The board's server will undergo upgrade maintenance tonight, Nov 5, 2014, beginning approximately around 10 PM ET. Prepare for some possible down time during this process.
FAQ    Search

Board index » Word on the Street » News & Debate




Post new topic Reply to topic  [ 143 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7, 8  Next
Author Message
 Post subject: Re: NSA leak and online tracking
PostPosted: Wed March 19, 2014 12:04 am 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 10:41 am
Posts: 3243
Location: Calgary, AB, Canada
How the NSA Plans to Infect ‘Millions’ of Computers with Malware
By Ryan Gallagher and Glenn Greenwald
12 Mar 2014, 9:19 AM EDT
Image
One presentation outlines how the NSA performs “industrial-scale exploitation” of computer networks across the world

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”

In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.” The system manages the applications and functions of the implants and “decides” what tools they need to best extract data from infected machines.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.”

“That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”

The NSA declined to answer questions about its deployment of implants, pointing to a new presidential policy directive announced by President Obama. “As the president made clear on 17 January,” the agency said in a statement, “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”


“Owning the Net”

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands.

To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices.

In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations.

But the NSA recognized that managing a massive network of implants is too big a job for humans alone.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”

Image

TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.”

In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations.

The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)

Image

Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations.

Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers.

The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.”

The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”

Circumventing Encryption

The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes.

One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer.

An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.

The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption.

It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.

Previous reports have alleged that the NSA worked with Israel to develop the Stuxnet malware, which was used to sabotage Iranian nuclear facilities. The agency also reportedly worked with Israel to deploy malware called Flame to infiltrate computers and spy on communications in countries across the Middle East.

According to the Snowden files, the technology has been used to seek out terror suspects as well as individuals regarded by the NSA as “extremist.” But the mandate of the NSA’s hackers is not limited to invading the systems of those who pose a threat to national security.

In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes.

The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”

Similar tactics have been adopted by Government Communications Headquarters, the NSA’s British counterpart. As the German newspaper Der Spiegel reported in September, GCHQ hacked computers belonging to network engineers at Belgacom, the Belgian telecommunications provider.

The mission, codenamed “Operation Socialist,” was designed to enable GCHQ to monitor mobile phones connected to Belgacom’s network. The secret files deem the mission a “success,” and indicate that the agency had the ability to covertly access Belgacom’s systems since at least 2010.

Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications.

Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.

Image

The implants also track phone calls sent across the network via Skype and other Voice Over IP software, revealing the username of the person making the call. If the audio of the VOIP conversation is sent over the Internet using unencrypted “Real-time Transport Protocol” packets, the implants can covertly record the audio data and then return it to the NSA for analysis.

Image

But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.


“Mass exploitation potential”

Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network.

According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds.

There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious.

Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.

To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second.

In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.



The documents show that QUANTUMHAND became operational in October 2010, after being successfully tested by the NSA against about a dozen targets.

According to Matt Blaze, a surveillance and cryptography expert at the University of Pennsylvania, it appears that the QUANTUMHAND technique is aimed at targeting specific individuals. But he expresses concerns about how it has been covertly integrated within Internet networks as part of the NSA’s automated TURBINE system.

“As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that’s terrifying,” Blaze says.

“Forget about how the NSA is intending to use it. How do we know it is working correctly and only targeting who the NSA wants? And even if it does work correctly, which is itself a really dubious assumption, how is it controlled?”

In an email statement to The Intercept, Facebook spokesman Jay Nancarrow said the company had “no evidence of this alleged activity.” He added that Facebook implemented HTTPS encryption for users last year, making browsing sessions less vulnerable to malware attacks.

Nancarrow also pointed out that other services besides Facebook could have been compromised by the NSA. “If government agencies indeed have privileged access to network service providers,” he said, “any site running only [unencrypted] HTTP could conceivably have its traffic misdirected.”

A man-in-the-middle attack is a similar but slightly more aggressive method that can be used by the NSA to deploy its malware. It refers to a hacking technique in which the agency covertly places itself between computers as they are communicating with each other.

This allows the NSA not only to observe and redirect browsing sessions, but to modify the content of data packets that are passing between computers.

The man-in-the-middle tactic can be used, for instance, to covertly change the content of a message as it is being sent between two people, without either knowing that any change has been made by a third party. The same technique is sometimes used by criminal hackers to defraud people.

A top-secret NSA presentation from 2012 reveals that the agency developed a man-in-the-middle capability called SECONDDATE to “influence real-time communications between client and server” and to “quietly redirect web-browsers” to NSA malware servers called FOXACID. In October, details about the FOXACID system were reported by the Guardian, which revealed its links to attacks against users of the Internet anonymity service Tor.

