How powerful and far-reaching is the National Security Agency’s (NSA) Google-like search engine, known as XKeyscore? Alexey Yaroshevsky examines the facts from the Edward Snowden leaks and looks into how the engine is used to search for specific online communications.
Published on Jun 25, 2015
New images of America’s historic top-secret military aerospace testing facility have been posted at Terraserver. The base looks busier than ever, with no less than four “Janet” 737s and a turboprop on the terminal ramp. But the biggest change on base has to do with the new huge south-base hangar, which now appears nearly complete.
If we can lock down this chance to film the base, we could come out of there with the best images to date. We could not only get the most updated shots, But the first video of the hanger. Make sure to bookmark the livestream and live feed links.
Infowars first warned of PC microphone snooping nearly a decade ago
by PAUL JOSEPH WATSON | JUNE 23, 2015
Almost a decade after Infowars first warned that corporations may be spying on computer users via PC microphones, it has now come to light that secretly installed Google software is doing precisely that.
“The Chromium browser – the open source basis for Google’s Chrome – began remotely installing audio-snooping code that was capable of listening to users,” reports the London Guardian.
The software was designed to work with Chrome’s ‘OK, Google’ hotword detection, which functions in response to voice commands given by the user – but in some cases the software was installed and activated without permission.
“Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room,” writes Pirate party founder Rick Falkvinge. “Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by … an unknown and unverifiable set of conditions.”
Google has denied the accusations, asserting that users have to “opt-in” before the software is activated, but developers insist otherwise.
“The default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement,” said Falkvinge.
Way back in 2006 we first reported that both the state and corporations were moving to utilize microphones attached to people’s computers to eavesdrop on their conversations, as well as for building psychological profiles for the purposes on invasive, Minority Report-style advertising.
Indeed, that same year Google announced that they were developing software that would use PC microphones to listen to ambient background noise in order to generate “relevant content” for the user.
“Since at least 150 million Americans are Internet-active they will all be potential targets for secret surveillance and the subsequent sell-off of all their information to unscrupulous data mining corporations and government agencies,” we reported nearly nine years ago.
Other companies have also been accused of using voice recognition software to spy on conversations.
Since its launch in 2010, Microsoft’s X-Box Kinect games device has a video camera and a microphone that records speech. The company informs its users that they “should not expect any level of privacy concerning your use of the live communication features,” while Microsoft also “may access or disclose information about you, including the content of your communications.”
Last year, Microsoft was forced to deny claims that the Xbox One’s Kinect camera could see gamers’ genitals after video footage emerged which suggested the device’s IR camera was so sophisticated that it could capture the outline of a user’s penis.
Gamers also complained that Kinect was monitoring their Skype conversations for swearing and then punishing them with account bans.
An old law has come to the forefront, and it’s being applied in a way that could affect what you do on your PC. In a case close to the Boston Marathon bombings, a federal court will decide if the deletion of browser history was an obstruction of justice.
The Sarbanes-Oxley Act was signed into law by President Bush in 2002, largely in response to the 2001 Enron scandal. Though it deals mostly with corporate financial reporting, it is now being used for an entirely different purpose.
Khairullozhon Matanov, a former taxi driver and acquaintance of the Boston Marathon bombers, is due in court next week. But it’s not because he knew about the bombings beforehand, or because he participated in the attacks.
Instead, his crime was deleting his browser history in the days following the bombings. He’s been charged with obstruction of justice for the deed, and could spend the next 20 years in prison.
Prosecutors are clutching to one section of the Sarbanes-Oxley Act, which details severe penalties for “destroying, mutilating, concealing, falsifying records, documents, or tangible objects” with intent to impede or stall a federal investigation.
A Grand Jury indictment from May 29, 2014 states that Matanov “deleted a large amount of information from his Google Chrome Internet cache” following the bombing, including “references to the video of the suspected bombers [later identified as the Tsarnaevs]…two of the photographs of the bombers released at approximately the same time…[and] a photograph of Officer Sean Collier, who had been allegedly killed by Dzhokhar and Tamerlan Tsarnaev.”
Matanov also faces three other counts stemming from allegations that he lied to investigators about his activities and relationship with the Tsarnaev brothers. Those carry a sentence of up to eight years each.
Although he maintains his innocence, Matanov pleaded guilty to all charges earlier this year, hoping that the US district judge will accept his plea agreement for a 30-month sentence.
Many online have responded to news of the Sarbanes-Oxley Act being used against internet users, expressing anger that a seemingly innocent task could land a person in jail for two decades.
