shipping stream. That means the box, with say Amazon's return address and Your home address, has to reenter say Fedex's system from a third location without too many people knowing it happened. It would not do for the low-level UPS guy to pick up a ton of boxes everyday from a nondescript warehouse, all with third-party address labels. This strongly suggests cooperation by the shipping companies.
You then open Your new laptop on Christmas morning. Yeah, be sure to select a secure password.
Private Enterprise as Tools of the National Security State
After a lot of denying and prevaricating, the telecommunications companies of the United States admitted they work hand-in-glove with the NSA under a secret portion of the Patriot Act to collect and transfer data about You. Verizon also hacked its own wireless modems to allow the FBI easier access to You. Microsoft collaborated to allow Your communications to be intercepted, including helping the NSA circumvent the company's own encryption. Microsoft also worked with the NSA to grant easier access to its cloud storage service SkyDrive with Your documents. One technology expert speculates the NSA embeds back doors inside chips produced by U.S. corporations Intel and AMD. There are many more examples of corporate cooperation, as well as corporations appearing to "not know" about NSA intrusions deep into their systems and products.
What we have here is an example of the depths into which You have fallen. The government has recruited private industry into its national security state, down to the level of the Fedex guy delivering packages to Your door in time for Christmas. For those of You who still foolishly insist that such spying is OK because they "have nothing to hide," I sure as heck hope You are right, because whatever You do have now belongs to Them.
We would know none/none of this had it not been for Edward Snowden.
Moon of Alabama
December 31, 2013
From iPhone to Cisco Routers - NSA Hacks It All
Everyone should read the SPIEGEL story and check the graphics and docs about the NSA's Tailored Access Operation. They describe the hardware and software tools the NSA uses to break into every level of computing - from your cellphone up to carrier class internet routers. The Apple iPhone for example is, as was to be expected, one of the devices the NSA can crack and silently control anytime it tries.
Jacob Applebaum, who helped reporting the story, yesterday gave an hour long talk about these NSA abilities. I recommend to listen to it. He rightly points out one of the main issues that even supporters of the NSA spying should have serious headaches about. If the NSA can use the software and hardware bugs in various devices to take control over them then others can do this too. I bet that there are criminals out there who use exactly the same problematic holes the NSA uses for its spying. Such holes should be fixed and not abused.
One aspect that may help top rein in the NSA's totally overdone "collect it all" and "hack it all" attitude is the extreme damage this report will do to the U.S. computer and internet companies. Why would I buy Cisco routers or an iPhone when it is publicly known that these are extremely unsafe devices? ...continued
conniption wrote:Jacob Applebaum, who helped reporting the story, yesterday gave an hour long talk about these NSA abilities.
The NSA Responds To Bernie Sanders Whether It Spies on Congress - 4 Jan 2013
"Members of Congress have the same privacy protections as all U.S. persons,"
coffin_dodger » Thu Jan 02, 2014 2:47 pm wrote:If wi-fi's can be co-opted and told to 'ignore' certain packets of data passing through them, then what's to stop a 2nd hidden 'internet' existing as an internal, country or region specific entity, running solely across our wi-fi networks, useful for transference of highly sensitive data? Why wouldn't they use what already exists and more importantly, is universally accepted?
For use by those that cannot afford to be scrutinized at any cost.
Washingtons Blog
embedded links at the source
Open Letter from Top U.S. Computer Security Experts Slams NSA Spying As Destroying Security
Posted on January 25, 2014 by WashingtonsBlog
The NSA Is Making Us All Less Safe
An open letter today from a large group of professors – top US computer security and cryptography researchers – slams the damage to ecurity caused by NSA spying:
Inserting backdoors, sabotaging standards, and tapping commercial data-center links provide bad actors, foreign and domestic, opportunities to exploit the resulting vulnerabilities.
The value of society-wide surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to privacy, democracy, and the US technology sector is readily apparent. Because transparency and public consent are at the core of our democracy, we call upon the US government to subject all mass-surveillance activities to public scrutiny and to resist the deployment of mass-surveillance programs in advance of sound technical and social controls. In finding a way forward, the five principles promulgated at http://reformgovernmentsurveillance.com/ [a site launched by Google, Apple, Microsoft, Twitter, Facebook, AOL, Yahoo and LinkedIn] provide a good starting point.
The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.
The Washington Post notes that these are some of the top names in computer cryptography and security, including heavyweights in the government.
