UK Spy Agency MI5 ‘Breached Surveillance Laws For More Than A Decade’

A UK tribunal has been told that security service MI5 has been breaching surveillance laws since 2010, and unlawfully obtaining bulk surveillance warrants against the public.

Human rights groups Liberty and Privacy International have told the Investigatory Powers Tribunal that MI5 has stored data on members of the public without the legal right to do so, and failed to disclose this to the Home Office and oversight bodies.

It breached safeguards around how long data was retained, who had access to it, and how legally privileged material such as private correspondence between lawyers and clients was protected, they say.

“MI5’s persistent failure to follow the law is inexcusable. For years, they have ignored safeguards put in place to protect us from abuse,” says Privacy International legal director Caroline Wilson Palow.

“These safeguards are a fundamental check on the vast power intelligence agencies can wield over all of us, especially when they engage in mass surveillance.”

The rights groups claim that the Home Office and various home secretaries failed to investigate these breaches. Surveillance warrants must be approved by the home secretary, who must be satisfied that legal safeguards around the handling of data are being met.

However, say Liberty and Privacy International, successive home secretaries repeatedly ignored the signs that MI5 was handling data unlawfully, and continued to sign off on surveillance warrants despite this.

“Surveillance safeguards can only protect us if they work in practice, and they don’t. For 10 years MI5 have been knowingly breaking the rules and failing to report it, and the government has failed to investigate clear red flags,” says Liberty lawyer Megan Goulding.

“There has been no proper investigation into MI5’s breaches by the Home Office, despite having been put on notice by briefings. Instead, the home secretary continued to issue unlawful warrants, and MI5 kept information from the authorities about how it mishandled our data.”

The allegations were first made in 2019 as part of Liberty’s separate legal challenge to the Investigatory Powers Act 2016, during which the government admitted that MI5 had been unlawfully retaining and mishandling the public’s data for years.

Documents shared with the court included correspondence between MI5 and its watchdog, the Investigatory Powers Commissioner’s Office (IPCO), as well as correspondence between MI5 and the Home Office, and reports of inspections carried out by IPCO after they learnt of MI5’s failings.

These documents revealed that MI5 itself called its data stores ‘ungoverned spaces’, and that the Investigatory Powers Commissioner had concluded MI5 had held and handled data in an ‘undoubted unlawful manner’.

“When we campaigned against giving the state unprecedented new surveillance powers under the so-called Snooper’s Charter back in 2015, one of our key concerns was that the safeguards against abuse were just not strong enough,” says Wilson Palow.

“And here we are, seven years later, with even the rules that are enshrined in law being ignored in practice. Those rules need a radical overhaul.”

Liberty and Privacy International have called for all surveillance warrants issued unlawfully to be quashed, all unlawfully retained data to be destroyed, and for the tribunal to declare that the Investigatory Powers Act itself is unlawful, because it doesn’t work in practice.

353

Despite the Hype, iPhone Security No Match For NSO Spyware

The text delivered last month to the iPhone 11 of Claude Mangin, the French wife of a political activist jailed in Morocco, made no sound. It produced no image. It offered no warning of any kind as an iMessage from somebody she didn’t know delivered malware directly onto her phone — and past Apple’s security systems. Once inside, the spyware, produced by Israel’s NSO Group and licensed to one of its government clients, went to work, according to a forensic examination of her device by Amnesty International’s Security Lab. It found that between October and June, her phone was hacked multiple times with Pegasus, NSO’s signature surveillance tool, during a time when she was in France. The examination was unable to reveal what was collected. But the potential was vast: Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials.

The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction. And all of this can happen without a user even touching her phone or knowing she has received a mysterious message from an unfamiliar person — in Mangin’s case, a Gmail user going by the name “linakeller2203.” These kinds of “zero-click” attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance — and built marketing campaigns on assertions that it offers better privacy and security than rivals.

[…] Researchers have documented iPhone infections with Pegasus dozens of times in recent years, challenging Apple’s reputation for superior security when compared with its leading rivals, which run Android operating systems by Google. The months-long investigation by The Post and its partners found more evidence to fuel that debate. Amnesty’s Security Lab examined 67 smartphones whose numbers were on the Forbidden Stories list and found forensic evidence of Pegasus infections or attempts at infections in 37. Of those, 34 were iPhones — 23 that showed signs of a successful Pegasus infection and 11 that showed signs of attempted infection.

