background preloader

NSA and GCHQ target Tor network that protects anonymity of web users

NSA and GCHQ target Tor network that protects anonymity of web users
The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself. Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency's current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity. But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." Another top-secret presentation calls Tor "the king of high-secure, low-latency internet anonymity".

http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

Related:  Surveillance IIGovernement's issueSpying in and out of the U.S., Cover Stories, Sheep-Dipping, NSA

Can the NSA and CIA use your phone to track your location? July 26, 2011, 12:43 PM — There's no need to panic, or start shopping for aluminum-foil headwear, but the super-secret National Security Agency has apparently been thinking frequently enough about whether the NSA is allowed to intercept location data from cell phones to track U.S. citizens that the agency's chief lawyer was able to speak intelligently about it off the cuff while interviewing for a different job. "There are certain circumstances where that authority may exist," even if the NSA has no warrant to investigate a the person whose privacy it is invading or global permission to eavesdrop on everyone, according to Matthew Olsen, the NSA's general counsel. He didn't come to talk about that particularly; he said it yesterday in response to a question from the Senate Select Committee on Intelligence, which was considering whether he'd be a good choice to run the National Counterterrorism Center.

Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators Across the world, people who work as system administrators keep computer networks in order – and this has turned them into unwitting targets of the National Security Agency for simply doing their jobs. According to a secret document provided by NSA whistleblower Edward Snowden, the agency tracks down the private email and Facebook accounts of system administrators (or sys admins, as they are often called), before hacking their computers to gain access to the networks they control. The document consists of several posts – one of them is titled “I hunt sys admins” – that were published in 2012 on an internal discussion board hosted on the agency’s classified servers. They were written by an NSA official involved in the agency’s effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet.

This week in press freedoms and privacy rights I'm on a (much-needed) quick vacation until Sunday, so I'll just post a few brief items from what has been a busy and important week of events, particularly when it comes to press freedom and privacy: (1) In the utter travesty known as "the Bradley Manning court-martial proceeding", the military judge presiding over the proceeding yet again showed her virtually unbreakable loyalty to the US government's case by refusing to dismiss the most serious charge against the 25-year-old Army Private, one that carries a term of life in prison: "aiding and abetting the enemy". The government's theory is that because the documents Manning leaked were interesting to Osama bin Laden, he aided the enemy by disclosing them. Harvard Law Professor Yochai Benkler explained in the New Republic in March why this theory poses such a profound threat to basic press freedoms as it essentially converts all leaks, no matter the intent, into a form of treason.

Do We Have the NSA on the Run, or Is a Much Worse Surveillance State in the Making? December 20, 2013 | Like this article? Join our email list: Stay up to date with the latest headlines via email. What We Learned About NSA Spying in 2014—And What We’re Fighting to Expose in 2015 Among this year’s NSA revelations: “The NSA and its partners exploit mobile apps, such as the popular Angry Birds game, to access users’ private information such as location, home address, gender, and more.” (Photo: TechStage/flickr/cc) After a banner year for shedding light on the NSA’s secret surveillance programs in 2013, the pace of disclosures in 2014—both from whistleblowers and through Freedom of Information Act (FOIA) lawsuits—slowed significantly. But that’s not because all the secrets of NSA surveillance have been revealed. In fact, some of the most significant information about the NSA’s surveillance programsstill remain secret.

The crux of the NSA story in one phrase: 'collect it all' The Washington Post this morning has a long profile of Gen. Keith Alexander, director the NSA, and it highlights the crux - the heart and soul - of the NSA stories, the reason Edward Snowden sacrificed his liberty to come forward, and the obvious focal point for any responsible or half-way serious journalists covering this story. It helpfully includes that crux right in the headline, in a single phrase: What does "collect it all" mean? Exactly what it says; the Post explains how Alexander took a "collect it all" surveillance approach originally directed at Iraqis in the middle of a war, and thereafter transferred it so that it is now directed at the US domestic population as well as the global one: "At the time, more than 100 teams of US analysts were scouring Iraq for snippets of electronic data that might lead to the bomb-makers and their hidden factories.

Catalog Reveals NSA Has Back Doors for Numerous Devices Editor's note: This article accompanies our main feature story on the NSA's Tailored Access Operations unit. You can read it here. When it comes to modern firewalls for corporate computer networks, the world's second largest network equipment manufacturer doesn't skimp on praising its own work. According to Juniper Networks' online PR copy, the company's products are "ideal" for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class."

Utah government sees 10,000-fold increase in cyberattacks Utah government sees 10,000-fold increase in cyberattacks By Mark PomerleauFeb 10, 2015 For government IT managers, cyberattacks are a daily reality and they are typically prepared with a host of detection and remediation tools to ensure sensitive data is not compromised. But the state of Utah has recently been subject to an unusual level of cyber malice that many believe is attributable to the $1 billion National Security Agency data center located there.

Inside look at the internal strife over Al Jazeera America (updated below) When Al Jazeera last December purchased Current TV in order to launch its own "Al Jazeera America" (AJAM) network, it seemed clear they had two general options for how the new network's brand could be built. AJAM could embrace the traditional attributes that has made Al Jazeera, at its best, an intrepid and fearless global news organization: willing to cover stories, air dissident views, and challenge power in ways that many other outlets, especially in the US, are afraid to do. How The NSA Hacks Your iPhone (Presenting DROPOUT JEEP) Following up on the latest stunning revelations released yesterday by German Spiegel which exposed the spy agency's 50 page catalog of "backdoor penetration techniques", today during a speech given by Jacob Applebaum (@ioerror) at the 30th Chaos Communication Congress, a new bombshell emerged: specifically the complete and detailed description of how the NSA bugs, remotely, your iPhone. The way the NSA accomplishes this is using software known as Dropout Jeep, which it describes as follows: "DROPOUT JEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device.

The NSA hides surveillance software in hard drives It's been known for a while that the NSA will intercept and bug equipment to spy on its soon-to-be owners, but the intellgency agency's techniques are apparently more clever than first thought. Security researchers at Kaspersky Lab have discovered apparently state-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible -- all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn't sitting in regular storage, so you can't easily get rid of it or even detect it. Kaspersky isn't explicitly naming the culprits, but it also isn't shy about pointing a finger in the US government's direction.

About the Reuters article (updated below - Update II) When you give many interviews in different countries and say essentially the same thing over and over, as I do, media outlets often attempt to re-package what you've said to make their interview seem new and newsworthy, even when it isn't. Such is the case with this Reuters article today, that purports to summarize an interview I gave to the daily newspaper La Nacion of Argentina. Like everything in the matter of these NSA leaks, this interview is being wildly distorted to attract attention away from the revelations themselves. It's particularly being seized on to attack Edward Snowden and, secondarily, me, for supposedly "blackmailing" and "threatening" the US government. That is just absurd.

Related: