EdwardSnowden
Latest
Putin tells Snowden live on air: no 'massive scale' surveillance of public communications
Edward Snowden is not only working the conference circuit, or playing a part in Pulitzer prize-winning journalism, he's now taking his cause to world leaders directly. This morning Snowden asked Vladimir Putin live on Russian television if his government intercepts the communications of its citizens. Putin responded, telling him "on a massive scale, on an uncontrolled scale we certainly do not allow this and I hope we will never allow it". Putin has been busy this morning taking part in an annual event where the head of state takes questions from the public. Of course, given the current military tensions with Ukraine, his approach to public privacy has other pressing issues to contend with.
Here's the software that helps Edward Snowden avoid the NSA
Edward Snowden hasn't escaped the NSA's watchful eyes purely by exploiting lax security -- he also uses the right software. He communicates with the media using Tails, a customized version of Linux that makes it easy to use Tor's anonymity network and other tools that keep data private. The software loads from external drives and doesn't store anything locally, so it's relatively trivial for Snowden and his contacts to discuss leaks without leaving a trace.
Snowden leaks and NSA reporting win Pulitzer Prizes
Both The Guardian and The Washington Post were announced as Pulitzer Prize winners today in the public service category. The prizes were awarded for The Guardian's Edward Snowden work, which revealed dozens of details about the United States government spying on citizens the world over, and for Washington Post's ongoing National Security Agency coverage, which uncovered Prism and myriad other surveillance overreaches. Of the 14 awards given, only two were given for reporting on NSA surveillance and Edward Snowden's leaks.
Over 200 NSA documents collected and made searchable, from Snowden to Prism
When Edward Snowden made a name for himself last June by leaking classified NSA information, he did so by working with The Guardian and a documentary filmmaker. As such, the public learned of much of the NSA's surveillance measures through the medium of a single media outlet. In the ensuing months, much more has come to light, and today the American Civil Liberties Union is unveiling "NSA Documents Database," a searchable, categorized database of just over 200 previously classified NSA documents. That includes everything from the initial Snowden leaks through Mystic (and more). The collection comprises "all of the documents released since [June 5, 2013], both by the media and the government," and the ACLU promises more documents will be added as they become available. In so many words, if you're looking to dig in and bone up on the current government surveillance debate, this is gonna be your jam.
NSA may have spied on 122 foreign leaders
We've known for a while that the NSA has spied on German Chancellor Angela Merkel and other international leaders, but it now looks like that surveillance was just the tip of the iceberg. Der Spiegel and The Intercept have published an Edward Snowden leak revealing that the NSA snooped on as many as 122 foreign heads of state in 2009, ranging from Merkel to Ukranian Prime Minister Yulia Tymoshenko. A custom search system, Nymrod, helped the US agency both locate transcripts of those leaders' communications as well as secret reports. The National Security Council tells The Intercept that President Obama's administration hasn't tracked Merkel and doesn't plan to start, but it also didn't deny that the German leader had once been under close watch.
Orange shares all its call data with France's intelligence agency, according to new Snowden leak
Another day, another round of troubling surveillance news. In a twist, though, today's nugget has less to do with the US or the NSA but rather, France's central intelligence agency, the DGSE. According to a leak by Edward Snowden to the French paper Le Monde, Orange, the country's leading telecom, has been willingly sharing all of its call data with the agency. And according to the leaked document -- originally belonging to the UK intelligence agency GCHQ -- the French government's records don't just include metadata, but all the information Orange has on file. As you might expect, the DGSE then shares this information with other countries, including, of course, the UK, which had this incriminating document in the first place.
Here's how the NSA can collect data from millions of PCs
We know that the NSA has been ramping up its efforts to collect data from computers, but it's now clear that the intelligence agency has the tools to compromise those computers on a grand scale. Information leaked by Edward Snowden to The Intercept has revealed that the NSA has spent recent years automating the way it plants surveillance software. The key is Turbine, a system launched in 2010 that automatically sets up implants and simplifies fetching data; agents only have to know what information they want, rather than file locations or other app-specific details. A grid of sensors, nicknamed Turmoil, automatically spots extracted info and relays it to NSA staff. The combined platform lets the organization scrape content from "potentially millions" of PCs, instead of focusing only on the highest-priority targets.
