NSA has direct access to tech giants' systems for user data, secret files reveal

Canada’s Spy Agency Now Intercepting Private Messages 26 Times More Than Previously

http://www.vice.com/en_ca/read/cana...rivate-messages-26-times-more-than-previously

 

FBI DIRECTOR: AMERICANS NEVER HAD 'ABSOLUTE PRIVACY'

http://www.nextgov.com/cybersecurit...-americans-never-had-absolute-privacy/131144/

 

That's just silly. Two people walk into the woods randomly for a few miles. Whisper to each other. Who knows?

 

Yes. They also forgot to mention that Americans have never before had their privacy invaded by so many adversaries.

 

What has NEVER been done in history before is wall-to-wall suspicion-less mass surveillance. Attempted in East Germany.

He also neglected to mention the Constitution and the rule of law.

 

Oliver Stone 'stayed off the grid' to avoid hackers targeting his Edward Snowden film

http://www.hampshirechronicle.co.uk...id_hackers_targeting_his_Edward_Snowden_film/

 

NSA are ultimate black-hat hackers

 

New Campaign Set in Motion to Pardon Edward Snowden

http://news.softpedia.com/news/new-campaign-set-in-motion-to-pardon-edward-snowden-508242.shtml

 

The FBI's Quiet Plan to Begin Mass Hacking

https://blog.torproject.org/blog/fbis-quiet-plan-begin-mass-hacking

 

"Judge Rules Use of FBI Malware Is A ‘Search

Civil liberty advocates say a Texas judge got it right when he ruled on a controversial child porn case regarding the FBI’s use of malware to search a computer.
Senior U.S. District Judge David Alan Ezra of the San Antonio division of the Western District of Texas court ruled that sending malware to someone’s computer to covertly retrieve information from it is considered a search under the Fourth Amendment...."

https://threatpost.com/judge-rules-use-of-fbi-malware-is-a-search/120527/

 

Wow, that judge has a clue

 

Two Good Essays on the NSA's "Upstream" Data Collection under Section 702

https://www.schneier.com/blog/archives/2016/09/two_good_essays.html

 

"Yahoo secretly scanned customer emails for US intelligence

SAN FRANCISCO (Reuters) - Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter."

https://www.yahoo.com/tech/yahoo-se...-intelligence-sources-170638369--finance.html


Would you like some butter on your Yahoo? OoOPs, I meant to say: "...on your toast."

So ironic. Reuters, the main news feed for Yahoo, has been very much in front of the recent Yahoo bad news. Wondering if Yahoo is feeding it to them for some damage control reasons, e.g., control the narrative, or something like that.

 

That's arguably the most blatant example of gung-ho cooperation. Yes?

 

"... last year, Yahoo chose to comply with a classified “directive” to build “a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials” — the NSA in particular.

... Yahoo CEO Marissa Mayer’s decision not to put up any fight against the extremely broad request apparently prompted the departure of then-Chief Information Security Officer Alex Stamos, now head of security at Facebook."

https://theintercept.com/2016/10/04/delete-your-yahoo-account/\

The Intercept article linked above is a highly illuminating must read for privacy/4th Amendment advocates.

Yahoo is so done -- put a fork in it.

 

Hah Yahoo is long been a playtoy anyway in the hands of script kiddies a long time ago back in Windows 98. I even used and toyed with apps that would "boot" or "kick off" people on Yahoo Messenger just to see if it worked, and it sure did, that a whole lot more.

Needless to say I had better things to do with my time but it was amazing how simple and easy it was for script kiddies to penetrate anything and everything about Yahoo, and that was many years ago!!

So why be surprised when agencies step in to basically do the same things but instead of disrupting they suck out all the data/messaging available.

Yahoo is so stupid anyway. They actually had the drop on messaging similar to facebook long before it made it's debut as some mega mass communication chat agent etc.

They let that one slip completely out of their control so it's no wonder other start ups COPIED that and ran with their own versions, and I venture to say that even facebook took a page from old Yahoo to fashion up what they have today.

Poor old Yahoo, they been the floor mat for a long time and no one even remotely tried to put up any defense against it.

 

I'm much less concerned about Yahoo than I am about the action of the US government - the almost casual flouting of basic constitution and the law - and for what? Incredibly crude forms of data mining, doubtless based on some rubbishy regular expressions on absurdly simplistic search terms - e.g. people or businesses that happened to be called xxxx after the Egyptian god well before the group. Leading to huge numbers of false-positives, and damaging characterisation of people who are not threat - to their specific disadvantage with no recourse; PLUS, wasting huge amounts of time of the security services on the haystack. I.e., unconstitutional, illegal, damaging against the rule of law, and ineffective.

Of course, it is effective for the empire-builders in the security services and their snake-oil suppliers.

While we're on the subject of Yahoo, the GCHQ programme called OpticNerve - again rather obviously unconstitutional, illegal and unethical - was monitoring Yahoo video chat - apparently the analysts involved were distressed at the level of teenage nudity. Sure.

The other obvious concern is that, despite their protestations, many of the other US comms giants have also been similarly suborned, with or without the knowledge of their nominal leaders. The conclusion of the precautionary principle is then clear.

 

"...But Yahoo chief executive Marissa Mayer’s decision to obey the order last year upset Stamos and some other senior executives, according to Reuters. Instead of looping in the security team, Mayer turned to the Yahoo’s email engineers to develop the software, Reuters reported. That decision led to a programming error that left all Yahoo email vulnerable to hackers, the former Yahoo employee said."

"https://www.washingtonpost.com/news/the-switch/wp/2016/10/04/yahoo-scanned-all-of-its-users-incoming-emails-on-behalf-of-u-s-intelligence-officials/?hpid=hp_rhp-moretopstories2_no-name:homepage/story

"Stamos and the security team only found out about the secret program after testing Yahoo’s systems for vulnerabilities and discovering software which they first thought had been installed by hackers. The scanning software had been installed by Yahoo’s own engineers and the security team was apparently in the dark about it. This didn’t sit well with Stamos who resigned in protest."

http://www.ubergizmo.com/2016/10/ce...tedly-kept-secrets-from-yahoos-security-team/

Yahoo appears to have crossed the line from being toast and may now be more correctly classified as being burnt toast.

 

"Martin was employed by Booz Allen Hamilton, the same consulting firm that employed whistleblower Edward J. Snowden when he disclosed the global surveillance conducted by the NSA."

Can't see this firm getting any more contracts from the NSA.

https://thehackernews.com/2016/10/nsa-contractor-spy.html

 

Booz Allen's tentacles reach so wide throughout the Federal Government and is so firmly entrenched and well-connected, there is little chance of It losing any business. It's functions are vast and reach far beyond national security. It has among its employees hundreds, perhaps thousands, of former civilian and military high ranking officials of the type that never lose their influence within the departments and agencies that they formerly worked for.

These former officials left behind within their former agencies many that they promoted to high level positions. The individuals from the agency where I used to work that I know personally that went on to positions with Booz Allen, were all highly respected for their competence, intelligence, integrity, and likeability. No one at my former agency would be anything less than delighted to take a call or have a meeting with any one of them, provided it was within the bounds of what is legally and ethically permissible. That's how "the game" works. The name of the "game" is Access.

It's connections to the NSA notwithstanding,Booz Allen is one of, if not the most highly respected "consulting" firms in the nation. They not only are contractors with the Government but also do "consulting" for the largest multinational corporations, particulalrly in their dealings with the Government. For better or worse, depending on your point of view, Booz Allen is an intregal and fearsome cog in the workings of the DC "machine."

hawki <------- face-palms for "defending" Booz Allen.

 

The firm has to accept some responsibility for their employees' actions.

Respect is always at the individual level and as you have pointed out there is a close relationship here between these consultants and the client, but there must be some disquiet with this having happened twice with the same firm. The company's reputation will probably take a hit even though the relationship is solid. I expect some fallout.

 

Looks like others share your view emmjay:

"Booz Allen Hamilton shares turn negative after DOJ arrests government contractor"

http://www.cnbc.com/2016/10/05/booz...-after-doj-arrests-government-contractor.html

 

"...According to the Yahoo alum, a mere 'modification to [existing] mail filters wouldn’t have raised a red flag … [the security team] wouldn’t have been able to detect it in the first place.' Rather.'Yahoo’s security team had detected “something novel, like something a hacker would have installed.' The team believed it 'was or looked like a root kit,' ...'

...'The program that was installed for interception was very carelessly implemented, in a way that if someone like an outside hacker got control of it, they could have basically read everyone’s Yahoo mail,' something the source attributed to 'the fact that it was installed without any security review'...

...they immediately did what was done for any other uncovered vulnerability, filing a complaint so the problem could be tracked and corrected...after the security team raised an alarm over the email scanning, still thinking it was the work of an outside hacker and not their coworkers, the complaint suddenly went missing from Yahoo’s internal tracker...

...Eventually, several months after the tool was first installed, some members of Yahoo’s security team were filled in about the truth of scanning project,..”

https://theintercept.com/2016/10/07...ould-have-given-a-hacker-access-to-all-email/

~ Removed Off Topic Remarks and OT Image Link as per Policy ~

 

NSA could put undetectable “trapdoors” in millions of crypto keys

-- Tom

 

This is a math problem, which lazy internet site owners are facilitating for adversaries. It can take two months to generate a "hack" to a PRIME. Lazy providers are using what I'll call a "normal" prime, and one many many others are using too. So guess what, if an adversary takes the time and MONEY to break that specific PRIME the payoff is huge. One obvious solution is to always use a unique PRIME, which would discourage taking the time and MONEY to break it. The payoff wouldn't be worth the investment, so to speak. This is not a new weakness that was discovered, but the trapdoor expedites the process, while still a formidable one. See below.

Paste from your linked article:

The researchers were able to break one of these weakened 1,024-bit primes in slightly more than two months using an academic computing cluster of 2,000 to 3,000 CPUs.

end paste.

Even with these trapdoors in place the payoff must be significant to undergo what is needed to break in!!

Some of the top VPN providers we mention here have generated their OWN prime and can re-tool them as they need to.