Kid Gloves posted:

Seems like you'd just want to, you know, prosecute the people responsible for the hacking instead of imposing restrictions on the press that haven't been necessary since the 15th century. Yeah, hacking is bad and all but I'm deeply loving skeptical about any politician-imposed control of the press.

quote:

UK: Snowden reporter's partner involved in 'espionage' and 'terrorism'

(Reuters) - British authorities claimed the domestic partner of reporter Glenn Greenwald was involved in "terrorism" when he tried to carry documents from former U.S. intelligence contractor Edward Snowden through a London airport in August, according to police and intelligence documents.

Greenwald's partner, David Miranda, was detained and questioned for nine hours by British authorities at Heathrow on August 18, when he landed there from Berlin to change planes for a flight to Rio De Janeiro, Brazil.

quote:

"Additionally the disclosure, or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism..."

Elotana posted:

You missed the money quote:

quote:

Citing a 2008 GCHQ country-by-country report, the Guardian said the British spies were particularly impressed with Germany's BND agency, which they said had "huge technological potential and good access to the heart of the Internet".

"We have been assisting the BND ... in making the case for reform or reinterpretation of the very restrictive interception legislation in Germany," the GCHQ document said.

The British agency also praised France's DGSE agency and in particular its close ties with an unnamed telecommunications company, a relationship from which GCHQ hoped to benefit.

"We have made contact with the DGSE's main industry partner, who has some innovative approaches to some Internet challenges, raising the potential for GCHQ to make use of this company in the protocol development arena," the report said.

There was similar analysis of the intelligence agencies in Spain, Sweden and the Netherlands, with Spain's CNI praised for its ties with an unnamed British telecommunications firm and Sweden's FRA congratulated over a law passed in 2008 that widened surveillance powers.

Only Italy dissatisfied the British spies, who noted friction between competing agencies and legal limits on their activities, the Guardian said.

etalian posted:

So basically according to the UK doing investigative journalism as a way to influence policy changes is terrorism?

SedanChair posted:

As is all diplomacy and politics. Wait, I mean when you do it.

etalian posted:

quote:

Only Italy dissatisfied the British spies, who noted (...) legal limits on their activities, the Guardian said.

PrBacterio posted:

etalian posted:

I imagine the German BND will be in hot water soon given all the privacy protection laws.

Paul MaudDib posted:

That's really the same mindset we see right now. If we can place a camera in Merkel's bathroom, we absolutely have to place it because you know those sneaky huns would do it if they had the chance, and we cannot allow a bathroom-camera gap (it would be the end of our republic as we know it).

quote:

When Ban Ki-moon, the United Nations secretary general, sat down with President Obama at the White House in April to discuss Syrian chemical weapons, Israeli-Palestinian peace talks and climate change, it was a cordial, routine exchange.

The National Security Agency nonetheless went to work in advance and intercepted Mr. Ban’s talking points for the meeting, a feat the agency later reported as an “operational highlight” in a weekly internal brag sheet. It is hard to imagine what edge this could have given Mr. Obama in a friendly chat, if he even saw the N.S.A.’s modest scoop. (The White House won’t say.)

But it was emblematic of an agency that for decades has operated on the principle that any eavesdropping that can be done on a foreign target of any conceivable interest — now or in the future — should be done. After all, American intelligence officials reasoned, who’s going to find out?

From thousands of classified documents, the National Security Agency emerges as an electronic omnivore of staggering capabilities, eavesdropping and hacking its way around the world to strip governments and other targets of their secrets, all the while enforcing the utmost secrecy about its own operations. It spies routinely on friends as well as foes, as has become obvious in recent weeks; the agency’s official mission list includes using its surveillance powers to achieve “diplomatic advantage” over such allies as France and Germany and “economic advantage” over Japan and Brazil, among other countries.

Mr. Obama found himself in September standing uncomfortably beside the president of Brazil, Dilma Rousseff, who was furious at being named as a target of N.S.A. eavesdropping. Since then, there has been a parade of such protests, from the European Union, Mexico, France, Germany and Spain. Chagrined American officials joke that soon there will be complaints from foreign leaders feeling slighted because the agency had not targeted them.

quote:

AT&T Inc's ambitions to expand in Europe have run into unexpected hurdles amid the growing outcry across the region over surveillance by the National Security Agency. German and other European officials said any attempt by AT&T to acquire [VodaPhone Group] a major wireless operator would face intense scrutiny, given the company's work with the U.S. agency's data-collection programs.

