German Gov't warns: Don't use Windows 8; it spies on you, has NSA
backdoor
Newsletter published on 5 January 2014
(1) NSA's Secret Toolbox: Unit Offers Spy Gadgets for Every
Need
(2) NSA employes Hackers, and intercepts equipment bought online, to
implant devices in it
(3) James Bamford: NSA spying on American citizens
is outsourced to
Israeli hi-tech companies linked to Mossad
(4) Bamford:
shady Companies with Ties to Israel Wiretap the U.S. for
the NSA
(2012)
(5) Snowden Files: NSA shares "raw Sigint" (signal intelligence) with
Israel
(6) German Gov't warns: Don't use Windows 8; it spies on you, has
NSA
backdoor
(7) New Windows computers contain A Special Surveillance
Chip
(8) China dumps US Tech Companies over Security fears
(1) NSA's
Secret Toolbox: Unit Offers Spy Gadgets for Every Need
http://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers-spy-gadgets-for-every-need-a-941006.html
By
Jacob Appelbaum, Judith Horchert, Ole Reissmann, Marcel Rosenbach,
Jörg
Schindler And Christian Stöcker
With Additional Reporting by Andy
Müller-Maguhn
Der Spiegel
December 30, 2013
{visit the link
to see the NSA Catalog of spyware}
The NSA has a secret unit that
produces special equipment ranging from
spyware for computers and cell
phones to listening posts and USB sticks
that work as bugging devices. Here
are some excerpts from the
intelligence agency's own catalog.
When
agents with the NSA's Tailored Access Operations (TAO) division
want to
infiltrate a network or a computer, they turn to their technical
experts.
This particular unit of the United States intelligence service
is known
internally as ANT. The acronym presumably stands for Advanced
Network
Technology, because that's what the division produces -- tools
for
penetrating network equipment and monitoring mobile phones and
computers.
ANT's products help TAO agents infiltrate networks and divert
or even modify
data wherever the NSA's usual methods won't suffice. You
can read more about
the TAO division, its strengths and tricks in a
SPIEGEL feature that was
published in English on Sunday.
SPIEGEL has obtained an internal NSA
catalog describing ANT's various
products, along with their prices. A rigged
monitor cable, for example,
which allows "TAO personnel to see what is
displayed on the targeted
monitor," goes for $30 (€22). An "active GSM base
station" that makes it
possible to mimic the cell phone tower of a target
network and thus
monitor mobile phones, is available for $40,000. Computer
bugging
devices disguised as normal USB plugs, capable of sending and
receiving
data undetected via radio link, are available in packs of 50, for
over
$1 million.
Intelligence agencies, incidentally, are not the
only ones using these
types of devices. The same kind of modified USB plug
played a role, for
example, in a recent high-tech drug-smuggling case
uncovered at the port
of Antwerp, Belgium.
Spying on Allies
It
has become clear that the ANT arsenal isn't used exclusively to track
suspected terrorists. GSM base stations, for example, make it possible
to monitor mobile phones, such as that of German Chancellor Angela
Merkel. Radar systems such as the one known as "DROPMIRE" have also been
used to spy on allies, for example EU representatives in Washington. And
the hardware "implants" found in the ANT catalog evidently have been
used, for example, to tap encrypted faxes.
NSA malware has also been
used against international telecommunications
companies, such as partially
state-owned Belgian company Belgacom and
mobile phone billing service
provider MACH. One internal NSA document
dating from 2004 describes a
spyware program called "VALIDATOR" by
saying that it provides "unique
backdoor access to personal computers of
targets of national interest,
including but not limited to terrorist
targets."
In the graphic in
this article, you can browse nearly 50 pages from the
ANT catalog, sorted by
where these devices would potentially be used and
purged of the names and
email addresses of agents. There are "implants,"
as the NSA calls them, for
computers, servers, routers and hardware
firewalls. There is special
equipment for covertly viewing everything
displayed on a targeted
individual's monitor. And there are bugging
devices that can conduct
surveillance without sending out any measurable
radio signal -- their
signals are instead picked up using radar waves.
Many of these items are
designed for subverting the technical
infrastructure of telecommunications
companies to exploit them,
undetected, for the NSA's purposes, or for
tapping into company networks.
Spyware for mobile phones was even on
offer in the 2008 version of the
catalog. A Trojan for gaining total access
to iPhones, which were still
new at the time, was still in development,
though its specifications are
listed in the catalog.
'Implants' for
Cisco, Juniper, Dell, Huawei and HP
The catalog is not up to date. Many
of the software solutions on offer
date from 2008, some apply to server
systems or mobile phone models no
longer on the market, and it is very
likely that the portions SPIEGEL
has seen are far from complete. And yet
this version still provides
considerable insight both into the tools the NSA
has had at its disposal
for years and into the agency's boundless ambitions.
It is safe to
assume that ANT's hackers are constantly improving their
arsenal.
Indeed, the catalog makes frequent mention of other systems that
will be
"pursued for a future release."
The NSA has also targeted
products made by well-known American
manufacturers and found ways to break
into professional-grade routers
and hardware firewalls, such as those used
by Internet and mobile phone
operators. ANT offers malware and hardware for
use on computers made by
Cisco, Dell, Juniper, Hewlett-Packard and Chinese
company Huawei.
There is no information in the documents seen by SPIEGEL
to suggest that
the companies whose products are mentioned in the catalog
provided any
support to the NSA or even had any knowledge of the
intelligence
solutions. "Cisco does not work with any government to modify
our
equipment, nor to implement any so-called security 'back doors' in our
products," the company said in a statement. The company has also since
commented on SPIEGEL's intitial reporting on a Cisco blog. "We are
deeply concerned with anything that may impact the integrity of our
products or our customers' networks and continue to seek additional
information," the company wrote.
A representative of Hewlett-Packard
wrote that the company was not aware
of any of the information presented in
the report and that it did "not
believe any of it to be true." Contacted by
SPIEGEL reporters, officials
at Juniper Networks and Huawei also said they
had no knowledge of any
such modifications. Meanwhile, Dell officials said
the company "respects
and complies with the laws of all countries in which
it operates."
TAO's implants, in place around the world, have played a
significant
role in the NSA's ability to establish a global covert network
consisting partly of the agency's own hardware, but also of other
computers subverted to serve its purposes.
