EdwardSnowden
Latest
NSA reportedly cracks down on staff who thought it was okay to share their logins with Edward Snowden
In a slightly ironic twist for the National Security Agency, Reuters reports that as many as 25 members of its staff have been "removed from their assignments" because they shared their private passwords with Edward Snowden while he worked there. A number of government offices are currently trying to find out just how Snowden got hold of so much confidential data, and sources close to those investigations now claim that the PRISM whistleblower used his position as a systems admin to dupe colleagues into handing over their passwords. It's not clear whether the NSA staff involved in the breach have been fired or re-assigned, but if the allegations are true then there are likely to be some red faces at the agency once the various investigations reach their conclusions, because such a large-scale failure by supposedly highly-trained staff would implicate the NSA's systems and practices, rather than just a few naive individuals.
Need tech support in Russia? Give Edward Snowden a call
So, what happens after you've become an international pariah? The PRISM revelations may rattle along, but the figure who started it all is trying to return to something approaching a normal life. Edward Snowden's lawyer has revealed that, after settling at an undisclosed location in Russia, the NSA whistleblower has found a job. He'll be offering technical support for a domestic website, which isn't being named for the obvious reasons. Is this the last that we'll hear from the former intelligence analyst? Only time will tell.
NSA collecting email and messaging contacts worldwide, Yahoo moves to encrypt webmail by default
Don't think that the NSA's bulk communication data collection is focused solely on the communications themselves. The Washington Post has published more Edward Snowden documents which reveal that the agency collects large volumes of contact lists from email and instant messaging users around the world. While the NSA gathers the information on foreign soil, its method reportedly prevents it from automatically screening out any Americans in the list. The NSA and anonymous officials argue that American laws prevent analysts from accessing data unless they believe there's a foreign target hidden with, but the strategy still has the government storing contacts for "millions" of people. Yahoo customers are some of the most common targets of this surveillance, as the company doesn't normally encrypt webmail sessions. That's about to change, however. The internet firm tells the Post that its webmail service will default to using SSL encryption on January 8th, catching up with Facebook and Google. Yahoo isn't officially tightening its security in response to NSA activity, and using SSL won't necessarily stop interceptions when spies frequently have workarounds. However, the upcoming encryption will at least complicate any snooping -- whether or not it's part of an intelligence operation.
Lavabit reinstates service briefly so users can download emails, change passwords
Email provider Lavabit shut down in August due to government pressure in the wake the Edward Snowden leaks, but it is apparently re-opening -- for a little while. A press release issued by Lavabit indicates that there's a two-step process, with step one giving users a chance to change their password (which started at 8PM ET tonight). Step two kicks in on October 17th or 18th and will let users download an archive of their stored messages and personal account data. The password change is in response to information that the company's SSL certificates have been compromised by the investigation. User's accounts should be secure under a new key after their passwords are reset, not to mention the bonus of having access to their data again. If you had an account, it's accessible at Liberty.Lavabit.com, those interested in founder Ladar Levison's legal battle can provide support at Rally.org.
American and British spy agencies targeted Tor network with minimal success
Considering the NSA and Government Communications Headquarters (GCHQ) have been trying to thwart encryption on the internet, it comes as no surprise that the two have spent significant resources trying to crack the Tor network. Tor, as some of you may know, is designed to keep a person's identity, location and activity anonymous and protect him or her from surveillance. Before panic sets in, know that Tor remains largely secure -- the agencies had only limited success in trying to identify users. One of the documents leaked by Edward Snowden, titled "Tor Stinks" reveals the proof-of-concept attack, but concedes that the NSA "will never be able to de-anonymize all Tor users all the time... With manual analysis we can de-anonymize a very small fraction of Tor users." That bodes well for the journalists and political dissidents who rely on the software, which ironically received the majority of its funding from the State Department and Department of Defense.
