Sunday, December 29, 2013

National Security Agency Updates December 29 , 2013 - Glenn Greenwald: ‘A Lot’ More NSA Documents to Come ....... Obama’s NSA Phone Spying Reforms Might Make Things Worse

Are “Digital” Troops Being Sent Into Our Digital Devices Like British Troops Were Sent Into American Colonists’ Homes?

We have extensively documented that the U.S. government is trampling virtually every single Constitutional right set forth in the Bill of Rights.
One of the few rights which we thought the government still respects is the the 3rd Amendment, which prohibits the government forcing people to house troops:
No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.
But security expert Jacob Appelbaum notes that the NSA may be digitally violating the 3rd Amendment.
By way of background, this week Appelbaum was the main force behind an expose in Spiegel – and gave a must-watch talk – on the NSA’s systemic offensive programs to commandeer computers and computer systems, phone connections and phone systems, and communications networks of all types.
Appelbaum shows that the NSA has literally taken over our computer and our phones, physically intercepting laptop shipments and installing bugware before themselves shipping the laptop on to the consumer, installing special hardware that overcomes all privacy attempts, including “air gaps” (i.e. keep a computer unplugged from the Internet). Appelbaum also notes that spyware can suck up a lot of system resources on a computer or smartphone.
And he says this is the digital equivalent of soldiers being stationed in our houses against our will:
The parallel might not be as far-fetched as it may seem at first …
The NSA itself says that it’s in the middle of a massive cyber war. As such, malware, physical spying devices and offensive internet workarounds are literally the main troops in the NSA’s offensive cyber army.
Quartering meant that Colonial Americans had:
  • No control over when the British troops came and went
  • No say in what resources they consumed
  • And no privacy even in their own castles
Similarly, mass NSA spying means that modern day Americans have:
  • No control over when military presence comes or goes from our computer and phones (NSA is part of the Department of Defense)
  • No say in what resources the spies suck up (remember, Applebaum says that spying can use a lot of resources and harm performance)
  • And no privacy even in the deepest inner sanctuary of our electronic home base
Colonial Americans lost the quiet use and enjoyment of their homes. Modern Americans are losing the quiet use and enjoyment of our digital homes because the NSA is stationing digital “troops” inside our computers and phones.
Just as the Colonists’ homes were no longer theirs … our computers and phones are no longer ours.

How To Destroy An Industry
Just make sure you put back doors in virtually everything American technology companies produce -- an act of insane hubris -- and watch the customers flee.

The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on.
This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access.
Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.
The stupidity of such a program knows no boundaries.
The ultimate premise -- that nobody other than the NSA will ever obtain the keys necessary to access these defective locks they install -- is the height of arrogance.
How much of what the Chinese and others have stolen over the years were taken using our very own back doors?
Nobody knows, of course, and if the NSA knows they sure as hell won't be telling anyone.  But we do know that the Chinese, for example, have stolen not just commercial secrets but military ones as well -- including nuclear warhead designs.
We didn't, through our own arrogance, make that possible -- did we?
I'm sure we'll never find out with certainty, but this much I am certain of -- we're not the only nation with bright people in it, and if we put intentionally-pickable locks in things we sell we cannot maintain 100% control over the distribution of the back-door keys for said locks.
This sort of crap is one step removed from black-letter treason, and only removed because it's not intended to help our enemies.
But help them it does -- that much you be assured of.

The NSA's 50-Page Catalog Of Back Door Penetration Techniques Revealed

Tyler Durden's picture

While the world may have become habituated to (and perhaps revels in, thank you social media exhibitionist culture) the fact that the NSA is watching anyone and everyone, intercepting, recording, and hacking every electronic exchange regardless if it involves foreign "terrorists" or US housewives, the discoveries from the Snowden whistle-blowing campaign continue. The latest revelation from the biggest wholesale spying scandal since Nixon, exposed by Germany's Spiegel which continues the strategy of revealing Snowden leaks on a staggered, delayed basis, involves a back door access-focused NSA division called ANT, (which supposedly stands for Access Network Technology), described by Spiegel as "master carpenters" for the NSA's TAO (Tailored Access Operations, read more about TAO here). The ANT people have "burrowed into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell." More importantly, thanks to Spiegel (and Snowden of course), the NSA's 50-page catalog of"backdoor penetration" techniques has been revealed.
The details of how the NSA can surmount any "erected" walls, via Spiegel:
These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them.

This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.
Nothing quite like an extensive, taxpayer funded catalog listing back-door entry strategy imaginable. Say you wanted to have some backdoor fun with Juniper Networks, the world's second largest network equipment manufacturer (which claims the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class.")
In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."
It gets better, because when simple penetration is not enough, the NSA adds "implants."
In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet.
So what exactly is to be found in the 50-page catalog?
Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.