Watch Edward Snowden's SXSW virtual conversation right here (updated)
At SXSW today, NSA whistleblower Edward Snowden will make his "first appearance front of a live audience" since he unveiled the under belly of the government surveillance program. Snowden will speak with the ACLU's Ben Wizner and Christopher Soghoian, but as the name suggests, this is a virtual conversation and he will not be appearing in person for the festivities in Austin. The ACLU is liveblogging the entire affair here at 12PM ET and a livestream will be posted over at The Texas Tribune. If you miss out on the live coverage, the ACLU will post a video of the interview afterwords. Update: We've embedded the livestream after the break. Update 2: Well, things have wrapped up, but you can relive the conversation after the break.
Edward Snowden used automated web search tools to collect NSA data
It's tempting to imagine that Edward Snowden obtained NSA data through a daring Mission Impossible-style raid, but it now appears that he didn't have to put in much effort. Intelligence officials speaking to the New York Times say that Snowden used a standard web crawler, a tool that typically indexes websites for search engines, to automatically collect the info he wanted. He only needed the right logins to bypass what internal defenses were in place. Since the NSA wasn't walling off content to prevent theft by insiders, the crawler could collect seemingly anything -- and Snowden's Hawaii bureau didn't have activity monitors that would have caught his bot in the act. Whether or not you believe the NSA's intelligence gathering policies justified a leak, it's clear that the agency was partly to blame for its own misfortune.
Edward Snowden will be doing a live Q&A today at 3PM ET
Whether you think he's a hero or a traitor, we're sure you've got a few questions for Edward Snowden. The whistleblower who pulled back the curtain on the NSA's vast surveillance program will be taking your questions live today (January 23rd) at 3PM on FreeSnowden.is. Wondering how he feels about the latest round of reforms, or whether he feels slightly hypocritical about living under the increasingly authoritarian regime of Vladimir Putin? Now is your chance to find out. Head here at the prescribed time to put your queries to the most famous whistleblower in recent history.
President Obama announces limitations on use of NSA-collected data, puts database in the hands of third party
The scandal surrounding the NSA's data collection and surveillance programs seems never ending. Almost every week there are new revelations as to the extent of the spying, which covers everything from social networks, to phone calls, text messages and location data. President Barack Obama has already sought to assuage the public's fears once by suggesting reforms to the programs, now it's time for round two. At a speech today, the commander in chief announced efforts to limit the use of bulk-collected data and a new process for reviewing data-collection policies. While the NSA won't stop sucking up information anytime soon, added oversight and periodic audits will work to ensure the private data of average citizens is protected not just against governmental abuse, but also external parties that would seek to steal that information. There will also be annual reviews of the priorities and policies used to collect and analyze the data that will involve the heads of multiple departments and agencies. And, to the extent possible, the presidential directive promises to declassify and release the details of those policies to the public. The increased transparency will go a long way toward fulfilling the promise the president made back in July, though many privacy advocates will surely find room for improvement. The biggest change comes in the form of an end to the bulk data-collection program under section 215 of the Patriot Act. A new system will be put in place, that places the collected metadata in the hands of an unspecified third party and requires a judicial finding before any query of the database, except in the event of a national emergency. There will also be a third-party privacy advocate present to argue before the FISA court at each request for data. The government will also use more stringent standards and "will only pursue phone numbers that are two steps removed from a terrorist organization." That change, from the current standard of three steps, is effective immediately. The government will have to demonstrate a clear national security purpose for each request, and the president guaranteed that this intelligence would not be used for any other purpose. That promise was delivered alongside jabs at foreign critics who have similar surveillance capabilities, but lack America's civil liberties protections.
NYT: NSA embeds radio transmitters to access offline computers from miles away
Tonight's fun NSA revelation comes courtesy of the New York Times, reporting on an agency program to access and alter data on computers that aren't connected to the internet. Cherry picked from the NSA's tool kit of developments -- often used to bug equipment before it reaches the intended destination -- the technology described relies on a circuit board or USB device (called Cottonmouth I) installed on a PC that communicates wirelessly with a base station nearby. The base station itself has already been described by security expert Jacob Appelbaum; codenamed Nightstand, it's capable of hacking WiFi networks from up to eight miles away and retrieving or inserting data as necessary. The programs described are not exactly up to date, and the NYT's experts suggest recent developments are focused on making the US less dependent on physical access to do its hacking. Like the Dropoutjeep software created to attack iPhones, we're told these techniques are designed for use in places like Iran and China. Still, with an estimated 100,000 or so installations it probably wouldn't hurt to give your USB ports and internal expansion slots a once-over just in case.
