edwardsnowden
Latest
Snowden leaks and NSA reporting win Pulitzer Prizes
Both The Guardian and The Washington Post were announced as Pulitzer Prize winners today in the public service category. The prizes were awarded for The Guardian's Edward Snowden work, which revealed dozens of details about the United States government spying on citizens the world over, and for Washington Post's ongoing National Security Agency coverage, which uncovered Prism and myriad other surveillance overreaches. Of the 14 awards given, only two were given for reporting on NSA surveillance and Edward Snowden's leaks.
Over 200 NSA documents collected and made searchable, from Snowden to Prism
When Edward Snowden made a name for himself last June by leaking classified NSA information, he did so by working with The Guardian and a documentary filmmaker. As such, the public learned of much of the NSA's surveillance measures through the medium of a single media outlet. In the ensuing months, much more has come to light, and today the American Civil Liberties Union is unveiling "NSA Documents Database," a searchable, categorized database of just over 200 previously classified NSA documents. That includes everything from the initial Snowden leaks through Mystic (and more). The collection comprises "all of the documents released since [June 5, 2013], both by the media and the government," and the ACLU promises more documents will be added as they become available. In so many words, if you're looking to dig in and bone up on the current government surveillance debate, this is gonna be your jam.
NSA may have spied on 122 foreign leaders
We've known for a while that the NSA has spied on German Chancellor Angela Merkel and other international leaders, but it now looks like that surveillance was just the tip of the iceberg. Der Spiegel and The Intercept have published an Edward Snowden leak revealing that the NSA snooped on as many as 122 foreign heads of state in 2009, ranging from Merkel to Ukranian Prime Minister Yulia Tymoshenko. A custom search system, Nymrod, helped the US agency both locate transcripts of those leaders' communications as well as secret reports. The National Security Council tells The Intercept that President Obama's administration hasn't tracked Merkel and doesn't plan to start, but it also didn't deny that the German leader had once been under close watch.
Orange shares all its call data with France's intelligence agency, according to new Snowden leak
Another day, another round of troubling surveillance news. In a twist, though, today's nugget has less to do with the US or the NSA but rather, France's central intelligence agency, the DGSE. According to a leak by Edward Snowden to the French paper Le Monde, Orange, the country's leading telecom, has been willingly sharing all of its call data with the agency. And according to the leaked document -- originally belonging to the UK intelligence agency GCHQ -- the French government's records don't just include metadata, but all the information Orange has on file. As you might expect, the DGSE then shares this information with other countries, including, of course, the UK, which had this incriminating document in the first place.
Here's how the NSA can collect data from millions of PCs
We know that the NSA has been ramping up its efforts to collect data from computers, but it's now clear that the intelligence agency has the tools to compromise those computers on a grand scale. Information leaked by Edward Snowden to The Intercept has revealed that the NSA has spent recent years automating the way it plants surveillance software. The key is Turbine, a system launched in 2010 that automatically sets up implants and simplifies fetching data; agents only have to know what information they want, rather than file locations or other app-specific details. A grid of sensors, nicknamed Turmoil, automatically spots extracted info and relays it to NSA staff. The combined platform lets the organization scrape content from "potentially millions" of PCs, instead of focusing only on the highest-priority targets.
Edward Snowden used automated web search tools to collect NSA data
It's tempting to imagine that Edward Snowden obtained NSA data through a daring Mission Impossible-style raid, but it now appears that he didn't have to put in much effort. Intelligence officials speaking to the New York Times say that Snowden used a standard web crawler, a tool that typically indexes websites for search engines, to automatically collect the info he wanted. He only needed the right logins to bypass what internal defenses were in place. Since the NSA wasn't walling off content to prevent theft by insiders, the crawler could collect seemingly anything -- and Snowden's Hawaii bureau didn't have activity monitors that would have caught his bot in the act. Whether or not you believe the NSA's intelligence gathering policies justified a leak, it's clear that the agency was partly to blame for its own misfortune.
