NSA has direct access to tech giants' systems for user data, secret files reveal

So, the NSA Has an Actual Skynet Program

-- Tom

 

By that logic, UPS drivers are burglars casing neighborhoods

 

Not sure how that makes you a terrorist.

 

Attempts (albeit clueless) at obfuscation?

 

[sarcasm]Maybe the cell service providers think they're using them to escape roaming charges. Not getting every dime they think they're entitled to terrorizes them, hence the term terrorist. [/sarcasm]
Bad joke, yes, but the logic used by those applying that label isn't any better. It's getting to the point that not giving big money all they demand or taking a stand that hurts their bottom line is becoming sufficient to merit that label.

 

Snowden vindicated.

-- Tom

 

Sad state of affairs when exposing illegal government activities makes you subject to the death penalty.

 

Edward snowden i believe is morally obliged to disclose any form of illegal governmental activities for the sake of the common general public..He acted accordingly in the interests of society.

Does indeed make you wonder what other "secrets" the governments are concealing.

 

Human experimentation is a huge area. Soldiers, prisoners, and poor people have commonly been used in medical experiments. Maybe it's OK for the military, given the terms of the deal. But prisoners arguably can't give freely informed consent. And the use of the poor is despicable.

The US Tuskegee syphilis experiment (1932-1972) is well known. In developing exposure assessment methods, the US military injected plutonium into poor patients to measure excretion rates. And to inform military triage during nuclear war, US researchers administered fatal X-ray doses to poor people and documented the progress of radiation sickness.

 

It is a rather scary and horrid thought that it took so long for one courageous individual to make these disclosures and that now he is sought for a charge under The Espionage Act of 1917 which carries a death Penalty. [I suppose it is also a scary thought to consider that what Snowden did has been done before by a double-agent who disclosed all this to another Nation State.]

Snowden was not only courageous, but was also extremely smart and clever to be able to do what he did. I would like to think there are others who would have wanted to do similar things but were not smart enough to figure out a way to to do so without meeting death by an odd accident.

Not only was Snowden courageous, he was an honest Patriot in the truest sense of the word, dedicated to upholding our Democratic Republic through adherence to the mandates of The Constitution and Bill of rights. Sure there is an argument on the other side about national security, but what is it those national security arguments are aimed at protecting? The USA as it was conceived by The Founding Fathers, or something The Founding Fathers revolted against the British to escape from?

[Yes I understand that The Court only found the program was not authorized by Sections of The Patriot Act and did not go as far as finding it to be unconstitutional, but that was only cuz the Patriot Act Expires on June 1, 2015 and the Congress had a review of extending and/or changing it underway.]

Not to be trite, but because it can not be said enough:

"“Those who surrender freedom for security will not have, nor do they deserve, either one.” *

Benjamin Franklin, 1755


* Some historians argue that the source of this oft-cited quoted was originally written in a letter by Franklin that actually said:

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

 

@hawki "I suppose it is also a scary thought to consider that what Snowden did has been done before by a double-agent who disclosed all this to another Nation State"

I don't think it's particularly denigrating human nature to expect there to be about 1,000 corrupt leakers for every Snowden. Regular spies or moles, whether for money or other motives would be commonplace, there is nothing in the Snowden revelations that would have surprised China or Russia, only the citizens (vassals) of their own countries.

I'm actually even more concerned with people leaking the information for money - a great deal of money - to regular criminals and also for the purposes of insider dealing. It does not take a rocket scientist to figure a fairly straightforward spread-bet based on advanced routine earnings information, which could easily be garnered through some anodyne searches in their databases, for example. And that's without the more industrial scale spying against big companies like Airbus.

Not accounting for constitutionality (this is why it's in the constitution), they make this stuff available to way too many people, and do not scrutinize or audit their actions in any meaningful sense. Nor are there any people doing jail time for the insider dealing and leaking-for-money which must have occurred many times. They should not be collecting and storing this information at all, let alone making it available to all and sundry (including the X-eyes).

 

Congress already has that handled, and Separation of Powers protects them (they say) from investigation Nice perks, if you can manage them

On the other hand, the NSA also shares unredacted intercepts of their communications with the Five Eyes and Israel. So maybe they get blackmailed. It's a strange world, isn't it?

 

I disagree. If he was a Patriot in the truest sense of the word, he wouldn't have leaked info. on US spying on foreign nations. Sure, these foreign nations know they are being spied upon by the US, but they can only guess on the "how", "how much", "who(specific targets)", etc. How i wished he just leaked info on US domestic spying. Then again it's just my opinion.

 

I strongly believe that he was a patriot, even though I am not from the US I respect him and believe he embodies what makes America great.

The international spying, while not illegal was a kick in the face to countries that are closely allied with the US. I have lost family and friends fighting in wars led by the US in the name of freedom. I feel that him sharing the information on international spying showed that he respected the allies of the US as much as the US citizens.

 

Love it, I need immunity for my insider dealing to pay the blackmail bills... And of course, we haven't touched on the institutionalized insider-dealing where wall street have their direct data feed into the info. That would be perfectly legal and in the interests of national security.

Regarding Snowden's leaking of the US spying on allies, that wasn't the issue for me. I have two problems: a) the collusion and active cooperation of my own government and service providers (I pay them money!!!) in blithely handing over the information (as you say, unredacted because they cannot, despite their claims, do proper data mining from it); and b) the existence of the bulk databases, the mass surveillance and storage - which is a disastrous radioactive waste dump, a nightmare which will keep on harming.

