Resources

“Alphabet’s [Google] executive chairman, Eric Schmidt, recently joined a Department of Defense advisory panel. Facebook recently hired a former director at the U.S. military’s research lab, Darpa. Uber employs Barack Obama’s former campaign manager David Plouffe and Amazon.com tapped his former spokesman Jay Carney. Google, Facebook, Uber and Apple collectively employ a couple of dozen former analysts for America’s spy agencies, who openly list their resumes on LinkedIn.

These connections are neither new nor secret. But the fact they are so accepted illustrates how tech’s leaders — even amid current fights over encryption and surveillance — are still seen as mostly U.S. firms that back up American values. Christopher Soghoian, a technologist with the American Civil Liberties Union, said low-level employees’ government connections matter less than leading executives’ ties to government. For instance, at least a dozen Google engineers have worked at the NSA, according to publicly available records on LinkedIn. And, this being Silicon Valley, not everyone who worked for a spy agency advertises that on LinkedIn. Soghoian, a vocal critic of mass surveillance, said Google hiring an ex-hacker for the NSA to work on security doesn’t really bother him. “But Eric Schmidt having a close relationship with the White House does…”

UK’s intelligence agencies such as MI5, MI6, and GCHQ have been collecting personal information from citizens who are “unlikely to be of intelligence or security interest” since the 1990s, previously confidential documents reveal. The documents were published as a result of a lawsuit filed by Privacy International, and according to the files, GCHQ and others have been collecting bulk personal data sets since 1998.

Emphasis added:

“These records can be “anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities,” Privacy International legal officer Millie Graham Wood said in a statement. “The information revealed by this disclosure shows the staggering extent to which the intelligence agencies hoover up our data.”

Nor, it seems, are BPDs only being used to investigate terrorism and serious crime; they can and are used to protect Britain’s “economic well-being”—including preventing pirate copies of Harry Potter books from leaking before their release date.

BPDs are so powerful, in fact, that the normally toothless UK parliament watchdog that oversees intelligence gathering, the Intelligence and Security Committee (ISC), recommended in February that “Class Bulk Personal Dataset warrants are removed from the new legislation.”

These data sets are so large and collect so much information so indiscriminately that they even include information on dead people.”

The Intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States.

The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.

Slides of the catalogue available here, while a stylised version is available here.

“A new study shows that knowledge of government surveillance causes people to self-censor their dissenting opinions online. The research offers a sobering look at the oft-touted “democratizing” effect of social media and Internet access that bolsters minority opinion.

The study, published in Journalism and Mass Communication Quarterly, studied the effects of subtle reminders of mass surveillance on its subjects. The majority of participants reacted by suppressing opinions that they perceived to be in the minority. This research illustrates the silencing effect of participants’ dissenting opinions in the wake of widespread knowledge of government surveillance, as revealed by whistleblower Edward Snowden in 2013.

The “spiral of silence” is a well-researched phenomenon in which people suppress unpopular opinions to fit in and avoid social isolation. It has been looked at in the context of social media and the echo-chamber effect, in which we tailor our opinions to fit the online activity of our Facebook and Twitter friends. But this study adds a new layer by explicitly examining how government surveillance affects self-censorship.”

“Research suggests that widespread awareness of mass surveillance could undermine democracy by making citizens fearful of voicing dissenting opinions in public. A paper published in Journalism and Mass Communication Quarterly, the flagship peer-reviewed journal of the Association for Education in Journalism and Mass Communication (AEJMC), found that “the government’s online surveillance programs may threaten the disclosure of minority views and contribute to the reinforcement of majority opinion.” The NSA’s “ability to surreptitiously monitor the online activities of U.S. citizens may make online opinion climates especially chilly” and “can contribute to the silencing of minority views that provide the bedrock of democratic discourse,” the researcher found.”

“German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.

“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers.

Engel, founder of Sternraute, and Karsten Nohl, chief scientist for Security Research Labs, separately discovered these security weaknesses as they studied SS7 networks in recent months, after The Washington Post reported the widespread marketing of surveillance systems that use SS7 networks to locate callers anywhere in the world. The Post reported that dozens of nations had bought such systems to track surveillance targets and that skilled hackers or criminals could do the same using functions built into SS7. (The term is short for Signaling System 7 and replaced previous networks called SS6, SS5, etc.)

