How the NSA Is Spying On Everyone: More Revelations 148
The Intercept has published today a story detailing documents that "reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers." The documents also describe a years-long effort, aimed at hostile and friendly regimes, from the point of view of the U.S. government, to break the security of various countries' communications networks.
"Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks."
Standard M.O. (Score:1, Interesting)
Re:Standard M.O. (Score:5, Insightful)
Surprised? No... Concerned that US Citizens are being illegally monitored in their communications by the NSA? Yes... This is illegal monitoring of people who pose no threat to the US or their citizens. Monitoring them without a valid warrant with a description of what the threat they pose is is illegal.
Re:Standard M.O. (Score:5, Interesting)
I guess you can call it illegal, but that sort of implies that there is some sort of authority who can take authority action against transgressors. From the NSA to local police (illegal chokehold, anyone?) the security mechanism in America is without responsible civilian oversight. =(
Re:Standard M.O. (Score:5, Insightful)
Technically the people of the United States have the authority. It's such a shame that the government has been able to sucker the less intelligent masses into giving up liberty under the "threat" of terrorism.
My solution was simply to move out of the USA. I've been an ex-pat going on a decade now and couldn't be happier. I plan to renounce my US citizenship this coming year.
Re: (Score:1)
Re: (Score:2)
I like the phrase - "The loss of liberty is worse than the threat of terror." I think it would make a nice T-Shirt. Just curious, isn't leaving the U.S. because our democracy is threatened the opposite of patriotism?
Re: (Score:2)
Since the people of the United States are not represented by the single party with two asses, they lack this authority unless they choose to revolt.
Re: (Score:2)
The NSA doesn't actually care about non-aggressive foreigners? Same reason I don't care that China, Russia, etc. are probably monitoring me here in the US.
All such agencies are basically in the business of expanding their power and defending the status quo - in practice that means targetting foreign aggressors and civically active citizens. And while they can legally "disappear" citizens with no repercussions, they have to be willing to risk an international incident to get at a foreigner.
Re:Standard M.O. (Score:4, Insightful)
There are plenty of people who can take authority. They can defund the NSA. They can disband the NSA. They can add new layers of oversight to the NSA> Just because they haven't doesn't mean there is no one who can./ Remember they did defund the TIA in early 2000's... Then they allowed it to side step and rename itself and begin operating anew. I think legally at this point, if defunded to resume operation under a new name would be seen as the complete refusal to operate within the charters it was held to.
Re: (Score:2)
The NSA should not necessarily be defended but most logically broken into two distinct, separate and competing organisation. One for defence and once for offence. That does mean the defensive NSA does in fact target and seek to prosecute the offensive NSA and wins promotions, political advantage and funding by doing so. Basically publicly being the good guys and the bad NSA filling full of psychopaths waiting to be busted for breaking laws. That is the check and balance. Until it is split it will continue
Re: (Score:2)
Only if you are stating that President Obama is irresponsible. He could change all this with executive orders but doesn't.
Re:Standard M.O. (Score:4, Interesting)
"Only if you are stating that President Obama is irresponsible."
As far as the President goes, there are 3 options that I see:
- President Obama may be irresponsible for allowing this level of intrusive surveillance.
- President Obama may not actually have the ability to change this - he may feel his hands are tied. I'm sure there are lots of things he'd like to do.
- President Obama may be responsible, and have control over the agency, but his positions and responsibilities may no longer be purely civilian.
And of course, Obama only has control over the fed. Police killing people and not being held responsible happens at a local level. The failure to hold the security apparatus responsible seems larger than a single agency or it's nominal overseer.
Re: (Score:3)
Option 4: NSA has a surveillance tape of him with a Kenyan Muslim sheep.
Re: (Score:2)
I guess you can call it illegal, but that sort of implies that there is some sort of authority who can take authority action against transgressors.
There is an authority who can take action, the problem is that they don't. It's pretty much the reason the Supreme Court exists.
Re: (Score:2)
I thought that President Jackson put them in their place some time back? Something about who had an army and the right of the President to do genocide IIRC.
Re: (Score:2)
This is because America is without responsible civilians. Or non-civilians, for that matter.
