NSA has direct access to tech giants' systems for user data, secret files reveal

The NSA and Its “Compliance Problems”.

-- Tom

 

-http://www.washingtonpost.com/world/national-security/black-budget-summary-details-us-spy-networks-successes-failures-and-objectives/2013/08/29/7e57bb78-10ab-11e3-8cdd-bcdc09410972_story.html

Edit: ... and ...

-http://www.washingtonpost.com/world/national-security/nsa-paying-us-companies-for-access-to-communications-networks/2013/08/29/5641a4b6-10c2-11e3-bdf6-e4fc677d94a1_story.html

 

More on the NSA Commandeering the Internet by Bruce Schneier.

-- Tom

 

Thanks for the laugh.

So the announced --not implemented-- steps by the US government, against the current 'Off the reservation'-style NSA data collection frenzy, have NOT been implemented in Europe.
Message is clear, Europeans are doing worse. Makes sense.

 

Given that this data doesn't include requests under NSLs, I'm not sure how probative it is. I see no reason why broadly invasive access demands and intercepts by other major intelligence organizations would be any more public than NSA's were before Snowden. Maybe the NSA doesn't really know Russia's, China's etc capabilities, or maybe Snowden just wasn't looking for that information. With enough resources, anyone could tap the major undersea cables and such.

 

Feds plow $10 billion into “groundbreaking” crypto-cracking program.

-- Tom

 

This is one of the reasons I believe the nearly blind faith in encryption measures will sometime soon bite its believers. Bruce Schneier is a good, smart guy, but he's one of those that I think places far too much faith in modern measures. Agencies like the NSA aren't hiring just any old math geeks. Some of the brightest, most clever minds that walk the Earth check into that giant mirrored building every morning, and they've got billions of dollars a year to play with. This isn't even factoring in the folks at the CIA and DARPA..DARPA not really focusing on such thing, but many of their ideas go on to have unplanned benefits to many technological areas. I've often heard the phrase "the math is solid". Well, yes it is, until the next math genius decides to walk to the chalkboard and obliterate the "facts". It's been happening for centuries, no reason to believe that as we've become more advanced that it will cease.

 

From Practical Cryptography (2003):

They would not need 35,000 people or $10 billion for research into cracking encryption. They're not going to waste that much money or manhours on brute force attacks either. These numbers suggest that they have found the feared "class of attacks" and need that many people to get through the encrypted data they've already accumulated. They wouldn't need that many people for data encrypted by non-standard (or as some call them, obscure ciphers).

Forget the probability numbers for brute forcing touted by those who say AES can't be attacked. The money spent and the people required tell you what you need to know. Get away from AES.

 

That's the way I figure it too, I'm just waiting for that ~ Snipped as per TOS ~ moment when somebody leaks out what we believe to be already true. I have no idea why brute forcing is ever discussed in these matters. It's a pathetic argument to use when trying to make the case that breaking is "impossible". Who ~ Snipped as per TOS ~ brute forces things anymore unless it's some stupid little password to a Facebook account or something? It's not even worth the trouble of trying.

Between Ft. Meade and the Utah facility, they've got the money, time, classified know how and tools to do almost anything they darn well please as far as code and crypto goes.

 

If they want to expend that kind of money and manpower cracking peoples encrypted files, the least we can do is keep them busy. We should all start encrypting cat videos, common newspaper articles, PDF textbooks, audio recordings of rush hour traffic, etc and upload them to sites like rapidshare, dropbox, e-mail draft folders, etc.

 

Even better, just use random data, such as:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

[many 64-character lines with random characters that GnuPG uses]

-----END PGP MESSAGE-----

 

With a decent webcam, a few batch files, and a task scheduler, the process could be automated. Every half hour, a new video, from a webcam pointed at the fish tank.

 

Only issue is, when dealing with Dropbox and others, eventually all those uploads will hit your wallet.

 

Recent events suggest another place to put them. Hidden Tor servers. They're digging thru them looking for kiddie porn.

 

Tor is literally the last place I'd put anything, even to screw with them.

 

It would be one of my first choices. I realize that nodes and exits operated by 3 letter agencies is a real problem. While we can't get rid of them, the more nodes/exits users create, the lower the chances of your traffic using a bad node become. If Tor users got together, they could create a lot more nodes than all the 3 letter agencies. Even if the agencies could match the quantity, they'd need a lot more people to go through the data, at a time they're trying to eliminate potential leaks by reducing staff.

 

Have you seen this?

-https://metrics.torproject.org/users.html

Best guess seems to be a botnet.

 

Mrs. Slocombe's?

 

You score points for that reference

@Mirimir: That's what I'm guessing too. One never knows though.

 

'Hello, NSA? I accidentally deleted an email'.

-- Tom

 

i just think it is funny how they use my taxes to spy on me and other countries. The other countries should at least foot their part of the bill.

If i understand this who mess, they do not use software at the PC level at all? only access to who ever bushiness they want's servers? such as wilders or any other anti maleware, social sites if they so chose?

 

As I understand their setup for intercepting the Internet, they are using grid computing:

-https://en.wikipedia.org/wiki/Grid_computing

The 2008 document about XKeyscore indicates that there were about 500 intercept sites that could be searched in parallel, looking at live data, and that useful traffic could be directed to long-term srorage. That sounds like a grid.

 

How the NSA Misleads the Public Without Technically Lying.

-- Tom