The researchers did not find evidence that their latest discoveries, which allow for the interception of calls and texts, have been marketed to governments on a widespread basis. But vulnerabilities publicly reported by security researchers often turn out to be tools long used by secretive intelligence services, such as the National Security Agency or Britain’s GCHQ, but not revealed to the public.

“Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” said Christopher Soghoian, principal technologist for the ACLU and an expert on surveillance technology. “They’ve likely sat on these things and quietly exploited them.”

The GSMA, a global cellular industry group based in London, did not respond to queries seeking comment about the vulnerabilities that Nohl and Engel have found. For the Post’s article in August on location tracking systems that use SS7, GSMA officials acknowledged problems with the network and said it was due to be replaced over the next decade because of a growing list of security and technical issues.

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function — a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

Nohl on Wednesday demonstrated the ability to collect and decrypt a text message using the phone of a German senator, who cooperated in the experiment. But Nohl said the process could be automated to allow massive decryption of calls and texts collected across an entire city or a large section of a country, using multiple antennas.

“It’s all automated, at the push of a button,” Nohl said. “It would strike me as a perfect spying capability, to record and decrypt pretty much any network… Any network we have tested, it works.”

Those tests have included more than 20 networks worldwide, including T-Mobile in the United States. The other major U.S. carriers have not been tested, though Nohl and Engel said it’s likely at least some of them have similar vulnerabilities. (Several smartphone-based text messaging systems, such as Apple’s iMessage and Whatsapp, use end-to-end encryption methods that sidestep traditional cellular text systems and likely would defeat the technique described by Nohl and Engel.)”

 
“In a statement, T-Mobile said: “T-Mobile remains vigilant in our work with other mobile operators, vendors and standards bodies to promote measures that can detect and prevent these attacks.”

The issue of cell phone interception is particularly sensitive in Germany because of news reports last year, based on documents provided by former NSA contractor Edward Snowden, that a phone belonging to Chancellor Angela Merkel was the subject of NSA surveillance. The techniques of that surveillance have not become public, though Nohl said that the SS7 hacking method that he and Engel discovered is one of several possibilities.

U.S. embassies and consulates in dozens of foreign cities, including Berlin, are outfitted with antennas for collecting cellular signals, according to reports by German magazine Der Spiegel, based on documents released by Snowden. Many cell phone conversations worldwide happen with either no encryption or weak encryption.

The move to 3G networks offers far better encryption and the prospect of private communications, but the hacking techniques revealed by Nohl and Engel undermine that possibility. Carriers can potentially guard their networks against efforts by hackers to collect encryption keys, but it’s unclear how many have done so. One network that operates in Germany, Vodafone, recently began blocking such requests after Nohl reported the problem to the company two weeks ago.

Nohl and Engel also have discovered new ways to track the locations of cell phone users through SS7. The Post story, in August, reported that several companies were offering governments worldwide the ability to find virtually any cell phone user, virtually anywhere in the world, by learning the location of their cell phones through an SS7 function called an “Any Time Interrogation” query.

Some carriers block such requests, and several began doing so after the Post’s report. But the researchers in recent months have found several other techniques that hackers could use to find the locations of callers by using different SS7 queries. All networks must track their customers in order to route calls to the nearest cellular towers, but they are not required to share that information with other networks or foreign governments.

Carriers everywhere must turn over location information and allow eavesdropping of calls when ordered to by government officials in whatever country they are operating in. But the techniques discovered by Nohl and Engel offer the possibility of much broader collection of caller locations and conversations, by anyone with access to SS7 and the required technical skills to send the appropriate queries.

“I doubt we are the first ones in the world who realize how open the SS7 network is,” Engel said.

Secretly eavesdropping on calls and texts would violate laws in many countries, including the United States, except when done with explicit court or other government authorization. Such restrictions likely do little to deter criminals or foreign spies, say surveillance experts, who say that embassies based in Washington likely collect cellular signals.

The researchers also found that it was possible to use SS7 to learn the phone numbers of people whose cellular signals are collected using surveillance devices. The calls transmit a temporary identification number which, by sending SS7 queries, can lead to the discovery of the phone number. That allows location tracking within a certain area, such as near government buildings.

The German senator who cooperated in Nohl’s demonstration of the technology, Thomas Jarzombek of Merkel’s Christian Democratic Union party, said that while many in that nation have been deeply angered by revelations about NSA spying, few are surprised that such intrusions are possible.

“After all the NSA and Snowden things we’ve heard, I guess nobody believes it’s possible to have a truly private conversation on a mobile phone,” he said. “When I really need a confidential conversation, I use a fixed-line” phone.”