451

A Government Watchdog May Have Missed Clearview AI Use By Five Federal Agencies

A government inquiry into federal agencies’ deployment of facial recognition may have overlooked some organizations’ use of popular biometric identification software Clearview AI, calling into question whether authorities can understand the extent to which the emerging technology has been used by taxpayer-funded entities. In a 92-page report published by the Government Accountability Office on Tuesday, five agencies — the US Capitol Police, the US Probation Office, the Pentagon Force Protection Agency, Transportation Security Administration, and the Criminal Investigation Division at the Internal Revenue Service — said they didn’t use Clearview AI between April 2018 and March 2020. This, however, contradicts internal Clearview data previously reviewed by BuzzFeed News.

In April, BuzzFeed News revealed that those five agencies were among more than 1,800 US taxpayer-funded entities that had employees who tried or used Clearview AI, based on internal company data. As part of that story, BuzzFeed News published a searchable table disclosing all the federal, state, and city government organizations whose employees are listed in the data as having used the facial recognition software as of February 2020. While the GAO was tasked with “review[ing] federal law enforcement use of facial recognition technology,” the discrepancies between the report, which was based on survey responses and BuzzFeed News’ past reporting, suggest that even the US government may not be equipped to track how its own agencies access to surveillance tools like Clearview. The GAO report surveyed 42 federal agencies in total, 20 of which reported that they either owned their own facial recognition system or used one developed by a third party between April 2018 and March 2020. Ten federal agencies — including Immigration and Customs Enforcement and Customs and Border Protection — said they specifically used Clearview AI.

430

US Intelligence may partner with private firms to monitor “extremist chatter” online

The Biden administration is considering using outside firms to track extremist chatter by Americans online, an effort that would expand the government’s ability to gather intelligence but could draw criticism over surveillance of US citizens. The Department of Homeland Security is limited in how it can monitor citizens online without justification and is banned from activities like assuming false identities to gain access to private messaging apps used by extremist groups such as the Proud Boys or Oath Keepers. Instead, federal authorities can only browse through unprotected information on social media sites like Twitter and Facebook and other open online platforms. A source familiar with the effort said it is not about decrypting data but rather using outside entities who can legally access these private groups to gather large amounts of information that could help DHS identify key narratives as they emerge. The plan being discussed inside DHS, according to multiple sources, would, in effect, allow the department to circumvent those limits.

Even as the DHS eyes a more robust use of its intelligence authorities, it continues to face fierce scrutiny on Capitol Hill over its handling of the Portland protests last summer — raising the possibility that at least some lawmakers will push back on the effort. The department — then led by Trump appointees but staffed by career officials, some of whom remain on the job — collected and disseminated open source reports on U.S. journalists who were publicly reporting on the protests.

505

FBI seeks to monitor Facebook, oversee mass social media data collection

The FBI is planning to aggressively harvest information from Facebook and Twitter, a move which is likely to cause a clash between the agency and social media platforms.

As reported by the Wall Street Journal, the FBI has recently sought proposals from third-party vendors for technological solutions able to harvest publicly-available information in bulk from Facebook, Twitter, and other social media outlets.

Law enforcement has requested the means to “obtain the full social media profile of persons-of-interest and their affiliation to any organization or groups,” to keep track of users based on their neighborhood, and keyword searches, among other tool functions.

While the FBI believes that such tools can work in harmony with privacy safeguards and civil liberties, the mass collection of names, photos, and IDs — when combined with information from other sources — may do just the opposite.

Back in July, for example, there was a public outcry after it was discovered that the FBI and Immigration and Customs Enforcement (ICE) were plundering databases belonging to the DMV for surveillance and investigative purposes.

640

Facial Recognition to board a plane

A boarding technology for travelers using JetBlue is causing controversy due to a social media thread on the airline’s use of facial recognition. Last week, traveler MacKenzie Fegan described her experience with the biometric technology in a social media post that got the attention of JetBlue’s official account. She began: “I just boarded an international @JetBlue flight. Instead of scanning my boarding pass or handing over my passport, I looked into a camera before being allowed down the jet bridge. Did facial recognition replace boarding passes, unbeknownst to me? Did I consent to this?” JetBlue was ready to offer Twitterized sympathy: “You’re able to opt out of this procedure, MacKenzie. Sorry if this made you feel uncomfortable.”

