Government snooping, backdoors and #necessaryhashtags

[Nick]

In Europe, police forces have been using such devices against the GSM protocol stack for many years,
as described in chapter 20 of Ross Anderson's book:

http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c20.pdf

It would be interesting to know whether they can already do this against UMTS (3G, 4G, ...)

[ewmayer]

Couple of technospying stories, first one historic, 2nd contemporary:

o Eavesdropping using microwaves - addendum | EETimes

Opens with the fascinating history of Russian math prodigy Leon Theremin and his passive cavity bugging device used to listen in on US ambassador Averill Harriman's office conversations, then proceeds to "modern applications".


o Secret Malware in European Union Attack Linked to U.S. and British Intelligence | The Intercept

Quote:

Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept.

Regin was found on infected internal computer systems and email servers at Belgacom, a partly state-owned Belgian phone and internet provider, following reports last year that the company was targeted in a top-secret surveillance operation carried out by British spy agency Government Communications Headquarters, industry sources told The Intercept.

The malware, which steals data from infected systems and disguises itself as legitimate Microsoft software, has also been identified on the same European Union computer systems that were targeted for surveillance by the National Security Agency.

The hacking operations against Belgacom and the European Union were first revealed last year through documents leaked by NSA whistleblower Edward Snowden. The specific malware used in the attacks has never been disclosed, however.

The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.

Ronald Prins, a security expert whose company Fox IT was hired to remove the malware from Belgacom’s networks, told The Intercept that it was “the most sophisticated malware” he had ever studied.

“Having analyzed this malware and looked at the [previously published] Snowden documents,” Prins said, “I’m convinced Regin is used by British and American intelligence services.”

A spokesman for Belgacom declined to comment specifically about the Regin revelations, but said that the company had shared “every element about the attack” with a federal prosecutor in Belgium who is conducting a criminal investigation into the intrusion. “It’s impossible for us to comment on this,” said Jan Margot, a spokesman for Belgacom. “It’s always been clear to us the malware was highly sophisticated, but ever since the clean-up this whole story belongs to the past for us.”

In a hacking mission codenamed Operation Socialist, GCHQ gained access to Belgacom’s internal systems in 2010 by targeting engineers at the company. The agency secretly installed so-called malware “implants” on the employees’ computers by sending their internet connection to a fake LinkedIn page. The malicious LinkedIn page launched a malware attack, infecting the employees’ computers and giving the spies total control of their systems, allowing GCHQ to get deep inside Belgacom’s networks to steal data.

The implants allowed GCHQ to conduct surveillance of internal Belgacom company communications and gave British spies the ability to gather data from the company’s network and customers, which include the European Commission, the European Parliament, and the European Council. The software implants used in this case were part of the suite of malware now known as Regin.

One of the keys to Regin is its stealth: To avoid detection and frustrate analysis, malware used in such operations frequently adhere to a modular design. This involves the deployment of the malware in stages, making it more difficult to analyze and mitigating certain risks of being caught.

Based on an analysis of the malware samples, Regin appears to have been developed over the course of more than a decade; The Intercept has identified traces of its components dating back as far as 2003. Regin was mentioned at a recent Hack.lu conference in Luxembourg, and Symantec’s report on Sunday said the firm had identified Regin on infected systems operated by private companies, government entities, and research institutes in countries such as Russia, Saudi Arabia, Mexico, Ireland, Belgium, and Iran.

The use of hacking techniques and malware in state-sponsored espionage has been publicly documented over the last few years: China has been linked to extensive cyber espionage, and recently the Russian government was also alleged to have been behind a cyber attack on the White House. Regin further demonstrates that Western intelligence agencies are also involved in covert cyberespionage.

[only_human]

German researchers discover a flaw that could let anyone listen to your cell calls.

Quote:

These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.

“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers.

Quote:

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function -- a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

Nohl on Wednesday demonstrated the ability to collect and decrypt a text message using the phone of a German senator, who cooperated in the experiment. But Nohl said the process could be automated to allow massive decryption of calls and texts collected across an entire city or a large section of a country, using multiple antennas.

