Hasta La Gadget!

As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of “Sigint (signals intelligence) enabling” in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program.

The agencies’ efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked “vast amounts” of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of “exploitable” information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA’s “problem” are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.

Filed under: Internet

Comments

Source: New York TImes, Guardian, ProPublica

The latest national security related revelation to come from the documents leaked by Edward Snowden is an account of how offensive computer operations work, and how many there are. The Washington Post reports that in 2011, 231 took place with about three quarters of them against “top-priority” targets, which its sources indicate include Iran, Russia, China and North Korea. Also interesting are details of software and hardware implants designed to infiltrate network hardware, persist through upgrades and access other connected devices or networks. The effort to break into networks is codenamed Genie, while the “Tailored Access Operations” group custom-builds tools to execute the attacks. One document references a new system “Turbine” that automates control of “potentially millions of implants” to gather data or execute an attack. All of this access isn’t possible for free however, with a total cyber operations budget of $1.02 billion which includes $25.1 million spent this year to purchase software vulnerabilities from malware vendors. Get your fill of codenames and cloak-and-dagger from the article posted tonight, or check out the “Black Budget” breakdown of overall intelligence spending.

Filed under: Internet

Comments

Source: Washington Post (1), (2)

A new batch of government documents pilfered by Edward Snowden, who is now living in Russia, were made known by The Washington Post today, one that showed a detailed budget and hinted at encryption decoding efforts by the NSA. A different one, however, had another interesting thing to bring to light: the NSA has a […]

It’s only reasonable to assume that men or women with near unbounded power to spy on the public would eventually use that power to peek at people they are sexually interested in. Well, now you don’t have to assume it, because the NSA is admitting it.

Read more…

The mounting national debt? Yeah, you’re probably better off just ignoring why exactly it’s mounting. The Guardian is continuing the blow the lid off of the whole NSA / PRISM saga, today revealing new documents that detail how the NSA paid out “millions” of dollars to cover PRISM compliance costs for a multitude of monolithic tech outfits. As the story goes, the National Security Agency (hence, tax dollars from American taxpayers) coughed up millions “to cover the costs of major internet companies involved in the PRISM surveillance program after a court ruled that some of the agency’s activities were unconstitutional.” The likes of Yahoo, Google, Microsoft and Facebook are expressly named, and while Google is still angling for permission to reveal more about its side of the story, other firms have conflicting tales.

For whatever it’s worth, a Yahoo spokesperson seemed a-okay with the whole ordeal, casually noting that this type of behavior is perfectly legal: “Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law.” Meanwhile, Facebook stated that it had “never received any compensation in connection with responding to a government data request.” Microsoft, as you might imagine, declined to comment, though we heard that Steve Ballmer could be seen in the distance throwing up a peace sign. At any rate, it’s fairly safe to assume that your worst nightmares are indeed a reality, and you may have a far more enjoyable weekend if you just accept the fact that The Man knows everything. Better, right?

Filed under: Internet, Google

Comments

Source: The Guardian