Monitoring NSA in de VS en erbuiten, deel 7

quote:

Op zondag 8 september 2013 15:29 schreef Papierversnipperaar het volgende:
NWS / NSA kan bijna alle smartphones inzien

quote:

Op zondag 8 september 2013 15:32 schreef tong80 het volgende:

[..]

Kon het centrale topic al niet vinden.

quote:

Welcome to the end of secrecy | Jeff Jarvis | Comment is free | theguardian.com

The real lesson of the Snowden leaks is not the threat to privacy. It is the NSA's losing battle against the new agents of openness

It has been said that privacy is dead. Not so. It's secrecy that is dying. Openness will kill it.

American and British spies undermined the secrecy and security of everyone using the internet with their efforts to foil encryption. Then, Edward Snowden foiled them by revealing what is perhaps – though we may never know – their greatest secret.

When I worried on Twitter that we could not trust encryption now, technologist Lauren Weinstein responded with assurances that it would be difficult to hide "backdoors" in commonly used PGP encryption – because it is open-source.

Openness is the more powerful weapon. Openness is the principle that guides, for example, Guardian journalism. Openness is all that can restore trust in government and technology companies. And openness – in standards, governance, and ethics – must be the basis of technologists' efforts to take back the the net.

Secrecy is under dire threat but don't confuse that with privacy. "All human beings have three lives: public, private, and secret," Gabriel Garcí­a Márquez tells his biographer. "Secrecy is what is known, but not to everyone. Privacy is what allows us to keep what we know to ourselves," Jill Lepore explains in the New Yorker. "Privacy is consensual where secrecy is not," write Carol Warren and Barbara Laslett in the Journal of Social Issues.

Think of it this way: privacy is what we keep to ourselves; secrecy is what is kept from us. Privacy is a right claimed by citizens. Secrecy is a privilege claimed by government.

It's often said that the internet is a threat to privacy, but on the whole, I argue it is not much more of a threat than a gossipy friend or a nosy neighbor, a slip of the tongue or of the email "send" button. Privacy is certainly put at risk when we can no longer trust that our communication, even encrypted, are safe from government's spying eyes. But privacy has many protectors.

And we all have one sure vault for privacy: our own thoughts. Even if the government were capable of mind-reading, ProPublica argues in an essay explaining its reason to join the Snowden story, the fact of it "would have to be known".

The agglomeration of data that makes us fear for our privacy is also what makes it possible for one doubting soul – one Manning or Snowden – to learn secrets. The speed of data that makes us fret over the the devaluation of facts is also what makes it possible for journalists' facts to spread before government can stop them. The essence of the Snowden story, then, isn't government's threat to privacy, so much as it is government's loss of secrecy.

Oh, it will take a great deal for government to learn that lesson. Its first response is to try to match a loss of secrecy with greater secrecy, with a war on the agents of openness: whistleblowers and journalists and news organizations. President Obama had the opportunity to meet Snowden's revelations – redacted responsibly by the Guardian – with embarrassment, apology, and a vow to make good on his promise of transparency. He failed.

But the agents of openness will continue to wage their war on secrecy.

In a powerful charge to fellow engineers, security expert Bruce Schneier urged them to fix the net that "some of us have helped to subvert." Individuals must make a moral choice, whether they will side with secrecy or openness.

So must their companies. Google and Microsoft are suing government to be released from their secret restrictions – but there is still more they can say. I would like Google to explain what British agents could mean when they talk of "new access opportunities being developed" at the company. Google's response – "we have no evidence of any such thing ever occurring" – would be more reassuring if it were more specific.

This latest story demonstrates that the Guardian, now in partnership with the New York Times and ProPublica, as well as publications in Germany and Brazil that have pursued their own surveillance stories, will continue to report openly in spite of government acts of intimidation.

I am disappointed that more news organizations, especially in London, are not helping support the work of openness by adding reporting of their own and editorializing against government overreach. I am also saddened that my American colleagues in news industry organizations, as well as journalism education groups, are not protesting loudly.