ANT's developers often
seek to place their malicious code in BIOS,
software located directly on a
computer's motherboard that is the first
thing to load when the computer is
turned on. Even if the hard drive is
wiped and a new operating system
installed, ANT's malware continues to
function, making it possible to later
add other spyware back onto the
computer.
Along with the BIOS
software of computers and servers, the NSA's hackers
also attack firmware on
computer hard drives, essentially the software
that makes the hardware work.
The ANT catalog includes, for example,
spyware capable of embedding itself
unnoticed into hard drives
manufactured by Western Digital, Seagate and
Samsung. The first two of
these are American companies.
Many of these
digital tools are "remotely installable," meaning they can
be put in place
over the Internet. Others, however, require direct
intervention, known in
NSA jargon as "interdiction." This means that
brand new products being
delivered by mail are secretly intercepted, and
hardware or software
implants installed on them. The package is
forwarded to its intended
destination only after this has been done.
Windows Error Messages
Potential Sources of Information
One example of the creativity with which
the TAO spies approach their
work can be seen in a hacking method that
exploits frequent errors on
Microsoft Windows. Every user of the operating
system is familiar with
the window that pops up on screen when an internal
problem is detected,
asking the user to report the error to Microsoft with a
click of the
mouse. The window promises this communication will be
"confidential and
anonymous."
For TAO specialists, these crash
reports either were or continue to be a
welcome source of potential
information. When TAO selects a computer
somewhere in the world as a target
and enters its unique identifiers (an
IP address, for example) into the
corresponding database, intelligence
agents are then automatically notified
any time the operating system of
that computer crashes and its user receives
the prompt to report the
problem to Microsoft.
The automated crash
reports are a "neat way" to gain "passive access"
to a targeted machine, the
presentation continues. Passive access means
that, initially, only data the
computer sends out into the Internet is
captured and saved, but the computer
itself is not yet manipulated.
Still, even this passive access to error
messages provides valuable
insights into problems with a targeted person's
computer and, thus,
information on security holes that might be exploitable
for planting
malware or spyware on the unwitting victim's
computer.
Although the method appears to have little importance in
practical
terms, the NSA's agents still seem to enjoy it because it allows
them to
have a bit of a laugh at the expense of the Seattle-based software
giant. In one internal graphic, they replaced the text of Microsoft's
original error message with one of their own reading, "This information
may be intercepted by a foreign sigint system to gather detailed
information and better exploit your machine." ("Sigint" stands for
"signals intelligence.")
NSA analysts have a laugh at the expense of
Microsoft. Zoom SPIEGEL ONLINE
NSA analysts have a laugh at the expense
of Microsoft. In response to a
query from SPIEGEL, NSA officials issued a
statement saying, "Tailored
Access Operations is a unique national asset
that is on the front lines
of enabling NSA to defend the nation and its
allies." The statement
added that TAO's "work is centered on computer
network exploitation in
support of foreign intelligence collection." The
officials said they
would not discuss specific allegations regarding TAO's
mission.
One trail also leads to Germany. According to a document dating
from
2010 that lists the "Lead TAO Liaisons" domestically and abroad as well
as names, email addresses and the number for their "Secure Phone," a
liaison office is located near Frankfurt -- the European Security
Operations Center (ESOC) at the so-called "Dagger Complex" at a US
military compound in the Griesheim suburb of Darmstadt.
(2) NSA
employes Hackers, and intercepts equipment bought online, to
implant devices
in it
http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html
Inside
TAO: Documents Reveal Top NSA Hacking Unit
By SPIEGEL Staff
REPORTED
BY JACOB APPELBAUM, LAURA POITRAS, MARCEL ROSENBACH, CHRISTIAN
STÖCKER, JÖRG
SCHINDLER AND HOLGER STARK
The NSA's TAO hacking unit is considered to be
the intelligence agency's
top secret weapon. It maintains its own covert
network, infiltrates
computers around the world and even intercepts shipping
deliveries to
plant back doors in electronics ordered by those it is
targeting.
In January 2010, numerous homeowners in San Antonio, Texas,
stood
baffled in front of their closed garage doors. They wanted to drive to
work or head off to do their grocery shopping, but their garage door
openers had gone dead, leaving them stranded. No matter how many times
they pressed the buttons, the doors didn't budge. The problem primarily
affected residents in the western part of the city, around Military
Drive and the interstate highway known as Loop 410.
In the United
States, a country of cars and commuters, the mysterious
garage door problem
quickly became an issue for local politicians.
Ultimately, the municipal
government solved the riddle. Fault for the
error lay with the United
States' foreign intelligence service, the
National Security Agency, which
has offices in San Antonio. Officials at
the agency were forced to admit
that one of the NSA's radio antennas was
broadcasting at the same frequency
as the garage door openers.
Embarrassed officials at the intelligence agency
promised to resolve the
issue as quickly as possible, and soon the doors
began opening again.
It was thanks to the garage door opener episode that
Texans learned just
how far the NSA's work had encroached upon their daily
lives. For quite
some time now, the intelligence agency has maintained a
branch with
around 2,000 employees at Lackland Air Force Base, also in San
Antonio.
In 2005, the agency took over a former Sony computer chip plant in
the
western part of the city. A brisk pace of construction commenced inside
this enormous compound. The acquisition of the former chip factory at
Sony Place was part of a massive expansion the agency began after the
events of Sept. 11, 2001.
On-Call Digital Plumbers
One of the
two main buildings at the former plant has since housed a
sophisticated NSA
unit, one that has benefited the most from this
expansion and has grown the
fastest in recent years -- the Office of
Tailored Access Operations, or TAO.
This is the NSA's top operative unit
-- something like a squad of plumbers
that can be called in when normal
access to a target is
blocked.
According to internal NSA documents viewed by SPIEGEL, these
on-call
digital plumbers are involved in many sensitive operations conducted
by
American intelligence agencies. TAO's area of operations ranges from
counterterrorism to cyber attacks to traditional espionage. The
documents reveal just how diversified the tools at TAO's disposal have
become -- and also how it exploits the technical weaknesses of the IT
industry, from Microsoft to Cisco and Huawei, to carry out its discreet
and efficient attacks.
The unit is "akin to the wunderkind of the US
intelligence community,"
says Matthew Aid, a historian who specializes in
the history of the NSA.
