bothernews

Posts Tagged ‘Snowden

NSA uses secret radio tech to spy on offline computers

leave a comment »

 

Computer Weekly

Warwick Ashford

Wednesday 15 January 2014

 

…This technology uses a “covert channel of radio waves” that can be transmitted from circuit boards and USB cards planted in computers, the report said, citing leaked NSA documents and US officials.

Filling in some more details of the NSA surveillance programmes revealed by whistleblower Edward Snowden in June 2013, the report said the transceivers must be physically inserted by a spy, a manufacturer or an unwitting user.

Once in place, the transceivers communicate with a briefcase-sized NSA field station, or hidden relay station, up to eight miles away.

 

The field station in turn communicates back to the NSA, and can also transmit malware to the target computer, including the kind used in attacks against Iran’s nuclear facilities.

“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” James Andrew Lewis, a cyber security expert at the Center for Strategic and International Studies in Washington, told the NYT.

“Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the US a window it’s never had before.”

The paper lists Chinese and Russian military, Mexican drug cartels, and trade institutions in the European Union, Saudi Arabia, India and Pakistan as targets of the surveillance programme code-named Quantum.

From Computer Weekly:  NSA uses secret radio tech to spy on offline computers 

More on NSA surveillance from Computer Weekly:

Advertisements

Written by bothernews

January 16, 2014 at 2:45 am

CCC-TV – Through a PRISM, Darkly

leave a comment »

 

CCC-TV – Through a PRISM, Darkly

From Stellar Wind to PRISM, Boundless Informant to EvilOlive, the NSA spying programs are shrouded in secrecy and rubber-stamped by secret opinions from a court that meets in a faraday cage.  The Electronic Frontier Foundation’s Kurt Opsahl explains the known facts about how the programs operate and the laws and regulations the U.S. government asserts allows the NSA to spy on you.

http://cdn.media.ccc.de/congress/2013/mp4/30c3-5255-en-de-Through_a_PRISM_Darkly_h264-hq.mp4

Courtesy of the Chaos Communications Conference & EFF

The NSA’s New Risk Analysis

leave a comment »

 

Schneier on Security

A blog covering security and security technology.

October 9, 2013

 

The NSA’s New Risk Analysis

 

As I recently reported in the Guardian, the NSA has secret servers on the Internet that hack into other computers, codename FOXACID. These servers provide an excellent demonstration of how the NSA approaches risk management, and exposes flaws in how the agency thinks about the secrecy of its own programs.

Here are the FOXACID basics: By the time the NSA tricks a target into visiting one of those servers, it already knows exactly who that target is, who wants him eavesdropped on, and the expected value of the data it hopes to receive. Based on that information, the server can automatically decide what exploit to serve the target, taking into account the risks associated with attacking the target, as well as the benefits of a successful attack. According to a top-secret operational procedures manual provided by Edward Snowden, an exploit named Validator might be the default, but the NSA has a variety of options. The documentation mentions United Rake, Peddle Cheap, Packet Wrench, and Beach Head — all delivered from a FOXACID subsystem called Ferret Cannon. Oh how I love some of these code names. (On the other hand, EGOTISTICALGIRAFFE has to be the dumbest code name ever.)

Snowden explained this to Guardian reporter Glenn Greenwald in Hong Kong. If the target is a high-value one, FOXACID might run a rare zero-day exploit that it developed or purchased. If the target is technically sophisticated, FOXACID might decide that there’s too much chance for discovery, and keeping the zero-day exploit a secret is more important. If the target is a low-value one, FOXACID might run an exploit that’s less valuable. If the target is low-value and technically sophisticated, FOXACID might even run an already-known vulnerability.

[…]

According to Snowden, the TAO — that’s Tailored Access Operations — operators running the FOXACID system have a detailed flowchart, with tons of rules about when to stop. If something doesn’t work, stop. If they detect a PSP, a personal security product, stop. If anything goes weird, stop. This is how the NSA avoids detection, and also how it takes mid-level computer operators and turn them into what they call "cyberwarriors." It’s not that they’re skilled hackers, it’s that the procedures do the work for them.

And they’re super cautious about what they do.

While the NSA excels at performing this cost-benefit analysis at the tactical level, it’s far less competent at doing the same thing at the policy level. The organization seems to be good enough at assessing the risk of discovery — for example, if the target of an intelligence-gathering effort discovers that effort — but to have completely ignored the risks of those efforts becoming front-page news.

[…]

Schneier on Security: The NSA’s New Risk Analysis

Written by bothernews

November 6, 2013 at 3:07 am

The Other NSA Whistleblowers Hope This Time Is Different

leave a comment »

The Atlantic Wire

by Philip Bump

Edward Snowden was not the first high-profile person to reveal secrets about the National Security Agency’s surveillance operations after September 11th. He was the third. The first two — Thomas Drake and Mark Klein — have now come forward to express support for Snowden’s revelations. Part of their motivation, it seems safe to assume, is to ensure that this time, something actually changes.

Among the Snowden leaks was confirmation of what Klein described. One of the PRISM-related slides notes the “collection of communications on fiber cables … as data flows past.” That’s exactly what Room 641A — and, presumably, the equivalent rooms in other facilities — was built to do.

AP

“I don’t expect this to happen, [but] Congress should give Edward Snowden retroactive immunity for standing and defending the Constitution. He’s done a service for the entire country. What’s revealed politically is that both parties are in on this.” – Mark Klein

Thomas Drake’s story and background are very different. Drake served in a high position with the NSA, eventually leaking non-classified details of the agency’s wasteful spending practices to a reporter from the Baltimore Sun. After pleading guilty to a computer-related charge, he spent a year on probation.

Snowden, Drake writes, has revealed only “the tip of the iceberg.” Warning that Snowden will pay a “high price,” for his actions, he nonetheless understands why it was taken. “I didn’t want to be part of the dark blanket that covers the world,” Drake writes, “and Edward Snowden didn’t either.”

The Other NSA Whistleblowers Hope This Time Is Different – Philip Bump – The Atlantic Wire.