But once you start thinking about these things, your thoughts become darker. Fegan wanted to know how JetBlue knew what she looked like. JetBlue explained: “The information is provided by the United States Department of Homeland Security from existing holdings.” Fegan wondered by what right a private company suddenly had her bioemtric data. JetBlue insisted it doesn’t have access to the data. It’s “securely transmitted to the Customs and Border Protection database.” Fegan wanted to know how this could have possibly happened so quickly. Could it be that in just a few seconds her biometric data was whipped “securely” around government departments so that she would be allowed on the plane? JetBlue referred her to an article on the subject, which was a touch on the happy-PR side. Fegan was moved, but not positively, by the phrase “there is no pre-registration required.”

739

Bloomberg’s Spy Chip Story Reveals the Murky World of National Security Reporting

Chinese spies reportedly infiltrated the supply chain and installed tiny chips the size of a pencil tip on the motherboards built by Supermicro, which are used in data center servers across the U.S. tech industry — from Apple to Amazon. That chip can compromise data on the server, allowing China to spy on some of the world’s most wealthy and powerful companies. Apple, Amazon and Supermicro — and the Chinese government — strenuously denied the allegations. Apple also released its own standalone statement later in the day, as did Supermicro.

Welcome to the murky world of national security reporting.

I’ve covered cybersecurity and national security for about five years, most recently at CBS, where I reported exclusively on several stories — including the U.S. government’s covert efforts to force tech companies to hand over their source code in an effort to find vulnerabilities and conduct surveillance. And last year I revealed that the National Security Agency had its fifth data breach in as many years, and classified documents showed that a government data collection program was far wider than first thought and was collecting data on U.S. citizens.

Even with this story, my gut is mixed.

In the aftermath of the disclosure of PRISM, the NSA’s data pulling program that implicated several tech companies — including Apple, but not Amazon — the companies came out fighting, vehemently denying any involvement or connection. Was it a failure of reporting? Partially, yes. But the companies also had plausible deniability by cherry picking what they rebuffed. Despite a claim by the government that PRISM had “direct access” to tech companies’ servers, the companies responded that this wasn’t true. They didn’t, however, refute indirect access — which the companies wouldn’t be allowed to say in any case.

818

Forbes: Cellebrite can unlock every iPhone

Cellebrite, a Petah Tikva, Israel-based vendor that’s become the U.S. government’s company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11 . That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

The Israeli firm, a subsidiary of Japan’s Sun Corporation, hasn’t made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company’s literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.” Separately, a source in the police forensics community told Forbes he’d been told by Cellebrite it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple’s newest devices worked in much the same way.

843

Robot police “officer” goes on duty in Dubai

Dubai Police have revealed their first robot officer, giving it the task of patrolling the city’s malls and tourist attractions.

People will be able to use it to report crimes, pay fines and get information by tapping a touchscreen on its chest.

Data collected by the robot will also be shared with the transport and traffic authorities.”

792

Leaked files reveal scope of Cellebrite’s phone cracking technology

“Earlier this year, [ZDNet was] sent a series of large, encrypted files purportedly belonging to a U.S. police department as a result of a leak at a law firm, which was insecurely synchronizing its backup systems across the internet without a password. Among the files was a series of phone dumps created by the police department with specialist equipment, which was created by Cellebrite, an Israeli firm that provides phone-cracking technology. We obtained a number of these so-called extraction reports. One of the more interesting reports by far was from an iPhone 5 running iOS 8. The phone’s owner didn’t use a passcode, meaning the phone was entirely unencrypted. The phone was plugged into a Cellebrite UFED device, which in this case was a dedicated computer in the police department. The police officer carried out a logical extraction, which downloads what’s in the phone’s memory at the time. (Motherboard has more on how Cellebrite’s extraction process works.) In some cases, it also contained data the user had recently deleted. To our knowledge, there are a few sample reports out there floating on the web, but it’s rare to see a real-world example of how much data can be siphoned off from a fairly modern device. We’re publishing some snippets from the report, with sensitive or identifiable information redacted.”