"Getting the ungettable" is the NSA's own
description of its duties. "It
is not about the quantity produced but the
quality of intelligence that
is important," one former TAO chief wrote,
describing her work in a
document. The paper seen by SPIEGEL quotes the
former unit head stating
that TAO has contributed "some of the most
significant intelligence our
country has ever seen." The unit, it goes on,
has "access to our very
hardest targets."
A Unit Born of the
Internet
Defining the future of her unit at the time, she wrote that TAO
"needs
to continue to grow and must lay the foundation for integrated
Computer
Network Operations," and that it must "support Computer Network
Attacks
as an integrated part of military operations." To succeed in this,
she
wrote, TAO would have to acquire "pervasive, persistent access on the
global network." An internal description of TAO's responsibilities makes
clear that aggressive attacks are an explicit part of the unit's tasks.
In other words, the NSA's hackers have been given a government mandate
for their work. During the middle part of the last decade, the special
unit succeeded in gaining access to 258 targets in 89 countries --
nearly everywhere in the world. In 2010, it conducted 279 operations
worldwide.
Indeed, TAO specialists have directly accessed the
protected networks of
democratically elected leaders of countries. They
infiltrated networks
of European telecommunications companies and gained
access to and read
mails sent over Blackberry's BES email servers, which
until then were
believed to be securely encrypted. Achieving this last goal
required a
"sustained TAO operation," one document states.
This TAO
unit is born of the Internet -- created in 1997, a time when
not even 2
percent of the world's population had Internet access and no
one had yet
thought of Facebook, YouTube or Twitter. From the time the
first TAO
employees moved into offices at NSA headquarters in Fort
Meade, Maryland,
the unit was housed in a separate wing, set apart from
the rest of the
agency. Their task was clear from the beginning -- to
work around the clock
to find ways to hack into global communications
traffic.
Recruiting
the Geeks
To do this, the NSA needed a new kind of employee. The TAO
workers
authorized to access the special, secure floor on which the unit is
located are for the most part considerably younger than the average NSA
staff member. Their job is breaking into, manipulating and exploiting
computer networks, making them hackers and civil servants in one. Many
resemble geeks -- and act the part, too.
Indeed, it is from these
very circles that the NSA recruits new hires
for its Tailored Access
Operations unit. In recent years, NSA Director
Keith Alexander has made
several appearances at major hacker conferences
in the United States.
Sometimes, Alexander wears his military uniform,
but at others, he even dons
jeans and a t-shirt in his effort to court
trust and a new generation of
employees.
The recruitment strategy seems to have borne fruit. Certainly,
few if
any other divisions within the agency are growing as quickly as TAO.
There are now TAO units in Wahiawa, Hawaii; Fort Gordon, Georgia; at the
NSA's outpost at Buckley Air Force Base, near Denver, Colorado; at its
headquarters in Fort Meade; and, of course, in San Antonio.
One trail
also leads to Germany. According to a document dating from
2010 that lists
the "Lead TAO Liaisons" domestically and abroad as well
as names, email
addresses and the number for their "Secure Phone," a
liaison office is
located near Frankfurt -- the European Security
Operations Center (ESOC) at
the so-called "Dagger Complex" at a US
military compound in the Griesheim
suburb of Darmstadt.
But it is the growth of the unit's Texas branch that
has been uniquely
impressive, the top secret documents reviewed by SPIEGEL
show. These
documents reveal that in 2008, the Texas Cryptologic Center
employed
fewer than 60 TAO specialists. By 2015, the number is projected to
grow
to 270 employees. In addition, there are another 85 specialists in the
"Requirements & Targeting" division (up from 13 specialists in 2008).
The number of software developers is expected to increase from the 2008
level of three to 38 in 2015. The San Antonio office handles attacks
against targets in the Middle East, Cuba, Venezuela and Colombia, not to
mention Mexico, just 200 kilometers (124 miles) away, where the
government has fallen into the NSA's crosshairs.
Mexico's Secretariat
of Public Security, which was folded into the new
National Security
Commission at the beginning of 2013, was responsible
at the time for the
country's police, counterterrorism, prison system
and border police. Most of
the agency's nearly 20,000 employees worked
at its headquarters on Avenida
Constituyentes, an important traffic
artery in Mexico City. A large share of
the Mexican security authorities
under the auspices of the Secretariat are
supervised from the offices
there, making Avenida Constituyentes a one-stop
shop for anyone seeking
to learn more about the country's security
apparatus.
Operation WHITETAMALE
That considered, assigning the
TAO unit responsible for tailored
operations to target the Secretariat makes
a lot of sense. After all,
one document states, the US Department of
Homeland Security and the
United States' intelligence agencies have a need
to know everything
about the drug trade, human trafficking and security
along the US-Mexico
border. The Secretariat presents a potential "goldmine"
for the NSA's
spies, a document states. The TAO workers selected systems
administrators and telecommunications engineers at the Mexican agency as
their targets, thus marking the start of what the unit dubbed Operation
WHITETAMALE.
Workers at NSA's target selection office, which also had
Angela Merkel
in its sights in 2002 before she became chancellor, sent TAO a
list of
officials within the Mexican Secretariat they thought might make
interesting targets. As a first step, TAO penetrated the target
officials' email accounts, a relatively simple job. Next, they
infiltrated the entire network and began capturing data.
Soon the NSA
spies had knowledge of the agency's servers, including IP
addresses,
computers used for email traffic and individual addresses of
diverse
employees. They also obtained diagrams of the security agencies'
structures,
including video surveillance. It appears the operation
continued for years
until SPIEGEL first reported on it in October.
The technical term for
this type of activity is "Computer Network
Exploitation" (CNE). The goal
here is to "subvert endpoint devices,"
according to an internal NSA
presentation that SPIEGEL has viewed. The
presentation goes on to list
nearly all the types of devices that run
our digital lives -- "servers,
workstations, firewalls, routers,
handsets, phone switches, SCADA systems,
etc." SCADAs are industrial
control systems used in factories, as well as in
power plants. Anyone
who can bring these systems under their control has the
potential to
knock out parts of a country's critical
infrastructure.
