US and UK spy agencies defeat privacy and security on the internet (the Snowden files)

[Edward Kelly]

http://www.itnews.com.au/News/355290,microsoft-google-sue-us-govt-over-spying-disclosure.aspx

Microsoft, Google sue US govt over spying disclosure
The United States government is being taken to court by tech giants Microsoft and Google over the right to disclose the extent of state surveillance of their customers, with the two companies claiming such a disclosure is permitted by the US Constitution.
... etc etc ...

This wasn't the article I read the other day but is similar...the one I read had much more detailed info and a list of most of the companies and software that freely cooperate with the NSA and certain govts..
.. if memory serves.. Mozilla, with it's security add ons were among some that didn't play too well with the nsa due to many of the add ons being privately written. They weren't on the dodgy list like google, yahoo, microsoft and the rest.

Note.
(I may have read/remembered some of the original article I read incorrectly so a bit of personal research may be advisable )


Some handy info in link below (if you haven't already read it...) including a guide on how to stay secure (aimed at the average user than experts obviously)
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

 

[Divisive Cotton]

Other than the Open Rights Group are there any meetings by groups in London that discuss the sort of issues being brought up the Snowden leaks?

 

[yield]

Report: NSA Mimics Google to Monitor "Target" Web Users
"Man in the middle" attacks would let the spy agency gather data without breaking encryption.
Mother Jones. Sep. 12, 2013

In what appears to be a slide taken from an NSA presentation that also contains some GCHQ slides, the agency describes "how the attack was done" on "target" Google users. According to the document, NSA employees log into an internet router—most likely one used by an internet service provider or a backbone network. (It's not clear whether this was done with the permission or knowledge of the router's owner.) Once logged in, the NSA redirects the "target traffic" to an "MITM," a site that acts as a stealthy intermediary, harvesting communications before forwarding them to their intended destination.

The brilliance of an MITM attack is that it defeats encryption without actually needing to crack any code. If you visit an impostor version of your bank's website, for example, the NSA could harvest your login and password, use that information to establish a secure connection with your real bank, and feed you the resulting account information—all without you knowing.

Can't quite get my head around this? How does the NSA redirect the "target traffic"?

 

[Bernie Gunther]

Report: NSA Mimics Google to Monitor "Target" Web Users
"Man in the middle" attacks would let the spy agency gather data without breaking encryption.
Mother Jones. Sep. 12, 2013

Can't quite get my head around this? How does the NSA redirect the "target traffic"?

Assuming they're not just in a discreet room someplace at Google plugged straight into their border routers, then most likely either by doing what's described above, messing with backbone or your ISP's routers, or maybe by some kind of DNS spoofing, or some combination.

Given that several of the root name servers are run by the US government and/or military, they'd have certain advantages over regular online criminals in pulling that sort of trick off I'd expect.

It sounds like this is combined with the use of a dodgy 'NSA special' signing key to forge Google's (or anybody else's) certificates, thereby subverting one of the main defences against this sort of stuff.

Malware on the client side is the classic MiTB attack on internet banks, as for example by the 'Zeus Gang' a few years ago. That avoids having to subvert the DNS system by having the malware make the dodgy fake connection and lie to you about who your browser is talking to.

This is something a bit more worrying if true ...

 

[DrRingDing]

Report: NSA Mimics Google to Monitor "Target" Web Users
"Man in the middle" attacks would let the spy agency gather data without breaking encryption.
Mother Jones. Sep. 12, 2013

Can't quite get my head around this? How does the NSA redirect the "target traffic"?

Piece of piss. Any little Johnny can do it.

 

[laptop]

Piece of piss. Any little Johnny can do it.

Not quite "any". See computer help requests

 

[J Ed]

http://www.independent.co.uk/news/w...mericas-53-billion-spying-budget-8792322.html

US spy agencies have built an intelligence-gathering colossus since 9/11, but remain unable to provide critical information to the president on a range of national security threats, according to the government’s top-secret budget.

The $52.6bn “black budget” for the fiscal year 2013, from former intelligence contractor Edward Snowden, maps a bureaucratic and operational landscape that has never been subject to public scrutiny. Although the government has annually released its overall level of intelligence spending since 2007, it has not divulged how it uses the money or how it performs against the goals set by the president and Congress.

The 178-page budget summary for the National Intelligence Program details the successes, failures and objectives of the 16 spy agencies that make up the US intelligence community, which has 107,035 employees.

“The United States has made a considerable investment in the intelligence community since the terror attacks of 9/11, a time which includes wars in Iraq and Afghanistan, the Arab Spring, the proliferation of weapons of mass destruction technology, and asymmetric threats in such areas as cyber-warfare,” said director of national intelligence James R Clapper Jr. “Our budgets are classified as they could provide insight for foreign intelligence services to discern our top national priorities, capabilities and sources.”

How much is it in Britain?

 

[Kippa]

http://www.independent.co.uk/news/w...mericas-53-billion-spying-budget-8792322.html



How much is it in Britain?

According to the Intelligence and Security Committee of Parliament Annual Report 2012-2013 the Single Intelligence Account (SIA) was circa £2 billion for 2011/2012.

