New Zealand’s eavesdropping agency used an Internet mass surveillance system to target government officials and an anti-corruption campaigner on a neighboring Pacific island, according to a top-secret document.
Analysts from Government Communications Security Bureau, or GCSB, programmed the Internet spy system XKEYSCORE to intercept documents authored by the closest aides and confidants of the prime minister on the tiny Solomon Islands. The agency also entered keywords into the system so that it would intercept documents containing references to the Solomons’ leading anti-corruption activist, who is known for publishing government leaks on his website.
XKEYSCORE is run by the National Security Agency, and is used to analyze billions of emails, Internet browsing sessions and online chats that are collected from some 150 different locations worldwide. GCSB has gained access to XKEYSCORE because New Zealand is a member of the Five Eyes surveillance alliance alongside the United States, the United Kingdom, Canada and Australia.
A number of GCSB’s XKEYSCORE targets are disclosed in a top-secret document that was obtained by The Intercept and New Zealand newspaper the Herald on Sunday. The document raises questions about the scope of the surveillance and offers an unprecedented insight into specific people monitored by New Zealand’s most secretive agency.
The targets list, dated from January 2013, was authored by a GCSB analyst. It is contained in a so-called “fingerprint,” a combination of keywords used to extract particular information from the vast quantities of intercepted data swept up by XKEYSCORE. None of the individuals named on the list appear to have any association with terrorism.
Most of the targets, in fact, had a prominent role in the Solomon Islands government. Their roles around the time of January 2013 suggest GCSB was interested in collecting information sent among the prime minister’s inner circle. The targets included: Barnabas Anga, the permanent secretary of the Ministry of Foreign Affairs and External Trade; Robert Iroga, chief of staff to the prime minister; Dr Philip Tagini, special secretary to the prime minister; Fiona Indu, senior foreign affairs official; James Remobatu, cabinet secretary; and Rose Qurusu, a Solomon Islands public servant.
The seventh person caught up in the GCSB’s surveillance sweep is the leading anti-corruption campaigner in the Solomon Islands, Benjamin Afuga. For several years he has run a popular Facebook group that exposes corruption, often publishing leaked information and documents from government whistleblowers. His organization, Forum Solomon Islands International, has an office next door to Transparency International in Honiara, the capital city of the Solomon Islands. GCSB analysts programmed XKEYSCORE so that it would intercept documents sent over the Internet containing the words “Forum Solomon Islands,” “FSII,” and “Benjamin Afuga.”
Tag: Edward Snowden
Ron Wyden: ‘Plenty’ Of Domestic Surveillance Programs Still Unexposed
In a few months, we’ll be marking the second anniversary of the first Snowden leak. The outraged responses of citizens and politicians around the world to these revelations has resulted in approximately nothing in those 24 months. There have been bright spots here and there — where governments and their intelligence agencies were painted into corners by multiple leaks and forced to respond — but overall, the supposed debate on the balance between security and privacy has been largely ignored by those on Team National Security.
Here in the US, multiple surveillance reforms were promised. So far, very little has been put into practice. The NSA may be forced to seek court approval for searches of its bulk phone metadata, but otherwise the program rolls on unimpaired and slightly rebranded (from Section 215 to Section 501).
Senator Ron Wyden — one of the few members of our nation’s intelligence oversight committees actively performing any oversight — isn’t happy with the lack of progress. In an interview with Buzzfeed’s John Stanton, Wyden points out that not only has there been little movement forward in terms of surveillance reform, there actually may have been a few steps backward.
Wyden bluntly warned that even after the NSA scandal that started with Edward Snowden’s disclosures, the Obama administration has continued programs to monitor the activities of American citizens in ways that the public is unaware of and that could be giving government officials intimate details of citizens’ lives.
Asked if intelligence agencies have domestic surveillance programs of which the public is still unaware, Wyden said simply, “Yeah, there’s plenty of stuff.