The most well-known and notorious use of this type of
attack was the
development of Stuxnet, the computer worm whose existence was
discovered
in June 2010. The virus was developed jointly by American and
Israeli
intelligence agencies to sabotage Iran's nuclear program, and
successfully so. The country's nuclear program was set back by years
after Stuxnet manipulated the SCADA control technology used at Iran's
uranium enrichment facilities in Natanz, rendering up to 1,000
centrifuges unusable.
The special NSA unit has its own development
department in which new
technologies are developed and tested. This division
is where the real
tinkerers can be found, and their inventiveness when it
comes to finding
ways to infiltrate other networks, computers and
smartphones evokes a
modern take on Q, the legendary gadget inventor in
James Bond movies.
Having Fun at Microsoft's Expense
One example
of the sheer creativity with which the TAO spies approach
their work can be
seen in a hacking method they use that exploits the
error-proneness of
Microsoft's Windows. Every user of the operating
system is familiar with the
annoying window that occasionally pops up on
screen when an internal problem
is detected, an automatic message that
prompts the user to report the bug to
the manufacturer and to restart
the program. These crash reports offer TAO
specialists a welcome
opportunity to spy on computers.
The original
Microsoft error message exploited by the NSA When TAO
selects a computer
somewhere in the world as a target and enters its
unique identifiers (an IP
address, for example) into the corresponding
database, intelligence agents
are then automatically notified any time
the operating system of that
computer crashes and its user receives the
prompt to report the problem to
Microsoft. An internal presentation
suggests it is NSA's powerful XKeyscore
spying tool that is used to fish
these crash reports out of the massive sea
of Internet traffic.
The automated crash reports are a "neat way" to gain
"passive access" to
a machine, the presentation continues. Passive access
means that,
initially, only data the computer sends out into the Internet is
captured and saved, but the computer itself is not yet manipulated.
Still, even this passive access to error messages provides valuable
insights into problems with a targeted person's computer and, thus,
information on security holes that might be exploitable for planting
malware or spyware on the unwitting victim's computer.
Although the
method appears to have little importance in practical
terms, the NSA's
agents still seem to enjoy it because it allows them to
have a bit of a
laugh at the expense of the Seattle-based software
giant. In one internal
graphic, they replaced the text of Microsoft's
original error message with
one of their own reading, "This information
may be intercepted by a foreign
sigint system to gather detailed
information and better exploit your
machine." ("Sigint" stands for
"signals intelligence.")
One of the
hackers' key tasks is the offensive infiltration of target
computers with
so-called implants or with large numbers of Trojans.
They've bestowed their
spying tools with illustrious monikers like
"ANGRY NEIGHBOR," "HOWLERMONKEY"
or "WATERWITCH." These names may sound
cute, but the tools they describe are
both aggressive and effective.
According to details in Washington's
current budget plan for the US
intelligence services, around 85,000
computers worldwide are projected
to be infiltrated by the NSA specialists
by the end of this year. By far
the majority of these "implants" are
conducted by TAO teams via the
Internet.
Increasing
Sophistication
Until just a few years ago, NSA agents relied on the same
methods
employed by cyber criminals to conduct these implants on computers.
They
sent targeted attack emails disguised as spam containing links
directing
users to virus-infected websites. With sufficient knowledge of an
Internet browser's security holes -- Microsoft's Internet Explorer, for
example, is especially popular with the NSA hackers -- all that is
needed to plant NSA malware on a person's computer is for that
individual to open a website that has been specially crafted to
compromise the user's computer. Spamming has one key drawback though: It
doesn't work very often.
Nevertheless, TAO has dramatically improved
the tools at its disposal.
It maintains a sophisticated toolbox known
internally by the name
"QUANTUMTHEORY." "Certain QUANTUM missions have a
success rate of as
high as 80%, where spam is less than 1%," one internal
NSA presentation
states.
A comprehensive internal presentation titled
"QUANTUM CAPABILITIES,"
which SPIEGEL has viewed, lists virtually every
popular Internet service
provider as a target, including Facebook, Yahoo,
Twitter and YouTube.
"NSA QUANTUM has the greatest success against Yahoo,
Facebook and static
IP addresses," it states. The presentation also notes
that the NSA has
been unable to employ this method to target users of Google
services.
Apparently, that can only be done by Britain's GCHQ intelligence
service, which has acquired QUANTUM tools from the NSA.
A favored
tool of intelligence service hackers is "QUANTUMINSERT." GCHQ
workers used
this method to attack the computers of employees at partly
government-held
Belgian telecommunications company Belgacom, in order to
use their computers
to penetrate even further into the company's
networks. The NSA, meanwhile,
used the same technology to target
high-ranking members of the Organization
of the Petroleum Exporting
Countries (OPEC) at the organization's Vienna
headquarters. In both
cases, the trans-Atlantic spying consortium gained
unhindered access to
valuable economic data using these tools.
The
insert method and other variants of QUANTUM are closely linked to a
shadow
network operated by the NSA alongside the Internet, with its own,
well-hidden infrastructure comprised of "covert" routers and servers. It
appears the NSA also incorporates routers and servers from non-NSA
networks into its covert network by infecting these networks with
"implants" that then allow the government hackers to control the
computers remotely. (Click here to read a related article on the NSA's
"implants".)
In this way, the intelligence service seeks to identify
and track its
targets based on their digital footprints. These identifiers
could
include certain email addresses or website cookies set on a person's
computer. Of course, a cookie doesn't automatically identify a person,
but it can if it includes additional information like an email address.
In that case, a cookie becomes something like the web equivalent of a
fingerprint.
A Race Between Servers
Once TAO teams have
gathered sufficient data on their targets' habits,
they can shift into
attack mode, programming the QUANTUM systems to
perform this work in a
largely automated way. If a data packet featuring
the email address or
cookie of a target passes through a cable or router
monitored by the NSA,
the system sounds the alarm. It determines what
website the target person is
trying to access and then activates one of
the intelligence service's covert
servers, known by the codename FOXACID.
This NSA server coerces the user
into connecting to NSA covert systems
rather than the intended sites. In the
case of Belgacom engineers,
instead of reaching the LinkedIn page they were
actually trying to
visit, they were also directed to FOXACID servers housed
on NSA
networks. Undetected by the user, the manipulated page transferred
malware already custom tailored to match security holes on the target
person's computer.