Lavabit was under FBI pressure to decrypt Snowden connections, court reveals
When Lavabit shut down in the wake of Edward Snowden's leaks, it left a big question unanswered: just what did the US government want that was supposedly so egregious? Thanks to newly unsealed court documents obtained by Wired, we now know much more of the story. The FBI had served Lavabit an order requiring that it hand over Snowden's encryption keys, helping the agency install a device that would collect metadata from its suspect's email connections. Lavabit repeatedly turned down the requests since it could have given access to data from every user of the service -- at one point it did serve up the SSL keys, but printed out on 11 pages in 4pt type -- which led to threats of criminal contempt charges and fines. We all know what happened afterward -- company founder Ladar Levison chose to shutter Lavabit rather than comply with the FBI's demands. While the new details aren't shocking given the government's desire to catch Snowden, they help explain Levison's past statements; he felt that it was better to defend Lavabit in court than risk violating the privacy of his customers.
NYT: NSA monitors, graphs some US Citizens' social activity with collected metadata
Just how does the NSA piece together all that metadata it collects? Thanks to "newly disclosed documents and interviews with officials," The New York Times today shed light on how the agency plots out the social activity and connections of those it's spying on. Up until 2010, the NSA only traced and analyzed the metadata of emails and phone calls from foreigners, so anything from US citizens in the chains created stopgaps. Snowden-provided documents note the policy shifted later in that year to allow for the inclusion of Americans' metadata in such analysis. An NSA representative explained to the NYT that, "all data queries must include a foreign intelligence justification, period." During "large-scale graph analysis," collected metadata is cross-referenced with commercial, public and "enrichment data" (some examples included GPS locations, social media accounts and banking info) to create a contact chain tied to any foreigner under review and scope out its activity. The highlighted ingestion tool in this instance goes by the name Mainway. The NYT article also highlights a secret report, dubbed "Better Person Centric Analysis," which details how data is sorted into 164 searchable "relationship types" and 94 "entity types" (email and IP addresses, along with phone numbers). Other documents highlight that during 2011 the NSA took in over 700 million phone records daily on its own, along with an "unnamed American service provider" that began funneling in an additional 1.1 billion cellphone records that August. In addition to that, Snowden's leak of the NSA's classified 2013 budget cites it as hoping to capture "20 billion 'record events' daily" that would be available for review by the agency's analysts in an hour's time. As you might expect, the number of US citizens that've had their info bunched up into all of this currently remains a secret -- national security, of course. Extended details are available at the source links.
Snowden leak suggests UK was spying on Belgian telecom
When Belgian prosecutors suggested that Belgacom was the target of foreign espionage, many blamed the NSA -- it has a history of snooping on other countries, after all. Those accusations may have been off the mark, however. Der Spiegel has revealed documents leaked by Edward Snowden which hint that the UK's Government Communications Headquarters (GCHQ) was responsible. The intelligence agency reportedly tricked key Belgacom staff into visiting a malware-loaded website that hijacked their PCs. GCHQ could then spy on smartphones, map the network and investigate secure VPN connections. Neither Belgacom nor Belgium has responded to this latest Snowden leak, but we wouldn't be surprised if the apparent evidence speeds up their investigation.
American and British spy agencies can thwart internet security and encryption
As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of "Sigint (signals intelligence) enabling" in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program. The agencies' efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked "vast amounts" of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of "exploitable" information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA's "problem" are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.
Report: NSA used taxpayer dollars to cover PRISM compliance costs for tech companies
The mounting national debt? Yeah, you're probably better off just ignoring why exactly it's mounting. The Guardian is continuing the blow the lid off of the whole NSA / PRISM saga, today revealing new documents that detail how the NSA paid out "millions" of dollars to cover PRISM compliance costs for a multitude of monolithic tech outfits. As the story goes, the National Security Agency (hence, tax dollars from American taxpayers) coughed up millions "to cover the costs of major internet companies involved in the PRISM surveillance program after a court ruled that some of the agency's activities were unconstitutional." The likes of Yahoo, Google, Microsoft and Facebook are expressly named, and while Google is still angling for permission to reveal more about its side of the story, other firms have conflicting tales. For whatever it's worth, a Yahoo spokesperson seemed a-okay with the whole ordeal, casually noting that this type of behavior is perfectly legal: "Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Meanwhile, Facebook stated that it had "never received any compensation in connection with responding to a government data request." Microsoft, as you might imagine, declined to comment, though we heard that Steve Ballmer could be seen in the distance throwing up a peace sign. At any rate, it's fairly safe to assume that your worst nightmares are indeed a reality, and you may have a far more enjoyable weekend if you just accept the fact that The Man knows everything. Better, right?