787

FBI authorised informants to break the law 22,800 times in 4 years

“Over a four-year period, the FBI authorized informants to break the law more than 22,800 times, according to newly reviewed documents.

Official records obtained by the Daily Dot under the Freedom of Information Act (FOIA) show the Federal Bureau of Investigation gave informants permission at least 5,649 times in 2013 to engage in activity that would otherwise be considered a crime. In 2014, authorization was given 5,577 times, the records show.

Those crimes can have serious and unintended consequences. For example, a Daily Dot investigation found that an FBI informant was responsible for facilitating the 2011 breach of Stratfor in one of the most high-profile cyberattacks of the last decade. While a handful of informants ultimately brought down the principal hacker responsible, the sting also caused Stratfor, an American intelligence firm, millions of dollars in damages and left an estimated 700,000 credit card holders vulnerable to fraud.”

799

Steven Rambam at HOPE XI, 2016

“First came the assault on privacy. Name, address, telephone, DOB, SSN, physical description, friends, family, likes, dislikes, habits, hobbies, beliefs, religion, sexual orientation, finances, every granular detail of a person’s life, all logged, indexed, analyzed and cross-referenced. Then came the gathering of location and communication data. Cell phones, apps, metro cards, license plate readers and toll tags, credit card use, IP addresses and authenticated logins, tower info, router proximity, networked “things” everywhere reporting on activity and location, astoundingly accurate facial recognition mated with analytics and “gigapixel” cameras and, worst of all, mindlessly self-contributed posts, tweets, and “check-ins,” all constantly reporting a subject’s location 24-7-365, to such a degree of accuracy that “predictive profiling” knows where you will likely be next Thursday afternoon. Today we are experiencing constant efforts to shred anonymity. Forensic linguistics, browser fingerprinting, lifestyle and behavior analysis, metadata of all types, HTML5, IPv6, and daily emerging “advances” in surveillance technologies – some seemingly science fiction but real – are combining to make constant, mobile identification and absolute loss of anonymity inevitable. And, now, predictably, the final efforts to homogenize: the “siloing” and Balkanization of the Internet. As Internet use becomes more and more self-restricted to a few large providers, as users increasingly never leave the single ecosystem of a Facebook or a Google, as the massive firehose of information on the Internet is “curated” and “managed” by persons who believe that they know best what news and opinions you should have available to read, see, and believe, the bias of a few will eventually determine what you believe. What is propaganda? What is truth? You simply won’t know. In a tradition dating back to the first HOPE conference, for three full hours Steven Rambam will detail the latest trends in privacy invasion and will demonstrate cutting-edge anonymity-shredding surveillance technologies. Drones will fly, a “privacy victim” will undergo digital proctology, a Q&A period will be provided, and fun will be had by all.”

875
Stare Into The Lights My Pretties

“From Uber To Eric Schmidt, Tech Is Closer To the US Government Than You’d Think”

“Alphabet’s [Google] executive chairman, Eric Schmidt, recently joined a Department of Defense advisory panel. Facebook recently hired a former director at the U.S. military’s research lab, Darpa. Uber employs Barack Obama’s former campaign manager David Plouffe and Amazon.com tapped his former spokesman Jay Carney. Google, Facebook, Uber and Apple collectively employ a couple of dozen former analysts for America’s spy agencies, who openly list their resumes on LinkedIn.

These connections are neither new nor secret. But the fact they are so accepted illustrates how tech’s leaders — even amid current fights over encryption and surveillance — are still seen as mostly U.S. firms that back up American values. Christopher Soghoian, a technologist with the American Civil Liberties Union, said low-level employees’ government connections matter less than leading executives’ ties to government. For instance, at least a dozen Google engineers have worked at the NSA, according to publicly available records on LinkedIn. And, this being Silicon Valley, not everyone who worked for a spy agency advertises that on LinkedIn. Soghoian, a vocal critic of mass surveillance, said Google hiring an ex-hacker for the NSA to work on security doesn’t really bother him. “But Eric Schmidt having a close relationship with the White House does…”

914

Catalogue of US Government Surveillance Devices

The Intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States.