[ewmayer]

Prying Eyes: Inside the NSA's War on Internet Security | Spiegel Online

Quote:

For the NSA, the breaking of encryption methods represents a constant conflict of interest. The agency and its allies do have their own secret encryption methods for internal use. But the NSA is also tasked with providing the US National Institute of Standards and Technology (NIST) with "technical guidelines in trusted technology" that may be "used in cost-effective systems for protecting sensitive computer data." In other words: Checking cryptographic systems for their value is part of the NSA's job. One encryption standard the NIST explicitly recommends is the Advanced Encryption Standard (AES). The standard is used for a large variety of tasks, from encrypting the PIN numbers of banking cards to hard disk encryption for computers.

One NSA document shows that the agency is actively looking for ways to break the very standard it recommends - this section is marked as "Top Secret" (TS): "Electronic codebooks, such as the Advanced Encryption Standard, are both widely used and difficult to attack cryptanalytically. The NSA has only a handful of in-house techniques. The TUNDRA project investigated a potentially new technique -- the Tau statistic -- to determine its usefulness in codebook analysis."

The fact that large amounts of the cryptographic systems that underpin the entire Internet have been intentionally weakened or broken by the NSA and its allies poses a grave threat to the security of everyone who relies on the Internet -- from individuals looking for privacy to institutions and companies relying on cloud computing. Many of these weaknesses can be exploited by anyone who knows about them -- not just the NSA.

[ewmayer]

What David Cameron just proposed would endanger every Briton and destroy the IT industry: David Cameron says there should be no "means of communication" which "we cannot read" -- and no doubt many in his party will agree with him, politically. But if they understood the technology, they would be shocked to their boots.

[ewmayer]

And on the "creeping prison state" and "unconstitutional police surveillance" fronts:

o Your Home Is Your Prison: How to Lock Down Your Neighborhood, Your Country, and You

This post describes a particularly ugly face of the ever-increasing levels of surveillance to which we are all being subjected, namely new tools for monitoring criminals, including those whose cases looked weak or politically motivated. But its not just that surveillance is being used as an alternative to prison. In 2012, two school districts in Houston were already requiring students to wear electronic tags. And as this article warns, pre-crime is coming too.

Especially Wall-street-rentier-ish is the forcing of the thusly - "freed" people to pay the cost of their ongoing "soft" imprisonment, often to the tune of $1000 per month or more. Almost makes staying in the "hard" prison a desirable alternative - 3 square meals a day, free healthcare, no "ankle bracelet stigma", and a similar level of "privacy".

o U.S. Marshals use wall penetrating radar to see inside your house

Quote:

At least 50 U.S. law enforcement agencies have secretly equipped their officers with radar devices that allow them to effectively peer through the walls of houses to see whether anyone is inside, a practice raising new concerns about the extent of government surveillance.

Those agencies, including the FBI and the U.S. Marshals Service, began deploying the radar systems more than two years ago with little notice to the courts and no public disclosure of when or how they would be used. The technology raises legal and privacy issues because the U.S. Supreme Court has said officers generally cannot use high-tech sensors to tell them about the inside of a person’s house without first obtaining a search warrant.

Current and former federal officials say the information is critical for keeping officers safe if they need to storm buildings or rescue hostages. But privacy advocates and judges have nonetheless expressed concern about the circumstances in which law enforcement agencies may be using the radars — and the fact that they have so far done so without public scrutiny.

[ewmayer]

Peter Woit (via his Not Even Wrong string-theory-skeptical blog) writes on the subject of the NSA's (alleged) backdooring of DUAL_EC_DRBG in elliptic-curve crypto, and the AMS' role in allowing the NSA to disseminate its 'official' version of the story unchallenged. (Link to Part I is in the article):

The NSA, NIST and the AMS, Part II

Quote:

The publication of the George and Wertheimer pieces by the AMS has created a situation where there are just two possibilities:

o Despite what experts believe and Snowden documents indicate, the NSA chose P and Q by a method that did not introduce a backdoor. For some reason though they are unwilling to state publicly that this is the case.
o P and Q were chosen with a backdoor, and the AMS has been now repeatedly been used to try and mislead the mathematics community about this issue.

