nsa
Latest
American and British spy agencies targeted Tor network with minimal success
Considering the NSA and Government Communications Headquarters (GCHQ) have been trying to thwart encryption on the internet, it comes as no surprise that the two have spent significant resources trying to crack the Tor network. Tor, as some of you may know, is designed to keep a person's identity, location and activity anonymous and protect him or her from surveillance. Before panic sets in, know that Tor remains largely secure -- the agencies had only limited success in trying to identify users. One of the documents leaked by Edward Snowden, titled "Tor Stinks" reveals the proof-of-concept attack, but concedes that the NSA "will never be able to de-anonymize all Tor users all the time... With manual analysis we can de-anonymize a very small fraction of Tor users." That bodes well for the journalists and political dissidents who rely on the software, which ironically received the majority of its funding from the State Department and Department of Defense.
Secret NSA project gathered American cellphone location data
The NSA's been rather busy over the past few years, tracking everything from your emails to phone calls, and now the New York Times is reporting that it even conducted a secret project to collect data about the location of American's cellphones in 2010 and 2011. The project was ultimately not implemented and only recently surfaced in a pre-written answer for the director of national intelligence, James R. Clapper, should the subject come up in a Senate Judiciary Committee hearing. According to the Times, details about the project are scarce, and Senator Ron Wyden said that "the real story" behind the project has yet to be declassified. The answer obtained by the paper reads:"In 2010 and 2011 N.S.A. received samples in order to test the ability of its systems to handle the data format, but that data was not used for any other purpose and was never available for intelligence analysis purposes."
Daily Roundup: Galaxy Note 3 review, Kindle Paperwhite review, McAfee's NSA-proofing Decentral device and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
John McAfee wants to NSA-proof the internet with a device called Decentral
The name McAfee is synonymous with the ubiquitous anti-virus software, but in recent years, John McAfee has kept a relatively low profile in the tech industry, preferring instead to take up leisurely pursuits like yoga and evading Belizean police. Until now. Last Saturday, McAfee took the stage at the San Jose McEnery Convention Center to announce his intention to design and manufacture Decentral, a pocket-sized device priced at around $100 that would, in theory, make it difficult for governmental agencies to snoop on your online activities by creating so-called floating networks. According to the San Jose Mercury News, McAfee told an eclectic crowd of engineers and artists, "There will be no way [for the government] to tell who you are or where you are." A gadget like Decentral does sound like a bit of a timely pipe dream, and McAfee admits that the prototype has yet to be produced. But, hey, if you can dream it, then maybe, just maybe, McAfee can do it.
NYT: NSA monitors, graphs some US Citizens' social activity with collected metadata
Just how does the NSA piece together all that metadata it collects? Thanks to "newly disclosed documents and interviews with officials," The New York Times today shed light on how the agency plots out the social activity and connections of those it's spying on. Up until 2010, the NSA only traced and analyzed the metadata of emails and phone calls from foreigners, so anything from US citizens in the chains created stopgaps. Snowden-provided documents note the policy shifted later in that year to allow for the inclusion of Americans' metadata in such analysis. An NSA representative explained to the NYT that, "all data queries must include a foreign intelligence justification, period." During "large-scale graph analysis," collected metadata is cross-referenced with commercial, public and "enrichment data" (some examples included GPS locations, social media accounts and banking info) to create a contact chain tied to any foreigner under review and scope out its activity. The highlighted ingestion tool in this instance goes by the name Mainway. The NYT article also highlights a secret report, dubbed "Better Person Centric Analysis," which details how data is sorted into 164 searchable "relationship types" and 94 "entity types" (email and IP addresses, along with phone numbers). Other documents highlight that during 2011 the NSA took in over 700 million phone records daily on its own, along with an "unnamed American service provider" that began funneling in an additional 1.1 billion cellphone records that August. In addition to that, Snowden's leak of the NSA's classified 2013 budget cites it as hoping to capture "20 billion 'record events' daily" that would be available for review by the agency's analysts in an hour's time. As you might expect, the number of US citizens that've had their info bunched up into all of this currently remains a secret -- national security, of course. Extended details are available at the source links.
Daily Roundup: Xperia Z1 review, JetBlue's 12Mbps Fly-Fi, iMessage briefly appears on Android, and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
NSA accused of hacking into India's nuclear systems
According to Edward Snowden's cache of documents, the NSA has been delving deeper into India's servers than many could have imagined. The Hindu is reporting that, in addition to the usual PRISM snooping, the agency also vacuumed up data on the country's nuclear, political and space programs. The newspaper says it has a document, entitled "A Week in the Life of PRISM reporting," which allegedly shows that discussions between high-ranking politicians, nuclear and space scientists were being monitored in "real-time." The revelation comes a few months after Kapil Sibal, India's IT chief, denied that any such surveillance was being undertaken. Who knows? Maybe he was spending so much time on his other projects that he missed the clues. For its part, the US has insisted that its hands are clean in India. Back in June, Secretary of State John Kerry said that the US doesn't look at individual conversations but instead "randomly surveys" data in order to discover communications that are "linked to terrorists."
