GCHQ
Latest
UK spies using foreign loopholes to monitor Google, Facebook and Twitter users
GCHQ, the UK's intelligence agency, has yet to confirm whether it taps undersea network cables to gather content from ISPs, but we now know how it would justify access if it did. Charles Farr, the Director General of the Office for Security and Counter Terrorism, revealed that spies could intercept British users' Google searches, Facebook updates and Twitter posts when servers are located outside of the country. The information came to light after Privacy International, Liberty, Amnesty International and a number of civil liberties organizations issued a legal challenge against GCHQ in an attempt to unravel the secrets of agency's Tempora data-tapping program, which were revealed as part of Edward Snowden's NSA document leaks.
NSA may have spied on 122 foreign leaders
We've known for a while that the NSA has spied on German Chancellor Angela Merkel and other international leaders, but it now looks like that surveillance was just the tip of the iceberg. Der Spiegel and The Intercept have published an Edward Snowden leak revealing that the NSA snooped on as many as 122 foreign heads of state in 2009, ranging from Merkel to Ukranian Prime Minister Yulia Tymoshenko. A custom search system, Nymrod, helped the US agency both locate transcripts of those leaders' communications as well as secret reports. The National Security Council tells The Intercept that President Obama's administration hasn't tracked Merkel and doesn't plan to start, but it also didn't deny that the German leader had once been under close watch.
Orange shares all its call data with France's intelligence agency, according to new Snowden leak
Another day, another round of troubling surveillance news. In a twist, though, today's nugget has less to do with the US or the NSA but rather, France's central intelligence agency, the DGSE. According to a leak by Edward Snowden to the French paper Le Monde, Orange, the country's leading telecom, has been willingly sharing all of its call data with the agency. And according to the leaked document -- originally belonging to the UK intelligence agency GCHQ -- the French government's records don't just include metadata, but all the information Orange has on file. As you might expect, the DGSE then shares this information with other countries, including, of course, the UK, which had this incriminating document in the first place.
UK agency violated privacy of webcams, explored Kinect surveillance
Classified documents published by The Guardian reveal that British surveillance agency GCHQ surreptitiously gathered webcam images from more than a million Yahoo user accounts, while also evaluating the surveillance potential of the Xbox 360's Kinect peripheral. "In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally," the Guardian reports, before noting that this operation (codenamed "Optic Nerve") was only one of the agency's attempts at biometric recognition via consumer camera technology. A separate GCHQ project explored the possibility of gathering images from the Kinect peripheral. "[O]ne presentation discusses with interest the potential and capabilities of the Xbox 360's Kinect camera, saying it generated 'fairly normal webcam traffic' and was being evaluated as part of a wider program." It's unclear if GCHQ ever attempted to intercept Kinect data on a large scale, but as The Guardian points out, the idea isn't entirely novel. Earlier documents published by the paper detail similar exploratory efforts by the American NSA. [Image: Wikimedia Commons]
British spy agency reportedly collected millions of webcam images from Yahoo users
Britain's surveillance agency, GCHQ, hasn't fared much better than the NSA these past several months; the latest leak shared with the Guardian claims that Britain has been collecting millions of webcam images from Yahoo users. What's more, it appears that these images were used to discover "targets" and match users with existing persons of interest via automated facial recognition. According to documents provided by Edward Snowden, GCHQ intercepted still images of Yahoo video calls -- including those done with Yahoo Messenger -- in bulk and saved them as part of a program code-named Optic Nerve. The agency apparently collected these images whether or not users were deemed intelligence targets -- in a six-month period in 2008, it amassed webcam pics from more than 1.8 million Yahoo users around the globe. The documents also reveal that these images were collected with the purpose of identifying targets using facial-recognition tools to compare Yahoo users to existing GCHQ targets.
Browsing on your Android phone just got safer, thanks to the EFF
In the wake of Edward Snowden's NSA revelations, finding ways to browse the internet more securely has become of paramount importance. In its mission to help netizens feel that little bit safer, the Electronic Frontier Foundation (EFF) has long offered its HTTPS Everywhere add-on for desktop browsers, and it's now looking to do the same on mobile. As of yesterday, you can install the HTTPS Everywhere on Firefox for Android, which automatically seeks out HTTPS connections on supported websites. Webpages will be loaded over an encrypted connection, letting you to check your email, shop online and browse the web without fear of a third-party, or surveillance agency like the NSA or GCHQ, intercepting your traffic. To install the add-on, make sure you have the latest version of Firefox for Android on your phone, then install the plugin via the EFF website. Once loaded, the app will display an icon in the address bar, ensuring your browser won't suffer the same fate as Angry Birds and other mobile apps.
Daily Update for January 29, 2014
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get some the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the player at the top of the page. The Daily Update has been moved to a new podcast host in the past few days. Current listeners should delete the old podcast subscription and subscribe to the new feed in the iTunes Store here.
AppleScript returns to Numbers, and other news for Jan. 29, 2014
AppleScript fans will be happy to learn that Apple has added support for it back into iWork's Numbers app for OS X. The return of AppleScript was first noted by MacWorld: The latest update of Numbers reintroduces AppleScript support in a big way. While Apple could have taken an iterative approach, reintroducing a few commands here and there, it chose instead to go whole-hog: The entire suite of scripting terminology originally supported by Numbers in the 2009 edition of iWork has returned. This means that, if you have Numbers scripts you used with that 2009 version, most of them should (in theory) now work with Numbers 3.1; those scripts may require tweaks, though, because some features of Numbers itself have changed. Apple has also added a few new scripting features to Numbers 3.1, such as the ability to identify the active sheet. Numbers' new AppleScript support has been organized into a suite of scripting terminology labeled Numbers '09 Compatibility Suite, signaling that even more scripting enhancements may be on the way for Numbers-specific features. Apple angered many iWork power users when it removed AppleScript support in October, among other features. Since then the company been slowly replacing what was lost. Hopefully Apple will restore features pulled from Pages and Keynote soon. In other news: The British spy agency GCHQ has reportedly developed tools that allow them to turn any iPhone's microphones on remotely, allowing them to hear what is going on in the iPhone's location. They can also remotely turn any iPhone into a high-precision GPS tracker. AT&T added 1.2 million new postpaid smartphone users last quarter, 566,000 of those being under contract. That's 300,000 fewer than the same quarter a year ago. The US Justice Department is reportedly skeptical about a Sprint acquisition of T-Mobile. Antitrust authorities feel that the merger of the two, which would leave just three national carriers, could hurt competition and be bad for consumers.
British government reportedly tracking YouTube and Facebook data without permission
While the NSA has been busy scouring the Angry Birds leaderboards, newly leaked documents report that its British counterpart -- the GCHQ -- has been monitoring the flow of social media in real-time. The General Communications Headquarters can apparently keep track of YouTube traffic, which links are liked on Facebook and even which Blogger or Blogspot pages are visited. This all comes via documents taken by Edward Snowden that were obtained by NBC News. NBC's sources also say that the British spies have been able to physically tap the lines carrying global web traffic to extract key data about specific users as well. This initiative, called Squeaky Dolphin, intends to put broad data trends into context with world events and give the intelligence community a heads up for future anti-government happenings -- not for spying on a person-by-person level. What's more, the GCHQ reportedly shares this information with the US. The GCHQ has issued a statement claiming that all of its work is carried out within the limits of the law, while the NSA says that it's only interested in the communication activities of valid foreign intelligence targets. For their part, Google and Facebook say that the spying on unencrypted information was done with out their respective knowledge, and neither company had given the UK government permission to access the data -- something we've heard before.
Google's Eric Schmidt slams NSA over 'outrageous' data center snooping and privacy invasion
Google's Executive Chairman and former CEO Eric Schmidt isn't a huge fan of the NSA or its surveillance methods, it seems. Speaking to The Wall Street Journal, Schmidt declared: "It's really outrageous that the National Security Agency was looking between the Google data centers, if true." His comment follows recent reports of a nefarious tool crafted by the agency and the UK's GCHQ that accessed Google and Yahoo data lairs without permission. Schmidt also said that to "potentially violate people's privacy, it's not OK," and that the broad public scrutiny months of leaks has uncovered is unnecessary to find a few bad eggs. Referring to claims that the NSA amassed phone records of 320 million people to actually investigate more like 300, the Google exec commented: "That's just bad public policy... and perhaps illegal." Not that the search giant has any personal experience with illegal data collection, of course.