LA County Sheriff’s Department in Compton, California deploy aerial real-time surveillance, unbeknownst to residents.

The technology is called “Wide Area Surveillance.”

“The nation’s electronic espionage agency, the Australian Signals Directorate, is in a partnership with British, American and Singaporean intelligence agencies to tap undersea fibre optic telecommunications cables that link Asia, the Middle East and Europe and carry much of Australia’s international phone and internet traffic.

Secret information disclosed by United States intelligence whistleblower Edward Snowden has revealed that the British Government Communications Headquarters is collecting all data transmitted to and from the United Kingdom and Northern Europe via the SEA-ME-WE-3 cable that runs from Japan, via Singapore, Djibouti, Suez and the Straits of Gibraltar to Northern Germany.

Australia is connected to SEA-ME-WE-3 by a link from Singapore to Perth, and GCHQ’s bulk interception includes much of Australia’s telecommunications and internet traffic with Europe.

Australian intelligence sources have also told Fairfax Media that Singaporean intelligence co-operates with Australia in accessing and sharing communications carried by the SEA-ME-WE-3 cable which lands at Tuas on the western side of Singapore Island.

Access to this major international telecommunications channel via Singapore’s government-owned operator SingTel and the country’s Defence Ministry has been a key element in an expansion of Australian-Singaporean intelligence and defence ties over the past 15 years.

It also underpinned the former Howard government’s approval of SingTel’s takeover of Australia’s second largest telecommunications company, Optus, in 2001.

Commissioned in 2000, the 39,000 kilometre long SEA-ME-WE-3 cable is owned by an international consortium that includes British Telecom, SingTel Optus, Telstra and other telecommunications companies across Asia, the Middle East and Europe.

Telstra has an 80 per cent stake in the southern segment that covers the 5000 kilometres between Singapore and Western Australia.

The Australian Signals Directorate also accesses the SEA-ME-WE-3 cable traffic from the cable’s landing in Perth.

Australian intelligence expert and Australian National University professor Des Ball said that intelligence collection from fibre optic cables had become “extremely important” since the late 1990s because such communications channels now carry more than 95 per cent of long distance international telecommunications traffic.”

“Australia’s leading telecommunications company, Telstra, has installed highly advanced surveillance systems to “vacuum” the telephone calls, texts, social media messages and internet metadata of millions of Australians so that information can be filtered and given to intelligence and law enforcement agencies.

The Australian government’s electronic espionage agency, the Australian Signals Directorate, is using the same technology to harvest data flows carried by undersea fibre-optic cables in and out of Australia.

Confidential documents obtained by Fairfax Media reveal the secret technology used to trawl Australians’ telecommunications and internet data for analysis by ASIO, the ASD and law enforcement agencies.

All Australian telecommunications and internet service providers by law must maintain interception and data-collection capabilities for government.

The leaked documents reveal that a little-known Melbourne-based company is a key provider of the secret monitoring technology.

Newgen Systems, owned and managed by local telecommunications engineer Robert Perin, is the sole Australian supplier for Gigamon, a large Silicon Valley-based information technology firm that specialises in what it terms “network traffic visibility solutions’’.

Gigamon’s hardware enables telecommunications and IT network administrators to track, inspect and analyse all data flows undetected without affecting the performance of networks.

A key application of the technology is interception of telecommunications and internet data.”

“The New South Wales police have used sophisticated hacking software to monitor the phones and computers of Australians, according to documents published by WikiLeaks.

In a new cache published on Monday NSW police are listed as a client of Gamma International, a German company that develops powerful spyware to remotely monitor computer use.

The documents show that NSW police have used several of the company’s spy programs for a number of investigations at a cost of more than $2m.

The software – known as FinSpy – allows widespread access to computer records, including extracting files from hard drives, grabbing images of computer screens, full Skype monitoring, logging keystrokes and monitoring email and chat communications.

“When FinSpy is installed on a computer system it can be remotely controlled and accessed as soon as it is connected to the internet/network, no matter where in the world the target system is based,” earlier documentation published by WikiLeaks said.”

“In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.

When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack.

The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter.

Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.

What’s more, the TURBINE system operates with the knowledge and support of other governments, some of which have participated in the malware attacks.

Classification markings on the Snowden documents indicate that NSA has shared many of its files on the use of implants with its counterparts in the so-called Five Eyes surveillance alliance – the United Kingdom, Canada, New Zealand, and Australia.”