FBI Surveillance, NIST’s Rubbish Encryption Standards, NSA and GCHQ Hacking in the News

!cid_646C6B28-19C2-47E8-8A8B-C3F5FB57CB74Let’s start with domestic snooping, and just in case you missed Kevin Gosztola’s excellent report ‘ACLU Releases Report on FBI’s Development Into Abusive Domestic Intelligence Enterprise; you may want to read it closely.  Some excerpts (my bolds throughout):

‘The report describes, “Every 90 days for the past seven years the FBI has obtained secret Foreign Intelligence Surveillance Court (FISA Court) orders compelling telecommunications companies to provide the government with the toll billing records of every American’s telephone calls, domestic and international, on an ongoing daily basis. Other programs have collected similar data about Americans’ email and Internet activity and seized the content of their international communications, even though there was no evidence they had done anything wrong. State and local police and the general public are encouraged to report all “suspicious” people and activity to the FBI.”

“This is what a domestic intelligence enterprise looks like in our modern technological age,” the report declares.

It examines how technology has enabled the FBI to hoard data on communities and engage in racial profiling that includes citing lawful activities as suspicious to justify investigations. It notes how the FBI has targeted First Amendment-protected activities and fought to suppress whistleblowers. It details the excessive secrecy in the FBI that has helped shield the agency from accountability. It also calls attention to the dubious practices in which the FBI is using informants in investigations and how they have also used the No-Fly List to coerce individuals into becoming informants.’

The following are some  headings from the 60-pagereport:

~Racial and Ethnic Profiling

~ Targeting First Amendment-Protected Activities

The database, eGuardian, was setup in 2009 for reports of “suspicious” behavior, which could be shared amongst state and local law enforcement agencies. The report from the ACLU indicates that eGuardian “has become a repository for improperly collected information about First Amendment-protected activities.

~ Overzealously Applying Authorities to Manipulate Minorities into Becoming Informants  (including the use of agents provacateurs)

~ Using the No Fly List to Force Individuals to Become Informants.

The ACLU report, entitled ‘UNLEASHED AND UNACCOUNTABLE: The FBI’s Unchecked Abuse of Authority(pdf) can be read here.

And from the Guardian comes ‘Major US security company warns over NSA link to encryption formula: RSA, the security arm of EMC, sends email to customers over default random number generator which uses weak formula’

That formula they’d been using was one of the NIST encryptions that was shown via others of Snowden’s documents to have been created as weak by the NSA (as far as I understand it) .

A major American computer security company has told thousands of customers to stop using an encryption system that relies on a mathematical formula developed by the National Security Agency (NSA). [snip]

Last week, the New York Times reported that Snowden’s cache of documents from his time working for an NSA contractor showed that the agency used its public participation in the process for setting voluntary cryptography standards, run by the government’s National Institute of Standards (NIST) and Technology, to push for a formula it knew it could break. Soon after that revelation, the NIST began advising against the use of one of its cryptographic standards and, having accepted the NSA proposal in 2006 as one of four systems acceptable for government use, said it would reconsider that inclusion in the wake of questions about its security.’

Well yes, one has to wonder why RSA would still have been using that ‘weak random-number generator’ after being warned against it, but part of the answer may be here:

‘Encryption systems use pseudo-random number generators as part of a complex mathematical process of creating theoretically uncrackable codes. If the number sequences generated can be predicted, that makes the code crackable, given sufficient computing power.

Ferguson pointed to a 2007 presentation by two researchers from Microsoft, Dan Shumow and Niels Ferguson, in which they said: “What we are not saying: NIST intentionally put a back door in this PRNG. What we are saying: the prediction resistance of this PRNG … is dependent on solving one instance of the elliptic curve discrete log problem. (And we do not know if the algorithm designer knew this beforehand.)”

A person familiar with the process by which NIST would have accepted the PRNG told Reuters that it accepted the code in part because many government agencies were already using it.’

Robert Westervelt at CRN.com has more if you’re interested.

Onto the international scene:

From Der Spiegel, Belgacom Attack: Britain‘s GCHQ Hacked Belgian Telecoms Firm’:

Documents from the archive of whistleblower Edward Snowden indicate that Britain’s GCHQ intelligence service was behind a cyber attack against Belgacom, a partly state-owned Belgian telecoms company. A “top secret” Government Communications Headquarters (GCHQ) presentation seen by SPIEGEL indicate that the goal of project, conducted under the codename “Operation Socialist,” was “to enable better exploitation of Belgacom” and to improve understanding of the provider’s infrastructure. [snip]

The document shows that the Belgacom subsidiary Bics, a joint venture between Swisscom and South Africa’s MTN, was on the radar of the British spies.

Belgacom, whose major customers include institutions like the European Commission, the European Council and the European Parliament, ordered an internal investigation following the recent revelations about spying by the United States’ National Security Agency (NSA) and determined it had been the subject of an attack. The company then referred the incident to Belgian prosecutors. Last week, Belgian Prime Minister Elio di Rupo spoke of a “violation of the public firm’s integrity.”

When news first emerged of the cyber attack, suspicions in Belgium were initially directed at the NSA. But the presentation suggests that it was Belgium’s own European Union partner Britain that is behind “Operation Socialist,” even though the presentation indicates that the British used spying technology for the operation that the NSA had developed.

According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a “Quantum Insert” (“QI”). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them. Some of the employees whose computers were infiltrated had “good access” to important parts of Belgacom’s infrastructure, and this seemed to please the British spies, according to the slides.’