The technique can literally be a race between
servers, one that is
described in internal intelligence agency jargon with
phrases like:
"Wait for client to initiate new connection," "Shoot!" and
"Hope to beat
server-to-client response." Like any competition, at times the
covert
network's surveillance tools are "too slow to win the race." Often
enough, though, they are effective. Implants with QUANTUMINSERT,
especially when used in conjunction with LinkedIn, now have a success
rate of over 50 percent, according to one internal document.
Tapping
Undersea Cables
At the same time, it is in no way true to say that the
NSA has its
sights set exclusively on select individuals. Of even greater
interest
are entire networks and network providers, such as the fiber optic
cables that direct a large share of global Internet traffic along the
world's ocean floors.
One document labeled "top secret" and "not for
foreigners" describes the
NSA's success in spying on the "SEA-ME-WE-4" cable
system. This massive
underwater cable bundle connects Europe with North
Africa and the Gulf
states and then continues on through Pakistan and India,
all the way to
Malaysia and Thailand. The cable system originates in
southern France,
near Marseille. Among the companies that hold ownership
stakes in it are
France Telecom, now known as Orange and still partly
government-owned,
and Telecom Italia Sparkle.
The document proudly
announces that, on Feb. 13, 2013, TAO "successfully
collected network
management information for the SEA-Me-We Undersea
Cable Systems (SMW-4)."
With the help of a "website masquerade
operation," the agency was able to
"gain access to the consortium's
management website and collected Layer 2
network information that shows
the circuit mapping for significant portions
of the network."
The document states that the TAO team hacked an internal
website of the
operator consortium and copied documents stored there
pertaining to
technical infrastructure. But that was only the first step.
"More
operations are planned in the future to collect more information about
this and other cable systems," it continues.
But numerous internal
announcements of successful attacks like the one
against the undersea cable
operator aren't the exclusive factors that
make TAO stand out at the NSA. In
contrast to most NSA operations, TAO's
ventures often require physical
access to their targets. After all, you
might have to directly access a
mobile network transmission station
before you can begin tapping the digital
information it provides.
Spying Traditions Live On
To conduct
those types of operations, the NSA works together with other
intelligence
agencies such as the CIA and FBI, which in turn maintain
informants on
location who are available to help with sensitive
missions. This enables TAO
to attack even isolated networks that aren't
connected to the Internet. If
necessary, the FBI can even make an
agency-owned jet available to ferry the
high-tech plumbers to their
target. This gets them to their destination at
the right time and can
help them to disappear again undetected after as
little as a half hour's
work.
Responding to a query from SPIEGEL, NSA
officials issued a statement
saying, "Tailored Access Operations is a unique
national asset that is
on the front lines of enabling NSA to defend the
nation and its allies."
The statement added that TAO's "work is centered on
computer network
exploitation in support of foreign intelligence
collection." The
officials said they would not discuss specific allegations
regarding
TAO's mission.
Sometimes it appears that the world's most
modern spies are just as
reliant on conventional methods of reconnaissance
as their predecessors.
Take, for example, when they intercept shipping
deliveries. If a target
person, agency or company orders a new computer or
related accessories,
for example, TAO can divert the shipping delivery to
its own secret
workshops. The NSA calls this method interdiction. At these
so-called
"load stations," agents carefully open the package in order to
load
malware onto the electronics, or even install hardware components that
can provide backdoor access for the intelligence agencies. All
subsequent steps can then be conducted from the comfort of a remote
computer.
These minor disruptions in the parcel shipping business
rank among the
"most productive operations" conducted by the NSA hackers,
one top
secret document relates in enthusiastic terms. This method, the
presentation continues, allows TAO to obtain access to networks "around
the world."
Even in the Internet Age, some traditional spying methods
continue to
live on.
(3) James Bamford: NSA spying on American
citizens is outsourced to
Israeli hi-tech companies linked to
Mossad
http://www.haaretz.com/print-edition/features/is-israel-s-booming-high-tech-industry-a-branch-of-the-mossad-1.255520
Is
Israel's booming high-tech industry a branch of the Mossad?
Author of
'The Shadow Factory: The Ultra-Secret NSA from 9/11 to the
Eavesdropping on
America' says the NSA thinks so.
By Yossi Melman | Oct. 16, 2008 | 12:00
AM
In 2006 the Check Point Software Technologies company, which
specializes
in protecting computer systems from hackers and data theft,
wanted to
acquire an American company called Sourcefire, which works in the
same
field. The great advantage of Sourcefire was that its clients include
the American Defense Department and the National Security Agency. The
U.S. administration, however, by means of the Committee on Foreign
Investment in the United States, did not approve the acquisition.
The
committee made its decision based on an opinion by the Federal
Bureau of
Investigation and NSA security officers. The two organizations
were afraid
that Check Point, which was founded by Gil Shwed and fellow
graduates of
Unit 8200, the Israel Defense Forces' high-tech
intelligence unit, would
have access to top-secret information, which it
could pass on to Israel's
intelligence community.
The fear and suspicion currently is directed not
only toward Check
Point, but also other Israeli high-tech companies like
Verint, Comverse,
NICE Systems and PerSay Voice Biometrics, some of which
work in data
mining and engage in software development for tapping
telephones, fax
machines, e-mail and computer communications.
The
above accusations come from journalist and writer James Bamford,
whose new
book, "The Shadow Factory: The Ultra-Secret NSA from 9/11 to
the
Eavesdropping on America" (Doubleday), came out this week in the
United
States.
Bamford, a former producer for the ABC television network, has
spent the
last 30 years writing about the NSA - one of the most important
and
least-known intelligence agencies in the United States, but usually in
the shadow of the Central Intelligence Agency. The NSA is responsible
for eavesdropping on telephones, fax machines and computers;
intercepting communications and electromagnetic signals from radar
equipment, aircraft, missiles, ships and submarines; and decoding
transmissions and cracking codes. It has contributed immeasurably to
U.S. intelligence and national security.
In this respect, the United
States resembles Israel: Successes
attributed to the Mossad should often be
credited to other intelligence
units - first and foremost Unit 8200, the
Israeli equivalent of the NSA. ...
Another of Bamford's important
assertions, which also concerns Israel,
is that the largest telephony and
communications companies in the United
States - in fact all of them except
QWEST - have cooperated with the
NSA, allowing it to tap their lines and
optic fibers.