Re: (Score:2)
Something about by the people, of the people and for the people. Unfortunately, the people do not truly participate, so that chain never truly starts anymore. As long as people are more focused on who their favorite right/left wing nut job is and less on what does the country need, there is no end to any of this. Just more nut jobs.
Re: Standard M.O. (Score:2)
The Grand Jury does not make a determination of the defendant's guilt or innocence. All it does is determine if they should go to trial. Since too often they are the prosecutor's hand puppets, the NYC and Ferguson Grand Jury results simply mean that the Prosecutor's office decided to give the cops a pass. If you think it was because they were not guilty....well...faith, even misguided, is a wonderful thing to see
Re: (Score:2)
It's not just US citizens. If you RTFA you'll see that it's everybody, everywhere.
Re: (Score:1)
I'm sorry, but currently the general population is considered to be a threat to the wealthy and powerful.
And you aren't permitted to see the warrant being used to monitor your communications, because you might be able to successfully challenge it in court.
The "standard M. O." is not *STANDARD* enough (Score:1)
If you think that NSA would stop at introducing flaws to communication system, think again !
The flaws in the communication system is but one of the ***MANY*** fields that they have tampered with
With the advent of IoT, it would be a fucking field day for spooks from NSA --- nothing, and I repeat, NOTHING in our daily lives will escape the watchful eyeballs of NSA
Re:The "standard M. O." is not *STANDARD* enough (Score:5, Funny)
With the advent of IoT, it would be a fucking field day for spooks from NSA --- nothing, and I repeat, NOTHING in our daily lives will escape the watchful eyeballs of NSA
So, instead of Freedom Fries, we get Terror Toast?
It's not just the NSA (No Sales for Americans). (Score:2, Insightful)
Act of war (Score:1)
Good thing we're all friends, right? Anybody else would have to see this as an act of war.
Eh? (Score:3, Insightful)
I don't get it. The NSA is an organization of criminal hackers, and it's not a question of "could be", the NSA is already doing it. What am I missing?
Re: (Score:1)
All the contractor funding to place the tame encryption, keep it working and then clean up the networks after events.
All the new security clearances and new cyber funding? Ex staff and former staff selling their skills globally?
Staff who worked in friendly nations with an understanding of the networks and tame systems selling their skills globally?
Once weak encryption and junk telco networks are worked on for a few generations the skill sets become available to other nations, cults
Call a spade a spade (Score:5, Insightful)
Don't muddy the waters by implying that only a specific, "bad-apple" division of government is doing the stalking. It is government that is doing the stalking. The specific division of government (NSA) is utterly irrelevant to the victims. That only matters to the aggressor.
If it was a private company doing the stalking, you wouldn't say that "Human Resources" is the aggressor and ignore the fact that Human Resources is owned by, funded by, and works for Google. You would state the obvious and say that Google is the aggressor.
In other words, this is a failure of government, not "the NSA". Government is attacking your basic human right to free association, not "the NSA".
Re:Call a spade a spade (Score:5, Interesting)
And if your right hand causes you to sin, cut it off and throw it away. For it is better that you lose one of your members than that your whole body go into hell.
I'm not even religious, and this quotation came to mind.
Re: (Score:3)
I was thinking more along these lines:
And there is no creature hidden from His sight, but all things are open and laid bare to the eyes of Him with whom we have to do.
Re:Call a spade a spade (Score:5, Insightful)
While this is a good point, one of the questions we should be asking ourselves is to what degree the agency is under effective political control. For many years the FBI wasn't because it had the goods on everyone.
It makes a difference whether the actions of the agency are due to the vulnerability of political leaders, the lack of will of political leaders, or the direction of political leaders. Specifically it makes a difference to how to fix the problem.
Re:Call a spade a spade (Score:4, Interesting)
While this is a good point, one of the questions we should be asking ourselves is to what degree the agency is under effective political control. For many years the FBI wasn't because it had the goods on everyone.
We have three branches of Government and the NSA belongs to the Executive Branch.
From what we've seen so far, the Legislative branch has simultaneously expanded the NSA's spying powers and been kept in the dark about the scope of the NSA's activities (which prevents meaningful oversight).