By the way it is a public document which you can view from the UK Parlaiment website here:
http://www.parliament.uk/business/news/2013/july/isc-annual-report/

 

[peterkro]

Greenwald answering questions on Reddit,he claims that the story of his boyfriend having a decryption password on a piece of paper is complete bullshit:

http://www.reddit.com/r/IAmA/comments/1nisdy/were_glenn_greenwald_and_janine_gibson_of_the/

 

[dweller]

Greenwald bats back Kirsty Warks stupid questions on Newsnight.

 

[elbows]

I like this article. It neatly punches holes in the recent wave of European nation fake outrage over spying, and contains a fair array of the usual spooky quotes including this fun bit about corporate relationships:

In the case of the Spanish intelligence agency, the National Intelligence Centre (CNI), the key to mass internet surveillance, at least back in 2008, was the Spaniards' ties to a British telecommunications company (again unnamed. Corporate relations are among the most strictly guarded secrets in the intelligence community). That was giving them "fresh opportunities and uncovering some surprising results.

"GCHQ has not yet engaged with CNI formally on IP exploitation, but the CNI have been making great strides through their relationship with a UK commercial partner. GCHQ and the commercial partner have been able to coordinate their approach. The commercial partner has provided the CNI some equipment whilst keeping us informed, enabling us to invite the CNI across for IP-focused discussions this autumn," the report said. It concluded that GCHQ "have found a very capable counterpart in CNI, particularly in the field of Covert Internet Ops".

http://www.theguardian.com/uk-news/2013/nov/01/gchq-europe-spy-agencies-mass-surveillance-snowden

 

[Dr Jon]

I just spotted How NSA access was built into Windows, from 15 years ago!
Fucking Micro$haft.

 

[teqniq]

The New Snowden Revelation Is Dangerous for Anonymous — And for All of Us

The latest Snowden-related revelation is that Britain’s Government Communications Headquarters (GCHQ) proactively targeted the communications infrastructure used by the online activist collective known as Anonymous.

Specifically, they implemented distributed denial of service (DDoS) attacks on the internet relay chat (IRC) rooms used by Anonymous. They also implanted malware to out the personal identity details of specific participants. And while we only know for sure that the U.K.’s GCHQ and secret spy unit known as the “Joint Threat Research Intelligence Group” (JTRIG) launched these attacks in an operation called “Rolling Thunder,” the U.S.’ NSA was likely aware of what they were doing because the British intelligence agents presented their program interventions at the NSA conference SIGDEV in 2012. (Not to mention the two agencies sharing close ties in general.)...

 

[Yuwipi Woman]

The New Snowden Revelation Is Dangerous for Anonymous — And for All of Us

I doubt if many in Anonymous find that surprising.

 

[Dr Jon]

It's also transpires that spooks likely kippered the Cop15 climate talks:
Emissions impossible

 

[Treacle Toes]

'Extreme surveillance' becomes UK law with barely a whimper

 

[FridgeMagnet]

'Extreme surveillance' becomes UK law with barely a whimper

Even by the standards of UK media interest in privacy, it's been absurd how little coverage this has had. I've been sitting around going "seriously wtf hello? a list of everything you read on the net available for bulk government search and download now?" I don't know, perhaps it's time to, say, use (foreign) VPNs constantly, at least until those get shut down.

 

[Treacle Toes]

All the people who can now see your entire internet history

• Metropolitan police force
• City of London police force
• Police forces maintained under section 2 of the Police Act 1996
• Police Service of Scotland
• Police Service of Northern Ireland
• British Transport Police
• Ministry of Defence Police
• Royal Navy Police
• Royal Military Police
• Royal Air Force Police
• Security Service
• Secret Intelligence Service
• GCHQ
• Ministry of Defence
• Department of Health
• Home Office
• Ministry of Justice
• National Crime Agency
• HM Revenue & Customs
• Department for Transport
• Department for Work and Pensions
• NHS trusts and foundation trusts in England that provide ambulance services
• Common Services Agency for the Scottish Health Service
• Competition and Markets Authority
• Criminal Cases Review Commission
• Department for Communities in Northern Ireland
• Department for the Economy in Northern Ireland
• Department of Justice in Northern Ireland
• Financial Conduct Authority
• Fire and rescue authorities under the Fire and Rescue Services Act 2004
• Food Standards Agency
• Food Standards Scotland
• Gambling Commission
• Gangmasters and Labour Abuse Authority
• Health and Safety Executive
• Independent Police Complaints Commissioner
• Information Commissioner
• NHS Business Services Authority
• Northern Ireland Ambulance Service Health and Social Care Trust
• Northern Ireland Fire and Rescue Service Board
• Northern Ireland Health and Social Care Regional Business Services Organisation
• Office of Communications
• Office of the Police Ombudsman for Northern Ireland
• Police Investigations and Review Commissioner
• Scottish Ambulance Service Board
• Scottish Criminal Cases Review Commission
• Serious Fraud Office
• Welsh Ambulance Services National Health Service Trust