Category: Spying

The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censor video content judged to be “extremist.” The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call.

The tools were created by GCHQ’s Joint Threat Research Intelligence Group (JTRIG), and constitute some of the most startling methods of propaganda and internet deception contained within the Snowden archive. Previously disclosed documents have detailed JTRIG’s use of “fake victim blog posts,” “false flag operations,” “honey traps” and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.

(…)

GCHQ refused to provide any comment on the record beyond its standard boilerplate, in which it claims that it acts “in accordance with a strict legal and policy framework” and is subject to “rigorous oversight.” But both claims are questionable.

Link (The Intercept)

The latest Snowden story is a catalog of exploit tools from JTRIG (Joint Threat Research Intelligence Group), a unit of the British GCHQ, for both surveillance and propaganda. It’s a list of code names and short descriptions, such as these:

(…)

CLEAN SWEEP: Masquerade Facebook Wall Posts for individuals or entire countries.

CONCRETE DONKEY: is the capacity to scatter an audio message to a large number of telephones, or repeatedely bomb a target number with the same message.

GATEWAY: Ability to artificially increase traffic to a website.

GESTATOR: amplification of a given message, normally video, on popular multimedia websites (Youtube).

SCRAPHEAP CHALLENGE: Perfect spoofing of emails from Blackberry targets.

SUNBLOCK: Ability to deny functionality to send/receive email or view material online.

SWAMP DONKEY: is a tool that will silently locate all predefined types of file and encrypt them on a targets machine

UNDERPASS: Change outcome of online polls (previously known as NUBILO).

Go over to Bruce Schneiers blog to read the full article.

Imagine that you watched a police officer in your neighborhood stop ten completely ordinary people every day just to take a look inside their vehicle or backpack. Now imagine that nine of those people are never even accused of a crime. They just happened to be in the wrong place at the wrong time. Even the most law-abiding person would eventually protest this treatment. In fact—they have.1

Now replace police officers with the NSA. The scenario above is what the NSA is doing with our communications, under cover of its twisted interpretation of Section 702 of the FISA Amendments Act. The Washington Post has revealed that “Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets.” Additionally, “[n]early half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents.”

Link (EFF)

In the age of innocence that was brought to an end by Edward Snowden’s revelations, we broadly knew of three kinds of surveillance: the classic kind, by countries against other countries; the industrial kind, by companies against companies; and – the most recent addition – the Google/Facebook kind, carried out by companies against their customers. Snowden made us aware that countries also carried out large-scale surveillance against huge numbers of their own citizens, the vast majority of whom had done nothing to warrant that invasion of their privacy. But there’s a fifth kind of surveillance that has largely escaped notice, even though it represents a serious danger for democracy and freedom: spying carried out by companies against non-profit organizations whose work threatens their profits in some way.

Link (Techdirt)

Bruce Schneier writes

 Jake Appelbaum et. al, are reporting on XKEYSCORE selection rules that target users — and people who just visit the websites of — Tor, Tails, and other sites. This isn’t just metadata; this is “full take” content that’s stored forever.

Bruce Schneier has a blog post on how traffic shaping can help the NSA evade legal oversight

New research paper on how the NSA can evade legal prohibitions against collecting Internet data and metadata on Americans by forcing domestic traffic to leave and return to the US. The general technique is called “traffic shaping,” and has legitimate uses in network management.

Sam Nazarko has written a blog post about how he discovered that Vodafone in Spain is injecting JavaScript into every web page he browses:

I’ve started noticing requests to ’1.2.3.4′. Seeing as most ISPs use this IP internally, I thought I’d check out what’s going on.

No response to ping, and HTTP requests to that page will return a 500 status code. However I noticed this nasty:

<script src="http://1.2.3.4/bmi-int-js/bmi.js" language="javascript"></script>

This script is injected in to every HTTP page I request. When I request this web page, the server responds, identifying itself as WebProxy 6.0

(…)

For Vodafone to do this, they must be running a transparent HTTP proxy. This likely infers they are sniffing HTTP traffic for other purposes.  It paves the way for deep packet inspection (DPI), much the same way that having a national web filter does. Vodafone can then implement infrastructure that allows the interception and modification of web pages in real time under the guise that this will deliver a better user experience.

Ars Technica has written a review/preview of the Blackphone, an Android based phone that’s created specifically with the security conscious consumer in mind.

Rep. Grayson Asks If Keith Alexander Is Selling Classified Information To Get $1 Million Per Month (Techdirt)

Security expert Bruce Schneier noted that this fee for Alexander’s services is on its face unreasonable. “Think of how much actual security they could buy with that $600k a month. Unless he’s giving them classified information.” Schneier also quoted Recode.net, which headlined this news as: “For another million, I’ll show you the back door we put in your router.”

This arrangement with Mr. Alexander may also include additional work with the shadow regulatory firm The Promontory Group, with whom Alexander apparently will partner “on cybersecurity matters.” According to Promontory spokesman Chris Winans, Mr. Alexander “and a firm he’s forming will work on the technical aspects of these issues, and we on the risk-management compliance and governance elements.”

Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony. I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer to you.

Techdirt writes

(…) this amendment only fixes two specific problems. It stops the very questionable use of “backdoor searches” of information collected under the Section 702 program. This is the very questionable setup by which the NSA spies on Americans while insisting that they don’t actually spy on Americans. It also blocks the NSA from mandating that any technology companies create backdoors in their software or hardware to enable wiretapping (such as the NSA forcing Skype to no longer be encrypted end-to-end).

In many ways, this is more important as a symbolic gesture than for the specifics — but it should have a much wider impact as well. This is the first time that Congress has overwhelmingly voted to defund an NSA program. Last year’s Amash Amendment came very, very close to defunding a different program (the Section 215 bulk records collection program), but by passing by an overwhelming margin, this vote is a pretty big sign that the House (on both sides of the aisle) is not happy with how the NSA has been spying on Americans. As mentioned above, it’s also a big slap in the face to the White House and certain members of the House leadership who conspired to water down the USA Freedom Act a few weeks ago, stripping it of a very similar provision to block backdoor searches.

This amendment still have to pass the Senate and White House, so it’s far from certain it will pass in it’s current form, or at all. If it does, I’m not really optimistic about the NSA really caring what the law makers say at all. My guess is that the NSA will simply continue as before and just lie about it, as usual.

Link (Techdirt)