But SECONDDATE is tailored not only for “surgical” surveillance attacks on individual suspects. It can also be used to launch bulk malware attacks against computers.

According to the 2012 presentation, the tactic has “mass exploitation potential for clients passing through network choke points.”

Image

Blaze, the University of Pennsylvania surveillance expert, says the potential use of man-in-the-middle attacks on such a scale “seems very disturbing.” Such an approach would involve indiscriminately monitoring entire networks as opposed to targeting individual suspects.

“The thing that raises a red flag for me is the reference to ‘network choke points,’” he says. “That’s the last place that we should be allowing intelligence agencies to compromise the infrastructure – because that is by definition a mass surveillance technique.”

To deploy some of its malware implants, the NSA exploits security vulnerabilities in commonly used Internet browsers such as Mozilla Firefox and Internet Explorer.

The agency’s hackers also exploit security weaknesses in network routers and in popular software plugins such as Flash and Java to deliver malicious code onto targeted machines.

The implants can circumvent anti-virus programs, and the NSA has gone to extreme lengths to ensure that its clandestine technology is extremely difficult to detect. An implant named VALIDATOR, used by the NSA to upload and download data to and from an infected machine, can be set to self-destruct – deleting itself from an infected computer after a set time expires.

In many cases, firewalls and other security measures do not appear to pose much of an obstacle to the NSA. Indeed, the agency’s hackers appear confident in their ability to circumvent any security mechanism that stands between them and compromising a computer or network. “If we can get the target to visit us in some sort of web browser, we can probably own them,” an agency hacker boasts in one secret document. “The only limitation is the ‘how.’”


Covert Infrastructure

The TURBINE implants system does not operate in isolation.

It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.
Image

The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England.

The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet.

When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack.

The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter.

Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.

Image

What’s more, the TURBINE system operates with the knowledge and support of other governments, some of which have participated in the malware attacks.

Classification markings on the Snowden documents indicate that NSA has shared many of its files on the use of implants with its counterparts in the so-called Five Eyes surveillance alliance – the United Kingdom, Canada, New Zealand, and Australia.

GCHQ, the British agency, has taken on a particularly important role in helping to develop the malware tactics. The Menwith Hill satellite eavesdropping base that is part of the TURMOIL network, located in a rural part of Northern England, is operated by the NSA in close cooperation with GCHQ.

Top-secret documents show that the British base – referred to by the NSA as “MHS” for Menwith Hill Station – is an integral component of the TURBINE malware infrastructure and has been used to experiment with implant “exploitation” attacks against users of Yahoo and Hotmail.

In one document dated 2010, at least five variants of the QUANTUM hacking method were listed as being “operational” at Menwith Hill. The same document also reveals that GCHQ helped integrate three of the QUANTUM malware capabilities – and test two others – as part of a surveillance system it operates codenamed INSENSER.

GCHQ cooperated with the hacking attacks despite having reservations about their legality. One of the Snowden files, previously disclosed by Swedish broadcaster SVT, revealed that as recently as April 2013, GCHQ was apparently reluctant to get involved in deploying the QUANTUM malware due to “legal/policy restrictions.” A representative from a unit of the British surveillance agency, meeting with an obscure telecommunications standards committee in 2010, separately voiced concerns that performing “active” hacking attacks for surveillance “may be illegal” under British law.

In response to questions from The Intercept, GCHQ refused to comment on its involvement in the covert hacking operations. Citing its boilerplate response to inquiries, the agency said in a statement that “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight.”

Whatever the legalities of the United Kingdom and United States infiltrating computer networks, the Snowden files bring into sharp focus the broader implications. Under cover of secrecy and without public debate, there has been an unprecedented proliferation of aggressive surveillance techniques. One of the NSA’s primary concerns, in fact, appears to be that its clandestine tactics are now being adopted by foreign rivals, too.

“Hacking routers has been good business for us and our 5-eyes partners for some time,” notes one NSA analyst in a top-secret document dated December 2012. “But it is becoming more apparent that other nation states are honing their skillz [sic] and joining the scene.”

_________________
"I'll hold your wallet while you go fuck yourself"-David Letterman


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Wed March 19, 2014 3:55 pm 
Offline
User avatar
I've been POOSSTTIiiEEnngeeaahh
 Profile

Joined: Fri August 16, 2013 6:36 pm
Posts: 10108
Location: Death Machine Inc's HQ
what does this have to do with kimbo slice?