The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on.

This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access.

Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.

Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" -- in other words, over the Internet. Others require a direct attack on an end-user device -- an "interdiction," as it is known in NSA jargon -- in order to install malware or bugging equipment.
The conclusion here is an easy one, and one we have repeated ever since before the Snowden revelations: Big Brother is bigger and badder than ever, he knows exactly what you've been doing, and the second the NSA wants to nuke your computer out of orbit and/or destroy your digital life, it can do so in a millisecond.  What is more amusing is that with each passing disclosure, it is increasingly clear that the NSA has gotten its inspiration for its dealings with the US public from a Danielle Steel book at best, or a Vivid Video bootlegged tape at worst.

Glenn Greenwald: ‘A Lot’ More NSA Documents to Come

A popular sentiment at the CCC.
A popular sentiment at the CCC.
Nearly seven months after journalist and privacy activist Glenn Greenwald publicized Edward Snowden’s first revelations of the vast scope of the NSA’s digital surveillance, his life has changed absolutely.
Living in Brazil, he is advised not to travel. He’s a hero to privacy activists, and demonized by governments and national security agencies. And in a video keynote address to the Chaos Communication Congress (CCC) in Hamburg today, he promised that he and Edward Snowden aren’t anywhere near finished.
“There are a lot more stories to come, a lot more documents that will be covered,” Greenwald said. “It’s important that we understand what it is we’re publishing, so what we say about them is accurate.”
Greenwald’s role as keynote speaker at a conference attended in large part by programmers and hardware hackers was sign of how badly the half-year of revelations of digital surveillance by the NSA and its allies has shaken the hacker and privacy communities.
Much of the CCC’s four days of talks and workshops are dedicated to exploring the implications of Snowden and Greenwald’s revelations, from discussions about NSA attacks on the Tor private-communications network to a call by Julian Assange for hackers to fight back against the intelligence agencies.
“This is a digital agent orange. It took the leaves from the forest where we used to live and flourish,” said Tim Pritlove, one of the annual event’s organizers.
In his keynote speech, former Guardian columnist Greenwald paid rueful due to his own onetime lack of encryption skills, but said that most journalists covering national security had been no different as recently as a year ago. That has now changed, both among journalists and the interested general public, he said.
“One of most significant outcomes of the last few months has been the increased awareness of the importance of encryption and privacy,” he said. “It’s a remarkable sea change.”
But even outrage won’t change policy through traditional democratic processes, he said. The power of the NSA and the security establishment is too strong, and democratic governments are proving unable to resist the seduction of surveillance-derived knowledge.
More promising have been signs of allies showing genuine signs of indignation, and indications that important companies are feeling economic effects as a result. Most recently, he said, Boeing lost a $4 billion contract in Brazil in part because of that country’s anger at the extent of U.S spying.
“Power sectors don’t get persuaded by lofty arguments. It’s important to devise ways to raise the costs to the systematic invasion of our privacy,” he said. “When it’s no longer we in fear of them, but they in fear of us, that’s when these policies will change.”
After six months of stories based on Snowden’s revelations, Greenwald said a single theme had overshadowed any of the stories’ individual elements.
“It is literally true, without hyperbole, that the goal of the NSA and its partners in the English-speaking world is to eliminate privacy globally,” he said. “They want to make sure there is no communication that evades their net.”
He said he was working on a new story indicating that the NSA was “obsessed” by the idea that people could still use some Internet devices and mobile phones on airplanes without being recorded. “The very idea that human beings can communicate for even a few moments without their ability to monitor is intolerable.”
While much of the public reaction to the stories has been encouraging, he directed bitter criticism at the governments of countries that had protested the U.S. government’s actions, but had done nothing to help Snowden, who remains in Russia under certain threat of prosecution should he return to the United States.
“For Germany or Brazil to defy the United States, there is a cost to that. But there was even greater cost to Edward Snowden to come forward in defense of your rights, and he did it anyway,” Greenwald said. “They have an ethical and moral obligation to do what he did for them, which is to protect his rights.”

