Posts

Major US Security Company Warns Customers Not To Use NSA Encryption Formula

/0 Comments/in , /by

Photo Credit: EPA

Photo Credit: EPA

A major American computer security company has told thousands of customers to stop using an encryption system that relies on a mathematical formula developed by the National Security Agency (NSA).

RSA, the security arm of the storage company EMC, sent an email to customers telling them that the default random number generator in a toolkit for developers used a weak formula, and they should switch to one of the other formulas in the product.

The abrupt warning is the latest fallout from the huge intelligence disclosures by the whistleblower Edward Snowden about the extent of surveillance and the debasement of encryption by the NSA.

Last week, the New York Times reported that Snowden’s cache of documents from his time working for an NSA contractor showed that the agency used its public participation in the process for setting voluntary cryptography standards, run by the government’s National Institute of Standards (NIST) and Technology, to push for a formula it knew it could break. Soon after that revelation, the NIST began advising against the use of one of its cryptographic standards and, having accepted the NSA proposal in 2006 as one of four systems acceptable for government use, said it would reconsider that inclusion in the wake of questions about its security.

RSA’s warning underscores how the slow-moving standards process and industry practices could leave many users exposed to hacking by the NSA or others who could exploit the same flaw for years to come.

Read more from this story HERE.

Zuckerberg: US Government ‘Blew It’ on NSA Surveillance

/0 Comments/in , /by

Photo Credit: Reuters

Photo Credit: Reuters

Mark Zuckerberg of Facebook and Marissa Mayer, the CEO of Yahoo, struck back on Wednesday at critics who have charged tech companies with doing too little to fight off NSA surveillance. Mayer said executives faced jail if they revealed government secrets.

Yahoo and Facebook, along with other tech firms, are pushing for the right to be allowed to publish the number of requests they receive from the spy agency. Companies are forbidden by law to disclose how much data they provide.

During an interview at the Techcrunch Disrupt conference in San Francisco, Mayer was asked why tech companies had not simply decided to tell the public more about what the US surveillance industry was up to. “Releasing classified information is treason and you are incarcerated,” she said.

Mayer said she was “proud to be part of an organisation that from the beginning, in 2007, has been sceptical of – and has been scrutinizing – those requests [from the NSA].”

Yahoo has previously unsuccessfully sued the foreign intelligence surveillance (Fisa) court, which provides the legal framework for NSA surveillance. In 2007 it asked to be allowed to publish details of requests it receives from the spy agency. “When you lose and you don’t comply, it’s treason,” said Mayer. “We think it make more sense to work within the system,” she said.

Read more from this story HERE.

NSA Disguised Itself as Google to Spy, say Reports

/0 Comments/in , /by

Photo Credit: CNET

Photo Credit: CNET

Here’s one of the latest tidbits on the NSA surveillance scandal (which seems to be generating nearly as many blog items as there are phone numbers in the spy agency’s data banks).

Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently impersonated Google on at least one occasion to gather data on people. (Mother Jones subsequently pointed out Techdirt’s point-out.)

Brazilian site Fantastico obtained and published a document leaked by Edward Snowden, which diagrams how a “man in the middle attack” involving Google was apparently carried out.

A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.

The technique is particularly sly because the hackers then use the password to log in to the real banking site and then serve as a “man in the middle,” receiving requests from the banking customer, passing them on to the bank site, and then returning requested info to the customer — all the while collecting data for themselves, with neither the customer nor the bank realizing what’s happening. Such attacks can be used against e-mail providers too.

Read more from this story HERE.

NSA Shares Raw Data on Americans with Israeli Spy Agency

/1 Comment/in , /by

Photo Credit: AP

Photo Credit: AP

The Obama administration shares with Israeli intelligence the vast data dumps the National Security Agency vacuums up from the Internet without removing private information about Americans, even though Israel is one of the nations that spy most aggressively on the United States, according to leaked documents.

A copy of a top-secret deal inked in 2009 between the NSA and the Israeli Signals-intelligence National Unit (ISNU) was provided by NSA leaker Edward J. Snowden to the Guardian newspaper, which posted it Wednesday.

It reveals that the NSA “routinely” passed to its Israeli counterpart “raw” signals intelligence, referred to as “Sigint,” including the vast swathes of digital data traffic that the agency gathers under secret court authority from U.S. Internet providers.

So sensitive is this data that even before being disseminated to other U.S. agencies, the NSA has to subject it to a court-mandated process called minimization, under which the names of any Americans are removed unless they are essential for foreign intelligence interest.

But the U.S.-Israeli agreement states that the data shared with Israel “includes, but is not limited to, unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content.”

Read more from this story HERE.

Obama Administration had Restrictions on NSA Reversed in 2011

/4 Comments/in , /by

Photo Credit: AP

Photo Credit: AP

The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency’s use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans’ communications in its massive databases, according to interviews with government officials and recently declassified material.

In addition, the court extended the length of time that the NSA is allowed to retain intercepted U.S. communications from five years to six years — and more under special circumstances, according to the documents, which include a recently released 2011 opinion by U.S. District Judge John D. Bates, then chief judge of the Foreign Intelligence Surveillance Court.

What had not been previously acknowledged is that the court in 2008 imposed an explicit ban — at the government’s request — on those kinds of searches, that officials in 2011 got the court to lift the bar and that the search authority has been used.

Together the permission to search and to keep data longer expanded the NSA’s authority in significant ways without public debate or any specific authority from Congress. The administration’s assurances rely on legalistic definitions of the term “target” that can be at odds with ordinary English usage. The enlarged authority is part of a fundamental shift in the government’s approach to surveillance: collecting first, and protecting Americans’ privacy later.