_________________
No Fat Chicks


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Wed March 19, 2014 8:00 pm 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 10:41 am
Posts: 3243
Location: Calgary, AB, Canada
Sensitive personal information revealed in smartphone metadata, study finds

By Ian MacLeod, OTTAWA CITIZEN March 13, 2014

OTTAWA — The kind of “metadata” that can be gleaned from smartphone records — the same type of data targeted by Canadian and American intelligence agencies — can reveal highly sensitive personal information, a new study at Stanford University has revealed.

“We were able to infer medical conditions and more, using solely phone metadata,” report Jonathan Mayer and Patrick Mutchler, researchers at Stanford’s Department of Computer Science.

The newly released results underscore why the U.S. National Security Agency (NSA) and Communications Security Establishment Canada (CSE) believe metadata collection and analysis is effective for tracking the activities of terror targets and others.

The Stanford “Metaphone” project analyzed metadata from 546 volunteer Android phone users, starting in November. A special phone app transmitted device logs and social network information to Stanford for analysis. The aim was to estimate the reach of the NSA’s metadata surveillance and related privacy risks.

Among those identified by the small Stanford project were a suspected marijuana grow operator, a multiple sclerosis sufferer and a woman who may have been arranging an abortion.

Other participants had calls with Alcoholics Anonymous, gun stores, a pro-choice political action organization, labour unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, “and much more,” Mayer writes of the research findings.

The ability to draw similarly revealing information about Canadians’ lives is just as possible, said Christopher Parsons, a post-doctoral fellow specializing in privacy and surveillance issues at the Citizen Lab at Toronto’s Munk School of Global Affairs.

The debate over the secret interception of digital, transactional records from smartphones and mobile devices, including their locations, numbers called, duration and Internet sites browsed, extends beyond the claimed security intelligence needs of the CSE and the massive, bulk metadata collection practised by the NSA.

Parsons believes some Canadian telecommunications companies could use metadata to deliver advertising and sell consumer intelligence to marketers. “Canadian companies do recognize this kind of data as a place to make money,” he said. “There is clear value in it.”

In the Metaphone project, the volunteer’s phones contacted almost 34,000 unique numbers, about 6,100 of which were traced to an identifiable person or organization.

Two sets of results emerged: an analysis of individual calls to “sensitive” numbers, from political and religious organizations to adult entertainment establishments; and patterns of some calls to emphasize the detail available in telephone metadata.

“If a person reaches out to a political campaign, for example, it seems highly probable that the person supports the candidate,” the researchers report.

“Similarly, if a person speaks at length with a religious institution, it appears likely that the person is of that faith. A further inference could also be made, that the person worships at that particular institution.” Their assumptions were verified or supported in some cases through Goggle and Facebook page searches.

Health and financial services were the two top categories of organizations that the participants called.

As well, many numbers were associated with specialized products or services, particularly within professional fields. In medicine, for example, the researchers were able to easily categorize phone numbers by specialty practice area, such as sexual and reproductive health organizations.

Calling patterns were revealing, too. The study found patterns it says were highly indicative of “sensitive activities or traits.”

One participant communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.

Another spoke at length with cardiologists at a major medical centre, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.

In a span of three weeks, another contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.

One woman had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.

_________________
"I'll hold your wallet while you go fuck yourself"-David Letterman


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Mon September 22, 2014 3:48 am 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 10:41 am
Posts: 3243
Location: Calgary, AB, Canada
The NSA's crazy fine threat against Yahoo put in perspective

By Dell Cameron

Last week, we learned from the New York Times that in order to acquire the Internet communications of Yahoo’s customers, the U.S. government was willing to impose a $250,000 per day fine for the company’s noncompliance.

New details brought to light by the the attorneys involved in the 2008 legal action, however, reveal the situation to be much worse. The financial consequences Yahoo faced for standing up to the National Security Agency (NSA) were nothing less than a loaded gun at the side of its head.

“Imagine a well-known, publicly traded company suddenly ceased operating, and the CEO couldn’t explain why,” an article on Yahoo! Finance read Tuesday morning. “Picture shareholders losing everything, with zero warning.” According to a recently unsealed motion filed by attorneys representing the U.S. spy agency, that scenario almost certainly describes Yahoo’s fate, had they not agreed to follow the government’s orders precisely.

See, the $250,000 per day figure cited by the Times isn’t the whole story. According to attorneys Marc Zwillinger and Jacob Sommer, who represented Yahoo in the secret spy court, the coercive fine would have actually doubled each week, quickly reaching an unprecedented figure.

Doubling weekly, the amount of Yahoo’s fine becomes astronomical. Of course, the company would have been dead relatively quick—its 14,000 employees out of a job.

Here’s how much money the government would have made, had they continued somehow collecting the penalty against Yahoo:

After less than two months of fining Yahoo, the NSA could have purchased the most expensive painting in the world: One of five 19th century masterpieces called “The Card Players,” by Paul Cézanne, which sold in 2011 to the Royal Family of Qatar for an estimated $259 million.

