Your Source for Leaks Around the World!

Archive for December 5th, 2013|Daily archive page

FBI Drone Documents (Heavily-Redacted)

In Archive, Drones, FBI, FOIA on December 5, 2013 at 11:20 PM

fbi-drones

12/05/2013

Shawn Musgrave/Motherboard:

The FBI has been contemplating using aerial surveillance drones since 1995, and are investing heavily in the technology as a cheap and stealthy alternative to manned surveillance aircraft. A new set of documents released by the Bureau—400 heavily-redacted pages of emails, memos and invoices—sheds new light on the deployment of unmanned aerial vehicles for federal investigations.

The Bureau has also sought new authority from the FAA, the agency which regulates unmanned aerial flights over the U.S., to “greatly expand the FBI’s potential deployment scenarios for UAVs.”

On October 30, the U.S. District Court in D.C. ordered the FBI to release its drone documents on a rolling basis to Citizens for Ethics and Responsibility in Washington (CREW), which had submitted a Freedom of Information Act request in June. While MuckRock and Motherboard’s own requests to the FBI as part of the Drone Census are still in process (and the Bureau is hardly eager to release anything), the 431 pages of documents offer a more authoritative and exhaustive view of the Bureau’s investigations into and deployments of drone technology than ever before.

The FBI sent its first batch on November 27, which CREW has put online in full.

More…

fbi-drones-foia-1 fbi-drones-foia-2 fbi-drones-foia-3 fbi-drones-foia-4 fbi-drones-foia-5

Microsoft Compares Gov’t Snooping to Malware/Cyber Attacks; Expands Encryption, Source Code Reviews to Prove No Back Doors

In Archive, Encryption, GCHQ, Microsoft, NSA, Surveillance, Technology on December 5, 2013 at 8:07 PM

microsoft-surveillance

12/04/2013

Microsoft:

Many of our customers have serious concerns about government surveillance of the Internet.

We share their concerns. That’s why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data.

Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry.

Slides Reveal Microsoft Data Links on NSA/GCHQ Target List Too

If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” alongside sophisticated malware and cyber attacks.

In light of these allegations, we’ve decided to take immediate and coordinated action in three areas:

· We are expanding encryption across our services.
· We are reinforcing legal protections for our customers’ data.
· We are enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors.

Encryption

This effort will include our major communications, productivity and developer services such as Outlook.com, Office 365, SkyDrive and Windows Azure, and will provide protection across the full lifecycle of customer-created content. More specifically:

· Customer content moving between our customers and Microsoft will be encrypted by default.
· All of our key platform, productivity and communications services will encrypt customer content as it moves between our data centers.
· We will use best-in-class industry cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths.
· All of this will be in place by the end of 2014, and much of it is effective immediately.
· We also will encrypt customer content that we store. In some cases, such as third-party services developed to run on Windows Azure, we’ll leave the choice to developers, but will offer the tools to allow them to easily protect data.
· We’re working with other companies across the industry to ensure that data traveling between services – from one email provider to another, for instance – is protected.

Legal Protections

We also will take new steps to reinforce legal protections for our customers’ data. For example, we are committed to notifying business and government customers if we receive legal orders related to their data. Where a gag order attempts to prohibit us from doing this, we will challenge it in court. We’ve done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data. And we’ll assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country.

Transparency

Just as we’ve called for governments to become more transparent about these issues, we believe it’s appropriate for us to be more transparent ourselves. We’re therefore taking additional steps to increase transparency by building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors. We will open a network of transparency centers that will provide these customers with even greater ability to assure themselves of the integrity of Microsoft’s products. We’ll open these centers in Europe, the Americas and Asia, and we’ll further expand the range of products included in these programs.

Sweden’s FRA Spies on Russia Leadership for NSA

In Archive, FRA, NSA, NSA Files, Russia, Sweden on December 5, 2013 at 6:52 PM

nsa-frafra-1

12/05/2013

RT:

Swedish signals intelligence agency FRA spied on Russian leaders and shared the data collected with the US, local media report citing Edward Snowden leaks. Sweden’s ‘cable access’ made its position ‘unique’ in the eyes of the NSA.

The NSA eyes the FRA as a ‘leading partner’ among the US agencies foreign partners in the global data collection program, reported Sweden’s Sveriges Television (SVT) citing documents provided by the fugitive whistleblower through US journalist Glenn Greenwald.

“The FRA provided NSA … unique collection on high-priority Russian targets, such as leadership, internal politics,” reads one NSA document from dated April 18, 2013.

fra-2

Ahead of a meeting with officials from FRA, NSA bosses were instructed to praise the Scandinavian partners, another said.

“Thank Sweden for its continued work on the Russian target, and underscore the primary role that FRA plays as a leading partner to work the Russian Target, including Russian leadership, … and … counterintelligence,”SVT cited it as saying.