NSA wants to make a quantum computer that cracks tough encryption
While the NSA can inflitrate many secure systems without breaking a sweat, there are still some encryption methods that it just can't crack. That may not be a problem in the long term, however. The Washington Post has published documents from Edward Snowden which reveal that the agency is researching a "cryptologically useful" quantum computer. The dramatically more powerful hardware could theoretically decode public encryption quickly enough to be useful for national defense; conventional PCs can take years, even when clustered together. That kind of decrypting power is potentially scary, but you won't need to worry about the privacy of your secure content just yet. It's not clear that the NSA is anywhere close to reaching its goal, and any success could eventually be thwarted by quantum-based encryption that's impossible to break by its very nature. Still, the leak is a friendly reminder that we shouldn't take existing security methods for granted.
Leaked documents detail 2008 NSA program to hack and remote control iPhones (video)
Part of security expert Jacob Appelbaum's Chaos Communications Congress presentation exposed NSA methods to hack systems via WiFi from long range, but we'll also point out another segment focusing on the Apple iPhone (embedded after the break, beginning at 44:30). Along with German news mag Der Spiegel, he mentioned a program called DROPOUTJEEP which developed malware to install on iPhones that can remotely access files on the devices including email, voicemails and SMS, or perform geolocation, hot mic, camera capture and more. While the documents dated to 2008, around the introduction of the iPhone, Appelbaum quoted the NSA QUANTUMTHEORY "toolbox" which claimed a 100 percent success rate at implanting this spyware. At the time, loading the tool required physical access to a phone but the team was already working on something it could load remotely. Details on more recently developed attacks don't seem to be part of the package, but another Der Spiegel report back in September mentioned an example of a target captured on camera via his iPhone as in 2012. Does this news have you looking for a way around prying eyes? Good luck, since other revelations have shown programs targeting Android devices as well as Blackberry's email servers and phones.
NSA can reportedly bug computer equipment before it reaches buyers
Don't think that the NSA always has to wait until people are using technology to start snooping on it. Spiegel has obtained documents which claim that the agency's Tailored Access Operations (TAO) group can intercept computer equipment orders and install tracking hardware or software before the shipments even reach their buyers. The division can target a wide array of hardware, too. Another NSA section, ANT, reportedly has a catalog of tools that can install back doors in everything from Cisco and Huawei network systems through to hard drives from most major manufacturers, including Seagate and Western Digital. Some of these bugs can give the NSA "permanent" access, since they're designed to persist if the owner wipes a device's storage or upgrades its firmware. The leak suggests that the targeted manufacturers aren't aware of what's happening; Cisco and other firms tell Spiegel they don't coordinate with the NSA. These hardware interceptions are also limited in scope next to remote surveillance programs. The agency isn't confirming any specifics, but it maintains that TAO is focused on exploiting foreign networks. Whether or not that's true, the discoveries show that the NSA's surveillance can reach the deepest levels of many networks.
Edward Snowden looks back at NSA leaks, considers his personal mission accomplished
2013 is almost over, but revelations delivered this year about the amount of communications data the NSA has access to, and how it has acquired that data, will reverberate for much longer. The man at the center of the leaks, Edward Snowden, has spoken once again to The Washington Post in an interview stretching over 14 hours about what he did and why, saying "For me, in terms of personal satisfaction, the mission's already accomplished...I already won." The meaning behind his mission was, in his words, to give the public a chance to look over what the government agency had decided -- behind the closed doors of Congress the Foreign Intelligence Surveillance Court -- is legal in order to track terrorists after 9-11. Naturally, NSA leaders disagree, and dispute assertions that he brought his concerns about the agency's work to his supervisors. According to Snowden, he asked coworkers about how they thought the public would react if information about initiatives like PRISM and Boundless Informant appeared on newspaper frontpages, confronting them with data showing the programs collected more information in the US about Americans than Russians in Russia. Now, the information has been exposed for the public. Many companies are scrambling to lock down their systems both as a practical measure and a PR move, the NSA's policies are under review, and Snowden remains in Russia where he has been granted temporary asylum, and says he's "still working for the NSA right now...they just don't realize it."