But even without them, what this story teaches is that it takes only one technologist, one reporter, one news organization to defeat secrecy. At length, openness will out.

Bron: www.theguardian.com

quote:

How NSA access was built into Windows

quote:

Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy", he said.

Fernandez believes that NSA's built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website.[link]

quote:

Op dinsdag 10 september 2013 08:56 schreef Dave94 het volgende:
Je zou je afvragen in hoeverre ze interesse hebben in mijn Goede Tijden, Slechte Tijden verhalen.

quote:

The Guardian: NSA deelt persoonsgegevens VS met Israël


De Amerikaanse veiligheidsdienst NSA deelt geregeld persoonsgegevens met Israël zonder dat privégevoelige informatie wordt verwijderd. Dat blijkt uit geheime documenten die de Britse krant The Guardian openbaart die werden doorgespeeld door klokkenluider Edward Snowden.

De documenten bevatten een overeenkomst tussen de NSA en de Israëlische inlichtingendienst die is opgesteld in 2009 en bestaat uit vijf pagina's. Hieruit blijkt volgens The Guardian dat er zeer waarschijnlijk op regelmatige basis gegevens worden overgedragen aan Israël die mogelijk telefoongesprekken en e-mails bevatten van Amerikaanse burgers. De overeenkomst stelt geen grenzen aan het gebruik van deze data door Israël, aldus de Britse krant.

De onthulling dat de NSA een dergelijke overeenkomst met Israël sloot toont aan dat de Amerikaanse regering tegen een toezegging ingaat, namelijk dat de privacy van Amerikaanse burgers ten alle tijden wordt gewaarborgd middels strikte regels. Gegevens die met andere landen gedeeld worden moet volgens deze toezegging 'geminimaliseerd' worden, iets wat niet gebeurd is, zo blijkt uit de overeenkomst met Israël. De persoonsgegevens zijn niet gefilterd op privacygevoelige informatie, iets wat de Amerikaanse regering wel belooft te doen.

Bron: NRC

quote:

Op woensdag 11 september 2013 18:19 schreef Papierversnipperaar het volgende:

[..]

quote:

The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.

Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.

The disclosure that the NSA agreed to provide raw intelligence data to a foreign country contrasts with assurances from the Obama administration that there are rigorous safeguards to protect the privacy of US citizens caught in the dragnet. The intelligence community calls this process "minimization", but the memorandum makes clear that the information shared with the Israelis would be in its pre-minimized state.

The deal was reached in principle in March 2009, according to the undated memorandum, which lays out the ground rules for the intelligence sharing.

The five-page memorandum, termed an agreement between the US and Israeli intelligence agencies "pertaining to the protection of US persons", repeatedly stresses the constitutional rights of Americans to privacy and the need for Israeli intelligence staff to respect these rights.

But this is undermined by the disclosure that Israel is allowed to receive "raw Sigint" – signal intelligence. The memorandum says: "Raw Sigint includes, but is not limited to, unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content."

According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications. "NSA routinely sends ISNU [the Israeli Sigint National Unit] minimized and unminimized raw collection", it says.

Although the memorandum is explicit in saying the material had to be handled in accordance with US law, and that the Israelis agreed not to deliberately target Americans identified in the data, these rules are not backed up by legal obligations.

"This agreement is not intended to create any legally enforceable rights and shall not be construed to be either an international agreement or a legally binding instrument according to international law," the document says.

In a statement to the Guardian, an NSA spokesperson did not deny that personal data about Americans was included in raw intelligence data shared with the Israelis. But the agency insisted that the shared intelligence complied with all rules governing privacy.

"Any US person information that is acquired as a result of NSA's surveillance activities is handled under procedures that are designed to protect privacy rights," the spokesperson said.

The NSA declined to answer specific questions about the agreement, including whether permission had been sought from the Foreign Intelligence Surveillance (Fisa) court for handing over such material.

The memorandum of understanding, which the Guardian is publishing in full, allows Israel to retain "any files containing the identities of US persons" for up to a year. The agreement requests only that the Israelis should consult the NSA's special liaison adviser when such data is found.

