Tag: Spying
European Lawmakers Demand Answers on Phone Key Theft
European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday.
The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys.
The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities.”
“Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal.
Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”
“If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday.
The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said.
Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request.
Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.
According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year.
The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boasted in a leaked slide, referring to the Gemalto heist.
FBI Flouts Obama Directive to Limit Gag Orders on National Security Letters
Despite the post-Snowden spotlight on mass surveillance, the intelligence community’s easiest end-run around the Fourth Amendment since 2001 has been something called a National Security Letter.
FBI agents can demand that an Internet service provider, telephone company or financial institution turn over its records on any number of people — without any judicial review whatsoever — simply by writing a letter that says the information is needed for national security purposes. The FBI at one point was cranking out over 50,000 such letters a year; by the latest count, it still issues about 60 a day.
The letters look like this:
Recipients are legally required to comply — but it doesn’t stop there. They also aren’t allowed to mention the order to anyone, least of all the person whose data is being searched. Ever. That’s because National Security Letters almost always come with eternal gag orders. Here’s that part:
That means the NSL process utterly disregards the First Amendment as well.
More than a year ago, President Obama announced that he was ordering the Justice Department to terminate gag orders “within a fixed time unless the government demonstrates a real need for further secrecy.”
And on Feb. 3, when the Office of the Director of National Intelligence announced a handful of baby steps resulting from its “comprehensive effort to examine and enhance [its] privacy and civil liberty protections” one of the most concrete was — finally — to cap the gag orders:
In response to the President’s new direction, the FBI will now presumptively terminate National Security Letter nondisclosure orders at the earlier of three years after the opening of a fully predicated investigation or the investigation’s close.
Continued nondisclosures orders beyond this period are permitted only if a Special Agent in Charge or a Deputy Assistant Director determines that the statutory standards for nondisclosure continue to be satisfied and that the case agent has justified, in writing, why continued nondisclosure is appropriate.
Despite the use of the word “now” in that first sentence, however, the FBI has yet to do any such thing. It has not announced any such change, nor explained how it will implement it, or when.
Hello Barbie: Hang on, this Wi-Fi doll records your child’s voice?
Toymaker Mattel has unveiled a high-tech Barbie that will listen to your child, record its words, send them over the internet for processing, and talk back to your kid. It will email you, as a parent, highlights of your youngster’s conversations with the toy.
If Samsung’s spying smart TVs creeped you out, this doll may be setting off alarm bells too – so we drilled into what’s going on.
The Hello Barbie doll is developed by San Francisco startup ToyTalk, which says it has more than $31m in funding from Greylock Partners, Charles River Ventures, Khosla Ventures, True Ventures and First Round Capital, and others.
Its Wi-Fi-connected Barbie toy has a microphone, a speaker, a small embedded computer with a battery that lasts about an hour, and Wi-Fi hardware. When you press a button on her belt buckle, Barbie wakes up, asks a question, and turns on its microphone while the switch is held down.
The child’s replies are recorded, encoded, and sent in an encrypted form to ToyTalk’s servers, CEO Oren Jacob explained to The Register. The audio is processed by voice-recognition software, allowing ToyTalk’s systems to figure out what was said and how best to reply.
The doll is loaded up with scripts to read, and one of these is selected depending on what the kid said. If the tyke shows an interest in a particular past-time or thing, the doll’s backend software will know to talk about that – giving the kid the impression that chatty Barbie’s a good, listening friend.
Crucially, the recorded audio of children’s voices (and whatever else happens to be going on around them when they push the buckle button) is kept on ToyTalk’s computers. This material is supposed to help Mattel and ToyTalk improve Barb’s scripted replies. It’s also good test data for developing the voice-recognition code.
After Brit spies ‘snoop’ on families’ lawyers, UK govt admits: We flouted human rights laws
The British government has admitted that its practice of spying on confidential communications between lawyers and their clients was a breach of the European Convention on Human Rights (ECHR).
Details of the controversial snooping emerged in November: lawyers suing Blighty over its rendition of two Libyan families to be tortured by the late and unlamented Gaddafi regime claimed Her Majesty’s own lawyers seemed to have access to the defense team’s emails.
The families’ briefs asked for a probe by the secretive Investigatory Powers Tribunal (IPT), a move that led to Wednesday’s admission.
“The concession the government has made today relates to the agencies’ policies and procedures governing the handling of legally privileged communications and whether they are compatible with the ECHR,” a government spokesman said in a statement to the media, via the Press Association.
“In view of recent IPT judgments, we acknowledge that the policies applied since 2010 have not fully met the requirements of the ECHR, specifically Article 8. This includes a requirement that safeguards are made sufficiently public.”
The guidelines revealed by the investigation showed that MI5 – which handles the UK’s domestic security – had free reign to spy on highly private and sensitive lawyer-client conversations between April 2011 and January 2014.
Hoping for spy reforms? Jeb Bush, dangerously close to being the next US prez, backs the NSA
Former Florida governor, brother of former President George W Bush, son of former President George H W Bush, and Republican frontrunner for the 2016 US presidential election, Jeb Bush … has strongly defended the NSA’s mass surveillance of innocent people.
Speaking at the Chicago Council on Global Affairs as part of his run for the White House, Bush made it clear that if he did become president he would retain the programs introduced under his brother’s administration.