I think Snowden did cover that he was not able to raise the issue through "normal" channels (and I think DNI Clapper's not wittingly reply tipped him over the edge). And I think we do need the information directly because, quite clearly, the TLAs routinely lie and define words to mean what they want them to mean, provide weasel answers and so on. The ONLY way you can ask the right questions and get standing in legal challenges is precisely because the information is now in the public domain. The damage of the Snowden revelations is self-inflicted, they did not get the authority from the public, and that's done huge damage to trust and public support.

 

Snowden did attempt to to report concerns to internal NSA offices. Remeber, he was not an employee of the NSA at the time of his major revelations. He was working for an NSA Contractor-Booze Alllen.

"Snowden told the European parliament in March that he reported policy or legal issues with surveillance programs to at least 10 officials... Snowden said he sent multiple emails to the NSA's Office of General Counsel raising concerns about the agency's practices.

'The NSA has records. They have copies of emails right now to their Office of General Counsel, to their oversight and compliance folks, from me raising concerns about the NSA's interpretations of its legal authorities," Snowden said...

The NSA has now explained that they have found one e-mail inquiry by Edward Snowden to the Office of General Counsel asking for an explanation of some material that was in a training course he had just completed," an NSA spokeswoman said in an email.

'The e-mail did not raise allegations or concerns about wrongdoing or abuse, but posed a legal question that the Office of General Counsel addressed. There was not additional follow-up noted'...

... Snowden also suggested that, aside from his email correspondences, he raised unofficial complaints to colleagues and supervisors. He said he was told by some of his colleagues to 'stop asking questions.'"


http://www.businessinsider.com/snowden-interview-brian-williams-email-nsa-general-counsel-2014-5

 

NSA protesters plant secret recorders around NYC, post sound files online

http://www.scmagazine.com/artists-prank-nsa-with-secret-data-collection/article/415868/

 

EC digital commissioner say no to encryption back doors

http://www.techworld.com/news/apps/ec-digital-commissioner-say-no-encryption-back-doors-3612415/

 

NSA Planned to Hijack Google App Store to Hack Smartphones - The Intercept

 

Note that the dates are 2011 and 2012. They've had 3-4 years to make use of this. It's a safe bet that they've compromised a large percentage of these phones if not the majority of them.

 

A friend recently shared links to two posts on cryptostorm's member forum. They both focus on what they call "Corruptor-Injector Networks" aka "CINs" or "sins". One example is the NSA's Tailored Access Operations (TAO) group. I've read them, but this is intense and highly technical stuff, so I don't have much to say yet. But maybe someone can help interpret and assess them.

črypto is finished... and it's about time × (also: 'Balrog' malnet, firsthand view)
by Pattern_Juggled (cryptostorm member forum Site Admin)
https://cryptostorm.org/viewtopic.php?f=67&t=8702&sid=23e309e267476955b02deaa409f6192e

Live-Capture Forensics of Corruptor-Injector Network injecting fake Chrome install via https@google
by cryptostorm_team
https://cryptostorm.org/viewtopic.php?f=67&t=8713&sid=23e309e267476955b02deaa409f6192e

 

@mirimir

I read through the CIN paper and it reminded me of the commercial malware made by Gamma, specifically this tool that is installed on an ISP level in order serve malware to targets as needed:

https://wikileaks.org/spyfiles/files/0/297_GAMMA-201110-FinFly_ISP.pdf

What I don't understand at all is how the NSA would be able to serve malware to a VPN connection, without cooperation of the VPN provider. I guess they could drop your VPN connection or try to hit you as you're trying to connect, but that's not what's described. It's not like they can decrypt 128- or 256-bit AES on the fly or break OpenVPN/SSH... They didn't explain how it works very well, do you know more than I do?

And what makes me skeptical that this is even real is that the author said it was obvious to him that something odd was happening. The whole point of gov-grade malware is to be FUD whereas this is the exact opposite. Maybe cryptostorm is just trying to stir up attention to get customers, they're some very shady people there....

 

@krustytheclown2 - isn't Logjam and the discussion of the Turmoil IKE cracks relevant? If they have the pre-computed key, my understanding is that session would be completely open for regular "CIN" type exploits - or perhaps, because it takes a while (maybe 15 mins) to recover the session key, but then, I guess many VPN sessions stay active for a long time. And I don't think it needs cryptostorm to emphasise the industrial-scale malware programmes they are running. The extreme danger of these things is that they will use them on an industrial scale, with possibly no human intervention at all, let alone due process.

 

You're right, I hadn't yet read the news regarding the compromise of the key exchange upon which the security of both protocols depends.

Still, I don't think that the NSA will be sending out malware willy-nilly, that's how vulnerabilities get discovered and patched (and why the exploits used by criminal hackers tend not to last very long). It's been and will likely remain to be highly targeted towards foreign gov'ts, corporations, and terrorists (real terrorists like ISIS). Take a look at Turla, it was around for many years before it was discovered, largely because it was not widespread. The NSA (and the Russian intelligence) are smart and they know how to keep a very low profile.

The odds that anybody reading this forum has ever been directly targeted by the NSA are extremely slim. LE-oriented malware used against activists and such is probably the worst thing anybody here will ever have to go against. I stand by my thoughts regarding the cryptostorm article, I'm very skeptical that whoever wrote that was that interesting to the NSA- the FBI, maybe, but it's an order of magnitude lower.

 

"FBI admits no major cases cracked with Patriot Act snooping powers..."

http://www.washingtontimes.com/news/2015/may/21/fbi-admits-patriot-act-snooping-powers-didnt-crack/