Image

After just nine weeks of holding Yahoo upside down by its ankles, according to this random person claiming to be an architect on Reddit, the NSA could have reconstructed the Roman Coliseum for the price of $1 billion.

Image

After just 92 days, the NSA would have been owed a figure proportional to Yahoo’s total assets: $16.46 billion (as of June 30). If they had stopped just one day sooner, they still could have bought every person on the planet a $2 hot dog.

Image

On the 163rd day of fining Yahoo—approximately 23 weeks after the first $250,000 was collected—the NSA could have liberated America from its national debt, having collected over $17.72 trillion. (Of course, by now, Yahoo is no more.)

Image

Less than a month later, after just 29 weeks of collecting on a daily fine that started at $250,000 and doubled each week, the NSA would have been owed the total wealth of the world: an estimated $241 trillion.

Image

Of course, with all of us homeless and unable to pay our phone bills, whose electronics would the NSA have to spy on?

_________________
"I'll hold your wallet while you go fuck yourself"-David Letterman


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Mon September 22, 2014 10:36 am 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 3:24 pm
Posts: 3076
Location: Death Machine Inc's HQ
Stickman wrote:

Parsons believes some Canadian telecommunications companies could use metadata to deliver advertising and sell consumer intelligence to marketers. “Canadian companies do recognize this kind of data as a place to make money,” he said. “There is clear value in it.”



This is what makes the cellular metadata collection debate somewhat pointless as the telecoms and a huge array of apps are already collecting the metadata and reselling it to advertisers. (Android versions before 4.2 were really bad about allowing this.) The only law that stops them in the US is that the advertisers cannot market directly to children on digital platforms... so the answer to the obvious questions is yes, their tracking and usage algos are good enough to determine which users are likely under 10.

_________________
the sentinel remains vigilant


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Thu September 25, 2014 8:57 pm 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 3:24 pm
Posts: 3076
Location: Death Machine Inc's HQ
Quote:
FBI blasts Apple, Google for locking police out of phones
By Craig Timberg and Greg Miller September 25 at 3:44 PM

FBI Director James B. Comey sharply criticized Apple and Google on Thursday for developing forms of smartphone encryption so secure that law enforcement officials cannot easily gain access to information stored on the devices — even when they have valid search warrants.

His comments were the most forceful yet from a top government official but echo a chorus of denunciation from law enforcement officials nationwide. Police have said that the ability to search photos, messages and Web histories on smartphones is essential to solving a range of serious crimes, from murder to child pornography to attempted terrorist attacks.

“There will come a day when it will matter a great deal to the lives of people…that we will be able to gain access” to such devices, Comey told reporters in a briefing. “I want to have that conversation [with companies responsible] before that day comes.”

Comey added that FBI officials already have made initial contact with the two companies, which announced their new smartphone encryption initiatives last week. He said he could not understand why companies would “market something expressly to allow people to place themselves beyond the law.”

Comey’s remarks followed news last week that Apple’s latest mobile operating system, iOS 8, is so thoroughly encrypted that the company is unable to unlock iPhones or iPads for police. Google, meanwhile, is moving to an automatic form of encryption for its newest version of Android operating system that the company also will not be able to unlock, though it will take longer for that new feature to reach most consumers.

Both companies, contacted Thursday afternoon, declined to offer immediate reaction to Comey’s comments.

For detectives working a tough case, few types of evidence are more revealing than a smartphone. Calls logs, instant messages and location records can link a suspect to a crime precisely when and where it occurred. And a surprising number of criminals, police say, like to take selfies posing with accomplices — and often the loot they stole together.

But the era of easy law enforcement access to smartphones may be drawing to a close as courts and tech companies erect new barriers to police searches of popular electronic devices. The result, say law enforcement officials, legal experts and forensic analysts, is that more and more seized smartphones will end up as little more than shiny paperweights, with potentially incriminating secrets locked inside forever.

The irony, some say, is that while the legal and technical changes are fueled by anger over reports of mass surveillance by the National Security Agency, the consequences are being felt most heavily by practitioners of targeted investigations — namely ordinary detectives, often armed with warrants certifying that a judge has found probable cause that a search will reveal evidence of a crime.

“A lot of the outrage is about warrantless mass surveillance, and this is the total opposite,” said Orrin Kerr, a former Justice Department computer crimes lawyer, now a George Washington University professor.