Resistance to such a deal, voiced by officials in interviews across Europe, suggests the impact of the NSA affair could extend beyond the diplomatic sphere and damage U.S. economic interests in key markets. AT&T Chief Executive Randall Stephenson has signaled repeatedly in recent months that he is interested in buying a mobile-network operator in Europe, highlighting the potential for growth on the continent at a time when the U.S. company faces headwinds at home.

Love Rat posted:

In Germany, someone might even do jail time. Imagine that, a country where rich and/or powerful people might actually serve time, unlike the US where laws are basically bent nearly to their breaking point.

While I'd never go as far as to say I'm happy, it's nice to confirm that, yes, mass surveillance is an issue affecting most of the developed world. Surprise! When spy agencies are granted or grant themselves power, they (gasp!) spy.

etalian posted:

I like how Alexander is also selling the narrative about the Eurozone spying only being done in places such as "warzones" and in cases with full compliance with local laws.

quote:

The agency’s Dishfire database — nothing happens without a code word at the N.S.A. — stores years of text messages from around the world, just in case. Its Tracfin collection accumulates gigabytes of credit card purchases. The fellow pretending to send a text message at an Internet cafe in Jordan may be using an N.S.A. technique code-named Polarbreeze to tap into nearby computers. The Russian businessman who is socially active on the web might just become food for Snacks, the acronym-mad agency’s Social Network Analysis Collaboration Knowledge Services, which figures out the personnel hierarchies of organizations from texts.
...
This huge investment in collection is driven by pressure from the agency’s “customers,” in government jargon, not only at the White House, Pentagon, F.B.I. and C.I.A., but also spread across the Departments of State and Energy, Homeland Security and Commerce, and the United States Trade Representative.
...
Venezuela, for instance, was one of six “enduring targets” in N.S.A.’s official mission list from 2007, along with China, North Korea, Iraq, Iran and Russia. The United States viewed itself in a contest for influence in Latin America with Venezuela’s leader then, the leftist firebrand Hugo Chávez, who allied himself with Cuba, and one agency goal was “preventing Venezuela from achieving its regional leadership objectives and pursuing policies that negatively impact U.S. global interests.”

A glimpse of what this meant in practice comes in a brief PowerPoint presentation from August 2010 on “Development of the Venezuelan Economic Mission.” The N.S.A. was tracking billions of dollars flowing to Caracas in loans from China (radar systems and oil drilling), Russia (MIG fighter planes and shoulder-fired missiles) and Iran (a factory to manufacture drone aircraft).

But it was also getting up-close and personal with Venezuela’s Ministry of Planning and Finance, monitoring the government and personal emails of the top 10 Venezuelan economic officials. An N.S.A. officer in Texas, in other words, was paid each day to peruse the private messages of obscure Venezuelan bureaucrats, hunting for tidbits that might offer some tiny policy edge.

quote:

They studied Iranian air defense radar stations and recorded the travelers’ rich communications trail, including Iranian satellite coordinates collected by an N.S.A. program called Ghosthunter. The point was not so much to catch the Iranian leader’s words, but to gather the data for blanket eavesdropping on Iran in the event of a crisis.

This “communications fingerprinting,” as a document called it, is the key to what the N.S.A. does. It allows the agency’s computers to scan the stream of international communications and pluck out messages tied to the supreme leader. In a crisis — say, a showdown over Iran’s nuclear program — the ability to tap into the communications of leaders, generals and scientists might give a crucial advantage.

Tezzor posted:

Alan Dershowitz weighs in, continues to be Alan Dershowitz http://www.policymic.com/mobile/articles/51129/alan-dershowitz-goes-after-greenwald-calls-him-criminal-and-phony

quote:

The latest Edward Snowden bombshell that the National Security Agency has been hacking foreign Google and Yahoo data centers is particularly disturbing. Plenty has been written about it so I normally wouldn’t comment except that the general press has, I think, too shallow an understanding of the technology involved. The hack is even more insidious than they know.

The superficial story is in the NSA slide (above) that you’ve probably seen already. The major point being that somehow the NSA — probably through the GCHQ in Britain — is grabbing virtually all Google non-spider web traffic from the Google Front End Servers, because that’s where the SSL encryption is decoded.

Yahoo has no such encryption.