Lavabit founder chafes under NSA scrutiny, speaks out against govermental privacy violations
Lavabit shut down its email services a couple weeks ago in response to governmental pressure regarding NSA whistleblower Edward Snowden's account. At the time, founder Ladar Levison stated he was shutting down Lavabit because he didn't want to "become complicit in crimes against the American people," but didn't expound upon what that statement meant due to a governmental gag order. The Guardian spoke with Levison recently, however, and while he still didn't deliver details about his legal dealings with Uncle Sam, he did share some thoughts about governmental surveillance in general. As you might expect, Levison is against ubiquitous governmental surveillance of communications between citizens. To that end, he's calling for a change to be made in US law so that private and secure communications services can operate without being used as "listening posts for an American surveillance network." He's not wholly against the feds tapping phone lines, though, as he recognizes the role such surveillance plays in law enforcement. However, he thinks the methods that are being used to conduct that surveillance should be made public -- not an unreasonable request, by any means. You can read Levison's full take on the matter, along with a recounting of reasons behind Lavabit's creation at the source below.
Leaked NSA audit shows privacy violations in cellular and fiber optic surveillance
The NSA insists that it respects American privacy, but documents leaked by Edward Snowden to the Washington Post suggest that the agency has trouble maintaining that respect. A May 2012 audit, buried in the documents, 2,776 incidents where the NSA's Washington-area facilities inadvertently obtained protected American data through a mix of human errors and technical limits. Among its larger gaffes, the NSA regularly had problems determining when foreign cellphones were roaming in the US, leading to unintentional snooping on domestic calls. The agency also spent months tapping and temporarily storing a mix of international and domestic data from US fiber lines until the Foreign Intelligence Surveilliance Court ruled that the technique was unconstitutional. NSA officials responding to the leak say that their agency corrects and mitigates incidents where possible, and argue that it's difficult for the organization to avoid errors altogether. However, the audit also reveals that the NSA doesn't always report violations to overseers -- the division may be interested in fixing mistakes, but it's not eager to mention them.
Lavabit, reportedly Edward Snowden's email service of choice, shuts down
It looks like Edward Snowden is going to have to find a new email service as the one he supposedly used -- Lavabit -- has abruptly closed its doors. The company's owner, Ladar Levison, posted an open letter on the site today, saying, "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit." Levison also claimed to be unable to speak to the specifics surrounding the situation, stating that a Congressionally approved gag order prevented him from doing so. While Lavabit's situation seems pretty dire, it might not be curtains just yet. In his message, Levison stated that he would take his fight to reinstate Lavabit to the Fourth Circuit Court of Appeals. To read the missive in full, head on over to the source link below.
Snowden leaves neutral confines of Moscow airport, enters Russia
Edward Snowden has finally escaped his month-long Moscow airport purgatory and arrived in Russian territory, according to the Associated Press. The NSA whistleblower had already been granted temporary asylum by the Putin-led government after Bolivia and Venezuela also offered to take the fugitive, and was awaiting paperwork in order to leave Sheremetyevo Airport. The NSA's arch-enemy will be granted a year's stay, according to his Russian lawyer, and will be able to re-apply to remain after that. Now that his Russian residency has been established, most press outlets expect a strong reaction from the US government after it assured Moscow that Snowden wouldn't face the death penalty if deported. For its part, Russia said it has no intention of handing over the man who blew the lid off the pervasive PRISM monitoring program.
The Guardian: NSA's XKeyscore tool is its 'widest reaching' system for collecting online data
Edward Snowden has said that he still has more information about the NSA than what he's already leaked, and we're now getting a look at another big piece of that. According to a new set of documents provided to The Guardian, the NSA is using a tool called XKeyscore that is said to be its "widest reaching" system for collecting information from the internet -- one that lets it examine "nearly everything a typical user does on the internet," as one presentation slide explains. That apparently includes both metadata and the contents of emails, as well as social media activity, which can reportedly be accessed by NSA analysts without prior authorization; as The Guardian notes, a FISA warrant is required if the target of the surveillance is a US citizen, but not if a foreign target is communicating with an American. According to The Guardian, the amount of data collected is so large that content is only able to stored in the system for three to five days, or as little as 24 hours in some cases, while metadata is stored for 30 days. That's reportedly led the NSA to develop a multi-tiered system that lets it move what's described as "interesting" content to other databases where it can be stored for as much as five years. In a statement provided to The Guardian, the NSA says that "XKeyscore is used as a part of NSA's lawful foreign signals intelligence collection system," and that "allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks." The agency further adds that "every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law."