Not all of the high-tech tools favored by police are in peril. They can still seek records of calls or texts from cellular carriers, eavesdrop on conversations and, based on the cell towers used, determine the general locations of suspects. Police can seek data backed up on remote cloud services, which increasingly keep backups of the data collected by smartphones. And the most sophisticated law enforcements agencies can deliver malicious software to phones capable of making them spy on users — revealing locations and communications, and in some cases secretly activating cameras and microphones as well.

Yet the devices themselves are gradually moving beyond the reach of police in a range of circumstances, prompting ire from investigators. Frustration is running particularly high at Apple, which made the first announcement about new encryption and is moving much more swiftly than Google to get it into the hands of consumers.

“Apple will become the phone of choice for the pedophile,” said John J. Escalante, chief of detectives for Chicago’s police department. “The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.”

The rising use of encryption is already taking a toll on the ability of law enforcement officials to collect evidence from smartphones. Apple in particular has been introducing tough new security measures for more than two years that have made it difficult for police armed with cracking software to break in. The new encryption is significantly tougher, say experts.

“There are some things you can do. There are some things the NSA can do. For the average mortal, I’d say they’re probably out of luck,” said Jonathan Zdziarski, a forensics researcher based in New Hampshire.

Los Angeles police Detective Brian Collins, who does forensics analysis for anti-gang and narcotics investigations, says he works on about 30 smartphones a month. And where he used to successfully crack into 80 percent of them, the percentage has been gradually shrinking — a trend he fears will only accelerate.

“I’ve been an investigator for almost 27 years,” Collins said, “It’s concerning that we’re beginning to go backwards with this technology.”

The new encryption initiatives by Apple and Google come after June’s Supreme Court ruling requiring police, in most circumstances, to get a search warrant before gathering data from a phone. The magistrate courts that typically issue search warrants, meanwhile, are more carefully scrutinizing requests amid the heightened privacy concerns that followed the NSA disclosures that began last year.

Civil liberties activists call this shift a necessary correction to the deterioration of personal privacy in the digital era — and especially since Apple’s introduction of the iPhone in 2007 inaugurated an era in which smartphones became remarkably intimate companions of people everywhere.

“Law enforcement has an enormous range of technical and old-fashioned methods to go after the perpetrators of real crime, and no amount of security effort at Silicon Valley tech companies is going to change that fact,” said Peter Eckersely, director of technology projects at the Electronic Frontier Foundation, a civil liberties group based in San Francisco. “The reality is that if the FBI really wants to investigate someone, they have a spectacular arsenal of weapons.”

Sometimes, say police, that’s not enough.

Escalante, the Chicago chief of detectives, pointed to a recent case in which a gang of three men forced their way into the home of a retired officer in March and shot him in the face as his wife lay helplessly nearby. When the victim, Elmer Brown, 73, died two weeks later, city detectives working the case already were running low on useful leads.

But state police got a break in a routine traffic stop in June, confiscating a Colt revolver that once belonged to Brown, police say. That led investigators to a Facebook post, made two days after the homicide, in which another man posed in a cell phone selfie with the same gun.

When police found the smartphone used for that picture, the case broke open, say investigators. Though the Android device was locked with a swipe code, a police forensics lab was able to defeat it to collect evidence; the underlying data was not encrypted. Three males, one of whom was a juvenile, eventually were arrested.

“You present them with a picture of themselves, taken with the gun, and it’s hard to deny it,” said Sgt. Richard Wiser, head of the Chicago violent crimes unit that investigated the case. “It played a huge role in this whole thing. As it was, it took six months to get them. Who knows how long it would have taken without this.”

_________________
the sentinel remains vigilant


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Thu September 25, 2014 9:22 pm 
Offline
User avatar
AnalLog
 Profile

Joined: Wed January 16, 2013 10:46 pm
Posts: 1600
Location: Wrigleyville
Perhaps this is in response to being bullied into Prism and the $250K/day fine that would double every week?

Quote:
A lot of the outrage is about warrantless mass surveillance, and this is the total opposite,” said Orrin Kerr, a former Justice Department computer crimes lawyer, now a George Washington University professor.


Actually it’s about the lack and abuse of trust of those entrusted with the moniker to serve and protect the public that no longer trusts a militarized police state that routinely absolves people of their rights.

Quote:
Apple will become the phone of choice for the pedophile,” said John J. Escalante, chief of detectives for Chicago’s police department. “The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.


With the increasing number of police brutalities and unarmed killings, “The average cop at this point is probably thinking, I’ve got to get an iPhone."


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Thu September 25, 2014 10:00 pm 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 3:24 pm
Posts: 3076
Location: Death Machine Inc's HQ
While what you are saying makes sense, the issue is that warranted searches that comply with the fourth amendment and the recent Supreme Court ruling maybe not be possible anymore, even in the most extreme situations (such as child abduction).

