Tag: USA
European Lawmakers Demand Answers on Phone Key Theft
European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday.
The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys.
The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities.”
“Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal.
Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”
“If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday.
The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said.
Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request.
Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.
According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year.
The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boasted in a leaked slide, referring to the Gemalto heist.
FBI Flouts Obama Directive to Limit Gag Orders on National Security Letters
Despite the post-Snowden spotlight on mass surveillance, the intelligence community’s easiest end-run around the Fourth Amendment since 2001 has been something called a National Security Letter.
FBI agents can demand that an Internet service provider, telephone company or financial institution turn over its records on any number of people — without any judicial review whatsoever — simply by writing a letter that says the information is needed for national security purposes. The FBI at one point was cranking out over 50,000 such letters a year; by the latest count, it still issues about 60 a day.
The letters look like this:
Recipients are legally required to comply — but it doesn’t stop there. They also aren’t allowed to mention the order to anyone, least of all the person whose data is being searched. Ever. That’s because National Security Letters almost always come with eternal gag orders. Here’s that part:
That means the NSL process utterly disregards the First Amendment as well.
More than a year ago, President Obama announced that he was ordering the Justice Department to terminate gag orders “within a fixed time unless the government demonstrates a real need for further secrecy.”
And on Feb. 3, when the Office of the Director of National Intelligence announced a handful of baby steps resulting from its “comprehensive effort to examine and enhance [its] privacy and civil liberty protections” one of the most concrete was — finally — to cap the gag orders:
In response to the President’s new direction, the FBI will now presumptively terminate National Security Letter nondisclosure orders at the earlier of three years after the opening of a fully predicated investigation or the investigation’s close.
Continued nondisclosures orders beyond this period are permitted only if a Special Agent in Charge or a Deputy Assistant Director determines that the statutory standards for nondisclosure continue to be satisfied and that the case agent has justified, in writing, why continued nondisclosure is appropriate.
Despite the use of the word “now” in that first sentence, however, the FBI has yet to do any such thing. It has not announced any such change, nor explained how it will implement it, or when.
IRS Encourages Poor Cryptography
I’m not sure what to make of this, or even what it means. The IRS has a standard called IDES: International Data Exchange Service: “The International Data Exchange Service (IDES) is an electronic delivery point where Financial Institutions (FI) and Host Country Tax Authorities (HCTA) can transmit and exchange FATCA data with the United States.” It’s like IRS data submission, but for other governments and foreign banks.
Buried in one of the documents are the rules for encryption:
While performing AES encryption, there are several settings and options depending on the tool used to perform encryption. IRS recommended settings should be used to maintain compatibility:
- Cipher Mode: ECB (Electronic Code Book).
- Salt: No salt value
- Initialization Vector: No Initialization Vector (IV). If an IV is present, set to all zeros to avoid affecting the encryption.
- Key Size: 256 bits / 32 bytes Key size should be verified and moving the key across operating systems can affect the key size.
- Encoding: There can be no special encoding. The file will contain only the raw encrypted bytes.
- Padding: PKCS#7 or PKCS#5.
ECB? Are they serious?
THE GREAT SIM HEIST HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE
AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.
The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.
The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.
In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
Rightscorp is hit with another TCPA lawsuit
This week Rightscorp, which has been hopelessly struggling to save its floor-hitting stock from being delisted from NASDAQ, was hit with yet another lawsuit, this time in Georgia (Melissa Brown and Ben Jenkins v. Righscorp, Inc. et al, GAMD 15-cv-00012).
The complaint is short and concentrates on a single deliberate violation of the Telephone Consumer Protection Act — harassing robocalling and messaging without the recipients’ consent. This is not a class action, and the plaintiffs seek an award of trebled statutory damages ($1,500 per each call). Depending on how many violations the court will find actionable, it may result in a hefty sum. In any case, if the plaintiffs prevail (which is most likely going to happen), this precedent has a potential of opening a floodgate of similar actions: in its latest press release (1/22/2015) the troll claimed that it “closed over 170,000” cases of copyright infringement.” How many of these “closures” are the result of unlawful telephone harassment? Just imagine if every robocall recipient decides that he/she wants a small piece of the Rightscorp’s flesh!
The plaintiffs are represented by Sergei Lemberg.
Hoping for spy reforms? Jeb Bush, dangerously close to being the next US prez, backs the NSA
Former Florida governor, brother of former President George W Bush, son of former President George H W Bush, and Republican frontrunner for the 2016 US presidential election, Jeb Bush … has strongly defended the NSA’s mass surveillance of innocent people.
Speaking at the Chicago Council on Global Affairs as part of his run for the White House, Bush made it clear that if he did become president he would retain the programs introduced under his brother’s administration.
While covering broad foreign policy topics, Bush appeared to go off script when he said that in order to effectively tackle Islamic terrorism, it was necessary to have “responsible intelligence gathering and analysis – including the NSA metadata program, which contributes to awareness of potential terror cells and interdiction efforts on a global scale.”
He continued: “For the life of me, I don’t understand.. the debate has gotten off track, where we’re not understanding or protecting.. we do protect our civil liberties.. but this is a hugely important program to use these technologies to keep us safe.”