Washington Post: Russia may grant NSA leaker Edward Snowden formal entry
According to the Washington Post, Russia has decided to grant Edward Snowden permission to leave the Moscow airport. Though the NSA whistleblower has been offered asylum in Bolivia and Venezuela, he reportedly requested temporary asylum in the Eastern European country last week. While the Putin government didn't approve Snowden's application immediately, it's refused to hand him over to the U.S. since he arrived in Shremetyevo airport from Hong Kong on June 23rd. It's unclear if and when the country will approve the request, but Snowden's Russian lawyer said his client's unique legal situation would keep him in the transit zone for at least one more day. Stay tuned -- we'll be updating as more information becomes available.
Microsoft reportedly eased NSA access to Outlook.com, SkyDrive and Skype
Tech firms say they aren't giving the NSA direct access to their servers, but that might not even be necessary. The Guardian reports that Microsoft, at least, is making it easy to snoop on services from the outside. Documents provided by Edward Snowden claim that Microsoft helped the NSA bypass Outlook.com chat encryption, even before the product launched; reportedly, it also simplified PRISM access to both SkyDrive and Skype conversations. The company denies offering any kind of carte blanche access, however, and insists that it only complies with specific, legal requests. Whether or not that's true, we can only know so much when Microsoft is limited in what it can say on the subject.
NSA whistleblower Edward Snowden offered asylum in Venezuela (update: Bolivia too)
Now that PRISM leaker Edward Snowden has spent a few days in Russia with a US extradition request looming over him, WikiLeaks legal advisor Sarah Harrison has submitted asylum applications and requests for asylum assistance to a raft of countries on his behalf. The first to step up to the plate is apparently Venezuela, as its president Nicolas Maduro stated during a parade that it has rejected US requests for extradition and will offer him political and humanitarian asylum. Nicaraguan president Daniel Ortega previously said his country would offer Snowden asylum "if circumstances permit." Update: Reports are out that Bolivia's president, Evo Morales, has joined in offering Snowden asylum. As USA Today notes, this comes hot on the heels of when his plane was barred from flying over European airspace for hours, over concerns Snowden hitched a ride from Russia under the radar.
Edward Snowden tells South China Morning Post he took Booz Allen job to collect NSA information
Edward Snowden may now be far from Hong Kong, but the South China Morning Post has just revealed more details from an interview he granted on June 12th while he was still there. According to the paper, Snowden reportedly said that he took a job with NSA-contractor Booz Allen Hamilton in order to gather additional evidence about the spy agency's activities. "My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked," he said. "That is why I accepted that position about three months ago." He reportedly further said "correct on Booz," when asked if he specifically went to Booz Allen to gather evidence of surveillance. As the paper notes, Snowden also said that he took pay cuts "in the course of pursuing specific work" in an online Q&A with The Guardian last week, and he's also indicated that he has more information he intends to leak, saying that he'd like to "make it available to journalists in each country to make their own assessment."
Edward Snowden stops off in Moscow with US extradition request snapping at his heels
Even if he anticipated the risks involved in turning whisteblower, Edward Snowden can't have imagined the rushed, convoluted journey he'd have to take to avoid the full wrath of the US government. First to Hong Kong; most recently to Moscow, and perhaps soon to Ecuador (via Cuba and Venezuela) where he has apparently made a request for asylum. Strongly worded demands for his capture have followed every step of the way, with the White House National Security Council expressing "disappointment" that Hong Kong allowed Snowden to flee and now urging Russia (which has no formal extradition treaty with America) to "expel Mr. Snowden back to the US to face justice for the crimes with which he is charged." In an effort to help the fugitive navigate the maze of diplomatic fault lines, WikiLeaks has stepped up to say that its own legal advisors are "escorting" Snowden towards his final destination, likely making use of the knowledge they gained while protecting Julian Assange, and that it sees US efforts to arrest him as an "assault against the people."