The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.

Slides of the catalogue available here, while a stylised version is available here.

843

How the CIA made Google… and WHY

Two articles from Medium by ‘Insurge Intelligence,’ a crowd-funded investigative journalism project, tell the story of how the United States intelligence community funded, nurtured and incubated Google as part of a drive to dominate the world through control of information. Seed-funded by the NSA and CIA, Google was merely the first among a plethora of private sector start-ups co-opted by US intelligence to retain ‘information superiority.’

By Nafeez Ahmed.

 

Part One: How the CIA made Google

“From inception, in other words, Google was incubated, nurtured and financed by interests that were directly affiliated or closely aligned with the US military intelligence community: many of whom were embedded in the Pentagon Highlands Forum.

The US intelligence community’s incubation of Google from inception occurred through a combination of direct sponsorship and informal networks of financial influence, themselves closely aligned with Pentagon interests.

The Highlands Forum itself has used the informal relationship building of such private networks to bring together defense and industry sectors, enabling the fusion of corporate and military interests in expanding the covert surveillance apparatus in the name of national security. The power wielded by the shadow network represented in the Forum can, however, be gauged most clearly from its impact during the Bush administration, when it played a direct role in literally writing the strategies and doctrines behind US efforts to achieve ‘information superiority.’”

Noting Google’s genesis with DARPA funding, the expansion of the empire today in the realm of Google’s actions with GeoEye and Keyhole; Boston Dynamics, DeepMind, Nest Labs, Dropcam, etc—the trajectory becomes clear.

 

Part Two: Why Google made the NSA

“Mass surveillance is about control. It’s promulgators may well claim, and even believe, that it is about control for the greater good, a control that is needed to keep a cap on disorder, to be fully vigilant to the next threat. But in a context of rampant political corruption, widening economic inequalities, and escalating resource stress due to climate change and energy volatility, mass surveillance can become a tool of power to merely perpetuate itself, at the public’s expense.

A major function of mass surveillance that is often overlooked is that of knowing the adversary to such an extent that they can be manipulated into defeat. The problem is that the adversary is not just terrorists. It’s you and me. To this day, the role of information warfare as propaganda has been in full swing, though systematically ignored by much of the media.

Here, INSURGE INTELLIGENCE exposes how the Pentagon Highlands Forum’s co-optation of tech giants like Google to pursue mass surveillance, has played a key role in secret efforts to manipulate the media as part of an information war against the American government, the American people, and the rest of the world: to justify endless war, and ceaseless military expansionism.”

1224

Police set-up Sydney Muslims with post-seige raids, culture of fear

“About 2pm on Monday, December 15, Rebecca Kay took a phone call from NSW Police Counter-Terrorism.

The officer wondered if she could help police find an Islamic State flag. This was one of the demands of Man Haron Monis, the gunman holding 18 hostages at the Lindt cafe in Martin Place.

”And if they give him a flag he was going to exchange it for a hostage,” says Ms Kay, a convert to Islam who has become a prominent community member in western Sydney.

Ms Kay was one of several people contacted that afternoon, and she was only too willing to help.

”A lot of people in the Muslim community were devastated,” she says. “We were ready to jump – ‘just say how high’ – to help police prevent a tragedy.”

Ms Kay believes she called as many as 50 people, but finding an IS flag – or anyone willing to admit they had one – proved no easy task.

And soon her contacts started asking: “Are we being set up?”

”They were very suspicious,” she says. “Some accused me of being an informant.”

But she counselled that they should try to help.

And the officer kept calling back, “three or four times over the next hour to see if I had got an Islamic State flag or not. There was a sense of urgency that I get it and that I take it down to Bankstown police station, and they were going to put it in a patrol car, with the lights [flashing], and bring it to the city.”

Monis’s hostages recited his demands on Facebook and YouTube, as police worked to have them taken down. Hostage Julie Taylor, a barrister, said he would free five hostages if Prime Minister Tony Abbott called him to record a short conversation to be played on air. He would release two if the politicians told “the truth, which is that this is an attack by Islamic State against Australia”. And he would allow one to go if the flag were delivered.”

 
“In the end, Ms Kay says, police sourced their own flag. But then they told her it had been decided there would be no trade with Monis in any case.