While covering broad foreign policy topics, Bush appeared to go off script when he said that in order to effectively tackle Islamic terrorism, it was necessary to have “responsible intelligence gathering and analysis – including the NSA metadata program, which contributes to awareness of potential terror cells and interdiction efforts on a global scale.”
He continued: “For the life of me, I don’t understand.. the debate has gotten off track, where we’re not understanding or protecting.. we do protect our civil liberties.. but this is a hugely important program to use these technologies to keep us safe.”
Fast forward to the 28-minute mark for the fun to begin in this vid, streamed live on Wednesday, of his talk
GCHQ Will Have To Start Letting Everyone Know Whether Or Not They’ve Been Illegally Spied On
Last December, the IPT (Investigatory Powers Tribunal) ruled that GCHQ’s surveillance programs didn’t violate human rights, despite being broad and untargeted dragnets. This ruling — in response to several legal challenges brought in the wake of the Snowden leaks — was unsurprising. The IPT has overwhelmingly supported GCHQ’s spying efforts in the past, having only sided against it in one-half of one percent of the challenges brought against it.
The IPT’s ongoing support of the UK’s intelligence community is unsurprising. To declare any of its programs as illegal or in violation of citizens’ rights would be to implicate itself for its near-constant approval of surveillance programs. That makes its February decision a bit of an aberration. In response to Privacy International’s legal challenge, it changed course slightly, declaring certain elements of the GCHQ’s spying efforts “illegal” — specifically, information sharing with the NSA. But this was only a partial capitulation. The IPT went on to say that this was once illegal but now was not, thanks to its December 2014 ruling. In some bizarre way, the legal complaints brought against the GCHQ managed to legalize its once-illegal partnership with the NSA.
However, its February decision makes it clear that operations prior to December 2014 were illegal, and provides an opening for UK citizens to force a bit more transparency on their intelligence community.
Because the IPT found the intelligence sharing to be illegal, anyone, inside or outside the UK, can file a complaint to the IPT and ask if their communications were part of that illegal sharing, and be legally entitled to an answer. [Privacy International’s Eric] King explained, “If they don’t find anything, it’s likely they respond ‘no determination’. If they do find something, the IPT is obliged to give a declaration to the individual that their communications were illegally interfered with.”
This is far more transparency than has been granted by the NSA, which still responds to similar inquiries about files on citizens (from those citizens themselves) with its omnipresent Glomar declaration, neither confirming nor denying the collected results of its domestic surveillance programs.
Researchers Find ‘Astonishing’ Malware Linked to NSA Spying
Security researchers have uncovered highly sophisticated malware that is linked to a secret National Security Agency hacking operation exposed by The Intercept last year.
Russian security firm Kaspersky published a report Monday documenting the malware, which it said had been used to infect thousands of computer systems and steal data in 30 countries around the world. Among the targets were a series of unnamed governments, telecom, energy, and aerospace companies, as well as Islamic scholars, and media organizations.
Kaspersky did not name the NSA as the author of the malware. However, Reuters reported later on Monday that the agency had created the technology, citing anonymous former U.S. intelligence officials.
Kaspersky’s researchers noted that the newly found malware is similar to Stuxnet, a covert tool reportedly created by the U.S. government to sabotage Iranian nuclear systems. The researchers also identified a series of codenames that they found contained within the samples of malware, including STRAIGHTACID, STRAITSHOOTER, and GROK.
Notably, GROK, which Kaspersky said is a piece of malware used to secretly log keystrokes, is tied to secret NSA hacking tactics described in documents from whistleblower Edward Snowden. Last year, The Intercept revealed that the NSA was using a tool called GROK to log keystrokes as part of a toolkit it uses to hack computers and collect data.
The other codenames identified by Kaspersky on Tuesday—such as STRAIGHTACID, STRAITSHOOTER—are strikingly similar to known NSA hacking operations. Leaked NSA documents have revealed that the agency uses hacking tools known as STRAIGHTBIZARRE and FOXACID to break into computers and grab data.
According to Kaspersky, the malware found in the latest discovery is the most advanced ever found and represents an “astonishing technical accomplishment.” It hides deep within an infected computer and can stay on the machine even after attempts to wipe or reformat the hard drive. The security firm has dubbed different variants of the malware EquationLaser, EquationDrug and GrayFish, and they are calling its creators the “Equation Group,” because of the way the spy technology attempts to hide itself in an infected computer using complex encryption.
Internet Industry Now Considers The Intelligence Community An Adversary, Not A Partner
In an interview last month, Timothy D. Cook, Apple’s chief executive, said the N.S.A. “would have to cart us out in a box” before the company would provide the government a back door to its products. Apple recently began encrypting phones and tablets using a scheme that would force the government to go directly to the user for their information. And intelligence agencies are bracing for another wave of encryption.
In fact, it seems noteworthy that this whole issue of increasing encryption by the tech companies to keep everyone out has been left off the official summit schedule. As the NY Times notes, Silicon Valley seems to be pretty much completely fed up with the intelligence community after multiple Snowden revelations revealed just how far the NSA had gone in trying to “collect it all” — including hacking into the foreign data centers of Google and Yahoo. And, on top of that, the NSA’s efforts to buy up zero day vulnerabilities before companies can find out and patch them:
“What has struck me is the enormous degree of hostility between Silicon Valley and the government,” said Herb Lin, who spent 20 years working on cyberissues at the National Academy of Sciences before moving to Stanford several months ago. “The relationship has been poisoned, and it’s not going to recover anytime soon.”