The Orwellian Re-Branding of “Mass Surveillance” as Merely “Bulk Collection”
Just as the Bush administration and the U.S. media re-labelled “torture” with the Orwellian euphemism “enhanced interrogation techniques” to make it more palatable, the governments and media of the Five Eyes surveillance alliance are now attempting to re-brand “mass surveillance” as “bulk collection” in order to make it less menacing (and less illegal). In the past several weeks, this is the clearly coordinated theme that has arisen in the U.S., U.K., Canada, Australia and New Zealand as the last defense against the Snowden revelations, as those governments seek to further enhance their surveillance and detention powers under the guise of terrorism.
This manipulative language distortion can be seen perfectly in yesterday’s white-washing report of GCHQ mass surveillance from the servile rubber-stamp calling itself “The Intelligence and Security Committee of the UK Parliament (ISC)”(see this great Guardian editorial this morning on what a “slumbering” joke that “oversight” body is). As Committee Member MP Hazel Blears explained yesterday (photo above), the Parliamentary Committee officially invoked this euphemism to justify the collection of billions of electronic communications events every day.
The Committee actually acknowledged for the first time (which Snowden documents long ago proved) that GCHQ maintains what it calls “Bulk Personal Datasets” that contain “millions of records,” and even said about pro-privacy witnesses who testified before it: “we recognise their concerns as to the intrusive nature of bulk collection.” That is the very definition of “mass surveillance,” yet the Committee simply re-labelled it “bulk collection,” purported to distinguish it from “mass surveillance,” and thus insist that it was all perfectly legal.
AT&T’s Cozy NSA Ties Brought Up In Attempt To Scuttle DirecTV Merger
Before there was Edward Snowden, there was of course the notably less celebrated Mark Klein. As most of you probably recall, Klein, a 22-year AT&T employee, became a whistleblower after hehighlighted how AT&T was effectively using fiber splits to give the NSA duplicate access to every shred of data that touched AT&T’s network. Of course, once it was discovered that AT&T was breaking the law, the government decided to just change the law, ignore Klein’s testimony, and give all phone companies retroactive immunity. It really wasn’t until Snowden that the majority of the tech press took Klein’s warnings seriously.
AT&T’s been loyally “patriotic” ever since, often giving the government advice on how to skirt the lawor at times even acting as intelligence analysts. Business repercussions for AT&T have been minimal at best; in fact, you’ll recall that Qwest (now CenturyLink) claimed repeatedly that government cooperation was rewarded with lucrative contracts, while refusal to participate in government programs was punished. In fact, the only snag AT&T’s seen in the years since was to have its European expansion plans thwarted, purportedly by regulators uncomfortable with the carrier’s cozy NSA ties (AT&T instead simply expanded into Mexico).
Fast forward a few years and The Hill is now claiming that AT&T’s relationship with the NSA could harm the company’s $48 billion attempt to acquire DirecTV. This claim is apparently based on the fact that a coalition of AT&T business partners, called the Minority Cellular Partners Coalition, is warning the FCC in a letter that AT&T’s enthusiastic voluntary cooperation with the NSA shows the company’s total disregard for consumer privacy.
“(Despite immunity) the Commission is still obliged to execute and enforce the provisions of § 229 of the Act, see 47 U.S.C. § 151, and it is still empowered to conduct an investigation to insure that AT&T complies with the requirements of CALEA. See id. § 229(c). And the Commission is obliged to determine whether AT&T is qualified to obtain DIRECTV’s licenses in light of its egregious violations of CALEA. This is particularly true given AT&T’s continued and ongoing pattern of misconduct. Accordingly, the Commission should investigate AT&T’s complicity in the PSP to determine whether AT&T engaged in unlawful conduct that abridged the privacy interests of telecommunications consumers on a vast scale and, if so, whether AT&T is qualified to obtain DIRECTV’s licenses.”