NSA reportedly tapped into Google, Yahoo data centers worldwide without telling either company
It's a top secret plan with a fittingly supervillain-esque codename: MUSCULAR. That tool, part of a partnership between the NSA and the UK's GCHQ, has been used to infiltrate Google and Yahoo data centers across the world, according to documents revealed by Edward Snowden and confirmed by sources at The Washington Post. It's a breach of privacy that could affect hundreds of millions of users, one that neither company was apparently privy to, in spite of the NSA's history of court-ordered data access with both. Google told The Post that it's, "troubled by allegations of the government intercepting traffic between our data centers, and [is] not aware of this activity." Yahoo echoed the sentiment, stating that it has, "strict controls in place to protect the security of our data centers, and [has] not given access to [its] data centers to the NSA or to any other government agency." The government, naturally, isn't commenting. Likely it's waiting to swivel around in a chair with a cat in its lap for full dramatic effect. And by the way, that above image is from a slideshow entitled "Google Cloud Exploitation," happy face and all.
American and British spy agencies targeted Tor network with minimal success
Considering the NSA and Government Communications Headquarters (GCHQ) have been trying to thwart encryption on the internet, it comes as no surprise that the two have spent significant resources trying to crack the Tor network. Tor, as some of you may know, is designed to keep a person's identity, location and activity anonymous and protect him or her from surveillance. Before panic sets in, know that Tor remains largely secure -- the agencies had only limited success in trying to identify users. One of the documents leaked by Edward Snowden, titled "Tor Stinks" reveals the proof-of-concept attack, but concedes that the NSA "will never be able to de-anonymize all Tor users all the time... With manual analysis we can de-anonymize a very small fraction of Tor users." That bodes well for the journalists and political dissidents who rely on the software, which ironically received the majority of its funding from the State Department and Department of Defense.
Snowden leak suggests UK was spying on Belgian telecom
When Belgian prosecutors suggested that Belgacom was the target of foreign espionage, many blamed the NSA -- it has a history of snooping on other countries, after all. Those accusations may have been off the mark, however. Der Spiegel has revealed documents leaked by Edward Snowden which hint that the UK's Government Communications Headquarters (GCHQ) was responsible. The intelligence agency reportedly tricked key Belgacom staff into visiting a malware-loaded website that hijacked their PCs. GCHQ could then spy on smartphones, map the network and investigate secure VPN connections. Neither Belgacom nor Belgium has responded to this latest Snowden leak, but we wouldn't be surprised if the apparent evidence speeds up their investigation.
American and British spy agencies can thwart internet security and encryption
As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of "Sigint (signals intelligence) enabling" in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program. The agencies' efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked "vast amounts" of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of "exploitable" information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA's "problem" are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.
Report: Verizon, Vodafone and BT gave UK government unlimited access to undersea network cables
PRISM isn't just for US agencies -- last month it was revealed that the UK's Government Communication Headquarters (GCHQ) has been using the program to collect emails, photos and video content from an assortment of internet providers. Now, a German newspaper claims to know what companies collaborated with the security agency. According to The Gaurdian, Süddeutsche identified Verizon, Vodafone, Global Crossing, Level 3, BT, Interoute and Viatel as firms that participated in Tempora, a program that gave the GCHQ widespread access to the undersea fiber optic cables. The operation was all quite hush-hush, with documents referring to participating outfits by obscure code names: "Dacron" for Verizon, for instance, and "Little" for Level 3. Parliament has already dismissed the agency's snooping as legal, but documents seen by The Guardian suggest that some telecoms may have illegally given the GCHQ access to other companies' cables without permission. Naturally, the firms involved were quick to dismiss foul play, with representatives from Verizon, Interoute and Vodaphone each assuring The Guardian that it was merely complying with UK law. True enough, probably, but we can't help but wonder if the operators weren't coaxed into cooperation with the promise of cool code-names.