_________________
the sentinel remains vigilant


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Fri September 26, 2014 12:46 am 
Offline
AnalLog
 Profile

Joined: Wed January 02, 2013 3:41 am
Posts: 1152
broken iris wrote:
While what you are saying makes sense, the issue is that warranted searches that comply with the fourth amendment and the recent Supreme Court ruling maybe not be possible anymore, even in the most extreme situations (such as child abduction).


Metadata seems more than enough to cover that sort of situation, and the NSA already has it. Unfortunately their priorities are so messed up they'll likely only use it for drug crimes, because that's where the money is. I resent the default assumption that everything needs to have a backdoor for Big Brother's convenience. Should every lock have a spare key sent to the FBI just in case you secure something nefarious with it?


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Fri September 26, 2014 2:26 pm 
Offline
User avatar
AnalLog
 Profile

Joined: Wed January 16, 2013 10:46 pm
Posts: 1600
Location: Wrigleyville
simple schoolboy wrote:
broken iris wrote:
While what you are saying makes sense, the issue is that warranted searches that comply with the fourth amendment and the recent Supreme Court ruling maybe not be possible anymore, even in the most extreme situations (such as child abduction).


Metadata seems more than enough to cover that sort of situation, and the NSA already has it. Unfortunately their priorities are so messed up they'll likely only use it for drug crimes, because that's where the money is. I resent the default assumption that everything needs to have a backdoor for Big Brother's convenience. Should every lock have a spare key sent to the FBI just in case you secure something nefarious with it?


Yeah I was just going to post about the meta data. IT's not like they can't get the important info anyways, they just have to wake up a friendly judge to do it now.


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Fri September 26, 2014 8:54 pm 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 3:24 pm
Posts: 3076
Location: Death Machine Inc's HQ
Fuck You Jobu wrote:
simple schoolboy wrote:
broken iris wrote:
While what you are saying makes sense, the issue is that warranted searches that comply with the fourth amendment and the recent Supreme Court ruling maybe not be possible anymore, even in the most extreme situations (such as child abduction).


Metadata seems more than enough to cover that sort of situation, and the NSA already has it. Unfortunately their priorities are so messed up they'll likely only use it for drug crimes, because that's where the money is. I resent the default assumption that everything needs to have a backdoor for Big Brother's convenience. Should every lock have a spare key sent to the FBI just in case you secure something nefarious with it?


Yeah I was just going to post about the meta data. IT's not like they can't get the important info anyways, they just have to wake up a friendly judge to do it now.



Well, unless I am reading it wrong (that has happened), the point is that it is possible that they can't anymore, even with a valid warrant. The encryption tactic Apple has gone with may prevent anyone but the phone's owner from getting at the data that isn't backed up to the cloud, even Apple itself. It's basically saying that they are going to prevent illegal searches by preventing all searches and then washing their hands of it by implementing it in a way that they can't crack it.

It get that there is some delightful irony and schadenfreude here, but remember we aren't talking about the NSA, we are talking about local detectives with valid court warrants to investigate data on the phones. These are civil law enforcement officers who have followed the law and been designated by our legal system to be able to see that data in the course of investigating a crime... and now may be prevented from it.

I am not faulting Apple here, if they hadn't done this someone else would have, but it does create some serious issues for basic law enforcement without stopping the violations of the government intel powerhouses.

_________________
the sentinel remains vigilant


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Fri September 26, 2014 9:25 pm 
Offline
User avatar
AnalLog
 Profile

Joined: Wed January 16, 2013 10:46 pm
Posts: 1600
Location: Wrigleyville
broken iris wrote:
Fuck You Jobu wrote:
simple schoolboy wrote:
broken iris wrote:
While what you are saying makes sense, the issue is that warranted searches that comply with the fourth amendment and the recent Supreme Court ruling maybe not be possible anymore, even in the most extreme situations (such as child abduction).


Metadata seems more than enough to cover that sort of situation, and the NSA already has it. Unfortunately their priorities are so messed up they'll likely only use it for drug crimes, because that's where the money is. I resent the default assumption that everything needs to have a backdoor for Big Brother's convenience. Should every lock have a spare key sent to the FBI just in case you secure something nefarious with it?


Yeah I was just going to post about the meta data. IT's not like they can't get the important info anyways, they just have to wake up a friendly judge to do it now.



Well, unless I am reading it wrong (that has happened), the point is that it is possible that they can't anymore, even with a valid warrant. The encryption tactic Apple has gone with may prevent anyone but the phone's owner from getting at the data that isn't backed up to the cloud, even Apple itself. It's basically saying that they are going to prevent illegal searches by preventing all searches and then washing their hands of it by implementing it in a way that they can't crack it.