Notably, a much stricter rule was set for US government communications found in the raw intelligence. The Israelis were required to "destroy upon recognition" any communication "that is either to or from an official of the US government". Such communications included those of "officials of the executive branch (including the White House, cabinet departments, and independent agencies), the US House of Representatives and Senate (member and staff) and the US federal court system (including, but not limited to, the supreme court)".

It is not clear whether any communications involving members of US Congress or the federal courts have been included in the raw data provided by the NSA, nor is it clear how or why the NSA would be in possession of such communications. In 2009, however, the New York Times reported on "the agency's attempt to wiretap a member of Congress, without court approval, on an overseas trip".

The NSA is required by law to target only non-US persons without an individual warrant, but it can collect the content and metadata of Americans' emails and calls without a warrant when such communication is with a foreign target. US persons are defined in surveillance legislation as US citizens, permanent residents and anyone located on US soil at the time of the interception, unless it has been positively established that they are not a citizen or permanent resident.

quote:

Op woensdag 11 september 2013 22:53 schreef rakotto het volgende:
NSA shares raw intelligence including Americans' data with Israel

[..]

De rest valt hier in de bron te lezen.

Israel, de 51ste staat van USA.

Edit: Dubbel, ik zie net dat Papierversnipperaar het gepost heeft.

quote:

'NSA gaat ook internationaal betalingsverkeer na'


De Amerikaanse inlichtingendienst NSA (National Security Agency) gaat ook internationaal betalingsverkeer na. Het Duitse weekblad Der Spiegel melde dit weekeinde op zijn website dat de NSA gegevens verzamelt over betalingen, vooral die met creditcards. De dienst heeft speciale afdeling die betalingen registreert, de afdeling 'Follow the money' (Volg het geld).

Der Spiegel heeft de informatie naar eigen zeggen van de klokkenluider Edward Snowden gekregen. Snowden werkte enige tijd voor de NSA en deed daar tot groot ongenoegen van de Amerikaanse autoriteiten een boekje over open. Hij is naar Rusland gevlucht.

De betalingsgegevens worden opgeslagen in de 'Tracfin' van de afdeling. Daar zouden bijvoorbeeld in 2011 180 miljoen gegevens zijn gestald. Bij 84 procent daarvan ging het om betalingen met creditcards.
De dienst bekijkt of er transacties plaatsvinden die extra aandacht verdienen. De 'data-melkers' van de afdeling Follow the Money zouden zich vooral richten op creditcardbetalingen in Europa, het Midden-Oosten en Afrika. Zo is of was de organisatie Swift een belangrijk doelwit van Follow the Money.

Swift, de Society for Worldwide Interbank Financial Telecommunication, is een in Brussel gevestigde internationale organisatie waar duizenden financiële instellingen bij zijn aangesloten ten behoeve van het internationale betalingsverkeer.

Bron: Volkskrant

quote:

Op zondag 15 september 2013 13:40 schreef Papierversnipperaar het volgende:

[..]

'NSA gaat ook internationaal betalingsverkeer na'

[..]

quote:

Het is opvallend dat de NSA de bedrijfsnetwerken van Swift heeft aangevallen, omdat de Europese Unie verdragen met de Verenigde Staten heeft gesloten voor het uitwisselen van betalingsgegevens.

quote:

Belgacom dient klacht in na mogelijke spionage door NSA


Alles wijst erop dat de Amerikaanse inlichtingendienst NSA al zeker sinds 2011 Belgacom hackt. Dat blijkt uit veiligheidsonderzoek dat in opdracht van de provider door een Nederlands bedrijf is verricht. Dat heeft het bedrijf vandaag bekendgemaakt.

Belgacom bevestigt in de mededeling slachtoffer te zijn geweest van een inbraak en een klacht te hebben ingediend. Het bedrijf verleent alle medewerking aan het onderzoek dat wordt gevoerd door het Openbaar Ministerie.

Na de recente onthullingen van klokkenluider Edward Snowden over de spionageactiviteiten van de Verenigde Staten liet Belgacom een uitgebreid onderzoek uitvoeren door een Nederlandse bedrijf, schrijft de Belgische krant De Standaard. Dat bedrijf ontdekte zeer geavanceerde malware.