The above-mentioned Israeli companies and others are
important software
and technology suppliers for not only the American
telephony companies,
but for the NSA itself. Bamford claims that 80 percent
of all American
telephone transmissions are conducted by means of the
Israeli companies'
technology, know-how and accessibility. Thus, Bamford
believes, the
American intelligence community is exposing itself to the risk
that the
Israeli companies will access its most secret and sensitive digital
information.
Bamford does not provide any backing for this thesis; he
only points to
a circumstantial relationship. The Israeli companies were
largely
established by graduates of 8200, and therefore he says they are
connected by their umbilical cords to Israeli intelligence, and their
CEOs and boards of directors include senior Shin Bet officials like Arik
Nir or former Mossad chief Ephraim Halevy (Nir is the CEO of Athlone
Global Security, a hedge fund that has invested inter alia in PerSay
Voice Biometrics, and Ephraim Halevy is a member of the Athlone Advisory
Board).
To put it mildly, Bamford has no love lost for Israel. In his
articles,
he publishes claims by American Navy officials who believe Israel
maliciously attacked the American spy ship Liberty during the 1967
Six-Day War. He holds that the September 11 attack did not stem from
radical Islam's basic hatred of America, but rather from its anger at
the United States' support for Israel. He calls the nineteen September
11 terrorists "soldiers" and describes them with a great deal of
sympathy - Davids who "only" demolished four airplanes of the American
Goliath.
In this context, and apparently because of his deep
hostility, Bamford
asserts that in light of the problematic record of
Israel, which did not
hesitate to spy against America on American soil,
Israeli companies
should not have been given the keys to the kingdom of
America's secrets.
His attitude toward Israel apparently pushes him over the
psychological
brink, as his book hardly mentions the close cooperation
between the two
countries' intelligence communities, mainly in the war
against
international jihad terror or in monitoring Iran. ===
(4)
Bamford: shady Companies with Ties to Israel Wiretap the U.S. for
the NSA
(2012)
Shady Companies with Ties to Israel Wiretap the U.S. for the
NSA
BY JAMES BAMFORD 04.03.12 6:30 AM
http://www.wired.com/threatlevel/2012/04/shady-companies-nsa/all/
(5)
Snowden Files: NSA shares "raw Sigint" (signal intelligence) with
Israel
From: "Sadanand, Nanjundiah (Physics Earth Sciences)"
<sadanand@mail.ccsu.edu>
Date:
Wed, 11 Sep 2013 17:57:12 -0400
Subject: Israel and the NSA + Windows8 TPM
espionage apparatus
Snowden Files: The NSA and Israeli
Intelligence
By Glenn Greenwald, Laura Poitras, Ewen MacAskill, Guardian
UK, 11
September 13
Secret deal places no legal limits on use of data
by Israelis
Only official US government communications
protected
Agency insists it complies with rules governing privacy
http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-israel-documents
The
National Security Agency routinely shares raw intelligence data with
Israel
without first sifting it to remove information about US citizens,
a
top-secret document provided to the Guardian by whistleblower Edward
Snowden
reveals.
Details of the intelligence-sharing agreement are laid out in a
memorandum of understanding between the NSA and its Israeli counterpart
that shows the US government handed over intercepted communications
likely to contain phone calls and emails of American citizens. The
agreement places no legally binding limits on the use of the data by the
Israelis.
The disclosure that the NSA agreed to provide raw
intelligence data to a
foreign country contrasts with assurances from the
Obama administration
that there are rigorous safeguards to protect the
privacy of US citizens
caught in the dragnet. The intelligence community
calls this process
"minimization", but the memorandum makes clear that the
information
shared with the Israelis would be in its pre-minimized
state.
The deal was reached in principle in March 2009, according to the
undated memorandum, which lays out the ground rules for the intelligence
sharing.
The five-page memorandum, termed an agreement between the US
and Israeli
intelligence agencies "pertaining to the protection of US
persons",
repeatedly stresses the constitutional rights of Americans to
privacy
and the need for Israeli intelligence staff to respect these
rights.
But this is undermined by the disclosure that Israel is allowed
to
receive "raw Sigint" – signal intelligence. The memorandum says: "Raw
Sigint includes, but is not limited to, unevaluated and unminimized
transcripts, gists, facsimiles, telex, voice and Digital Network
Intelligence metadata and content."
According to the agreement, the
intelligence being shared would not be
filtered in advance by NSA analysts
to remove US communications. "NSA
routinely sends ISNU [the Israeli Sigint
National Unit] minimized and
unminimized raw collection", it
says.
Although the memorandum is explicit in saying the material had to
be
handled in accordance with US law, and that the Israelis agreed not to
deliberately target Americans identified in the data, these rules are
not backed up by legal obligations.
"This agreement is not intended
to create any legally enforceable rights
and shall not be construed to be
either an international agreement or a
legally binding instrument according
to international law," the document
says.
In a statement to the Guardian,
an NSA spokesperson did not deny that
personal data about Americans was
included in raw intelligence data
shared with the Israelis. But the agency
insisted that the shared
intelligence complied with all rules governing
privacy.
"Any US person information that is acquired as a result of NSA's
surveillance activities is handled under procedures that are designed to
protect privacy rights," the spokesperson said.
The NSA declined to
answer specific questions about the agreement,
including whether permission
had been sought from the Foreign
Intelligence Surveillance (Fisa) court for
handing over such material. [...]
Although Israel is one of America's
closest allies, it is not one of the
inner core of countries involved in
surveillance sharing with the US -
Britain, Australia, Canada and New
Zealand. This group is collectively
known as Five Eyes. [...]
(6)
German Gov't warns: Don't use Windows 8; it spies on you, has NSA
backdoor
http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html
LEAKED:
German Government Warns Key Entities Not To Use Windows 8 –
Links The
NSA
WEDNESDAY, AUGUST 21, 2013 AT 7:37PM
“A Special Surveillance
Chip”
According to leaked internal documents from the German Federal
Office
for Security in Information Technology (BSI) that Die Zeit obtained,
IT
experts figured out that Windows 8, the touch-screen enabled,
super-duper, but sales-challenged Microsoft operating system is outright
dangerous for data security. It allows Microsoft to control the computer
remotely through a built-in backdoor. Keys to that backdoor are likely
accessible to the NSA – and in an unintended ironic twist, perhaps even
to the Chinese.