The Judicial branch's oversight of the NSA is something of a mystery.
We don't know what the NSA tells the FISA court and the FISA court doesn't know what the NSA isn't telling them.
And pretty much any other judicial cases involving the NSA get shut down with the claim of national security.
We know for certain that the Executive branch has been issuing classified opinions and directives to give the NSA expansive powers.
They're under "under effective political control," just not the kind of control that the majority of Americans desire.
Re: (Score:3)
just not the kind of control that the majority of Americans desire
I'm not so sure. I think the President (who ever that is) typically wants to keep the country safe and the NSA wants to do the same and they think that they are doing it correctly. I think people want the to be safe and it's tough as the person who is actually President to cut off the means employed by the NSA and hope that you are correct and the ends will still be there knowing that if there were an attack it could easily be your decision that allowed it and all it's nasty side effects.
All that said, I'd
Re:Call a spade a spade (Score:4, Insightful)
No, it is not government because the government isn't a monolithic hive mind.
Sheriff Bob out on the rural I80 isn't attacking my security/privacy. The firefighters aren't attacking my security/privacy. The FDA and BPA aren't. It's a specific branch - the NSA - that is.
And at that, though I'll be damned if I can find the presentation on youtube, it's not even "the NSA" - there are 3 branches of it. One is tasked with protecting American information/security (which I believe most of us would agree is laudable), one with tracking known enemies, and the third are the sigint "break the security of everything" guys that everyone but them, apparently even outside their branch of the NSA, think are fucking insane.
In fact, that presentation led me to believe that the actions of this branch which (You might want to sit down and have your smelling salts ready) went insane following 9/11 are more than anything else like HAL: They were handed absurd instructions and have no choice but to carry them out. In this case the instruction was "never again." Well..... never is an awfully long time and an awfully high bar. The only way you can know if anyone, anywhere is planning the next 9/11 is if you're watching everyone, everywhere. Multiple officials inside the NSA brought their concerns over this insane order (and its insane results) forward but were, as we now know, ignored.
The left hand of the fedgov routinely doesn't know what the right hand is doing, and that's without the right hand actively trying to prevent anyone from knowing what it's doing. But do go on about how the government is a monolithic evil. I'm sure that Senator Wyden, who's been one of the leaders in the charge to stop this bullshit, appreciates your thoughtful and nuanced views of this complex matter.
Re: (Score:2)
Where are my modpoints when I need them.
Thanks AC for that very insightful comment. It's all good but I like especially the end:
*outch!*
Re: (Score:2)
They were handed absurd instructions and have no choice but to carry them out.
People with those qualifications have the ability to switch jobs in a heartbeat. To say they had no choice but to violate the constitution is absurd. They chose to do this to us.
Complex Issue (Score:3)
While you are right on one hand, the issue is more complex than this.
Even in the article itself it talks about how the government is fighting with itself (NIST and the NSA, where NIST's mandate by law is to make sure the government and public are secure and NSA is by law mandated to make sure they are not).
"The government" is a big thing and the left hand doesn't ALWAYS know what the right hand is doing. The problems arise when the right hand can operate with autonomy so that not only does the left not know
3GPP (Score:5, Informative)
There is a group called SAGE that writes the crypto protocols for cell phones, DECT phones and other ETSI/ITU/3GPP derived standards.
They have never knowingly published an unbroken spec. It is widely understood that this group exists to put government sponsored back doors into cordless phones and cell phones.
I attended a 3GPP meeting since LTE was happening. In it, the guy from SAGE was presenting the new link cipher. 3GPP had asked for something based on AES (so SAGE couldn't pull their A5 shit any more). He presenting AES-CTR for the encryption and AES-CBC-MAC for the integrity field. He added in an off hand way that *the integrity field is truncated to 16 bits*.
Since I wasn't there to help them, I didn't question this in the meeting but after the meeting I cornered him an asked why he made it 16 bits (because its obviously stupid), and he did a Gallic shrug of his shoulders and said "Zat ees what zey asked for". So at that point I knew the fix was in.
Re: (Score:1)
You should mail the Intercept with that anecdote. It would be a good angle for an investigate story. Maybe that's an open secret amongst people in the know about cell standards, but the general public would do well to have this highlighted.