Dochterbedrijf Belgacom
Volgens de kranten, die zich baseren op niet nader genoemde bronnen, wees het onderzoek uit dat de hackers vooral geïnteresseerd waren in Bics, het dochterbedrijf van Belgacom dat wereldwijd telefoonverkeer regelt. Vooral conversaties in landen als Jemen, Syrië en andere, door de Amerikanen als 'schurkenstaten' beschouwde landen, zouden worden gemonitord.

De Standaard schrijft dat er in kringen van veiligheidsdiensten weinig twijfel over bestaat dat de NSA of een dienst die ermee samenwerkt achter de spionage zit, maar helemaal zeker is dat nog niet. Door de aard van de informatie waarin de hackers geïnteresseerd waren, lijkt het wel zeer waarschijnlijk.

De Belgische overheid is hoofdaandeelhouder van het telecombedrijf en de zaak ligt daarom ook uiterst gevoelig. Premier Elio Di Rupo zou vandaag nog uitleg geven over de zaak.

Bron: Volkskrant

quote:

Op zondag 15 september 2013 21:19 schreef gebrokenglas het volgende:
Je gelooft niet wat je leest in de Washington Post:
Gmail is the preferred Internet service provider of terrorists worldwide

• Former NSA and CIA director Michael Hayden claimed "Gmail is the preferred Internet service provider of terrorists worldwide
• Hayden suggested that the Internet's origins in the United States partially justifies the NSA's conduct
• The problem I have with the Internet is that it's anonymous."

Verbazend. Van dat Gmail geloof ik geen snars.

quote:

Braziliaanse president zegt bezoek VS af wegens afluisteren door NSA


De Braziliaanse president Dilma Rousseff heeft een staatsbezoek aan de Verenigde Staten afgezegd, omdat ze door de Amerikaanse geheime dienst zou zijn afgeluisterd. Dat heeft de regering van Brazilië dinsdag bekendgemaakt.

Het staatsbezoek stond gepland voor oktober. Volgens Brazilië is het bezoek in overleg met de VS uitgesteld.

De Amerikaanse inlichtingendienst NSA zou heimelijk telefoon- en e-mailverkeer van Rousseff in de gaten hebben gehouden, melden Braziliaanse media onlangs. De informatie was afkomstig van de Amerikaanse klokkenluider Edward Snowden.

Bron: Volkskrant

quote:

Op maandag 16 september 2013 10:10 schreef Papierversnipperaar het volgende:

[..]

quote:

Op dinsdag 17 september 2013 20:31 schreef Papierversnipperaar het volgende:

[..]

quote:

Op maandag 16 september 2013 12:39 schreef robin007bond het volgende:

[..]

Daarom, GNU/Linux.

quote:

U.S. Government asked Linus Torvalds to insert Backdoor Into Linux - The Hacker News

At the Linuxcon conference in New Orleans today, Linus Torvalds and the other top Linux developers, talked to the Linux faithful about Linux, Microsoft, and other issues.


During a question-and-answer ‪session ‬at ‪the LinuxCon, Linux Torvalds admitted to questions from the audience that the U.S. Government approached him to put a backdoor into his open-source operating system. Torvalds responded "no" while shaking his head "yes," as the audience broke into spontaneous laughter.

Then someone asked if Linus would be interested in becoming Microsoft's CEO, which was answered with a big smile and because he is fully satisfied with the development of Linux and his life.

LinuxCon & CloudOpen North America 2013 - Linux Kernel Panel

(at 24 Minutes and 15 Seconds)
He noted that when he started Linux 22 years ago, the hardware was very different than it is today. He expects that 20 years from now the hardware will change even more.

"Linux usage keeps changing. Linux today is very different from even ten years ago,” Torvalds added. “I hope it will continue to meet new use cases."

During the session, Torvalds also explained why he became a developer in the first place. He said that when he started, he didn't have money to run Unix on his own machine. He also noted that his friends were playing games on their computers that he couldn't afford, so he had to learn to program. "Necessity made me try to do something," Torvalds said.