By now she had burnt many bridges in her own community.

It got worse. About 2am the next morning – about the time of the deadly final shootout inside the Lindt cafe – NSW police searched the western Sydney home of one of the young men she had contacted. He had considered handing over his flag to Ms Kay but then thought, no, it was a trap.

”And so he then believed I did try to set him up,” she says.

The next morning, she was told, the Australian Federal Police raided the homes of another two men who had been contacted during the community’s urgent attempt to help save hostages.

“Obviously, they were listening to all our phone calls,” Ms Kay says.

“I want to be able to have dealings with police … but when it gets thrown back in your face, it sets us back two steps.”

Lawyer Zali Burrows, who represents some of the people who tried to help police, wonders: “Why didn’t they just print one out.” A laser printer could have produced the flag on cloth and they could have delivered it in half an hour, she says.

Lydia Shelly, a solicitor from the Muslim Legal Network, says: “Our overriding concern was with the safety of those innocent Australians being held against their will.”

Police would not respond to questions about the flag or whether they intended to allow Monis to display it to the world’s televisions and risk him winning the support of other extremists.

Ms Kay says there is nothing sinister about the flag that Islamic State has misappropriated. It depicts the prophet’s seal and “it’s a flag that Muslims should have. It’s not our fault that these barbarians have taken it as their flag.”

She says she would want to help police in another such crisis, but: “They’re not building trust. With this incident they have not built trust at all.

”You don’t understand the pressure cooker we’re in and the interference that the AFP and ASIO have, and the fear that they create, and how they stalk – and I can say stalk with confidence – members of our community and instil fear in their families and ostracise them from their workplace and the people they know, so they become paranoid and they don’t interact with anyone.”

”This is the kind of norm they’ve created here, where no one trusts anyone anymore.””

715

The Melbourne Apartment that spies on activists

“An inconspicuous Melbourne apartment block is home to a monitoring service that keeps watch on environment groups at the request of the federal government.

The National Open Source Intelligence Centre, a private intelligence company, works under contract for the Australian Federal Police and Federal Attorney-General’s Department to monitor activist websites, blogs, Facebook and Twitter to provide warning and analysis of protest activity.

It aims to provide law enforcement agencies and other private clients with internet monitoring and analysis directed at groups engaged in “radical activism, criminal (terrorist) activity or unlawful behaviour.”

Services provided by NOSIC include “issue monitoring,” “tactical intelligence,” “threat analysis” and “trend analysis and forecasting focus on emerging patterns and trends in activism.”

NOSIC has been engaged on contract by the AFP and the Attorney-General’s Department since at least 2003. From 2006 to 2008, it was paid $184,800.

In addition to its ongoing work for the federal agencies and state police, NOSIC also provides services relating to specific events…”

860

New datacentre for Australian spook agencies

“The Australian government has been building a state-of-the art, secret data storage facility just outside Canberra to enable intelligence agencies to deal with a ‘’data deluge’’ siphoned from the internet and global telecommunications networks.

The high-security facility nearing completion at the HMAS Harman communications base will support the operations of Australia’s signals intelligence agency, the top-secret Defence Signals Directorate.

Privately labelled by one Defence official as ‘’the new black vault’’, the data centre is one of the few visible manifestations of Australia’s deep involvement in mass surveillance and intelligence collection operations such as the US National Security Agency’s PRISM program revealed last week by US intelligence leaker Edward Snowden.

Fairfax Media has confirmed Australian intelligence agencies receive what Defence intelligence officials describe as ‘’huge volumes’’ of ‘’immensely valuable’’ information derived from PRISM and other US signals intelligence collection programs.

Australian agencies assist the US to target foreign nationals and Australian citizens who are of security and intelligence interest to both countries.”

853
Stare Into The Lights My Pretties

NSA Project TURBINE

“In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.

When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack.

The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter.

Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.

What’s more, the TURBINE system operates with the knowledge and support of other governments, some of which have participated in the malware attacks.

Classification markings on the Snowden documents indicate that NSA has shared many of its files on the use of implants with its counterparts in the so-called Five Eyes surveillance alliance – the United Kingdom, Canada, New Zealand, and Australia.”

846