“FRA’s cable access has resulted in unique SIGINT reporting on all of these areas,” it continues, using an abbreviation for signals intelligence.

fra-3

The SVT report didn’t name any particular individuals and organizations in Russia, which were the subjects of FRA interest. It did not detail the exact methods, which the intelligence agency used to collect information, although the mentioning of cable may refer to internet traffic.

In 2011, the WikiLeaks website revealed US diplomatic cables, which said that FRA was able to monitor some 80 percent of Russia’s internet traffic, which passed through Sweden, and that the country had adopted a new wiretapping law to allow such actions due to Washington pressure.

Currently the FRA is authorized to monitor cable-bound communications to track “external threats” against Sweden. Permits are authorized by a secret court, the Defense Intelligence Court.

Related Links:

FRA Spying on “Energy” and “Baltics” for USA

NSA “Asking For” Specific Exchanges From FRA – Secret Treaty Since 1954

Norway’s NIS Spies on Russia Politicians, Energy, Armament for NSA

Do Antivirus Companies Whitelist NSA Malware? Microsoft/Symantec/McAfee Fail to Respond to Transparency Plea from Privacy/Security Experts

In Archive, Hacking, Internet, Malware, NSA, Surveillance, Technology on December 5, 2013 at 4:00 AM

12/04/2013

Mathew Schwartz/InformationWeek:

Dear antivirus vendors: Are you aiding and abetting National Security Agency (NSA) spying?

That’s the subject of an open letter, sent in October to leading antivirus vendors, from 25 different privacy information security experts and organizations. The letter asks the vendors to detail whether they’ve ever detected state-sponsored malware or received a government request to whitelist state-sponsored malware, and how they would respond to any such requests in the future.

The letter, sent from Dutch digital rights foundation Bits of Freedom, requested that the firms respond by November 15. “Please let us know if you feel that you cannot, or cannot fully, answer any of the above questions because of legal constraints imposed upon you by any government,” it said.

“Since we learned that the NSA has surreptitiously weakened Internet security so it could more easily eavesdrop, we’ve been wondering if it’s done anything to antivirus products,” letter signatory Bruce Schneier, chief security technology officer of BT, said in a blog post. “Given that it engages in offensive cyberattacks — and launches cyberweapons like Stuxnet and Flame — it’s reasonable to assume that it’s asked antivirus companies to ignore its malware. We know that antivirus companies have previously done this for corporate malware.”

As of two weeks ago, however, only six security vendors — ESET, F-Secure, Kaspersky Lab, Norman Shark, Panda, and Trend Micro — had responded to the request for information. Even so, the news was good. “All of the responding companies have confirmed the detection of state sponsored malware, e.g. R2D2 and FinFisher,” according to researcher Ton Siedsma at Bits of Freedom. “Furthermore, they claim they have never received a request to not detect malware. And if they were asked by any government to do so in the future, they said they would not comply.”

For the record, whatever antivirus vendors’ attitude toward state-sponsored malware, whether or not they detect it won’t necessarily stop the spread of such malware. In part, that’s because for an antivirus firm to spot malware, it first needs to have seen the malware, recognized that it’s malicious code, and written a corresponding virus signature for its products. In addition, intelligence agencies no doubt work overtime — and occasionally make use of zero-day vulnerabilities — to ensure that their malicious code escapes detection. They’re probably quite successful at doing so. For example, leaked documents suggest that by 2012, the NSA had installed malware on more than 50,000 PCs used by US government targets.

Given that level of success, it’s unlikely, argued Schneier, that any intelligence or law enforcement agencies would try to tell domestic antivirus firms what to do. “Antivirus is a very international industry, and while a government might get its own companies to play along, it would not be able to influence international companies,” he said.

But if that’s the case, what’s to account for the silence from McAfee, Microsoft, and Symantec, and the other antivirus firm holdouts?

Related Link: DennisTechLabs Anti-Virus Report 2013 Q4:  Kaspersky, Norton, ESET Best; Microsoft, McAfee Worst

CO-TRAVELER Analytics: NSA Collects 5 Billion Cellphone Locations Per Day, Tracking Movements/Mapping Relationships

In Archive, Big Brother, NSA, NSA Files, Surveillance on December 5, 2013 at 1:51 AM

12/04/2013

Barton Gellman/Ashkan Soltani/WashingtonPost:

The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.

The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.

The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally,” a legal term that connotes a foreseeable but not deliberate result.

One senior collection manager, speaking on the condition of anonymity but with permission from the NSA, said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones. Additionally, data are often collected from the tens of millions of Americans who travel abroad with their cellphones every year.

In scale, scope and potential impact on privacy, the efforts to collect and analyze location data may be unsurpassed among the NSA surveillance programs that have been disclosed since June. Analysts can find cellphones anywhere in the world, retrace their movements and expose hidden relationships among the people using them.

NSA collects locations in bulk because its most powerful analytic tools — known collectively as CO-TRAVELER — allow it to look for unknown associates of known intelligence targets by tracking people whose movements intersect.