Bron: thehackernews.com

quote:

Op dinsdag 17 september 2013 20:31 schreef Papierversnipperaar het volgende:

[..]

quote:

Op donderdag 19 september 2013 20:11 schreef polderturk het volgende:

[..]

Waarom luistert de NSA een Braziliaans oliebedrijf af? Om terrorisme te bestrijden?

quote:

Op donderdag 19 september 2013 20:34 schreef El_Matador het volgende:

[..]

Waarom denk je?
Informatie kan goud waard zijn.
En dat is het punt gelijk; al die klagende sukkels dat de VS afluisteren, ja duh!

Opties:
- sluit jezelf af van "het vreselijke internet"
- doe hetzelfde; afluisteren werkt blijkbaar

Dat gejank van die mennekes is als in een oorlog roepen; "hee, jij hebt grotere en betere wapens dan wij, dat is niet eeheerlijk", Calimero, jank jank.

Anonymous - OpNSA Release V John Boehner

SPOILER

Om spoilers te kunnen lezen moet je zijn ingelogd. Je moet je daarvoor eerst gratis Registreren. Ook kun je spoilers niet lezen als je een ban hebt.

quote:

"Nederland opent deur voor NSA"

<sub>zaterdag 21 sep 2013, 09:33 (Update: 21-09-13, 10:02)

Door research-redacteur Hugo van der Parre</sub>

Onder de leden van de Amsterdam Internet Exchange (AMS-IX) is onrust ontstaan omdat het bestuur een filiaal wil openen in de Verenigde Staten. Ze vrezen dat Amerikaanse spionagediensten dan heel eenvoudig in Nederlandse netwerken kunnen grasduinen.

De Amsterdam Internet Exchange is het belangrijkste internetknooppunt van Nederland en het een na grootste ter wereld. Een groot deel van het internetverkeer met het buitenland en het internetverkeer tussen Nederlandse internetproviders verloopt via dit knooppunt. Meer dan 600 bedrijven en organisaties zijn lid van de vereniging AMS-IX. Daaronder zijn alle internet-providers in ons land.

Felle discussie
Het bestuur wil dat de leden volgende week toestemming geven om onder de vleugels van de AMS-IX een vestiging in de Verenigde Staten te beginnen. Dat zou zakelijk aantrekkelijk zijn.

Een aantal leden noemt uitbreiding in de VS levensgevaarlijk. De Amerikaanse overheid kan dan op grond van de Patriot Act en de FISA-wet eenvoudig data verzamelen die via het knooppunt worden verstuurd. Dat betreft vrijwel alles in Nederland. Inmiddels is op internet een felle discussie losgebarsten tussen de leden.

Een van de initiaftienemers van de discussie is Eric Bais. Hij is directeur van A2B, een bedrijf dat netwerkdiensten levert. Bais is bezorgd dat de Nederlandse infrastructuur met een Amerikaanse vestiging van de AMS-IX vatbaar is voor bemoeienis door geheime diensten als de NSA.

Risico's
Dat denkt ook hoogleraar informatierecht Nico van Eijk van de Universiteit van Amsterdam. Van Eijk: "Amerika kan met de Patriot Act inzage eisen in de datastromen. En dat beperkt zich niet tot de vestiging op Amerikaanse grondgebied. Dat strekt zich ook uit tot alle buitenlandse vertakkingen van het bedrijf".

De directie van AMS-IX wil niet reageren op de kritiek van de leden of een toelichting geven op de plannen. Dat gebeurt pas na de vergadering van 27 september. AMS-IX benadrukt dat tot die tijd met een advocaat alle risico's goed worden afgewogen.

quote:

A CEO who resisted NSA spying is out of prison. And he feels ‘vindicated’ by Snowden leaks.

quote:

Just one major telecommunications company refused to participate in a legally dubious NSA surveillance program in 2001. A few years later, its CEO was indicted by federal prosecutors. He was convicted, served four and a half years of his sentence and was released this month.