The major point being missed, I think, by the general press is how the Google File System and Yahoo’s Hadoop Distributed File System play into this story. Both of these Big Data file systems are functionally similar. Google refers to its data as being in chunks while Hadoop refers to blocks of data, but they are really similar — large flat databases that are replicated and continuously updated in many locations across the application and across the globe so the exact same data can be searched more or less locally from anywhere on Earth, maintaining at all costs what’s called data coherency.

Data replication, which is there for reasons of both performance and fault tolerance, means that when the GCHQ in London is accessing the Google data center there, they have access to all Google data, not just Google’s UK data or Google’s European data. All Google data for all users no matter where they are is reachable through any Google data center anywhere, thanks to the Google File System.

This knocks a huge hole in the legal safe harbor the NSA has been relying on in its use of data acquired overseas, which assumes that overseas data primarily concerns non-U.S. citizens who aren’t protected by U.S. privacy laws or the FISA Court. The artifice is that by GCHQ grabbing data for the NSA and the NSA presumably grabbing data for GCHQ, both agencies can comply with domestic laws and technically aren’t spying on their own citizens when in fact that’s exactly what they have been doing.

quote:

How we know the NSA had access to internal Google and Yahoo cloud data

By Barton Gellman, Ashkan Soltani, and Andrea Peterson
November 4 at 3:03 pm

The Washington Post reported last Wednesday that the National Security Agency has been tapping into the private links that connect Google and Yahoo data centers around the world. Today we offer additional background, with new evidence from the source documents and interviews with confidential sources, demonstrating that the NSA accessed data traveling between those centers.

The background also helps explain the response of U.S. officials following the publication of the story.

...

FORUMS USER 1135 posted:

The most amazing thing to me is how consistently all the news outlets seem to be working together to troll the poo poo out of the NSA, and there doesn't seem to be anything they can do about it. We consistently get about 1-2 articles per week, with one article detailing a vague release (last week - NSA has a tap at the SSE port for Google and Yahoo's internal clouds), the NSA apologists try to be vague and make statements along the lines of "We aren't breaking any laws! We aren't breaking into Google's servers! Only court-ordered taps!" Then, BAM! Today's WaPo report seems to me that it shows collected internal Google protocols and how they have active decryption of data inside Google's network, data that didn't leave the internal network.

You saw the same thing with the phone tapping. Week 1, its that we are tapping phones in Europe (NSA: Just terrorists!). Week 2, Oh we also tapped Merkels phone.

And every single release this entire summer has played out this way. Its really putting much needed egg on the face of the government, and Glenn Greenwald deserves a goddamn Pulitzer for getting this story.

quote:

Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to “full take,” “bulk access” and “high volume” operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.

Outside U.S. territory, statutory restrictions on surveillance seldom apply and the FISC has no jurisdiction. Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) has acknowledged that Congress conducts little oversight of intelligence-gathering under the presidential authority of Executive Order 12333, which defines the basic powers and responsibilities of the intelligence agencies.

Elotana posted:

Levison/Zimmerman are kickstarting their new encryption protocol for emails.

http://www.kickstarter.com/projects/ladar/lavabits-dark-mail-initiative

I'm genuinely curious if this stays up. I'm sure the Kickstarter folks will at least get a threatening letter.

cr0y posted:

I am confused. They say they need $200k to cleanup the source code and release it as a f/oss project....but then they say backers will get binaries and the source only goes to $1k+ contributors?

GrizzlyCow posted:

Are there any congresspeople interested in Intelligence (agency) reform outside of winning political points? And, are there any groups one can join and participate in to help move along any policies about reforming our spying agencies?

quote:

FBI monitored anti-war website in error for six years, documents show

The FBI monitored a prominent anti-war website for years, in part because agents mistakenly believed it had threatened to hack the bureau’s own site.

Internal documents show that the FBI’s monitoring of antiwar.com, a news and commentary website critical of US foreign policy, was sparked in significant measure by a judgment that it had threatened to “hack the FBI website” and involved a formal assessment of the “threat” the site posed to US national security.

But antiwar.com never threatened to hack the FBI website. Heavily redacted FBI documents, obtained through the Freedom of Information Act and shared with the Guardian, show that Eric Garris, the site’s managing editor, passed along to the bureau a threat he received against his own website.