Edward Snowden will be doing a live Q&A today at 3PM ET
Whether you think he's a hero or a traitor, we're sure you've got a few questions for Edward Snowden. The whistleblower who pulled back the curtain on the NSA's vast surveillance program will be taking your questions live today (January 23rd) at 3PM on FreeSnowden.is. Wondering how he feels about the latest round of reforms, or whether he feels slightly hypocritical about living under the increasingly authoritarian regime of Vladimir Putin? Now is your chance to find out. Head here at the prescribed time to put your queries to the most famous whistleblower in recent history.
NYT: NSA embeds radio transmitters to access offline computers from miles away
Tonight's fun NSA revelation comes courtesy of the New York Times, reporting on an agency program to access and alter data on computers that aren't connected to the internet. Cherry picked from the NSA's tool kit of developments -- often used to bug equipment before it reaches the intended destination -- the technology described relies on a circuit board or USB device (called Cottonmouth I) installed on a PC that communicates wirelessly with a base station nearby. The base station itself has already been described by security expert Jacob Appelbaum; codenamed Nightstand, it's capable of hacking WiFi networks from up to eight miles away and retrieving or inserting data as necessary. The programs described are not exactly up to date, and the NYT's experts suggest recent developments are focused on making the US less dependent on physical access to do its hacking. Like the Dropoutjeep software created to attack iPhones, we're told these techniques are designed for use in places like Iran and China. Still, with an estimated 100,000 or so installations it probably wouldn't hurt to give your USB ports and internal expansion slots a once-over just in case.
NSA wants to make a quantum computer that cracks tough encryption
While the NSA can inflitrate many secure systems without breaking a sweat, there are still some encryption methods that it just can't crack. That may not be a problem in the long term, however. The Washington Post has published documents from Edward Snowden which reveal that the agency is researching a "cryptologically useful" quantum computer. The dramatically more powerful hardware could theoretically decode public encryption quickly enough to be useful for national defense; conventional PCs can take years, even when clustered together. That kind of decrypting power is potentially scary, but you won't need to worry about the privacy of your secure content just yet. It's not clear that the NSA is anywhere close to reaching its goal, and any success could eventually be thwarted by quantum-based encryption that's impossible to break by its very nature. Still, the leak is a friendly reminder that we shouldn't take existing security methods for granted.
NSA can reportedly bug computer equipment before it reaches buyers
Don't think that the NSA always has to wait until people are using technology to start snooping on it. Spiegel has obtained documents which claim that the agency's Tailored Access Operations (TAO) group can intercept computer equipment orders and install tracking hardware or software before the shipments even reach their buyers. The division can target a wide array of hardware, too. Another NSA section, ANT, reportedly has a catalog of tools that can install back doors in everything from Cisco and Huawei network systems through to hard drives from most major manufacturers, including Seagate and Western Digital. Some of these bugs can give the NSA "permanent" access, since they're designed to persist if the owner wipes a device's storage or upgrades its firmware. The leak suggests that the targeted manufacturers aren't aware of what's happening; Cisco and other firms tell Spiegel they don't coordinate with the NSA. These hardware interceptions are also limited in scope next to remote surveillance programs. The agency isn't confirming any specifics, but it maintains that TAO is focused on exploiting foreign networks. Whether or not that's true, the discoveries show that the NSA's surveillance can reach the deepest levels of many networks.
Edward Snowden looks back at NSA leaks, considers his personal mission accomplished
2013 is almost over, but revelations delivered this year about the amount of communications data the NSA has access to, and how it has acquired that data, will reverberate for much longer. The man at the center of the leaks, Edward Snowden, has spoken once again to The Washington Post in an interview stretching over 14 hours about what he did and why, saying "For me, in terms of personal satisfaction, the mission's already accomplished...I already won." The meaning behind his mission was, in his words, to give the public a chance to look over what the government agency had decided -- behind the closed doors of Congress the Foreign Intelligence Surveillance Court -- is legal in order to track terrorists after 9-11. Naturally, NSA leaders disagree, and dispute assertions that he brought his concerns about the agency's work to his supervisors. According to Snowden, he asked coworkers about how they thought the public would react if information about initiatives like PRISM and Boundless Informant appeared on newspaper frontpages, confronting them with data showing the programs collected more information in the US about Americans than Russians in Russia. Now, the information has been exposed for the public. Many companies are scrambling to lock down their systems both as a practical measure and a PR move, the NSA's policies are under review, and Snowden remains in Russia where he has been granted temporary asylum, and says he's "still working for the NSA right now...they just don't realize it."
