Aug 20
The WSJ is reporting that the NSA can actually reach and spy on more of the Internet than they’ve publicly said. In fact, it looks like the NSA can reach roughly 75% of all U.S. Internet traffic. And yes, the NSA can read your e-mails too.
     |
Aug 20
WSJ reports NSA spying capabilities cover up to 75 percent of US internet traffic
Posted in: Today's Chili
The question of how much contact the NSA has with internet traffic throughout the US is being raised again, this time by the Wall Street Journal. Yesterday The Atlantic took issue with the security agency’s mathematics and 1.6 percent claim, while the WSJ report looks more closely at its reach into telecommunications companies. The mishmash of codenamed programs are said to cover up to 75 percent of US internet traffic, although the amount actually stored and accessed is much smaller. The main difference between the calculations may be due to the difference between what ISPs — handing over data under FISA orders — carry, and what the NSA specifically requests. Its capabilities mean it can pull a lot more than just metadata, with access to the actual content of what’s sent back and forth becoming even more troubling as privacy violations exposed by its own audits come to light.
There’s an FAQ-style breakdown of what’s new and notable from the usual “current and former” officials to get those interested up to speed quickly — keep your tinfoil hats and end-to-end encrypted communications systems close by.
Filed under: Internet
Source: Wall Street Journal (1), (2)
Aug 15
The Washington Post dropped two reports that exposes the recklessness of the NSA’s spying program. The first report is insane: the NSA has "broken privacy rules or overstepped its legal authority" thousands of times a year and the second report explains the insanity: the FISC court that’s supposed to be in charge of government spying programs has said that "its ability do so is limited and that it must trust the government" to report when the government has screwed up.
| |
Aug 15
It’s been two months since President Barack Obama first said that he welcomes a debate about NSA surveillance, which he once again reiterated last week at his press conference. Unfortunately, it’s very hard to have a real debate about a subject when the administration constantly and intentionally misleads Americans about the NSA’s capabilities and supposed legal powers.
| |
Aug 12
Spying must get boring sometimes. Identifying targets. Wiretapping unsuspecting citizens. Sifting through all that private data. It must get old. Maybe that’s why the NSA introduced gamification elements into its software to encourage a little bit of healthy competition between analysts.
| |
Aug 10
As we store and transport more and more information online, we’ve gradually come to realize how easy it is for others to access that information without our permission. From Facebook’s privacy policies to the ongoing NSA leaks, it seems like the ordinary online user has enough reason to log out. Well, I’ve got more bad news for you: anyone can build a powerful spying tool using off the shelf parts, and for under $60 (USD).
Brendan O’Connor is the founder of security and software consultancy company Malice Afterthought. Last week he made headlines when he shared how he built F-BOMB, a small device that runs a software that he calls CreepyDOL . The DOL stands for Distributed Object Locator and “Creepy” with a capital ‘C’ is the perfect word to describe it. O’Connor built the F-BOMB using the popular Raspberry Pi microcomputer and added a Wi-Fi sensor to the device. The cost? $57 (USD). He built 10 F-BOMBs and hooked them up to Reticle, a “command & control system” that he made. Finally he hooked it up to a “data visualization system,” which you can see in the image above and in O’Connor’s video below:
In case the video wasn’t clear enough, the F-BOMB can gather a disturbing amount of wireless data. As New York Times reported – and as the video above proves – with the F-BOMB you can find out not only information on a wireless device but what the user is currently using or accessing through the device: geolocation, websites, email addresses, programs and more.