UK surveillance agency off the hook, legally, for PRISM
It may be the US government generating the most PRISM-related headlines, but the UK authorities have found themselves in plenty of hot water as well. If you were one of her privacy-concerned citizens hoping to see someone at the Government Communications Headquarter (GCHQ) get their comeuppance, then you're going to be sorely disappointed. The Intelligence and Security Committee (ISC) of Parliament has found that the GCHQ was within its legal powers to collect data on citizens. In particular, the committee cited the Intelligence Services Act of 1994 as giving the authority to do so to the GCHQ. This is far from the end of this saga, but for Brits hoping there would be quick legal retribution for those who unceremoniously listened in on your personal communications, it's a sad day indeed.
UK reportedly set up fake internet cafes, hacked diplomats' BlackBerrys during 2009 G20 summit
If you're antsy at the idea of PRISM reading your Facebook messages, be thankful you're not a foreign diplomat. The Guardian is reporting that GCHQ, the UK's communications surveillance unit, hacked delegates' BlackBerry handsets during 2009's G20 summit in London. According to leaked documents, spies were able to relay private messages to analysts in "near real-time," and pass that information along to top politicians as they were negotiating deals. The organization is also said to have set up fake internet cafés around the conference area, which used key-logging software to steal dignitaries' passwords for long-term surveillance. If you'll excuse us, we're just off to, you know, change all of our login details.
Report: UK security agency also gathering secrets through PRISM
The United Kingdom's main security agency, the Government Communications Headquarters (GCHQ), is apparently working with the United States' Prism intelligence program to gather data on various internet companies, The Guardian reports. Documents given to the UK news outlet indicate that GCHQ was able to retrieve "personal material such as emails, photos and videos" from internet companies operating outside the UK, and the GCHQ employed 197 intelligence reports in 2012 alone. This allows the UK government to circumvent red tape that would otherwise tie up the process of acquiring information from companies located outside of its own region. Apparently the GCHQ's been working with the US Prism service since "at least June 2010," and it's unknown how that's impacted UK citizens in the past several years -- a GCHQ representative wouldn't comment on how long the two agencies have been working together. Though the GCHQ didn't directly confirm the collaboration, the agency issued a statement to The Guardian stating it, "takes its obligations under the law very seriously." The PRISM system is said to enable access to records held by the nine largest internet companies, from Apple and Google to Skype and even Engadget's parent company, AOL.
UK brings spies, police, business together for cyber threat center launch
Since spies tend to be equal opportunity hackers, the UK is forging an anti-cyber threat center that'll let spook agencies like GCHQ and MI5 share intelligence with police and businesses. It started last year as a pilot program called "Project Auburn," and will now be formally known as CISP (the Cyber Security Information Sharing Partnership). So far, 160 firms have joined the center, which hopes to share technical information, attack vectors and prevention methods. The UK government said it was necessary to bring industry into the picture since they're "by far the biggest victims in terms of espionage and intellectual property theft, with losses to the UK economy running into the billions of pounds annually." Some likely needn't check the mail too closely for an RSVP, however.
Huawei working with British spy service to prove its 'kit' is clean
Since Huawei's president formerly served as a senior engineer in the People's Liberation Army of China, it's unsurprising that it's raised the hackles of the US and other countries. It's been blocked from a variety of prime, security-sensitive contracts on suspicion of espionage, but the Chinese company seems bent on proving its honorable intentions, and has opened a "Cyber Security Evaluation Center" in Banbury, UK to do exactly that. According to the Economist, the company will work closely with GCHQ, the British signals-intelligence agency located in nearby Cheltenham, to persuade the UK and other governments that its equipment is trustworthy. It even has security-cleared staff, including some from the British agency, to shake down the gear and ensure it can't be exploited by spooks or crooks. Huawei already has hefty backbone contracts in Canada and New Zealand and is becoming one of the world's largest suppliers of telecom infrastructure, on top of its high ranking as a handset maker. It might hope this new approach will let it break its US and UK market logjam -- but it has a lot of pent-up distrust to overcome.