NSA can decode many GSM cellphone calls
The NSA may say that its phone surveillance efforts focus on metadata rather than the associated calls, but we now know that the agency can listen to many of those conversations whenever it wants. Documents leaked to the Washington Post by Edward Snowden confirm that the NSA can decode GSM-based cellphone calls without obtaining the encryption keys. The ability isn't surprising when GSM has known weaknesses, but the document suggests that the NSA (and potentially other US agencies) can easily process cellphone calls worldwide. Not surprisingly, the intelligence branch argues that such cracking is necessary -- folks on both sides of the law use encryption to hide information, after all. The NSA may not have such an easy time in the future, however. AT&T, T-Mobile Germany and other carriers worldwide are moving to tougher encryption methods for their GSM service, and 3G calls are typically more secure as a matter of course. These measures don't prevent eavesdropping, but they do complicate any attempts to snoop on cellular chats.
NSA reportedly leveraging Google cookies and leaked mobile location data to identify hacking targets
You know those cookies web services use to track your history and serve up personalized ads? It appears that the government is using them too. The National Security Agency is apparently leveraging a Google-specific cookie to tap into the computers of suspicious users, according to presentation slides Edward Snowden leaked to The Washington Post. With an assist from Mountain View's "PREF" file, the NSA can track a target's web visits, then identify the computer and send a remote exploit in. What's more, the documents also show that the outfit has used a program called "HAPPYFOOT" to map internet addresses to precise physical locations leaked by mobile apps when generating locally-germane ads. Perhaps the key takeaway here is this newest revelation's scope: The government could gain alarmingly precise information about individuals using data already spread throughout the internet, seeded under the not-quite-as-threatening guise of marketing and/or social media. Consider this a friendly reminder to clear your browser history, courtesy of Uncle Sam. [Image source: Everyspoon/Flickr]
NSA reportedly infiltrated Xbox Live and World of Warcraft in hunt for terrorists
According to documents leaked by Edward Snowden and brought to light today by The Guardian, the NSA has been monitoring online gaming communities since 2008 and has even been sending real-life agents into online RPGs posing as players. Xbox Live was apparently one of the biggest services to be targeted, while World of Warcraft and Second Life also came under some degree of scrutiny. It's not totally clear why the NSA, along with its UK equivalent the GCHQ, thought such operations were necessary, but there seems to have been a general sense that online games could be used as communication hubs by evil-doers, as well as some evidence that Hezbollah had developed its own game for the purpose of recruitment. None of the leaked files suggest that the agent-avatars caught any terrorists, even though undercover operations were apparently so numerous that, at one point, an NSA analyst called for a "deconfliction group" to be set up to prevent the agency's personnel from inadvertently spying on each other. Meanwhile, Microsoft and Linden Labs have refused to comment, but Blizzard Entertainment has said it was unaware of any surveillance taking place in World of Warcraft and certainly has never granted any permission for its players to be observed. The Guardian says it'll publish the relevant files later today, in partnership with the New York Times and ProPublica. Update: We asked Microsoft how this happened, and a spokesperson told us that Redmond wasn't aware of any surveillance activity. "If it occurred as has been reported, it certainly wasn't done with our consent."
NSA collecting 5 billion cellphone location records per day
Hey everyone, the government's tracking you. Quelle surprise. In what has to be one of the least shocking pieces of news to come from the Edward Snowden leaks, The Washington Post is reporting that the National Security Agency has been gathering surveillance data on foreign cellphone users' whereabouts globally, with some Americans potentially caught in the net. The database, which collects about 5 billion records per day, is so vast that not even the NSA has the proper tools to sift through it all. That's not to say the agency hasn't been able to make "good" use of it with analytics programs, though. One such program, ominously labeled Co-Traveler, allows the NSA to determine "behaviorally relevant relationships" based on data from signals intelligence activity designators (or sigads for short) located around the world, including one codenamed "Stormbrew." That's a lot of jargon for what are essentially data hubs that collect geolocation information down to the cell tower level. Co-Traveler can locate targets of interest based on cellphone users moving in tandem, even if they're unknown threats -- frequent meetups with an existing suspect could reveal a close associate, for instance. As we've come to expect by now, both the NSA and the Office of the Director for National Intelligence argue that this location-based surveillance is legal. Agency representatives tell the Post that the collection system doesn't purposefully track Americans. However, the NSA also says it can't determine how many US residents get swept up in these location scans; there are concerns that it's following targets protected by Fourth Amendment search rights. Jon Fingas contributed to this report.