I’ve contacted someone at the AMS to try and find out whether the question of a backdoor in P and Q was addressed in the refereeing process of the article, but been told that they won’t discuss this. I think this is an issue that now needs to be addressed by the AMS leadership, specifically by demanding assurances from Wertheimer that the NSA did not choose a backdoored P and Q. If this is the case I can see no reason why such assurances cannot be provided. If the NSA and Wertheimer won’t provide this, I think the AMS needs to immediately cut off its cooperative programs with the agency. There may be different opinions about the advisability of such programs, but I don’t think there can be any argument about the significance of the AMS being used by the NSA to mislead the mathematics community.

[kladner]

Editor, publisher, analyst, writer- all of these words, and more, describe Tom Engelhardt. His site hosts many insightful authors, and his articles are to the point and thought-provoking.

More and War, The Tao of Washington

Quote:

When it comes to the national security state, our capital has become a thought-free zone. The airlessness of the place, the unwillingness of leading players in the corridors of power to explore new ways of approaching crucial problems is right there in plain sight, yet remarkably unnoticed. Consider this the Tao of Washington.


Last week, based on a heavily redacted 231-page document released by the government in response to a Freedom of Information Act lawsuit, Charlie Savage, a superb reporter for the New York Times, revealed that the FBI has become a “significant player” in the world of warrantless surveillance, previously the bailiwick of the National Security Agency. The headline on his piece was: “FBI is broadening surveillance role, report shows.”


Here’s my question: In the last 13 years, can you remember a single headline related to the national security state that went “FBI [or fill in your agency of choice] is narrowing surveillance role [or fill in your role of choice], report shows”? Of course not, because when any crisis, problem, snafu or set of uncomfortable feelings, fears, or acts arises, including those by tiny groups of disturbed people or what are now called “lone wolf” terrorists, there is only one imaginable response: more money, more infrastructure, more private contractors, more surveillance, more weaponry, and more war. On a range of subjects, our post-9/11 experience should have taught us that this -- whatever it is we’re doing -- is no solution to anything, but no such luck.

[only_human]

Quote:

Originally Posted by kladner

Editor, publisher, analyst, writer- all of these words, and more, describe Tom Engelhardt. His site hosts many insightful authors, and his articles are to the point and thought-provoking.

More and War, The Tao of Washington

Quote:

“It is difficult to get a man TLA to understand something, when his salary depends on his not understanding it.”
― Upton Sinclair, I, Candidate for Governor: And How I Got Licked

Fixed that with TLA. I left the pronoun intact because Three Letter Agencies are people, my friend.

[kladner]

Quote:

Originally Posted by only_human

Fixed that with TLA. I left the pronoun intact because Three Letter Agencies are people, my friend.

ow OW OW!

[kladner]

From The Guardian:
WikiLeaks demands answers after Google hands staff emails to US government

Quote:

Google took almost three years to disclose to the open information group WikiLeaks that it had handed over emails and other digital data belonging to three of its staffers to the US government, under a secret search warrant issued by a federal judge.

WikiLeaks has written to Google’s executive chairman, Eric Schmidt, to protest that the search giant only revealed the warrants last month, having been served them in March 2012. In the letter, WikiLeaks says it is “astonished and disturbed” that Google waited more than two and a half years to notify its subscribers, potentially depriving them of their ability to protect their rights to “privacy, association and freedom from illegal searches”.

The letter, written by WikiLeaks’ New York-based lawyer, Michael Ratner of the Center For Constitutional Rights, asks Google to list all the materials it provided to the FBI. Ratner also asks whether the California-based company did anything to challenge the warrants and whether it has received any further data demands it has yet to divulge.

Google revealed to WikiLeaks on Christmas Eve – a traditionally quiet news period – that it had responded to a Justice Department order to hand over a catch-all dragnet of digital data including all emails and IP addresses relating to the three staffers. The subjects of the warrants were the investigations editor of WikiLeaks, the British citizen Sarah Harrison; the spokesperson for the organisation, Kristinn Hrafnsson; and Joseph Farrell, one of its senior editors.

When it notified the WikiLeaks employees last month, Google said it had been unable to say anything about the warrants earlier as a gag order had been imposed. Google said the non-disclosure orders had subsequently been lifted, though it did not specify when.