The Wiki provides a list of the nations that use MTM.  Heh.   Belacoms’ Wiki history is here.  The investigation seems to have come on the heels of the Snowden documents revealing the ‘Follow the Money’ flowing into the NSA’s financial database Tracfin programs, and representing the transactions of close to 200 million credit card transactions via companies like Visa.  In addition:

‘The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.’

Visa swiftly struck back: ‘We are not aware of any unauthorized access to our network.’  Who can argue with that weasely non-denial denial?

International blowback; from venezuelanalysis.com, ‘Venezuela Rejects U.S. Version of Maduro Airspace Prohibition Dispute’:

‘Mérida, 20th September 2013– Venezuela has rejected the United States’ version of events in the dispute over President Nicolas Maduro’s passage through U.S. airspace last night.

The diplomatic fallout reached media attention when Venezuelan foreign minister Elias Jaua told reporters yesterday that President Maduro had been denied permission to fly through U.S. airspace.’ [snip]

Rejecting the US State Department’s Official Bullshit:

‘Venezuela’s top diplomat in Washington, Calixto Ortega, rejected the U.S. version of events, affirming in a call to state channel VTV that the U.S. had indeed denied Maduro’s passage through its airspace.

“The permission was denied. I have the denial in writing. We had to have a series of conversations [to gain clearance for the flight],” he said.

Ortega also disagreed with the arguments put forward for the delay in granting permission to enter U.S. airspace, explaining that the plane, route and flight request were exactly the same as in June when Maduro passed over Puerto Rico en route to Italy for a diplomatic tour of Europe.

“It’s the same plane, with the same crew, and exactly the same route made, [and in June] a permission request [was] immediately approved,” he explained.’

This, mind you, is the US and Obomba hoping to establish more ‘cordial’ relations with Nicolas Maduro after his election in July.  Brilliant.

In solidarity with Venezuela:

‘Bolivian president Evo Morales requested an “emergency meeting” of the Community of Latin American and Caribbean States (CELAC), saying that he would propose that all member states of the bloc withdraw their ambassadors from the U.S. in protest. CELAC brings together every state in the Western Hemisphere with the exception of the U.S. and Canada.

If it’s with Maduro, it’s with everyone. The United States must know that if it messes with Maduro, it messes with the whole Latin American people…because this is about the unity and sovereignty of our peoples,” he said.

Also from Der Spiegel, ‘SWIFT Suspension? EU Parliament Furious about NSA Bank Spying…

But the odds are against it, the author of article admits, since the EU Council would have to approve that sort of major move.

Stop Watching Us will hold a rally against mass surveillance on October 26 in Washington DeeCee.

(cross-posted at My.fdl.com)

5 responses to “FBI Surveillance, NIST’s Rubbish Encryption Standards, NSA and GCHQ Hacking in the News

  1. damn, that would make a fine song to sing at US uncut at malls! (hand out literature about the tpp, nsa, la la la. extra-wonderful; thank you, bruce!

    i’d seen the obadger one, although at dissident voice, iirc. really why the last post referenced ‘the deep badger bunkers’, or however it went.

    ‘DANCE BREAK’, lol. ‘…by loitering within my tent’. reminded me a bit of my favorite Occupy satire song:

    ‘..i’m off my meds’. too many great lines.

  2. OR Boff the FEDS! I prefer a necromance-break, with OUR presently zombified movement re-occupying Wall Street with a BearHug; rather dan the last matador depicted in the vid, but falling before the Market BULL! :

  3. the song is juuuuust on the edge of familiar, but the mix images got me paying attention. zounds, a revolutionary war military march turned on its head. as are your clever words turned sideways. ;~)

    the bronze bull of capitalism needs a picador, indeed.

    sun’s finally out here; minor floods from the last big storm. rivers raging to the south. this is climate change. we missed two major hail storms that were predicted. can’t say i’m a bit sorry, to say the truth. but then, the bear came again last night, so…there’s that, arrggh.

  4. a few more links to keep:

    hfcmofo will love this: ‘Chaos Computer Club: Hackers Crack Apple’s Fingerprint Scanner
    Contest winners?
    “It is supposed to represent a major step forward in mobile phone security by replacing the password. But the fingerprint sensor on Apple’s new iPhone 5S has already been compromised just two days after it went on sale. The German hacker organization Chaos Computer Club (CCC) says it has successfully bypassed the biometric security system, called TouchID, using “easy everyday means.”


    And more to glue the BRICS together:

    India among top targets of spying by NSA’ (first Snowden documents given to an Indian news outlet?)

    “According to top-secret documents provided to The Hindu by NSA whistleblower Edward Snowden, the American agency carried out intelligence gathering activities in India using at least two major programs: the first one is Boundless Informant, a data-mining system which keeps track of how many calls and emails are collected by the security agency; and the second one is PRISM, a program which intercepts and collects actual content from the networks. While Boundless Informant was used for monitoring telephone calls and access to the internet in India, PRISM collected information about certain specific issues — not related to terrorism — through Google, Microsoft, Facebook, Yahoo, Apple, YouTube and several other web-based services.”
    But jeez, Louise, even with billions of pieces of information plucked from its telephone and internet networks just in 30 days:

    “Though top Indian officials have been rather dismissive of the disclosures, with Minister for External Affairs Salman Khurshid even defending the U.S. surveillance program by saying that “it is not… actually snooping,” the NSA documents obtained by The Hindu show that Boundless Informant not only keeps track of emails and calls collected by the NSA, it is also used by the agency to give its managers summaries of the intelligence it gathers worldwide, thus making it the foundation of the global surveillance programs created by the world’s biggest and most secretive intelligence agency.”

    This one is page two of a similar one, and has the Prism and Boundless Informant hot maps, for some reason the first one doesn’t, or at least it blinks out as it loads.


care to comment? (no registration required)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s