Of course, that’s simply not happening. While the NSA cooperation can be used as a broader example of AT&T’s character (like the repeatedly nonsensical claims the company makes when it wants a merger approved, or how AT&T tries to charge its broadband customers extra for no deep packet inspection), it’s incredibly unlikely that the same government that granted AT&T’s immunity will turn around and sign off on using AT&T’s behavior to squash a merger. If the merger is blocked, it will be due to more practical considerations — like the fact that DirecTV is a direct competitor to AT&T and eliminating them would lessen competition in the pay TV space. When it comes to AT&T’s relationship with the NSA, it’s pretty clear by now that these particular chickens may never come home to roost.
The CIA Campaign to Steal Apple’s Secrets
RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.
The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.
By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
The CIA declined to comment for this story.
The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.
The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.
Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.”
New Zealand Prime Minister Retracts Vow To Resign if Mass Surveillance Is Shown
In August, 2013, as evidence emerged of the active participation by New Zealand in the “Five Eyes” mass surveillance program exposed by Edward Snowden, the country’s conservative Prime Minister, John Key, vehemently denied that his government engages in such spying. He went beyond mere denials, expressly vowing to resign if it were ever proven that his government engages in mass surveillance of New Zealanders. He issued that denial, and the accompanying resignation vow, in order to re-assure the country over fears provoked by a new bill he advocated to increase the surveillance powers of that country’s spying agency, Government Communications Security Bureau (GCSB) – a bill that passed by one vote thanks to the Prime Minister’s guarantees that the new law would not permit mass surveillance.
Since then, a mountain of evidence has been presented that indisputably proves that New Zealand does exactly that which Prime Minister Key vehemently denied – exactly that which he said he would resign if it were proven was done. Last September, we reported on a secret program of mass surveillance at least partially implemented by the Key government that was designed to exploit the very law that Key was publicly insisting did not permit mass surveillance. At the time, Snowden, citing that report as well as his own personal knowledge of GCSB’s participation in the mass surveillance tool XKEYSCORE, wrote in an article for the Intercept:
Let me be clear: any statement that mass surveillance is not performed in New Zealand, or that the internet communications are not comprehensively intercepted and monitored, or that this is not intentionally and actively abetted by the GCSB, is categorically false. . . . The prime minister’s claimto the public, that “there is no and there never has been any mass surveillance” is false. The GCSB, whose operations he is responsible for, is directly involved in the untargeted, bulk interception and algorithmic analysis of private communications sent via internet, satellite, radio, and phone networks.
Snowden Docs: New Zealand Spying On Friendly Neighboring Countries For The NSA
More Snowden docs have been released, covering the extent of GCSB’s (New Zealand’s intelligence agency) spying on supposedly “friendly” island nations. As is par for the course for intelligence programs, the documents show massive bulk collections of data and communications — all of which are immediately shared with the other members of the “Five Eyes” club.
Since 2009, the Government Communications Security Bureau intelligence base at Waihopai has moved to “full-take collection”, indiscriminately intercepting Asia-Pacific communications and providing them en masse to the NSA through the controversial NSA intelligence system XKeyscore, which is used to monitor emails and internet browsing habits.
This sort of spying — while apparently “normal,” in light of previously-released documents — indicates many governments enjoy spying for spying’s sake, rather than for the justifications they often offer in defense of untargeted surveillance.
The documents, provided by US whistleblower whistleblower Edward Snowden, reveal that most of the targets are not security threats to New Zealand, as has been suggested by the Government.
Instead, the GCSB directs its spying against a surprising array of New Zealand’s friends, trading partners and close Pacific neighbours. These countries’ communications are supplied directly to the NSA and other Five Eyes agencies with little New Zealand oversight or decision-making, as a contribution to US worldwide surveillance.
Australian Secretary Of Defense Not Concerned About Phone Hack; Doesn’t Think People Want To Spy On His Phone
If you were the Secretary of Defense of a large country, you might think you’d be slightly concerned that foreign agents would want to spy on you. Not so down in Australia apparently, where the current Secretary of Defense, insists that he’d be “surprised” if anyone wanted to find out what was on his phone. Seriously.
We’ve written about the recent story, revealed in documents leaked by Ed Snowden, that the NSA and GCHQ were able to hack into the systems of Gemalto, the world’s largest maker of SIM cards for mobile phones, and obtain the encryption keys used in those cards. While Gemalto insists that the hack didn’t actually get those encryption keys, not everyone feels so comfortable with Gemalto’s own analysis of what happened.
Senator Scott Ludlam (who we’ve written about a few times before) reasonably found the story of the Gemalto hack to be concerning, and went about asking some questions of the government to find out what they knew about it. The results are rather astounding. First he had asked ASIO, the Australian Security Intelligence Organization, and they said it wasn’t their area, but it might be ASD (the Australian Signals Directorate). The video below shows Ludlam asking the ASD folks for more information about the hack and being flabbergasted that they basically say they haven’t even heard about the hack at all:
Right at the beginning, the first person says he’s not aware of the situation, and Ludlam asks “are you aware of the broad outlines?” and gets a “no I am not” response, leading to a rather dry “Really?!? Okay, this is going to be interesting” reply from Ludlam. It goes on in this nature for a while, with the various people on the panel playing dumb, and Ludlam repeatedly (and rightly) appearing shocked that they appear to have no idea about the story.
But the really incredible part comes in the last minute of the video, in which Ludlam asks the Australian Secretary of Defense, Dennis Richardson, about his own concerns about his phone being spied on:
Ludlam: Do you use an encrypted phone, Mr. Richardson?
Richardson: No, I don’t.
Ludlam: Right. Okay. Do you use a commercial — I’m not asking you to name names — but do you use a commercial telecommunications provider?
Richardson: Yeah, yeah, yes.
Ludlam: So there might be a SIM card in your phone or mind. Does this alarm you at all?
Richardson: No.
Ludlam: No?
Richardson: No.
Ludlam: Why is that?
Richardson: Well, because I don’t particularly deal with people who… if anyone wants to listen to my telephone calls they can. I’d be surprised if they do, but I don’t particularly have conversations which I’m particularly worried about.
[Laughter all around the room]
Ludlam: So it’s okay if foreign spooks have hacked every mobile handset in the country because you don’t have anything in particular…
Richardson: It’s possible some might try to.
Ludlam: It’s possible some just have.
Richardson: [shrugs] Well, it’s possible.
So there you have it, folks. The Australian Secretary of Defense says that anyone is allowed to listen in to his calls, because there’s nothing secret about any of them. I’m not quite familiar with public records/freedom of information laws in Australia, but is it possible for someone to put in a request for recording all of the Secretary of Defense’s phone calls?
Let’s blame Iran (again)
US director of National Intelligence James Clapper has accused Iran of orchestrating a 2014 hack of the Las Vegas Sands casino. The attack crippled the magnificent cultural institution’s IT infrastructure.
Clapper told a US Senate Armed Services Committee Thursday (US time) that the hack of the US$14 billion casino was the handiwork of Iran rather than ordinary hacking groups, Bloomberg reports.
“While both of these nations (Iran and North Korea) have lesser technical capabilities in comparison to Russia and China, these destructive attacks demonstrate that Iran and North Korea are motivated and unpredictable cyber-actors,” Clapper says.
The attacks brought down the casino’s IT systems including email but not the most valuable components of the organisation.
Here’s 140 Fully-Redacted Pages Explaining How Much Snowden’s Leaks Have Harmed The Nation’s Security
If the US intelligence committee is concerned about the status of “hearts and minds” in its ongoing NSA v. Snowden battle, it won’t be winning anyone over with its latest response to a FOIA request.
Various representatives of the intelligence community have asserted (sometimes repeatedly) that Snowden’s leaks have caused irreparable harm to intelligence-gathering efforts and placed the nation in “grave danger.” But when given the chance to show the public how much damage has been done, it declares everything on the subject too sensitive to release. EVERYTHING.