Prosecutors claim Qwest CEO Joseph Nacchio was guilty of insider trading, and that his prosecution had nothing to do with his refusal to allow spying on his customers without the permission of the Foreign Intelligence Surveillance Court. But to this day, Nacchio insists that his prosecution was retaliation for refusing to break the law on the NSA's behalf.

quote:

http://www.volkskrant.nl/(...)in-Luther-King.dhtml

De Amerikaanse geheime dienst NSA heeft in de late jaren '60 en in de jaren '70 telefoongesprekken afgeluisterd van prominente critici van de oorlog in Vietnam. Onder hen waren Martin Luther King en bokser Mohammed Ali.

Dat blijkt uit recent vrijgegeven documenten waarover The Guardian bericht. Het gaat over de periode waarin steeds meer mensen bezwaar kregen tegen de oorlog in Vietnam. Volgens de Britse krant trok de NSA in 'operatie Minaret' alles uit de kast om te proberen het tij te keren. Mogelijk gaat het zelfs om illegale praktijken, aldus The Guardian.

Zo werden telefoongesprekken afgeluisterd van twee Amerikaanse senatoren: de democraat Frank Church uit Idaho en de Republikein Howard Baker uit Tennessee. Overigens was laatstgenoemde juist een groot voorstander van die oorlog. Ook van enkele prominente journalisten werd communicatie onderschept.

Mohammed Ali
In 1967 werd de bokser Mohammed Ali op de spionagelijst geplaatst nadat hij zich openlijk tegen de Vietnamoorlog had gesproken. Ali zat op dat moment in de gevangenis omdat hij weigerde in het leger te dienen. Ook was hij gestript van zijn overwinningen en mocht hij in de VS niet meer vechten. Hij zou in de zes jaar daarna doelwit zijn geweest van de afluisterpraktijken van de NSA.

Ook mensenrechtenactivist Martin Luther King staat op de lijst van mensen die in die periode door de NSA zijn bespioneerd. In totaal gaat het om 1.650 personen, maar van het grootste deel daarvan is de identiteit niet bekendgemaakt.

De afluisterpraktijken kwamen al eerder aan het licht, maar het is voor het eerst dat er namen van mensen die zijn bespioneerd bekend zijn geworden. De NSA deed volgens The Guardian erg veel moeite om de documenten geheim te houden. Alle rapporten werden bijvoorbeeld persoonlijk afgeleverd bij het Witte Huis, nadat ze waren ontdaan van alle logo's en markeringen die ze terug zouden kunnen herleiden naar de NSA. Een aantal topfiguren binnen de NSA zouden de operatie later zelf 'schandelijk, indien niet compleet illegaal' hebben genoemd.

quote:

NSA chief’s admission of misleading numbers adds to Obama administration blunders

The Obama administration’s credibility on intelligence suffered another blow Wednesday as the chief of the National Security Agency admitted that officials put out numbers that vastly overstated the counterterrorism successes of the government’s warrantless bulk collection of all Americans’ phone records.

Pressed by the Democratic chairman of the Senate Judiciary Committee at an oversight hearing, Gen. Keith B. Alexander admitted that the number of terrorist plots foiled by the NSA’s huge database of every phone call made in or to America was only one or perhaps two — far smaller than the 54 originally claimed by the administration.

quote:

Snowden Files: NSA and GCHQ Target TOR Web Browser

quote:

The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency's current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity.

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.

Another top-secret presentation calls Tor "the king of high-secure, low-latency internet anonymity".

Tor – which stands for The Onion Router – is an open-source public project that bounces its users' internet traffic through several other computers, which it calls "relays" or "nodes", to keep it anonymous and avoid online censorship tools.

It is relied upon by journalists, activists and campaigners in the US and Europe as well as in China, Iran and Syria, to maintain the privacy of their communications and avoid reprisals from government. To this end, it receives around 60% of its funding from the US government, primarily the State Department and the Department of Defense – which houses the NSA.