The senior staff attorney for the Electronic Frontier Foundation, Hanni Fakhoury, says that Washington wants – and believes it is entitled to – all online data for policing purposes.
“Don’t even think about deleting anything that may be harmful to you, because we (the government) may come after you at some point in the future for some unforeseen reason and we want to be able to have access to that data. And if we don’t have access to that data, we’re going to slap an obstruction charge that has as 20-year maximum on you,” Fakhoury told The Nation.
Others were quick to point out that the law only applies to those who knowingly delete data with intent to impede or stall a federal investigation.
But according to The Nation’s Juliana DeVries, the law can be applied broadly because prosecutors “do not have to show that the person deleting evidence knew there was an investigation underway.”
She cited the case of David Kernell, a University of Tennessee student who entered Sarah Palin’s email account in 2010 and changed her password to “popcorn.”
Although entering Palin’s email was considered a misdemeanor, Kernell was convicted of a felony for deleting his internet history afterwards because his alleged awareness of a potential investigation into his conduct was enough to uphold the charge.
For the moment, it remains unclear just how broadly the Sarbanes-Oxley Act can be used by prosecutors in the digital age, or how much data citizens should preserve in case they find themselves part of an investigation.
One of the United States government’s top counterterrorism officials says Congress must help investigators crack the encrypted communications of terrorists as groups like the so-called Islamic State ramp-up their online recruitment efforts.
On Capitol Hill on Wednesday, Michael Steinbach, the assistant director of the Federal Bureau of Investigation’s counterterrorism division, told the House Homeland Security Committee that the FBI is “imploring for Congress to help” law enforcement with its quest to decrypt digital communications.
Steinbach said that the FBI is working with the Department of Homeland Security to ensure that the law enforcement tactics currently in use can be implemented as needed, but suggested that legislation might be needed for situations where communications being sought are obfuscated from the eyes of investigators by encryption or other means.
According to Steinbach, individuals belonging to the group calling itself the Islamic State (also known as ISIS, or ISIL), are making the jobs of counterterrorism investigators increasingly difficult by relying more and more on methods of communication that cannot be compromised as easily as more mainstream mediums.
It’s no secret that ISIS proclaims its ideology far and wide with the help of social networking tools like Twitter, enabling the message to be spread among the public instantly. A report issued by the Brookings Institute this past March alleged the individuals sympathetic with ISIS opened at least 46,000 Twitter accounts during the last quarter of 2014, and slickly produced propaganda that the group amplifies with professional social media software has done anything but draw away attention. According to Steinbach, upwards of 20,000 Twitter account holders can end up on the receiving end of a single tweet sent by the group or one of its supporters.
“Unfortunately, social media is a great tool for the public,” he said, “but it also allows for this horizontal distribution which is very difficult to follow.”
Twitter actively suspends ISIS-affiliated accounts, according to the Brookings report, but collecting the private messages of accounts isn’t easy as having a person’s profile shut-down and requires legal action which Steinbach and others think should be easier to achieve.
The blatant spreading of ISIS-endorsed messages and ideals on the open web notwithstanding, backchannel communications sent privately between suspected members and sympathizers are complicating matters for federal investigators, Steinbach said.
Even when private communications can be obtained, Steinbach said that encryption that’s been properly implemented in certain cases has made it a “very problematic issue” for investigators tasked with figuring out the contents of messages.
“We’re not looking at going through a backdoor or being nefarious. We’re talking about going to the company and asking for their assistance,” he said.
“We understand privacy. Privacy above all other things, including safety and freedom from terrorism, is not where we want to go.”
Rep. Michael McCaul (R-Texas), the committee chair, told Steinbach that “If we have coverage, we can pick up that communication. Because terrorists are increasingly taking their conversations to a “dark space” on the web, however, McCaul warned that investigators “don’t have the ability to monitor these communications.”
The Dark Web
The online activity the occurs on the world wide web as it’s widely known to exist only represents a fraction of what’s really online: a vast amount of web traffic unfolds in the realm of the so called “dark web” or “deep web,” where sites aren’t archived by search engines like Google and bits and bytes are routed to remote servers around the world to help anonymize the identities of those who operate there.
McCaul told Steinbach that “one of the greatest concerns” for him personally involves the government’s inability to monitor that portion of the web, and the FBI agent admitted in his response that the bureau believes it’s already well behind with what it calls its “going dark” problem – the FBI’s weakness with regards to cracking into the digital traffic that occurs in the shadows.