Re:3GPP (Score:4)
The crypto standards community was well aware and openly discussing such things at the time. But no one was listening.
It took Snowden to make people listen.
Re: (Score:1)
The crypto standards community was well aware and openly discussing such things at the time. But no one was listening.
It took Snowden to make people listen.
I don't quite understand that phenomenon. For example, Wired had interviews with former government officials stating that the NSA was doing this, months if not years before Snowden.
A similar thing happened with the Iraq War, where you had some intelligence officials testifying in congress that there were no WMDs, in the lead-up to the invasion. It was obvious to me what was going on at the time.
I don't quite understand where that gap in the popular press comes from--that jump from local circles to the gener
Re:3GPP (Score:5, Insightful)
Yea, but at this point I think we should just give up on this. It's just not possible to protect yourself from a group with the size, clout and finances of the NSA. I think you and I both know, the easiest way for them to solve most of their problems is just have high level people in just about all of these companies on their payroll. If I were a DBA at a company like Google I'd be sitting in the lunchroom wondering which of my colleagues were the NSA guys and which were not.
The only fix for all of this is to shut down the agency completely. Such a thing cannot exist in a free world. Yes, we'll be less safe from it. But I'll take a 1 in 250,000,000 chance of dieing in a terrorist attack over a 1 in 1 chance of having my mail read any day.
Re: (Score:3)
>Yea, but at this point I think we should just give up on this.
Or maybe if you're in the business of writing security protocols for international standards, hold up your own end by doing a good job.
Re: (Score:2)
No you wouldn't, you would know them from the NSA office parties!
Re: (Score:3)
But I'll take a 1 in 250,000,000 chance of dieing in a terrorist attack over a 1 in 1 chance of having my mail read any day.
I wonder where that number came from: As an American civillian, my odds of dying specifically in the 9/11 attacks were something like 1/60,000
Re: (Score:1, Insightful)
But I'll take a 1 in 250,000,000 chance of dieing in a terrorist attack over a 1 in 1 chance of having my mail read any day.
I wonder where that number came from: As an American civillian, my odds of dying specifically in the 9/11 attacks were something like 1/60,000
And your odds of dying in a car crash are even higher.
So did you quit driving yet, asshole ?
Re: (Score:2)
Re: (Score:2)
Sorry, I got an extra 0 in there. It's 1 in 25 million.
Google it, there's quite a few stories on the subject.
It's a pretty subjective number.
What are the chances of anyone in the world dieing in a terrorist attack? I think that's where you got your number... But this include, for example, Israel and Iraq.
What are the chances for an American? (that's my number and what the NSA is concerned with)
But if you check... that's for all Americans, no matter what even if they went to Afghanistan and hung out in Kabul
Comment removed (Score:5, Informative)
Re: (Score:2)
There's a reason I said "something like". I was making an approximation from old memory, I used 300 million and 5,000.
And 1/108,072 is certainly "something like" 1/60,000 when compared to 1/250,000,000 that I was responding to. At least I was not 3 orders of magnitude off as was the person I responded to.
So you have 10 times the likelihood of dying in a car wreck every year than the worst year ever for terrorism. That's worth giving up all our rights for.
You correct me for a (correct order of magnitude) approximation and then respond with hyperbole.
I agree that's not worth giving up all our rights.
I remind you that "we" have not given up all of our rights
Re: (Score:1)
There is a difference between "a computer reading your emails" as a matter of course of delivery over the network and "a computer reading your email" as an infected backbone server harvesting the communications of an entire population on behalf of a rogue American government agency. Whether or not a "human" reads your email is irrevelevant.
And yes, the NSA does care about "average people" and their online activities -- if they did not, then how could they possibly be able to identify what a non-average per
Re: (Score:3)
It matters because without privacy you have no power.
Everyone has a skeleton. Nobody is perfect. This is about archiving everything and using search technology to create instant dossiers on people who have influence on more than a handful of people. In other words, anyone who wants to effect change will be prevented/discredited.
It is a direct attack on democracy itself. It is an attack on the public at large.