In my brief chat with O’Connor, he revealed that the device can snoop on wireless devices within about 160ft. He can add other sensors to the F-BOMB as well as adapt it to snoop on wired connections. Further, O’Connor said the F-BOMB is a passive device, so you have no way of knowing if it’s snooping on you. Finally, I asked O’Connor if the situation really is as hopeless for consumers as the New York Times article seemed to indicate. Here’s what he said:
Yes, it really is that hopeless. There are vulnerabilities in all the relevant layers of the stack. The application developers need to stop leaking so much data outside encryption envelopes (e.g., why does iMessage send hardware make and model, and iOS version, unencrypted?). iOS (I’m picking on it here because I use it, but the same problem is larger) should have OS-level support for blocking all non-VPN traffic until a VPN connection is established (once it’s up, the connection is opaque, but while it’s going up, I’ve usually got all the data I need). And the low-level protocol needs to stop encouraging devices to *beacon out all their known networks constantly*. So since there needs to be culture-level shifts at all the layers of the stack, yes, for end-users, the situation is hopeless at the moment.”
In other words, not only is it possible to make a surveillance tool that is small and cheap, the devices that we use are practically inviting prying eyes to take a look at our data. It falls upon us as end users to nag Apple, Microsoft, Google and other companies who create the hardware and software that we use to step their security game up. It would be foolish to believe that they know nothing about the disaster that they’re courting (with our privacy and security at stake). But for some reason they’re not doing anything about it, nor are they telling us how much danger we’re in.
O’Connor intends to sell F-BOMBs soon. Fellow black hats and tinkerers can sign up at Malice Afterthought’s website to find out more about the F-BOMB and when it will go on sale. Ars Technica also has a thorough technical report on the F-BOMB. As for the rest of us? I guess we’d better start learning how to communicate telepathically.
[via Brendan O’Connor & The New York Times via Infoneer Pulse]
Aug 09
To be slightly more transparent and/or spew numbers to confuse the common citizen, the Obama administration released two documents to show the scope of the NSA’s data collection program. Those documents reveal that the NSA monitors 1.6% of the world’s Internet traffic and reviews .00004% of all traffic.
| |
Aug 09
NSA releases outline of security programs, says it ‘only’ touches 1.6 percent of internet traffic
Posted in: Today's Chili
Even as President Obama proposes a review of NSA procedures and oversight, the organization published a seven page document laying out in broad terms what it does, how it does it and why it thinks that’s OK. As Ars Technica points out, the memo claims “We do not need to sacrifice civil liberties for the sake of national security; both are integral to who we are as Americans. NSA can and will continue to conduct its operations in a manner that respects both.” While many would argue those points in light of the many programs recently uncovered, the NSA has a response there also:
According to figures published by a major tech provider, the Internet carries 1,826 Petabytes of information per day. In its foreign intelligence mission, NSA touches about 1.6% of that. However, of the 1.6% of the data, only 0.025% is actually selected for review. The net effect is that NSA analysts look at 0.00004% of the world’s traffic in conducting their mission – that’s less than one part in a million. Put another way, if a standard basketball court represented the global communications environment, NSA’s total collection would be represented by an area smaller than a dime on that basketball court.
Other sections go on to detail how it believes American citizen’s information could be picked up, and what it does to identify and minimize that data. Particularly illuminating is the six point process (listed after the break) by which it applies Executive Order 12333, considered “the foundational authority by which NSA collects, retains, analyzes, and disseminates foreign signals intelligence information” alongside the Foreign Intelligence Service Act of 1978 (FISA). It’s highly doubtful that any of these points will change your level of comfort with the policies and programs revealed or feelings about their need to change, but reading the document linked below may give some insight about how and why they were created.
Filed under: Internet
Via: Ars Technica
Source: NSA (PDF)
Aug 09
What It Means to Be an NSA ‘Target’
Posted in: Today's Chili
An important New York Times investigation from today reporting that the NSA "is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country," coupled with leaked documents published by the Guardian, seriously calls into question the accuracy of crucial statements made by government officials about NSA surveillance.
| |
Aug 06
Following a wave of polls showing a remarkable turn of public opinion, Congress has finally gotten serious about bringing limits, transparency and oversight to the NSA’s mass surveillance apparatus aimed at Americans.
| |
Who's in charge here?
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.