Fast forward to the 28-minute mark for the fun to begin in this vid, streamed live on Wednesday, of his talk
Stephen Kim Spoke to a Reporter. Now He’s in Jail. This Is His Story.
ON THE MORNING of June 11, 2009, James Rosen stepped inside the State Department, scanned his building badge and made his way to the Fox News office in the busy press room on the second floor. It was going to be a hectic day. Like other reporters working the phones that morning, Rosen was looking for fresh news about the latest crisis with North Korea.
Two weeks earlier, North Korea had conducted a nuclear detonation that showed the rest of the world it possessed a functioning bomb. The United Nations was on the verge of a formal condemnation, but no one at the U.N. or inside the U.S. government knew how North Korea’s unpredictable regime would respond and whether things might escalate toward war.
Rosen called Stephen Kim, a State Department expert on rogue nations and weapons of mass destruction. Kim, a U.S. citizen who was born in South Korea, spoke fluent Korean and had worked at one of America’s nuclear-weapons labs. He probably knew more about what was going on in Pyongyang than almost anyone else in the building.
The call, according to metadata collected by the FBI, lasted just half a minute, but soon afterward Kim called Rosen and they talked for nearly a dozen minutes. After that conversation, they left the building at roughly the same time, then spoke once more on the phone after they both returned.
A classified report on North Korea had just begun circulating, and Kim was among the restricted number of officials with clearance to read it. He logged onto a secure computer, called up the report at 11:27 a.m., and phoned Rosen 10 minutes later. A few minutes past noon, he left the building again, and a minute later Rosen followed. The destruction of Kim’s life would center on the question of what the two men discussed during that brief encounter outside the State Department.
Researchers Find ‘Astonishing’ Malware Linked to NSA Spying
Security researchers have uncovered highly sophisticated malware that is linked to a secret National Security Agency hacking operation exposed by The Intercept last year.
Russian security firm Kaspersky published a report Monday documenting the malware, which it said had been used to infect thousands of computer systems and steal data in 30 countries around the world. Among the targets were a series of unnamed governments, telecom, energy, and aerospace companies, as well as Islamic scholars, and media organizations.
Kaspersky did not name the NSA as the author of the malware. However, Reuters reported later on Monday that the agency had created the technology, citing anonymous former U.S. intelligence officials.
Kaspersky’s researchers noted that the newly found malware is similar to Stuxnet, a covert tool reportedly created by the U.S. government to sabotage Iranian nuclear systems. The researchers also identified a series of codenames that they found contained within the samples of malware, including STRAIGHTACID, STRAITSHOOTER, and GROK.
Notably, GROK, which Kaspersky said is a piece of malware used to secretly log keystrokes, is tied to secret NSA hacking tactics described in documents from whistleblower Edward Snowden. Last year, The Intercept revealed that the NSA was using a tool called GROK to log keystrokes as part of a toolkit it uses to hack computers and collect data.
The other codenames identified by Kaspersky on Tuesday—such as STRAIGHTACID, STRAITSHOOTER—are strikingly similar to known NSA hacking operations. Leaked NSA documents have revealed that the agency uses hacking tools known as STRAIGHTBIZARRE and FOXACID to break into computers and grab data.
According to Kaspersky, the malware found in the latest discovery is the most advanced ever found and represents an “astonishing technical accomplishment.” It hides deep within an infected computer and can stay on the machine even after attempts to wipe or reformat the hard drive. The security firm has dubbed different variants of the malware EquationLaser, EquationDrug and GrayFish, and they are calling its creators the “Equation Group,” because of the way the spy technology attempts to hide itself in an infected computer using complex encryption.
School Principal Contacts FBI After Student Throws American Flag Out A Window
In the stupidest case of school administrators taking federal agencies’ names in vain since a Huntsville, AL school swore a phone call from the NSA prompted its secret social media monitoring program, a middle school principal from Espanola, NM is threatening to sic the FBI on a student who threw an American flag out a classroom window.
A middle school principal said a student was misbehaving with his friends and took things too far. The student threw an American flag out a second-story classroom window. Now the principal says the 14-year-old needs to be held accountable.
Sure, maybe a stern discussion with him and his parents and a couple of weeks of detention would do the trick. But that’s not enough for Principal Robert Archuleta. He has already suspended the student for 10 days and is now pushing for his expulsion. But he also wants the feds to take control of the situation… because jingoism.
“He says, ‘Because I was just messing around,’ and he started to laugh,” Archuleta said. “Then the other kids were laughing, the kids that were with him. ‘There goes the flag.’ That was his last statement.”
The principal is a veteran. His father is also a veteran who fought in World War II.
“A lot of men have died over [the flag], men and women,” Archuleta said. “We fought to keep our country safe and to keep it free.”
Well, let’s stop you right there, Robert. Nobody “died over the flag.” The flag is a symbol of this country and what it stands for, but it is not what people die “over.” They die defending this country and the freedoms it affords its citizens — among them being the right to throw a flag out the window. It’s not as starkly effective as burning it, but it’s pretty much the same thing.