Whether it's done by private corporations or the government, the effect is the same. It should
Re: (Score:1)
1. Learn how to make a goddamned paragraph.
2. Your entire argument is wharrgarbl
3. You've missed the entire point of what I've said.
4. Fuck off.
--
BMO
Re: (Score:2)
How about somebody else who might care about my personal email? The NSA is apparently trying to put security holes into things I use, and there's no guarantee the NSA is the only one who can use them. I believe it extremely unlikely that I'll ever suffer anything concrete from the NSA spying on me, personally, but I have nowhere near the same thin comfort with other organizations.
Re: (Score:2)
Gallic shrug of his shoulders and said "Zat ees what zey asked for"
Anyone else read that as Garlic?
Re: (Score:2)
https://www.google.com/search?... [google.com]
"criminal hackers" (Score:1)
you mean like the NSA?
Honest question ... (Score:5, Interesting)
Do the NSA and the American government believe in any way they should be free from other people spying on them? Or have they completely given up and decided "fuck it, everybody is spying anyway"?
Because if the NSA or the US government are ever again going to complain about Chinese hackers, or pretty much any form of computer crime, it's the biggest pile of shit imaginable.
Pretty much America has publicly said "we'll spy on anybody we can", which means you have no right to bitch when others do it you.
Thanks, assholes, for undermining the rights of everyone on the planet.
Re: (Score:2)
Power and corruption go hand-in-hand. Anyone who thinks you can ever have power without corruption is naive.
Anyone who trusts anything any politician says, without independent verification, is also being naive. Politicians lie as easily as breathe.
T'was always thus, and always thus will be.
Re: Honest question ... (Score:1)
If only dishonesty weren't rewarded like it is... Maybe we wouldn't have so many cheats and liars in our government.
Don't blame the politicians! Blame the morons who hired them.
Re: (Score:1)
Power and corruption go hand-in-hand. Anyone who thinks you can ever have power without corruption is naive.
Anyone who trusts anything any politician says, without independent verification, is also being naive. Politicians lie as easily as breathe.
T'was always thus, and always thus will be.
Sometimes it's not so much them, but the false information they are fed.
Re: (Score:3)
"fuck it, everybody is spying anyway"?
Everyone has been spying on everyone for at least a couple of centuries.
The difference is that now, thanks to Snowden, Wikileaks and others, the Average Joe Muggle knows it. And nothing makes more noise than Joe Muggle with only 1/4th of the Big Picture in their brain! A little knowledge is a dangerous thing, yes?
Nothing's changed, other than public awareness of espionage.
Re: (Score:2)
"...nothing makes more noise than Joe Muggle with only 1/4th of the Big Picture in their brain..."
Are you saying that with the whole picture they would be content?
Re: (Score:2)
With the whole picture, they'd probably wish they were never born, or that they could get off the planet quick-like.
I have this premonition that things are so bad our brains can't even comprehend it.
Re: (Score:2)
Anyone can look at publicly accessible weather and traffic cameras and catch their significant other cheating on them, real spies must have even better tools... not to mention all the things Hollywood fantasizes about... I'm not so sure it can be "so bad our brains can't even comprehend it."
Re: (Score:2)
You and your premonitions are worth doodelysquat... There are congressional members who are given info to over see the NSA and they are quite vocally denouncing the excesses of the NSA. You might also realize at some point that other members of the NSA are leaking the abuses..If you and your premonitions know more than CIA leaders/NSA leaders and congressional over site members then we are doomed. Luckily your premonitions are worthwhile to anyone but with a brain little enough to think you might have som
Re:Honest question ... (Score:5, Insightful)
And the scale on which the technology allows this to happen.
See, before the interwebs and computers, there was no mechanism to tap into an entire country's phone systems.
So it's pretty much bullshit to say nothing has changed. Technology has allowed the scope of this to be done on an absolutely mind-boggling scale.
And this sense of self entitlement which says the rest of the world should be giving up our rights in service to the security of Americans ... well, we don't see it that way.
If your security comes at my expense, I'm afraid I couldn't care less about your damned security.
Because in doing this crap, America has become the enemy of the liberty of everyone else on the planet.