The backdoor is called “Trusted Computing,” developed
and promoted by
the Trusted Computing Group, founded a decade ago by the
all-American
tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel,
Microsoft, and
Wave Systems. Its core element is a chip, the Trusted
Platform Module
(TPM), and an operating system designed for it, such as
Windows 8.
Trusted Computing Group has developed the specifications of how
the chip
and operating systems work together.
Its purpose is Digital
Rights Management and computer security. The
system decides what software
had been legally obtained and would be
allowed to run on the computer, and
what software, such as illegal
copies or viruses and Trojans, should be
disabled. The whole process
would be governed by Windows, and through remote
access, by Microsoft.
Now there is a new set of specifications out,
creatively dubbed TPM 2.0.
While TPM allowed users to opt in and out, TPM
2.0 is activated by
default when the computer boots up. The user cannot turn
it off.
Microsoft decides what software can run on the computer, and the
user
cannot influence it in any way. Windows governs TPM 2.0. And what
Microsoft does remotely is not visible to the user. In short, users of
Windows 8 with TPM 2.0 surrender control over their machines the moment
they turn it on for the first time.
It would be easy for Microsoft or
chip manufacturers to pass the
backdoor keys to the NSA and allow it to
control those computers. NO,
Microsoft would never do that, we protest.
Alas, Microsoft, as we have
learned from the constant flow of revelations,
informs the US government
of security holes in its products well before it
issues fixes so that
government agencies can take advantage of the holes and
get what they’re
looking for.
Experts at the BSI, the Ministry of
Economic Affairs, and the Federal
Administration warned unequivocally
against using computers with Windows
8 and TPM 2.0. One of the documents
from early 2012 lamented, “Due to
the loss of full sovereignty over the
information technology, the
security objectives of ‘confidentiality’ and
‘integrity’ can no longer
be guaranteed.”
Elsewhere, the document
warns, “This can have significant consequences
on the IT security of the
Federal Administration.” And it concludes,
“The use of ‘Trusted Computing’
technology in this form ... is
unacceptable for the Federal Administration
and for operators of
critical infrastructure.”
Another document
claims that Windows 8 with TPM 2.0 is “already” no
longer usable. But
Windows 7 can “be operated safely until 2020.” After
that other solutions
would have to be found for the IT systems of the
Administration.
The
documents also show that the German government tried to influence
the
formation of the TPM 2.0 specifications – a common practice in
processes
that take years and have many stakeholders – but was rebuffed.
Others have
gotten what they wanted, Die Zeit wrote. The NSA for
example. At one of the
last meetings between the TCG and various
stakeholders, someone dropped the
line, “The NSA agrees.”
Rüdiger Weis, a professor at the Beuth University
of Technology in
Berlin, and a cryptographic expert who has dealt with
Trusted Computing
for years, told Die Zeit in an interview that Microsoft
wanted to
completely change computing by integrating “a special surveillance
chip”
in every electronic device. Through that chip and the processes of
Windows 8, particularly Secure Boot, “users largely lose control over
their own hardware and software.”
But wouldn’t it contribute to
higher levels of security? Certain aspects
actually raise the risks, he
said. For example, during production, the
secret key to that backdoor is
generated outside the chip and then
transferred to the chip. During this
process, copies of all keys can be
made. “It’s possible that there are even
legal requirements to that
effect that cannot be reported.” And so the TPM
is “a dream chip of the
NSA.”
Perhaps even more ominously, he added:
“The other realistic scenario is
that TPM chip manufactures don’t sit within
reach of the NSA, but in
China....”
Apple phased out the surveillance
chips in 2009. Linux doesn’t comply
with the standards, and Linux machines
cannot use the technology.
Microsoft defended itself the best it could. The
TPM is activated by
default because most users accept defaults, it said. If
users would have
to activate the functions themselves, many users would end
up operating
a less secure system. And of course, government regulations
that would
require that users have the option to opt in or out would be
unwise.
Instead, hardware manufactures could build machines with the
chips
deactivated, Microsoft said. If you want to have control over your
computer, that’s what you’d have to buy. Another option would be to
switch to Linux machines, something that the city government of Munich
has started 10 years ago; the changeover should be complete before the
year is up. This aspect of the NSA debacle cannot possibly be twisted
into bullish news for Microsoft.
(7) New Windows computers contain A
Special Surveillance Chip
http://wallstreetbear.com/board/view.php?topic=118397
Wall
Street Bear Discussion Board Index :: A Special Surveillance Chip
TPM -
the so-called "secure cryptoprocessor"
WANBLI1 - Thu, Aug 22, 2013 - 06:37
AM
TPM the (essentially the encryption key system) makes the machine
"uncontrollable" for the user - making the machine enterable by third
parties, i.e., manufacturer, or whatever government or authority who so
choses to enter the machine.
Since 2006 TPM now TPM.next or TPM.2 is
built into nearly all PC and
notebooks devices: Acer, Wipro, Asus, Dell,
Inc., Gigabyte Technology,
LG, Fujitsu, HP, Lenovo, MSI, Panasonic, Samsung,
Sony, Eurocom
Corporation, and Toshiba.
You buy a Lenovo you
effectively allow the Chinese to enter your
machine's data. [...]
Re:
TPM is a Necessary Deterrent.. not necessarily, windows is arguably
a
defective product
riptied - Sat, Aug 24, 2013 - 07:42 AM
As someone in
the IT business for 30 years, from running 100 million
dollar data centers
to setting up laptops for ceo's and cfo's, the core
of the issue is that
windows can and never will be made secure. That is
why anti virus updates
are needed on a weekly if not daily basis
forever, and they still will not
plug all the leaks in what is
essentially an insecure operating system.
Personally I don't feel any
company running on a windows based environment
is particularly security
savvy to put it nicely. I would hope no major
banking institution runs
on anything other than a RISC Unix architecture, or
mainframe operating
systems and architecture, but it might be a good
investment analysis to
see which ones do and don't and track their future.
Of course, no
computer system that involves humans can be made totally
secure, but
windows based systems are inherently unsecured by the make up of
the
system architecture.
Of course the 'ease of use' factor and
distribution have made the spread
of windows operating systems nearly
universal, so the world is caught in
a kind of catch-22, ease of use verse
security. It's one of the reasons
Apple which is unix based is so
successful, the built in level of
security is a giant step up. For me the
Apple desktop is much to
restrictive but for those less computer literate,
it's the easiest way
to eliminate a major swath of security
issues.