Months later, the bureau characterized antiwar.com as a potential perpetrator of a cyberattack against the bureau’s website – a rudimentary error that persisted for years in an FBI file on the website. The mistake appears to have been a pillar of the FBI’s reasoning for monitoring a site that is protected by the first amendment’s free-speech guarantees.

“The improper investigation led to Garris and Raimondo being flagged in other documents, and is based on inappropriate targeting and sloppy intelligence work the FBI relied on in its initial memo,” said Julia Mass, an attorney with the ACLU of northern California, which filed the Freedom of Information Act request, and shared the documents with the Guardian.

FBI spokesman Paul Bresson said the bureau could not comment, as the ACLU’s litigation of the antiwar.com case is ongoing.

On 12 September 2001, Garris received an email with the subject line “YOUR SITE IS GOING DOWN.”

“Be warned assholes, ill be posting your site address to all the hack boards tonight, telling them about the little article at the moscowtimes and all. YOUR SITE IS HISTORY,” the unredacted parts of the email read.

Concerned, Garris forwarded the threatening email to the FBI field office in San Francisco, where he lives. (It is contained in the disclosed FBI documents.) “It was a threat and I wanted to report it,” Garris said.

But by 7 January 2002, someone in the field office characterized the message as “A THREAT BY GARRIS TO HACK FBI WEBSITE.”

According to unredacted portions of the documents, that apparent mix-up was the first time antiwar.com came onto the FBI’s radar – a purview that would last at least six years.

Tezzor posted:

The ACLU and EFF spring immediately to mind.

quote:

Mark Lynch, an A.C.L.U. lawyer, said current law allows the agency to keep secret all but the most innocuous portions of files on intelligence.

''We believe that this bill will not enable the C.I.A. to withhold any meaningful information which the agency is now required to release,'' he said. ''We have gone over the file cabinets and looked at all the documents we've obtained from the agency in the past. We're confident that we're not going to lose anything.''

Tezzor posted:

The ACLU and EFF spring immediately to mind. The motivations of Congressional officials are always suspect, but just a couple of months ago most Democrats and 40% of Republicans in the House voted to defund the NSA's collection programs before about half of these stories even came out, so there's definitely some will there.

Tezzor posted:

In other news:

http://www.theguardian.com/world/2013/nov/06/fbi-monitored-anti-war-website-in-error-documents?CMP=twt_fd&CMP=SOCxx2I2

quote:

The N.S.A. is subject to court-imposed rules about the standard that must be met before its analysts may gain access to its database, which contains records from multiple providers. The C.I.A. appears to have a freer hand, and officials said it had submitted significantly more queries to AT&T for data.

FlamingLiberal posted:

This is the same problem the CIA had during the Cold War.

Reuters posted:

Snowden may have persuaded between 20 and 25 fellow workers at the NSA regional operations center in Hawaii to give him their logins and passwords by telling them they were needed for him to do his job as a computer systems administrator, a second source said.

Sancho posted:

http://www.nytimes.com/2013/11/07/us/cia-is-said-to-pay-att-for-call-data.html?_r=0

Calling it now. Public outrage causes the NSA to lose power and the other 40+ alphabet agencies that do the same thing to gain power. Firmly looking for a third party that is not American at this point.

quote:

According to a new report by Der Spiegel, the British signals intelligence spy agency has again employed a “quantum insert” technique as a way to target employees of two companies that are GRX (Global Roaming Exchange) providers.
...
GRX is roughly analogous to an IX (Internet Exchange), and it acts as a major exchange for mobile Internet traffic while users roam around the globe. There are only around two dozen such GRX providers globally. This new attack specifically targeted administrators and engineers of Comfone and Mach (which was acquired over the summer by Syniverse), two GRX providers.

Der Spiegel suggests that the Government Communications Headquarters (GCHQ), the British sister agency to the NSA, used spoofed versions of LinkedIn and Slashdot pages to serve malware to targets. This type of attack was also used to target “nine salaried employees” of the Organization of Petroleum Exporting Countries (OPEC), the global oil cartel.

This new revelation may be related to an attack earlier this year against Belgacom International Carrier Services (BICS), a subsidiary of the Belgian telecom giant Belgacom. BICS is another one of the few GRX providers worldwide.

As Schneier wrote:

quote:

As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the Internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

In the academic literature, these are called "man-in-the-middle" attacks and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.

They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the Internet backbone and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.

Phillippe Langlois, the founder of P1 Security, presented (PDF) on GRX vulnerabilities at a security conference back in 2011.