It get that there is some delightful irony and schadenfreude here, but remember we aren't talking about the NSA, we are talking about local detectives with valid court warrants to investigate data on the phones. These are civil law enforcement officers who have followed the law and been designated by our legal system to be able to see that data in the course of investigating a crime... and now may be prevented from it.

I am not faulting Apple here, if they hadn't done this someone else would have, but it does create some serious issues for basic law enforcement without stopping the violations of the government intel powerhouses.


Forgive my suspicions...

Image


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Sun October 26, 2014 7:46 pm 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 10:41 am
Posts: 3243
Location: Calgary, AB, Canada

_________________
"I'll hold your wallet while you go fuck yourself"-David Letterman


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Fri October 31, 2014 7:40 pm 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 3:24 pm
Posts: 3076
Location: Death Machine Inc's HQ
Quote:
http://www.propublica.org/article/somebodys-already-using-verizons-id-to-track-users


Somebody’s Already Using Verizon’s ID to Track Users

Twitter is using a newly discovered hidden code that the telecom carriers are adding to every page you visit – and it’s very hard to opt out.

by Julia Angwin and Jeff Larson
ProPublica, Oct. 30, 2014, 11:59 a.m.

Twitter's mobile advertising arm enables its clients to use a hidden, undeletable tracking number created by Verizon to track user behavior on smartphones and tablets.

Wired and Forbes reported earlier this week that the two largest cellphone carriers in the United States, Verizon and AT&T, are adding the tracking number to their subscribers' Internet activity, even when users opt out.

The data can be used by any site – even those with no relationship to the telecoms -- to build a dossier about a person's behavior on mobile devices – including which apps they use, what sites they visit and for how long.

MoPub, acquired by Twitter in 2013, bills itself as the "world's largest mobile ad exchange." It uses Verizon's tag to track and target cellphone users for ads, according to instructions for software developers posted on its website.

Twitter declined to comment.

AT&T said that its actions are part of a test. Verizon says it doesn't sell information about the demographics of people who have opted out.

This controversial type of tracking, known in industry jargon as header enrichment, is the latest step in the mobile industry's quest to track users on their devices. Google has proposed a new standard for Internet services that, among other things, would prevent header enrichment.

People using apps on tablets and smartphones present a challenge for companies that want to track behavior so they can target ads. Unlike on desktop computers, where users tend to connect to sites using a single Web browser that can be easily tracked by "cookies," users on smartphones and tablets use many different apps that do not share information with each other.

For a while, ad trackers solved this problem by using a number that was build into each smartphone by Apple and Google. But under pressure from privacy critics, both companies took steps to secure these Device IDs, and began allowing their users to delete them, in the same way they could delete cookies in their desktop Web browser.

So the search for a better way to track mobile users continued. In 2010, two European telecom engineers proposed an Internet standard for telecom companies to track their users with a new kind of unique identifier. The proposal was eventually adopted as a standard by an industry group called the Open Mobile Alliance.

Telecoms began racing to find ways to use the new identifier. Telecom equipment makers such as Cisco and Juniper began offering systems that allow the identifiers to be injected into mobile traffic.

In the spring of 2012, AT&T applied for a patent for a method of inserting a "shortlived subscriber identifier" into Web traffic of its mobile subscribers and Verizon applied for a patent for inserting a "unique identification header" into its subscriber's traffic. The Verizon patent claims this header is specifically meant to "provide content that is targeted to a subscriber."

Inserting the identifiers requires the telecom carrier to modify the information that flows out of a user's phone. AT&T's patent acknowledges that it would be impossible to insert the identifier into web traffic if it were encrypted using HTTPS, but offers an easy solution – to instruct web servers to force phones to use an unencrypted connection.

In the fall of 2012, Verizon notified users that it would begin selling "aggregating customer data that has already been de-identified" -- such as Web-browsing history and location -- and offered users an opt-out. In 2013, AT&T launched its version -- a plan to offer "anonymous AT&T data" to allow advertiser to "deliver the most relevant messages to consumers." The company also updated its privacy policy to offer an opt-out.

AT&T's program eventually shut down. Company spokesman Mark Siegel said that AT&T is currently inserting the identifiers as part of a "test" for a possible future "relevant advertising" service. "We are considering such a program, and any program we would offer would maintain our fundamental commitment to customer privacy," he said. He added that the identifier changes every 24 hours.

It's not clear how much of a hurdle changing the identifier would present to a targeting company that was assembling a dossier of a user's behavior.

Meanwhile, Verizon's service – Precision Market Insights – has become popular among ad tracking companies that specialize in building profiles' of user behavior and creating customized ads for those users. Companies that buy the Verizon service can ask Verizon for additional information about the people whose unique identifiers they observe.