Re: (Score:2)
See, before the interwebs and computers, there was no mechanism to tap into an entire country's phone systems.
Didn't the English have a room in London where *every*single*wire* coming into the country went through? Weren't they reading each and every cablegram coming in and going out?
That was in WWI.
Yes, technology advances make it exponentially easier now, but don't for a second think that en-masse wiretapping is a new thing enabled by the Interwebz.
Re: (Score:2)
1. That was a time of real war (not the phony "war on .." BS)
2. Only a tiny fraction of the population would have sent or received cablegrams.
Re: (Score:2)
The rest of the world can go pound sand. The rest of the world both collaborates and undermines the US security agencies depending on their own needs. When China ,Russia, and all the other countries of the world fold up their foreign espionage programs aimed at US interests and go home the US can do the same thing, But until that magical day arrives it will continue to be tit for tat when it comes to spying on your so called "friends" and "enemies".
Re: (Score:3)
No, they haven't. Yes, spying has been common for many centuries, but because of the size of the task, it had to be highly targetted. What's changed is the way data is collected which makes almost every person a target for spying.
Re: (Score:1)
Everyone has been spying on everyone for at least a couple of centuries.
...
Nothing's changed, other than public awareness of espionage.
But it is obviously not the same becuse of the scale. The reach and power of the spying have increased dramatically along with the general reach and power of technology. Spying has always happened but the nature of the beast transforms at certain levels of scale and pervasiveness. You could assume that if you "had nothing to hide" in a free society you were generally safe from surveillance because it wasn't worth the effort, that is no longer the case. You could assume that the means of surveillance were ef
Re: (Score:3)
"Everyone has been spying on everyone for at least a couple of centuries."
No... people and organizations of means have been spying on other people and organizations that are important to them to an extent dictated by their resources for centuries. It is only recently that it has become practical for a government to spy on _everyone_.
Re: (Score:2)
The other difference is that it's so easy to do cheap mass surveillance nowadays. It used to be that, if the police wanted to know where I was going, they'd assign a few officers to keep an eye on me. That meant that they could only keep a few people at a time under surveillance. Nowadays, they can find where everybody's phone is, and with more cameras they can find where everybody's car is.
Wow (Score:2)
Glad I'm not in the US!
oh, wait...
Plans to: I see (Score:1)
I think you meant to say "will continue to".
Oh, and don't trust your burner phones.
Redundancy (Score:2)
"—a controversial tactic that security experts say could be exposing the general population to criminal hackers."
Well yeah, the article said it was for the NSA.
Codename AURORAGOLD (Score:2)
If codenames are supposed to be assigned randomly, then why don't we see some like WEASELVOMIT?
Re: (Score:2)
Re: (Score:2)
Silver Vs Gold? Platinum Plus? Alchemist?
Hypocrisy (Score:2)
It's difficult to imagine an entity proclaiming itself as protecting the citizens, all the while removing the protections we've enjoyed as a people all these years.
Is the NSA so magnanimous that they can be trusted without question with all one's personal day-to-day activities and conversation? Should that even be an option for consideration?
If you can gain a fairly keen insight into a person from them answering 567 questions on the MMPI-2, what do you suppose could be learned from thousands of posts and e
Re: (Score:2)
Re: (Score:3)
The Democrats and Republicans, however, have always been under the control of the Fascist Party, so their current actions (ignore the platforms, both parties already do) are consistent with their traditional views. The Greens have no coherent platform and are so inconsequential the Fascists haven't bothered wi
Re: (Score:1)
Re: (Score:2)
Possibly because none of the people running on the Libertarian ticket today hold to the core beliefs and values of Libertarianism?
Re:This will only stop (Score:4, Insightful)
Re: (Score:1)
republicans say they are for limited government, except for military/police, or if you are a woman.
Or gay, or want to grow certain plants, or want to have a little fun in your life, or...
Re: (Score:2)
Re: (Score:2)
Not really no true Scotsman since I'm not attempting to invalidate a counter-example, but yes, very few candidates in any party these days seem to hold to the party's supposed values. I suppose it seems more glaring in the Libertarian case since so many Libertarians evangelize like idealists.
Re: (Score:2)