Obama’s NSA Phone Spying Reforms Might Make Things Worse

President Barack Obama listens to a question during his end-of-the-year news conference in the Brady Press Room at the White House in Washington, Dec. 20, 2013. Photo: Charles Dharapak/AP
President Barack Obama turned heads just days before Christmas when he announced that he is “seriously” considering following the recommendations set forth by an advisory panel, which he appointed, that suggested a major overhaul to the NSA’s wholesale collection of telephone metadata.
The Obama administration has been under intense scrutiny over revelations, contained in documents leaked by NSA whistleblower Edward Snowden, regarding the depth and breadth of the agency’s collection of telephone and other data. In a move to quell the uproar, Obama appointed a committee to review the matter. Among other things, it issued a host of recommendations that include major revisions to the phone-snooping program.
But a WIRED examination of a key suggestion from the “President’s Review Group on Intelligence and Communications Technologies” finds those revisions will do little to improve the protection of American’s calling history. In fact, it may well make the data more vulnerable to government inspection by potentially mandating that Americans’ phone call records be stored for longer periods of time than many telecoms currently archive them. And there likely would be few, if any, legal barriers to law enforcement officials, from the FBI to your local police department, to clear before obtaining that data.
As it stands, the telecommunication companies have, since at least 2006, funneled all phone call metadata to the NSA under secret orders from the Foreign Intelligence Surveillance Court. (Metadata includes an account holder’s records of calls received and made, any calling card numbers used in a call, the time and duration of the call and other information.) This hoovering does not require probable cause warrants that outline how and why authorities believe anyone associated with the data has committed a crime. No laws govern how the NSA may access the data — believed to hold some 1 trillion records — though the spy agency maintains it has settled on a so-called standard of “reasonable articulable suspicion” in hopes of finding the terrorist needle in a haystack.
While the NSA argues collecting and reviewing this data is vital to national security, Obama concedes more must be done to ensure some measure of privacy.
“The question we’re going to have to ask, can we accomplish the same goals this program is intended to accomplish in ways that give the public more confidence that the NSA is doing what it is supposed to be doing?” Obama said Dec. 20 before heading to Hawaii for a 17-day vacation.
Under the presidential panel’s recommendation, the telcos or an unnamed third party would store the metadata instead of the government having direct access to it. The proposal allows the government to continue querying the data, which the NSA currently holds for five years. A newly proposed legal standard would require “reasonable grounds” to believe the information sought is relevant to an investigation intended to protect “against international terrorism or clandestine intelligence activities.” The FISA court would have to approve every request.
According to the panel, which includes former U.S. counter-terrorism czar Richard A. Clarke:
In our view, the current storage by the government of bulk metadata creates potential risks to public trust, personal privacy, and civil liberty. We recognize that the government might need access to such metadata, which should be held instead either by private providers or by a private third party. This approach would allow the government access to the relevant information when such access is justified, and thus protect national security without unnecessarily threatening privacy and liberty. (.pdf)

In reality, however, “privacy and liberty” remain threatened.

Notwithstanding that the FISA Court is for all intents an NSA rubberstamp that has allowed the metadata program to run in secret for seven years, the review group’s proposal could grant law enforcement at any level a far larger trove of phone metadata to access. What’s more, they would not need probable cause warrants to target anyone’s phone metadata.
Right now, the phone companies store phone metadata for varying times. Verizon and U.S Cellular store it for about a year; Sprint for 18 months. At the other end of the spectrum, T-Mobile maintains it for seven to 10 years, and AT&T for five, according to a congressional inquiry. While Obama’s review group’s recommendation was short on details, everybody familiar with the plan agrees it would require telcos to store metadata for some minimum amount of time, presumably for longer than many of them already do. That means the authorities would have access to this data for far longer than they otherwise might.
According to the congressional inquiry led by Sen. Edward Markey (D-Massachusetts), eight carriers reportedreceiving more than 1 million requests for personal mobile phone data by law enforcement in 2013, and they and racked up millions of dollars in processing fees along the way. Not all of those requests were for phone metadata, however. There were requests for cell-site location data, web browsing habits, text message content, and voicemail, among other things. The telecoms did not break down the number of requests they received for each category.
To be sure, phone companies regularly provide law enforcement with customer calling history, usually under a subpoena. Such documentation, signed by a law enforcement agent, promises the data is relevant to an ongoing investigation. That standard is based on a 1979 Supreme Court precedent, which upheld the conviction of a Baltimore purse snatcher who unsuccessfully challenged the local phone company’s decision to release his call records to the police even though the authorities did not have a probable-cause warrant. The records showed that the defendant, Michael Smith, had been calling his victim after he mugged her. (A more detailed look at that precedent can be found here.)
To give Americans a modicum of privacy, Congress must quarantine away from law enforcement officials the data the telcos would be compelled to store and only grant access to the NSA upon approval of the Foreign Intelligence Surveillance Court’s approval. The NSA said it queried its vast database just 300 times last year.
“If there is this retention, you would need to make sure there are no loopholes that would undermine the entire purpose of the change,” said Brett Kaufman, a National Security Project fellow with the American Civil Liberties Union.
If past is prologue, we already know the outcome.

Judge Pauley's Deliberate Blind Spot: Systematic Section 215 Abuses

IT Firms Lose Billions After NSA Scandal Exposed by Whistleblower Edward Snowden