Many other top security experts agree:
IT and security professionals say spying could mess up the safety of our internet and computer systems
The Electronic Frontier Foundation notes:
“By weakening encryption, the NSA allows others to more easily break it. By installing backdoors and other vulnerabilities in systems, the NSA exposes them to other malicious hackers—whether they are foreign governments or criminals. As security expert Bruce Schneier explained, ‘It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create.’”
Schneier provides details:“[NSA spying] breaks our technical systems, as the very protocols of the Internet become untrusted.
***
The more we choose to eavesdrop on the Internet and other communications technologies, the less we are secure from eavesdropping by others. Our choice isn’t between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping; it’s between a digital world that is vulnerable to all attackers, and one that is secure for all users.
***
We need to recognize that security is more important than surveillance, and work towards that goal.”
Another expert on surveillance and cybersecurity – Jon Peha, former chief technology officer of the FCC and assistant director of the White House’s Office of Science and Technology – says that the NSA’s spying program “inevitably makes it easier for criminals, terrorists and foreign powers to infiltrate these systems for their own purposes”
“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.”
The inventor of the World Wide Web agrees
The stakes are high:
“A team of [10] UK academics specialising in cryptography has warned … that ‘by weakening all our security so that they can listen in to the communications of our enemies, [the agencies] also weaken our security against our potential enemies‘….
The biggest risk, they imply, is that civilian systems and infrastructure – perhaps including physical systems such as the power grid – could become vulnerable to attack by state-sponsored hackers who are capable of exploiting the same ‘backdoors’ in software that have been planted there by the western agencies.”
And the NSA’s big data collection itself creates an easy mark for hackers. Remember, the Pentagon itself sees the collection of “big data” as a “national security threat” … but the NSA is the biggest data collector on the planet, and thus provides a tempting mother lode of information for foreign hackers
And see this.
_______
embedded links at the source.
Open Letter from Top U.S. Computer Security Experts Slams NSA Spying As Destroying Security
The NSA Is Making Us All Less Safe
coffin_dodger » Fri Dec 20, 2013 2:42 pm wrote:GCHQ and NSA targeted charities, Germans, Israeli PM and EU chief
The Guardian, Friday 20 December 2013
Chaos Computer Club files criminal complaint against the German Government
2014-02-03 00:18:00, henning
On Monday, the Chaos Computer Club (CCC) and the International League for Human Rights (ILMR), have filed a criminal complaint with the Federal Prosecutor General's office. The complaint is directed against the German federal government, the presidents of the German secret services, namely Bundesnachrichtendienst, Militärischer Abschirmdienst, Bundesamt für Verfassungschutz, and others. We accuse US, British and German secret agents, their supervisors, the German Minister of the Interior as well as the German Chancelor of illegal and prohibited covert intelligence activities, of aiding and abetting of those activities, of violation of the right to privacy and obstruction of justice in office by bearing and cooperating with the electronic surveillance of German citizens by NSA and GCHQ.
After months of press releases about mass surveillance by secret services and offensive attacks on information technology systems, we now have certainty that German and other countries' secret services have violated the German criminal law. With this criminal complaint, we hope to finally initiate investigations by the Federal Prosecutor General against the German government. The CCC has learned with certainty that the leaders of the secret services and the federal government have aided and abetted the commission of these crimes.
It is the understanding of the CCC that these crimes are felonies persuant to German federal laws, specifically 99 StGB (illegal activity as a foreign spy), §§ 201 ff. StGB (violation of privacy) and § 258 StGB (obstruction of justice).
"Every citizen is affected by the massive surveillance of their private communications. Our laws protect us and threatens those responsible for such surveillance with punishment. Therefore an investigation by the Federal Prosecutor General is necessary and mandatory by law – and a matter of course. It is unfortunate that those responsible and the circumstances of their crimes have not been investigated," says Dr. Julius Mittenzwei, attorney and long time member of the CCC.
It is unacceptable that the public offices have not helped in the investigation of these crimes even if the spying is widely visible, for example, in the so called Dagger-Complex and on the August Euler airfield near Griesheim. Together with the International League of Human Rights and digitalcourage e. V., we want to bring to light more information about the illegal activities of German and foreign secret services and intend to bring the offenders of those crimes to accord.
In the criminal complaint, we ask to hear technical expert and whistleblower Edward Snowden as a witness, and that he be provided safe passage and protection against extradition to the US.
We do not only want to call the Federal Prosecutor General's office to investigations but also ask you to get involved and also file a criminal complaint. The text of the complaint is transmitted on demand.
Users browsing this forum: No registered users and 58 guests