Despite Tor's importance to dissidents and human rights organizations, however, the NSA and its UK counterpart GCHQ have devoted considerable efforts to attacking the service, which law enforcement agencies say is also used by people engaged in terrorism, the trade of child abuse images, and online drug dealing.

Privacy and human rights groups have been concerned about the security of Tor following revelations in the Guardian, New York Times and ProPublica about widespread NSA efforts to undermine privacy and security software. A report by Brazilian newspaper Globo also contained hints that the agencies had capabilities against the network.

While it seems that the NSA has not compromised the core security of the Tor software or network, the documents detail proof-of-concept attacks, including several relying on the large-scale online surveillance systems maintained by the NSA and GCHQ through internet cable taps.

One such technique is based on trying to spot patterns in the signals entering and leaving the Tor network, to try to de-anonymise its users. The effort was based on a long-discussed theoretical weakness of the network: that if one agency controlled a large number of the "exits" from the Tor network, they could identify a large amount of the traffic passing through it.

The proof-of-concept attack demonstrated in the documents would rely on the NSA's cable-tapping operation, and the agency secretly operating computers, or 'nodes', in the Tor system. However, one presentation stated that the success of this technique was "negligible" because the NSA has "access to very few nodes" and that it is "difficult to combine meaningfully with passive Sigint".

While the documents confirm the NSA does indeed operate and collect traffic from some nodes in the Tor network, they contain no detail as to how many, and there are no indications that the proposed de-anonymization technique was ever implemented.

Other efforts mounted by the agencies include attempting to direct traffic toward NSA-operated servers, or attacking other software used by Tor users. One presentation, titled 'Tor: Overview of Existing Techniques', also refers to making efforts to "shape", or influence, the future development of Tor, in conjunction with GCHQ.

Another effort involves measuring the timings of messages going in and out of the network to try to identify users. A third attempts to degrade or disrupt the Tor service, forcing users to abandon the anonymity protection.

Such efforts to target or undermine Tor are likely to raise legal and policy concerns for the intelligence agencies.

Foremost among those concerns is whether the NSA has acted, deliberately or inadvertently, against internet users in the US when attacking Tor. One of the functions of the anonymity service is to hide the country of all of its users, meaning any attack could be hitting members of Tor's substantial US user base.

Several attacks result in implanting malicious code on the computer of Tor users who visit particular websites. The agencies say they are targeting terrorists or organized criminals visiting particular discussion boards, but these attacks could also hit journalists, researchers, or those who accidentally stumble upon a targeted site.

The efforts could also raise concerns in the State Department and other US government agencies that provide funding to increase Tor's security – as part of the Obama administration's internet freedom agenda to help citizens of repressive regimes – circumvent online restrictions.

Material published online for a discussion event held by the State Department, for example, described the importance of tools such as Tor.

"[T]he technologies of internet repression, monitoring and control continue to advance and spread as the tools that oppressive governments use to restrict internet access and to track citizen online activities grow more sophisticated. Sophisticated, secure, and scalable technologies are needed to continue to advance internet freedom."

The Broadcasting Board of Governors, a federal agency whose mission is to "inform, engage, and connect people around the world in support of freedom and democracy" through networks such as Voice of America, also supports Tor's development, and uses it to ensure its broadcasts reach people in countries such as Iran and China.

The governments of both these countries have attempted to curtail Tor's use: China has tried on multiple occasions to block Tor entirely, while one of the motives behind Iranian efforts to create a "national internet" entirely under government control was to prevent circumvention of those controls.

The NSA's own documents acknowledge the service's wide use in countries where the internet is routinely surveilled or censored. One presentation notes that among uses of Tor for "general privacy" and "non-attribution", it can be used for "circumvention of nation state internet policies" – and is used by "dissidents" in "Iran, China, etc".

Yet GCHQ documents show a disparaging attitude towards Tor users. One presentation acknowledges Tor was "created by the US government" and is "now maintained by the Electronic Frontier Foundation (EFF)", a US freedom of expression group. In reality, Tor is maintained by an independent foundation, though has in the past received funding from the EFF.

The presentation continues by noting that "EFF will tell you there are many pseudo-legitimate uses for Tor", but says "we're interested as bad people use Tor". Another presentation remarks: "Very naughty people use Tor".