If anyone thinks Lenovo isn't going to use their control of the
system
architecture, when it is designed by the country that is stealing and
arguably has stolen more intellectual property and data than any in the
world, I'd rethink that premise. As mentioned in the article, Linux is a
much simpler solution to getting around this issue, it takes a bit of
adjustment for those ingrained with windows, but the freedom from
constant infection and that dragging slowdown whenever virus scanning
starts under win, let alone the rebuilds, makes it worth it for me and
particularly the young who aren't indoctrinated yet by the MS
world.
[ Post Last Edited By riptied on Sat, Aug 24, 2013 - 07:48 AM
]
(8) China dumps US Tech Companies over Security fears
http://www.testosteronepit.com/home/2013/8/19/us-tech-companies-raked-over-the-coals-in-china.html
US
Tech Companies Raked Over The Coals In China
MONDAY, AUGUST 19, 2013 AT
9:59AM
China is the promised land for our revenue-challenged American
tech
heroes: 1.2 billion consumers, economic growth several times that of
the
US – if we could believe the GDP numbers – and companies splurging on IT
equipment and services.
Layer on top of that the “cloud,” the vast
high-growth segment with its
thousands of datacenters around the globe
connected by fiber-optic
cables, and managed, searched, and analyzed by ever
more powerful
software products. Much of our personal data resides in the
cloud. It
got there via Facebook, Twitter, photo-sharing apps, online
backups,
email, smartphone apps, license-plate scanners, and the like. More
and
more corporate and government data resides in the cloud. Increasingly,
software is sold as a service and is based in the cloud. American tech
companies dominate it and expect to retain that dominance in the
future.
The cloud business in China is corporate nirvana: a high-growth
sector
in a high-growth country. Or rather, it was nirvana, now that Edward
Snowden’s revelations about the NSA’s hyperactive surveillance practices
have spilled out. Core element of his revelations: prodigious
hand-in-glove cooperation of American tech companies, from giants down
to startups, with a munificent “customer,” the Intelligence Community
[my take... NSA Pricked The “Cloud” Bubble For US Tech
Companies].
Now IBM, Oracle, and EMC have become targets of China’s
Ministry of
Public Security and the cabinet-level Development Research
Centre.
That’s what an anonymous source told the Shanghai Securities News, a
branch of the state-owned Xinhua News Agency, which reports to the
Propaganda and Public Information Departments of the Communist Party.
“Anonymous sources” on these issues aren’t quoted in the Shanghai
Securities News by accident.
“At present, thanks to their
technological superiority, many of our core
information technology systems
are basically dominated by foreign
hardware and software firms, but the
Prism scandal implies security
problems,” the source said, according to
Reuters. So the government
would launch an investigation into these security
problems.
Total stonewalling followed. IBM told Reuters that it was
unable to
comment. Neither Oracle nor EMC were available for comment. The
Ministry
of Public Security refused to comment. The State Council’s
Development
Research Centre claimed it wasn’t involved any such
investigation. The
Ministry of Industry and Information Technology told
Reuters that it
“could not confirm anything because of the matter’s
sensitivity.”
Another MIIT official wasn’t aware of
anything.
Accusations of hacking into sensitive systems have been
ping-ponged
between the US and China for years. As evidence piled up that a
lot of
hacking from the Chinese side originated in facilities associated
with
the People’s Liberation Army, denials fell on deaf ears in the US where
the government claimed the improbable moral high ground.
So Snowden’s
revelations about the NSA hacking into Chinese systems
proved to be, among
other things, embarrassing. Now all plausible
deniability was out the
window. And China is counterattacking. Losing
its secret commercial and
governmental crown jewels would certainly be
on top of its worry list. Hence
a new leeriness about American IT
equipment, software, and services – a boon
for Chinese IT companies,
which, like their beleaguered American brethren,
have faced stagnating
revenues.
Last October, the US House of
Representatives Intelligence Committee –
the very entity that had been
briefed about and had condoned the now
leaked NSA surveillance programs –
determined that Huawei, China’s
dominant telecom and networking equipment
maker whose largest customer
is the Chinese government via its state-owned
enterprises, posed a
threat to US national security. The Committee then
curtailed Huawei’s
ambitions to gobble up US companies and hawk equipment to
US carriers.
Now China is turning the tables – to benefit its own tech
companies.
Huawei could certainly use some help. Growth for the erstwhile
high-growth company has stalled. In 2012, revenues of 220.2 billion yuan
($36 billion) were up a measly 3.3% from 2011. Its smaller sibling, ZTE,
with revenues of 84 billion yuan in 2012, lost 4.2 billion yuan that
year.
So the Chinese government is going to make life harder for US tech
companies. There will be “investigations” and plenty of rhetoric in the
media to add to the revelations Snowden has offered. Reluctance by
Chinese companies to buy US tech products is already showing up in the
numbers. During Cisco’s earnings call last week, when the company
lowered its revenue forecast, CEO John Chambers revealed that product
orders in China, instead of growing rapidly, had skidded 3%! And that
was just the beginning.
In China, being such a new market, the
smaller issue in dollar terms is
losing existing customers – in Cisco’s
case, only 5% of its business is
currently in China. The larger issue: China
was precisely where a big
part of the growth was supposed to come from. Now
it won’t. IBM, which
reported falling revenues, and Oracle which reported
stagnating
revenues, are counting on China. EMC reported growing revenues in
the
region, though it didn’t break out China, where it isn’t a big player.
Dell, which made the headlines last week in the Snowden scandal,
reported stagnating revenues in China and declining revenues in its
cloud business. And going forward, it will be harder for them to compete
in China.
As has been the case with pharmaceutical companies in
China,
investigations, after they take off, tend to entangle more and more
foreign companies – in tech’s case, to crack down on data security and
to give Chinese companies a leg up. For our already revenue-challenged
tech companies, the hoped-for growth opportunities in China are
fizzling.
Another reason for the exuberant players in the US stock market
to avert
their eyes and move forward unperturbed by reality. Other sectors
in the
US are in trouble too, including a long laundry list of
revenue-challenged retailers whose woes are spreading relentlessly
across the country.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.