"What we're excited about is the carrier level ID, a higher-level recognition point that lets us track with certainty when a user, who is connected to a given carrier, moves from an app to a mobile Web landing page," an executive from an ad tracking company Run told an industry trade publication.

And in a promotional video for Verizon's service, ad executive Chris Smith at Turn, touted "the accuracy of the data," that the company receives from Verizon.

But advertisers who don't pay Verizon for additional information still receive the identifier. A Verizon spokeswoman said, "We do not provide any data related to the [unique identifier] without customer consent and we change the [unique identifier] on a regular basis to prevent third parties from building profiles against it." She declined to say how often Verizon changes the identifier.

The use of carrier-level identifiers appears to be becoming standard. Vodafone, a British telecom, says it inserts a similar identifier into some mobile traffic. A Vodafone spokesman said "Header enrichment is not our default operation and we do not routinely share information with the websites our customers visit."

However, ProPublica found a handful of Vodafone identifiers in its logs of website visitors. That review also showed more than two thirds of AT&T and Verizon visitors to ProPublica's website contained mobile identifiers.

And there appears to be no way to opt out. Last week, security engineer Kenn White noticed an Ad Age news article about Verizon's mobile marketing program and set up a test server to see if he was being tracked. He had opted out years ago, but he noticed a strange identifier in the web traffic from his phone.

His tweets sparked a flurry of discussion of Verizon's actions on the Hacker News discussion board, and articles in the technology press.

Software engineer Dan Schmads, an AT&T user, also tried to opt out. He found that he needed to visit four different webpages to opt out, including one web page not even on AT&T's domain: http://205.234.28.93/mobileoptout/. But he continues to see the AT&T identifier in his mobile traffic.

AT&T's Siegel told ProPublica that he appreciated the feedback on the difficulty of opting out and that the company plans to streamline the process before launching its service.

"Before we do any new program, we'll give customers the opportunity to reset their mobile ID at any time," he said. "It would be like clearing cookies."

Google has proposed a new Internet protocol called SPDY that would prevent these types of header injections – much to the dismay of many telecom companies who are lobbying against it. In May, a Verizon executive made a presentation describing how Google's proposal could "limit value-add services that are based on access to header" information.

_________________
the sentinel remains vigilant


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Fri October 31, 2014 7:48 pm 
Offline
User avatar
I've been POOSSTTIiiEEnngeeaahh
 Profile

Joined: Fri August 16, 2013 6:36 pm
Posts: 10108
Location: Death Machine Inc's HQ
i scrolled down this page really fast and briefly glimpsed a picture of a hot dog. does anyone want to explain that to me?

_________________
No Fat Chicks


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Fri June 10, 2016 1:36 am 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 10:41 am
Posts: 3243
Location: Calgary, AB, Canada

_________________
"I'll hold your wallet while you go fuck yourself"-David Letterman


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Wed July 13, 2016 8:27 pm 
Offline
Future Drummer
 Profile

Joined: Wed April 20, 2016 7:11 pm
Posts: 2046
Do yourselves a favor:

http://www.computerworld.com/article/3094833/data-privacy/google-quietly-brings-forgetting-to-the-u-s.html


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Wed July 13, 2016 8:35 pm 
Offline
User avatar
Worst Moderator
 Profile

Joined: Tue January 01, 2013 2:48 pm
Posts: 43700
Bi_3 wrote:

Interesting, the only thing in my history is YouTube videos. Is that because I do most of my surfing with an incognito window?

_________________
Clouuuuds Rolll byyy...BANG BANG BANG BANG


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Wed July 13, 2016 8:46 pm 
Online
User avatar
An enigma of a man shaped hole in the wall between reality and the soul of the devil.
 Profile

Joined: Tue January 01, 2013 5:13 pm
Posts: 28310
Location: Anywhere mediocrity is celebrated.
I'm not hearing a strong argument against this. "advertisers will send you less targeted ads" who cares?

_________________
Gravity is pseudo science. https://www.youtube.com/watch?v=cJOZp2ZftCw


Top
 
 Post subject: Re: NSA leak and online tracking
PostPosted: Tue September 20, 2016 2:49 am 
Offline
User avatar
Future Drummer
 Profile

Joined: Tue January 01, 2013 10:41 am
Posts: 3243
Location: Calgary, AB, Canada
The Feds Will Soon Be Able to Legally Hack Almost Anyone

_________________
"I'll hold your wallet while you go fuck yourself"-David Letterman


Top
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 143 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7, 8  Next

Board index » Word on the Street » News & Debate


Who is online

Users browsing this forum: Monkey_Driven and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
It is currently Tue September 26, 2017 9:13 am