Belgium looks into claims of foreign spying against its biggest telecom
Europeans are already jittery about possible foreign surveillance of their communications; today, those worries have reached a fever pitch. Belgian government investigators now suspect that a recently discovered virus in the internal systems of Belgacom, the country's telecom giant, was planted as part of state-backed cyber espionage. The malware's sophistication, scale and strategic focus suggest an attacker with "significant financial and logistic means," according to prosecutors. Neither side has officially named a culprit. Local newspaper De Standaard isn't quite so reticent, however -- it alleges that the NSA has been spying on Belgacom's voice traffic for at least two years, and that the discovery was prompted by Edward Snowden's leaks. Whether or not the NSA is involved, the damage may be limited. Belgacom scrubbed its systems clean this weekend, and it doesn't believe that the attack compromised customer data. [Thanks, Joachim / image credit: Diluvienne, Flickr] Dan Cooper contributed to this report.
Daily Roundup: Moto X factory tour, which new iPhone to buy, Intel's Haswell Chromebooks, and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
NSA shared raw intelligence with Israel with no legal limits regarding its use
It's no secret that the United States and Israel have a very special relationship, but it might come as an unpleasant surprise that the NSA's intelligence-sharing agreement has so few strings attached. Today's edition of What-Has-the-NSA-Done-This-Time is brought to you by The Guardian, which revealed that the US government has handed over information intercepted through the agency's shady surveillance programs with no legally binding limits on how the data could be utilized. While we can't be sure of the exact nature of the raw intelligence shared with Israel, it's likely that the information contained phone calls and emails of American citizens. Considering that only yesterday, we learned that the NSA had violated its own privacy protections between 2006 and 2009, blaming confusion about how the system actually worked, today's development raises a few important questions about what information is being shared across borders and how exactly it's being used. For more information, check out The Guardian's report, linked below.
NSA violated privacy protections from 2006 to 2009, pins blame on confusion
By now, it's no secret that the NSA has courted privacy violations, but new documents divulge just how long such incidents have occurred. Director of National Intelligence James Clapper released approximately 1,800 pages of declassified files, which reveal that the NSA's phone record program violations happened between 2006 (when it first came under court supervision) and 2009, when the Foreign Intelligence Surveillance Court ordered changes to the operation. During that period, a total of 17,835 phone numbers were listed for checking against Uncle Sam's database, and only about 1,800 were based on the standard of reasonable suspicion. According to Clapper, congress received the papers we're seeing now at the time of the incidents, and corrective measures have been put in place. Among the preventative actions are a complete "end-to-end" review of telephony metadata handling, the creation of the Director of Compliance position and a fourfold increase of the compliance department's personnel. As it turns out, the missteps are (again) said to have been accidents. "There was nobody at the NSA who had a full understanding of how the program worked," an intelligence official claims. Sure, the increased transparency is certainly welcome, but a recently-leaked NSA audit from May of 2012 suggests that collection of protected data is still occurring from a combination of human error and technical limits. To pore through the National Security Agency's fresh load of documents, hit the second source link below.
NSA can reportedly tap smartphones, access BlackBerry email
Roaming confusion has already caused the NSA to "accidentally" listen in on domestic calls, but according to a report from Spiegel, the organization is capable of a lot more. The German news magazine says it has seen evidence that the NSA can tap smartphones for SMS traffic, location data, contact list information and more. The claims, reportedly outlined in internal NSA documents, specifically call out iOS and BlackBerry devices as targets, describing the ability to access iPhone data by hacking a recently synced PC. BlackBerry access seems a bit more direct, Spiegel reports, suggesting that the NSA can tap into the BlackBerry email system. BlackBerry officials told Spiegel it wouldn't comment on the allegations, but assured the news source that it hasn't provided the NSA with a "'back door' pipeline to our platform." Regardless, it's a haunting claim -- particularly for folks that use BlackBerry devices for their heavily touted security, but considering everything the NSA has been up to recently, we can't say we're entirely surprised.
Yahoo issues first transparency report, replete with governmental data requests
Following in the footsteps of Facebook -- which revealed its first Global Government Requests Report just a few weeks ago -- Yahoo is finishing out the week by publishing data of its own. The firm's first "global law enforcement transparency report" covers governmental requests for user data from January 1st through June 30th of this year, and the outfit plans to put out subsequent reports every six months. Of note, Yahoo claims that it's including "national security requests within the scope of [its] aggregate statistics," and for the paranoid in attendance, you may be relieved to know that said requests comprise "less than one one-hundredth of one percent (<.01%)" of Yahoo's global userbase. Feel free to dig in at the links below, but sadly, you won't find anything other than high-level macro figures. (As an aside, that logo.)