The technique developed by the NSA to attack Tor users through vulnerable software on their computers has the codename EgotisticalGiraffe, the documents show. It involves exploiting the Tor browser bundle, a collection of programs, designed to make it easy for people to install and use the software. Among these is a version of the Firefox web browser.

The trick, detailed in a top-secret presentation titled 'Peeling back the layers of Tor with EgotisticalGiraffe', identified website visitors who were using the protective software and only executed its attack – which took advantage of vulnerabilities in an older version of Firefox – against those people. Under this approach, the NSA does not attack the Tor system directly. Rather, targets are identified as Tor users and then the NSA attacks their browsers.

According to the documents provided by Snowden, the particular vulnerabilities used in this type of attack were inadvertently fixed by Mozilla Corporation in Firefox 17, released in November 2012 – a fix the NSA had not circumvented by January 2013 when the documents were written.

The older exploits would, however, still be usable against many Tor users who had not kept their software up to date.

A similar but less complex exploit against the Tor network was revealed by security researchers in July this year. Details of the exploit, including its purpose and which servers it passed on victims' details to, led to speculation it had been built by the FBI or another US agency.

At the time, the FBI refused to comment on whether it was behind the attack, but subsequently admitted in a hearing in an Irish court that it had operated the malware to target an alleged host of images of child abuse – though the attack did also hit numerous unconnected services on the Tor network.

Roger Dingledine, the president of the Tor project, said the NSA's efforts serve as a reminder that using Tor on its own is not sufficient to guarantee anonymity against intelligence agencies – but showed it was also a great aid in combating mass surveillance.

"The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network," Dingledine said. "Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.

"Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody's going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on."

But he added: "Just using Tor isn't enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications."

The Guardian asked the NSA how it justified attacking a service funded by the US government, how it ensured that its attacks did not interfere with the secure browsing of law-abiding US users such as activists and journalists, and whether the agency was involved in the decision to fund Tor or efforts to "shape" its development.

The agency did not directly address those questions, instead providing a statement.

It read: "In carrying out its signals intelligence mission, NSA collects only those communications that it is authorized by law to collect for valid foreign intelligence and counter-intelligence purposes, regardless of the technical means used by those targets or the means by which they may attempt to conceal their communications. NSA has unmatched technical capabilities to accomplish its lawful mission.

"As such, it should hardly be surprising that our intelligence agencies seek ways to counteract targets' use of technologies to hide their communications. Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that."

quote:

Cabinet was told nothing about GCHQ spying programmes, says Chris Huhne

Ex-minister says he was in 'utter ignorance' of Prism and Tempora and calls for tighter oversight of security services

quote:

Cabinet ministers and members of the national security council were told nothing about the existence and scale of the vast data-gathering programmes run by British and American intelligence agencies, a former member of the government has revealed.

Chris Huhne, who was in the cabinet for two years until 2012, said ministers were in "utter ignorance" of the two biggest covert operations, Prism and Tempora. The former Liberal Democrat MP admitted he was shocked and mystified by the surveillance capabilities disclosed by the Guardian from files leaked by the whistleblower Edward Snowden.

quote:

Op dinsdag 8 oktober 2013 11:26 schreef andreas612 het volgende:

[..]

volgens mij is dat echt zo'n ruimte als in de serie '24' allemaal geeks jan en alleman te checken met satelieten en shit

quote:

Op dinsdag 8 oktober 2013 13:55 schreef Eyjafjallajoekull het volgende:
Zou me niks verbazen als dat ding gewoon eigenlijk al operationeel is

quote:

Op dinsdag 8 oktober 2013 15:31 schreef andreas612 het volgende:

[..]

Die met will smith toch? zo kan het ook inderdaad

quote:

Op dinsdag 8 oktober 2013 18:44 schreef Revolution-NL het volgende:
Wat ik met nog steeds zit af te vragen is wat voor techniek ze gebruiken voor de opslag van alle data. Met conventionele storage lijkt mij dit praktisch onmogelijk.