NSA reportedly cracks down on staff who thought it was okay to share their logins with Edward Snowden
In a slightly ironic twist for the National Security Agency, Reuters reports that as many as 25 members of its staff have been "removed from their assignments" because they shared their private passwords with Edward Snowden while he worked there. A number of government offices are currently trying to find out just how Snowden got hold of so much confidential data, and sources close to those investigations now claim that the PRISM whistleblower used his position as a systems admin to dupe colleagues into handing over their passwords. It's not clear whether the NSA staff involved in the breach have been fired or re-assigned, but if the allegations are true then there are likely to be some red faces at the agency once the various investigations reach their conclusions, because such a large-scale failure by supposedly highly-trained staff would implicate the NSA's systems and practices, rather than just a few naive individuals.
Need tech support in Russia? Give Edward Snowden a call
So, what happens after you've become an international pariah? The PRISM revelations may rattle along, but the figure who started it all is trying to return to something approaching a normal life. Edward Snowden's lawyer has revealed that, after settling at an undisclosed location in Russia, the NSA whistleblower has found a job. He'll be offering technical support for a domestic website, which isn't being named for the obvious reasons. Is this the last that we'll hear from the former intelligence analyst? Only time will tell.
NSA collecting email and messaging contacts worldwide, Yahoo moves to encrypt webmail by default
Don't think that the NSA's bulk communication data collection is focused solely on the communications themselves. The Washington Post has published more Edward Snowden documents which reveal that the agency collects large volumes of contact lists from email and instant messaging users around the world. While the NSA gathers the information on foreign soil, its method reportedly prevents it from automatically screening out any Americans in the list. The NSA and anonymous officials argue that American laws prevent analysts from accessing data unless they believe there's a foreign target hidden with, but the strategy still has the government storing contacts for "millions" of people. Yahoo customers are some of the most common targets of this surveillance, as the company doesn't normally encrypt webmail sessions. That's about to change, however. The internet firm tells the Post that its webmail service will default to using SSL encryption on January 8th, catching up with Facebook and Google. Yahoo isn't officially tightening its security in response to NSA activity, and using SSL won't necessarily stop interceptions when spies frequently have workarounds. However, the upcoming encryption will at least complicate any snooping -- whether or not it's part of an intelligence operation.
Lavabit reinstates service briefly so users can download emails, change passwords
Email provider Lavabit shut down in August due to government pressure in the wake the Edward Snowden leaks, but it is apparently re-opening -- for a little while. A press release issued by Lavabit indicates that there's a two-step process, with step one giving users a chance to change their password (which started at 8PM ET tonight). Step two kicks in on October 17th or 18th and will let users download an archive of their stored messages and personal account data. The password change is in response to information that the company's SSL certificates have been compromised by the investigation. User's accounts should be secure under a new key after their passwords are reset, not to mention the bonus of having access to their data again. If you had an account, it's accessible at Liberty.Lavabit.com, those interested in founder Ladar Levison's legal battle can provide support at Rally.org.
American and British spy agencies targeted Tor network with minimal success
Considering the NSA and Government Communications Headquarters (GCHQ) have been trying to thwart encryption on the internet, it comes as no surprise that the two have spent significant resources trying to crack the Tor network. Tor, as some of you may know, is designed to keep a person's identity, location and activity anonymous and protect him or her from surveillance. Before panic sets in, know that Tor remains largely secure -- the agencies had only limited success in trying to identify users. One of the documents leaked by Edward Snowden, titled "Tor Stinks" reveals the proof-of-concept attack, but concedes that the NSA "will never be able to de-anonymize all Tor users all the time... With manual analysis we can de-anonymize a very small fraction of Tor users." That bodes well for the journalists and political dissidents who rely on the software, which ironically received the majority of its funding from the State Department and Department of Defense.