American and British spy agencies can thwart internet security and encryption
As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of "Sigint (signals intelligence) enabling" in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program. The agencies' efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked "vast amounts" of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of "exploitable" information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA's "problem" are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.
Washington Post report details how often security agencies break into other networks
The latest national security related revelation to come from the documents leaked by Edward Snowden is an account of how offensive computer operations work, and how many there are. The Washington Post reports that in 2011, 231 took place with about three quarters of them against "top-priority" targets, which its sources indicate include Iran, Russia, China and North Korea. Also interesting are details of software and hardware implants designed to infiltrate network hardware, persist through upgrades and access other connected devices or networks. The effort to break into networks is codenamed Genie, while the "Tailored Access Operations" group custom-builds tools to execute the attacks. One document references a new system "Turbine" that automates control of "potentially millions of implants" to gather data or execute an attack. All of this access isn't possible for free however, with a total cyber operations budget of $1.02 billion which includes $25.1 million spent this year to purchase software vulnerabilities from malware vendors. Get your fill of codenames and cloak-and-dagger from the article posted tonight, or check out the "Black Budget" breakdown of overall intelligence spending.
Facebook posts first Global Government Requests Report
Facebook already gave us insight into the volume of US government data requests that it receives; it's broadening that scope today by posting its first-ever Global Government Requests Report. The chart reveals that agencies worldwide made at least 25,607 data requests in the first six months of 2013, targeting a minimum of 37,954 users. Nearly half of the demands (11,000 to 12,000) were from the US; as before, Facebook can't be more specific unless it's allowed greater transparency. While the report doesn't address concerns regarding NSA surveillance, it does show that Facebook isn't simply rubber-stamping government activity. The company has denied many or all of the requests from some countries, supporting the social network's claims that it limits the scope of data probes when possible.
Report: NSA used taxpayer dollars to cover PRISM compliance costs for tech companies
The mounting national debt? Yeah, you're probably better off just ignoring why exactly it's mounting. The Guardian is continuing the blow the lid off of the whole NSA / PRISM saga, today revealing new documents that detail how the NSA paid out "millions" of dollars to cover PRISM compliance costs for a multitude of monolithic tech outfits. As the story goes, the National Security Agency (hence, tax dollars from American taxpayers) coughed up millions "to cover the costs of major internet companies involved in the PRISM surveillance program after a court ruled that some of the agency's activities were unconstitutional." The likes of Yahoo, Google, Microsoft and Facebook are expressly named, and while Google is still angling for permission to reveal more about its side of the story, other firms have conflicting tales. For whatever it's worth, a Yahoo spokesperson seemed a-okay with the whole ordeal, casually noting that this type of behavior is perfectly legal: "Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Meanwhile, Facebook stated that it had "never received any compensation in connection with responding to a government data request." Microsoft, as you might imagine, declined to comment, though we heard that Steve Ballmer could be seen in the distance throwing up a peace sign. At any rate, it's fairly safe to assume that your worst nightmares are indeed a reality, and you may have a far more enjoyable weekend if you just accept the fact that The Man knows everything. Better, right?
Daily Roundup: Gaming buyer's guide, PS4 launch games, Xbox One dashboard, and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
NSA collected up to 56,000 emails not connected to terrorism a year, blames error
We can't say as though we're particularly surprised to see such numbers, but, well, at least they're finally coming to light. According to The Washington Post, newly declassified court documents highlight how the NSA collected up to 56,000 e-mails per year, over a three year period. The docs detail why the collection of such "wholly domestic" information was ruled unconstitutional by a judge in the Foreign Intelligence Surveillance Court, though the NSA stated that the surveillance was unintentional, adding that it reported said information to the court. As part of the ruling, the intelligence agency was required to investigate limits to its data collection -- the NSA claims to have since addressed the problem. The newly available information was made public thanks to a recently field EFF lawsuit. Update: Want to crawl through some of that information? The White House has begun posting key docs to Tumblr, of all places.
WSJ reports NSA spying capabilities cover up to 75 percent of US internet traffic
The question of how much contact the NSA has with internet traffic throughout the US is being raised again, this time by the Wall Street Journal. Yesterday The Atlantic took issue with the security agency's mathematics and 1.6 percent claim, while the WSJ report looks more closely at its reach into telecommunications companies. The mishmash of codenamed programs are said to cover up to 75 percent of US internet traffic, although the amount actually stored and accessed is much smaller. The main difference between the calculations may be due to the difference between what ISPs -- handing over data under FISA orders -- carry, and what the NSA specifically requests. Its capabilities mean it can pull a lot more than just metadata, with access to the actual content of what's sent back and forth becoming even more troubling as privacy violations exposed by its own audits come to light. There's an FAQ-style breakdown of what's new and notable from the usual "current and former" officials to get those interested up to speed quickly -- keep your tinfoil hats and end-to-end encrypted communications systems close by.