“The government says, ‘We’re not targeting U.S. persons,’ ” said Gregory T. Nojeim, senior counsel at the Center for Democracy and Technology. “But then they never say, ‘We turn around and deliberately search for Americans’ records in what we took from the wire.’ That, to me, is not so different from targeting Americans at the outset.”

Read more from this story HERE.

NSA Can Track Smartphone Data by Breaking Through iPhone and Blackberry Security Measures

/0 Comments/in , /by

Photo Credit: AP

Photo Credit: AP

The NSA is able to crack protective measures on iPhones, BlackBerry and Android devices, giving it access to users’ data on all major smartphones, according to a report Sunday in German news weekly Der Spiegel.

The magazine cited internal documents from the U.S.’ National Security Agency and its British counterpart GCHQ in which the agencies describe setting up dedicated teams for each type of phone as part of their effort to gather intelligence on potential threats such as terrorists.

The data obtained this way includes contacts, call lists, SMS traffic, notes and location information, Der Spiegel reported.

The documents don’t indicate that the NSA is conducting mass surveillance of phone users but rather that these techniques are used to eavesdrop on specific individuals, the magazine said.

The article doesn’t explain how the magazine obtained the documents, which are described as ‘secret.’ But one of its authors is Laura Poitras, an American filmmaker with close contacts to NSA leaker Edward Snowden who has published several articles about the NSA in Der Spiegel in recent weeks.

Read more from this story HERE.

Thousands Show for German anti-NSA Protest

/0 Comments/in , /by

German_protestThousands took to the streets in Berlin Saturday in protests against Internet surveillance activities by the US National Security Agency and other intelligence agencies, and the German government’s perceived lax reaction to them.

Organisers, among them the opposition Greens, The Left and Pirates parties, said 20,000 people turned out. Police would not confirm the figure, saying only their “tally differs from that of the organisers”.

The protest was organised under the slogan “Freedom Rather Than Fear” and demonstrators carried banners saying: “Stop spying on us” and, more sarcastically: “Thanks to PRISM (the US government’s vast data collection programs) the government finally knows what the people want.”

Read more from this story HERE.

Microsoft and Yahoo Voice Alarm Over NSA’s Assault on Internet Encryption

/1 Comment/in , /by

Photo Credit: EPA

Photo Credit: EPA

Two of the world’s biggest technology companies, Microsoft and Yahoo, expressed deep concern on Friday about widespread attempts by the US and UK intelligence services to circumvent the online security systems that protect the privacy of millions of people online.

Microsoft said it had “significant concerns” about reports that the National Security Agency and its British counterpart, GCHQ, had succeeded in cracking most of the codes that protect the privacy of internet users. Yahoo said it feared “substantial potential for abuse”.

Google said it was not aware of any covert attempts to compromise its systems. However, according to a report in the Washington Post on Saturday, the company said that it had accelerated the encryption of information in its data centres in a bid to prevent snooping by the NSA and the intelligence agencies of other governments.

Documents obtained by whistleblower Edward Snowden and published jointly by the Guardian, the New York Times and the nonprofit news organisation ProPublica on Thursday show that agents at GCHQ have been working to undermine encrypted traffic on the “big four” service providers, named as Hotmail (the Microsoft email service now known as Outlook), Google, Yahoo and Facebook.

Yahoo responded with a strongly worded statement on Friday. “We are unaware of and do not participate in such an effort, and if it exists, it offers substantial potential for abuse. Yahoo zealously defends our users’ privacy and responds to government requests for data only after considering every applicable objection and in accordance with the law,” a spokesman said.

Read more from this story HERE.

Snowden Document: NSA Spied On Al Jazeera Communications

/0 Comments/in , /by

Photo Credit: DPA

Photo Credit: DPA

It makes sense that America’s National Security Agency (NSA) would be interested in the Arab news broadcaster Al Jazeera. The Qatar-based channel has been broadcasting audio and video messages from al-Qaida leaders for more than a decade.

The United States intelligence agency was so interested, in fact, that it hacked into Al Jazeera’s internal communications system, according to documents from former NSA contractor and whistleblower Edward Snowden that have been seen by SPIEGEL.

One such document, dated March 23, 2006, reveals that the NSA’s Network Analysis Center managed to access and read communication by “interesting targets” that was specially protected by the news organization. The information also shows that the NSA officials were not satisfied with Al Jazeera’s language analysis.

Read more from this story HERE.

$5.7M NSF Grant For Card Games, Videos To Teach Public About Global Warming

/4 Comments/in , /by

Photo Credit: CNS News

Photo Credit: CNS News

A multi-million dollar project funded by the National Science Foundation is developing card games, videos and other educational programs “to engage adult learners and inform public understanding and response to climate change.”

The $5.7 million Polar Learning and Responding (PoLAR) project is just the latest in a series of federally-funded climate change efforts since Congress established the Climate Change Educational Partnership (CCEP) in 2009.

CCEP has already spent $46 million on taxpayer-funded research projects around the country designed to find the most effective ways to convince Americans that the federal government should confront what researchers claim is the threat of global warming.

Stephanie Pfirman, principal investigator and professor of environmental science at Barnard College, told CNSNews.com that one of the games under development by PoLAR is “EcoChains” – a card game in which “players learn the components of an Arctic marine food chain, the reliance of some species on sea ice, and potential impacts of future changes.”

Other games include “Future Coast” – described as “a community-based activity where participants consider the implications of sea level rise coupled with a storm surge, as happened with [Hurricane] Sandy.”

Read more from this story HERE.