NSA can decode many GSM cellphone calls
The NSA may say that its phone surveillance efforts focus on metadata rather than the associated calls, but we now know that the agency can listen to many of those conversations whenever it wants. Documents leaked to the Washington Post by Edward Snowden confirm that the NSA can decode GSM-based cellphone calls without obtaining the encryption keys. The ability isn't surprising when GSM has known weaknesses, but the document suggests that the NSA (and potentially other US agencies) can easily process cellphone calls worldwide. Not surprisingly, the intelligence branch argues that such cracking is necessary -- folks on both sides of the law use encryption to hide information, after all. The NSA may not have such an easy time in the future, however. AT&T, T-Mobile Germany and other carriers worldwide are moving to tougher encryption methods for their GSM service, and 3G calls are typically more secure as a matter of course. These measures don't prevent eavesdropping, but they do complicate any attempts to snoop on cellular chats.
NSA reportedly leveraging Google cookies and leaked mobile location data to identify hacking targets
You know those cookies web services use to track your history and serve up personalized ads? It appears that the government is using them too. The National Security Agency is apparently leveraging a Google-specific cookie to tap into the computers of suspicious users, according to presentation slides Edward Snowden leaked to The Washington Post. With an assist from Mountain View's "PREF" file, the NSA can track a target's web visits, then identify the computer and send a remote exploit in. What's more, the documents also show that the outfit has used a program called "HAPPYFOOT" to map internet addresses to precise physical locations leaked by mobile apps when generating locally-germane ads. Perhaps the key takeaway here is this newest revelation's scope: The government could gain alarmingly precise information about individuals using data already spread throughout the internet, seeded under the not-quite-as-threatening guise of marketing and/or social media. Consider this a friendly reminder to clear your browser history, courtesy of Uncle Sam. [Image source: Everyspoon/Flickr]
NSA reportedly infiltrated Xbox Live and World of Warcraft in hunt for terrorists
According to documents leaked by Edward Snowden and brought to light today by The Guardian, the NSA has been monitoring online gaming communities since 2008 and has even been sending real-life agents into online RPGs posing as players. Xbox Live was apparently one of the biggest services to be targeted, while World of Warcraft and Second Life also came under some degree of scrutiny. It's not totally clear why the NSA, along with its UK equivalent the GCHQ, thought such operations were necessary, but there seems to have been a general sense that online games could be used as communication hubs by evil-doers, as well as some evidence that Hezbollah had developed its own game for the purpose of recruitment. None of the leaked files suggest that the agent-avatars caught any terrorists, even though undercover operations were apparently so numerous that, at one point, an NSA analyst called for a "deconfliction group" to be set up to prevent the agency's personnel from inadvertently spying on each other. Meanwhile, Microsoft and Linden Labs have refused to comment, but Blizzard Entertainment has said it was unaware of any surveillance taking place in World of Warcraft and certainly has never granted any permission for its players to be observed. The Guardian says it'll publish the relevant files later today, in partnership with the New York Times and ProPublica. Update: We asked Microsoft how this happened, and a spokesperson told us that Redmond wasn't aware of any surveillance activity. "If it occurred as has been reported, it certainly wasn't done with our consent."
NSA collecting 5 billion cellphone location records per day
Hey everyone, the government's tracking you. Quelle surprise. In what has to be one of the least shocking pieces of news to come from the Edward Snowden leaks, The Washington Post is reporting that the National Security Agency has been gathering surveillance data on foreign cellphone users' whereabouts globally, with some Americans potentially caught in the net. The database, which collects about 5 billion records per day, is so vast that not even the NSA has the proper tools to sift through it all. That's not to say the agency hasn't been able to make "good" use of it with analytics programs, though. One such program, ominously labeled Co-Traveler, allows the NSA to determine "behaviorally relevant relationships" based on data from signals intelligence activity designators (or sigads for short) located around the world, including one codenamed "Stormbrew." That's a lot of jargon for what are essentially data hubs that collect geolocation information down to the cell tower level. Co-Traveler can locate targets of interest based on cellphone users moving in tandem, even if they're unknown threats -- frequent meetups with an existing suspect could reveal a close associate, for instance. As we've come to expect by now, both the NSA and the Office of the Director for National Intelligence argue that this location-based surveillance is legal. Agency representatives tell the Post that the collection system doesn't purposefully track Americans. However, the NSA also says it can't determine how many US residents get swept up in these location scans; there are concerns that it's following targets protected by Fourth Amendment search rights. Jon Fingas contributed to this report.