“We are past going dark,” Steinbach said. “In some instances, we are dark,”
“The ability to know what they’re saying in these encrypted communication situations is troubling.”
In his prepared remarks, Steinbach explained that “changing forms of internet communication are quickly outpacing laws and technology designed to allow for the lawful intercept of communication content.”
“This real and growing gap the FBI refers to as ‘going dark’ is the source of continuing focus for the FBI, it must be urgently addressed as the risks associated with ‘going dark; are grave both in traditional criminal matters as well as in national security matters.”
In April, the executive assistant director of the FBI’s science and technology branch, Amy Hess, told the House Committee on Oversight and Government Reform that it’s critical for cops to “have the ability to accept or to receive the information that we might need in order to hold those accountable who conduct heinous crimes or conduct terrorist attacks.” According to cryptology experts, though, it’s so far been proven impossible to implement a method of bypassing encryption that can only be exploited by some.
“We just can’t do what the FBI is asking without seriously weakening our infrastructure,” Prof. Matt Blaze, a cryptology expert from the University of Pennsylvania’s school of engineering and applied sciences, testified at the time, adding that even attempts have the potential to yield “terrible consequences for our economy and national security.”
Earlier in the week, meanwhile, the CEO of Hacking Team – an Italian cyber vendor whose spyware has been sold to various government customers, including the US Navy and Drug Enforcement Agency – claimed in an email to clients that his company is quite capable of cracking the deep web.
“If you are a lawful user of the Internet, you have little to fear from Hacking Team,” he wrote. “BUT IF you break the law or engage in terrorism (or are thinking about it), you should know that the safe haven that the DARKNET provides is beginning to be exposed to the light.”
by RINF | May 21, 2015
The ‘Five Eyes’ alliance exploited weaknesses in popular browser and planned to hijack links to app stores to implant spyware on mobile phones, new documents show
(Common Dreams) – The intelligence alliance known as Five Eyes—comprising the U.S., Canada, New Zealand, the United Kingdom, and Australia—exploited security weaknesses in one of the world’s most popular browsers to obtain data about users and planned to use links to Google and Samsung app stores to infect smartphones with spyware, a top secret National Security Agency (NSA) document published Wednesday has revealed.
According to the 2012 document, leaked by whistleblower Edward Snowden and published jointly by CBC News and The Intercept, the NSA and its international counterparts took part in a series of workshops between November 2011 and February 2012 to find new ways to exploit smartphone technology for spying operations.
The Intercept reports:
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
The Five Eyes alliance targeted servers where smartphones get directed whenever users download or update an app from Google and Samsung stores.
…Ultimately, the spy agencies wanted to implant spyware on certain smartphones to take control of a person’s device or extract data from it, the document suggests.
The spy agencies also sought to match their targets’ smartphone devices to their online activities, using databases of emails, chats and browsing histories kept in the Five Eyes’ powerful XKeyScore tool to help build profiles on the people they were tracking.
The project emerged in part due to concerns about the possibility of “another Arab spring,” referring to the 2011 wave of revolutionary actions in Tunisia, Egypt, and other countries in the Middle East and North Africa where several autocratic, Western-backed leaders were ousted.
“Respecting agreements not to spy on each others’ citizens, the spying partners focused their attention on servers in non-Five Eyes countries, the document suggests,” write CBC‘s Amber Hildebrandt and Dave Seglins. “The agencies targeted mobile app servers in France, Switzerland, the Netherlands, Cuba, Morocco, the Bahamas and Russia.”
The spy agencies also began targeting UC Browser—a popular app in India and China with growing usage in North America—in late 2011 after learning that it had leaked information about its half-billion users.
According to the reporting, the operation was launched by a joint surveillance unit called the Network Tradecraft Advancement Team, which includes spies from each of the Five Eyes nations.
The document frames the plan as a move for national security, with the agencies seeking to collect data or spy indefinitely on mobile phones of “suspected terrorists.” But they did so without alerting the public or the phone companies of the browser’s weaknesses, which “potentially put millions of users in danger of their data being accessed by other governments’ agencies, hackers or criminals,” Hildebrandt and Seglins write.
“Of course, the security agencies don’t [disclose the information],” Ron Deibert, executive director of digital rights group Citizen Lab, which identified security gaps in UC Browser and alerted the company to those issues in April, told CBC. “Instead, they harbor the vulnerability. They essentially weaponize it.”