Sophisticated mathematical tech­niques enable NSA analysts to map cellphone owners’ relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths. Cellphones broadcast their locations even when they are not being used to place a call or send a text message.

CO-TRAVELER and related tools require the methodical collection and storage of location data on what amounts to a planetary scale. The government is tracking people from afar into confidential business meetings or personal visits to medical facilities, hotel rooms, private homes and other traditionally protected spaces.

NSA collects and keeps as many records as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection.

The location programs have brought in such volumes of information, according to a May 2012 internal NSA briefing, that they are “outpacing our ability to ingest, process and store” data. In the ensuing year and a half, the NSA has been transitioning to a processing system that provided it with greater capacity.

An intelligence lawyer, speaking with his agency’s permission, said location data are obtained by methods “tuned to be looking outside the United States,” a formulation he repeated three times. When U.S. cellphone data are collected, he said, the data are not covered by the Fourth Amendment, which protects Americans against unreasonable searches and seizures.

According to top-secret briefing slides, the NSA pulls in location data around the world from 10 major “sigads,” or signals intelligence activity designators.

A sigad known as STORMBREW, for example, relies on two unnamed corporate partners described only as ARTIFICE and WOLFPOINT. According to an NSA site inventory, the companies administer the NSA’s “physical systems,” or interception equipment, and “NSA asks nicely for tasking/updates.”

STORMBREW collects data from 27 telephone links known as OPC/DPC pairs, which refer to originating and destination points and which typically transfer traffic from one provider’s internal network to another’s. That data include cell tower identifiers, which can be used to locate a phone’s location.

The agency’s access to carriers’ networks appears to be vast.

“Many shared databases, such as those used for roaming, are available in their complete form to any carrier who requires access to any part of it,” said Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. “This ‘flat’ trust model means that a surprisingly large number of entities have access to data about customers that they never actually do business with, and an intelligence agency — hostile or friendly — can get ‘one-stop shopping’ to an expansive range of subscriber data just by compromising a few carriers.”

Some documents in the Snowden archive suggest that acquisition of U.S. location data is routine enough to be cited as an example in training materials. In an October 2012 white paper on analytic techniques, for example, the NSA’s counterterrorism analysis unit describes the challenges of tracking customers who use two different mobile networks, saying it would be hard to correlate a user on the T-Mobile network with one on Verizon. Asked about that, a U.S. intelligence official said the example was poorly chosen and did not represent the program’s foreign focus. There is no evidence that either company cooperates with the NSA, and both declined to comment.

The NSA’s capabilities to track location are staggering, based on the Snowden documents, and indicate that the agency is able to render most efforts at communications security effectively futile.

Like encryption and anonymity tools online, which are used by dissidents, journalists and terrorists alike, security-minded behavior — using disposable cellphones and switching them on only long enough to make brief calls — marks a user for special scrutiny. CO-TRAVELER takes note, for example, when a new telephone connects to a cell tower soon after another nearby device is used for the last time.

Side-by-side security efforts — when nearby devices power off and on together over time — “assist in determining whether co-travelers are associated . . . through behaviorally relevant relationships,” according to the 24-page white paper, which was developed by the NSA in partnership with the National Geospatial-Intelligence Agency, the Australian Signals Directorate and private contractors.

A central feature of each of these tools is that they do not rely on knowing a particular target in advance, or even suspecting one. They operate on the full universe of data in the NSA’s FASCIA repository, which stores trillions of metadata records, of which a large but unknown fraction include locations.

The most basic analytic tools map the date, time, and location of cellphones to look for patterns or significant moments of overlap. Other tools compute speed and trajectory for large numbers of mobile devices, overlaying the electronic data on transportation maps to compute the likely travel time and determine which devices might have intersected.

——————————————————————————————————————————————————————————————

FASCIA is the National Security Agency’s enormous database containing trillions of device-location records that are collected from a variety of sources. This document shows the volume and types of device-location data collected by the agency.

nsa-fascia-1

This chart shows the huge scale of information ingested by FASCIA – nearly 5 billion records daily

nsa-fascia-2

This slide shows the types of records collected by the NSA into its database

This is an excerpt from a National Security Agency training manual explaining how to determine if a targeted device is “foreign.” It highlights a query for the past 60 days using the CHALKFUN location tool, which found “no roaming in the US.” This example shows that data was collected before the device was targeted.

TAPERLAY is NSA tool for looking up registered location of mobile device-the provider and country where phone was originally located.
CHALKFUN is NSA tool to search FASCIA vast database of device location information, to find past or currect location of mobile phone.

nsa-taperlay-chalkfun

 

This is an excerpt from a transcript of National Security Agency training videos that describe how to verify the location of a targeted device. It explains how the NSA monitors different types of mobile signaling information known as HLR and VLR registrations in order to locate individuals. It also makes clear that the agency is able to use location tracking to ascertain whether a target is in the United States.

nsa-verify-target-location

——————————————————————————————————————————————————————————————

nsa-cotraveler-infographic

%d bloggers like this: