NSA has direct access to tech giants' systems for user data, secret files reveal

The NSA spies on US officials.

The NSA's close partners (Five Eyes, etc) arguably spy on their governments' officials.

The NSA and its close partners share raw intercepts with each other.

That implies that the NSA and its partners facilitate mutual spying.

That's bizarre.

 

Re: Dr. Joseph Bonneau (Google engineer) Wins NSA Award, Criticizes NSA

That suggests that the NSA and their foreign equivalents are not under the control of their respective governments. It appears that they're an enforcement arm, used even against their own government. This begs the question:
Who do they really work for?

If someone sees a different way this fits together, I'd like to see it.

 

Re: Dr. Joseph Bonneau (Google engineer) Wins NSA Award, Criticizes NSA

Well, who did LulzSec work for?

Maybe the NSA and their friends are just like LulzSec, but on a hugely grander scale.

 

Re: Dr. Joseph Bonneau (Google engineer) Wins NSA Award, Criticizes NSA

How the NSA Almost Killed the Internet.

Related: Brilliant NSA scandal illustrations.

-- Tom

 

Exaggeration much?
Mrk

 

Windows is full of backdoors, every time an application tells you there is a new update available it went online without our express permission or knowledge, it contacted a web server we dont know about and sent information we dont know about. From a security point of view, Windows is a like a seive with stuff leaking out everywhere.

 

Not quite true, like at all.
Mrk

 

Calling home and a backdoor are 2 separate things. Calling home is initiated by the OS or the installed software. Operating systems (not just Windows) and applications do plenty of calling home. A backdoor listens for incoming connections and instructions, connections not initiated by the PC or its software.

 

"A National Security Agency employee will continue to co-chair an influential group that helps to develop cryptographic standards designed to protect Internet communications, despite calls he should be removed."http://arstechnica.com/security/201...-co-chair-influential-crypto-standards-group/

Gosh, what a shocker.

Mrkvonic, unless you're an NSA or Microsoft employee, you're working with the same knowledge we are, which is little.

RockLobster, Noone_Particular is right. Backdoors and calling home are two different things entirely. The OS calls a server back home, so does security software, browsers and anything that auto-updates. These programs wouldn't even work correctly without that ability.

 

I am neither, but I do know how things work.
Besides, to say Windows is full of backdoors is nonsense.
Mrk

 

Here in the Boston area, today (Jan. 8, 2014) at 11AM, one of our local NPR stattions, WBUR at 90.0 on the FM dial, will broadcast via the Tom Ashbrook On Point program - Quantum Computing, The NSA And The Future Of Cryptography with guests:
Matthew Green, cryptographer and research professor at Johns Hopkins University. Author of the blog, “A Few Thoughts On Cryptographic Engineering.” (@Matthew_D_Green)

Seth Lloyd, professor of quantum mechanical engineering at the Massachusetts Institute of Technology.

Steven Rich, database editor for the investigative at The Washington Post. (@dataeditor)

Should be a very interesting listen.

Edit:
You can download the mp3 audio of the radio show from here.
End Edit.

-- Tom

 

http://www.statewatch.org/news/2014/jan/ep-draft-nsa-surveillance-report.pdf

 

The ability of the NSA to intercept and vacuum up practically every byte of data on earth was considered nonsense too. If and when we ever see the code, or a Microsoft employee gets gutsy and goes all Snowden on them then we will know. Until then, whether we know how something works or not, all we have is a guess and a hope. Perhaps you're spot on when talking about XP on back. Heck, maybe even 7. But do you have all the faith in the world that 9, 10 and so on won't have any? After all, these revelations and secrets being revealed aren't exactly scaring the NSA off. If anything, they are getting more defensive and determined. I'm not calling you stupid or singling you out for a forum battle. I'm just saying that at this point in time, we can't get the facts so all we have is educated and personal opinions.

 

More talk about NSA and the ANT protocols will be discussed
on "Security Now".


Watch video at http://twit.tv/show/security-now
Date: 01/14/2014

Records live every Tuesday at 1:00pm PT/4:00pm ET.

 

NSA’s ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware

After years of speculation that electronics can be accessed by intelligence agencies through a back door, an internal NSA catalog reveals that such methods already exist for numerous end-user devices.

When it comes to modern firewalls for corporate computer networks, the world’s second largest network equipment manufacturer doesn’t skimp on praising its own work. According to Juniper Networks’ online PR copy, the company’s products are “ideal” for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company’s special computers is “unmatched” and their firewalls are the “best-in-class.” Despite these assurances, though, there is one attacker none of these products can fend off — the United States’ National Security Agency.

-

 

You're not being accurate. Intercepting info the way you see in the movies, if anything, this shows that it's not done that way. NSA did not brute force itself anywhere. They got the data politely. So once upon a time, people would say NSA hacks everything and gets the info. That's nonsense. Still is. NSA just gets the data, and that has always been true, and that's actually boring and obvious.

When people talk about Windows backdoors, they talk without any knowledge of how it works and what it does. It's not like every computer has an NSA midget inside its chips, waiting for the doomsday command. It does not work like that. Watch the der spiegel piece, it's a hundred little appliances that are physically planted where needed, or bad software, or voluntary disclosure, never any great backdooring.

Are you worried? Grab a Chinese router. Hook Windows 7/8/9/10 to it. Sniff all traffic. Turn off windows update and such to minimize noise. Once you get an encrypted packet "phone home", this will become a sensation. I do not recall ever seeing anyone disclose something like this online.

Spectacular title: I have a 54k packet stream from my host to nsa servers, lo and behold.

I like a good story, like anyone else.
This is just a case in global incompetence, if anything.

Cheers,
Mrk

 

How did we end up with a centralized Internet for the NSA to mine?.

-- Tom

 

Mrkvonic, my accuracy isn't really the point, as I didn't get into how they did it, just they they are doing it. You're saying they aren't vacuuming up all data from everywhere then? You are right about one thing, the NSA doesn't have to hack anything, they just tap the cables. I suppose they politely are spying on Congress and diplomats of other governments? How does one do that? "Excuse me, Chancellor Merkel? Hello, we're the NSA and we'd like to know if we can monitor your emails and telephone conversations. If you'd just say yes and act suitably shocked when others find out, that would be great". I actually find it humorous that movies depicting these things are becoming more accurate.

As for worry, I'm more concerned about the health of my country in the long run because of all this than personal worries about them spying on me. Fortunately the programs bit them in the hind quarters and they have so much data they can't figure out what all they've got. I'm probably buried beneath millions of teenage girl ramblings over Facebook and text messages.

 

You're not reading my text, are you? Here:

"NSA just gets the data, and that has always been true, and that's actually boring and obvious."

Yes they are. But not because of any backdoors in windows.

Regards,
Mrk

 

How the NSA Threatens National Security.

-- Tom

 

No. Today, the Guardian has a story on the Moraes report:

http://www.theguardian.com/world/2014/jan/09/nsa-gchq-illegal-european-parliamentary-inquiry

 

Yes I know technically they are two different things, but realistically speaking the end result is very similar. Once an application has access to the internet it can behave like a backdoor, at any time it can phone home, announce its presence on your PC and await instructions. We assume it behaved itself and just called its server to check if there is an update, but in a closed source envirnment we never really know.

 

There are more sophisticated appliances out there for routing but this is an example albeit four years ago.

Law Enforcement Appliance Subverts SSL

That little lock on your browser window indicating you are communicating securely with your bank or e-mail account may not always mean what you think its means.

Normally when a user visits a secure website, such as Bank of America, Gmail, PayPal or eBay, the browser examines the website’s certificate to verify its authenticity.

At a recent wiretapping convention, however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds. The boxes were designed to intercept those communications — without breaking the encryption — by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.


Algorithms built into appliance firmware route on keywords and ‘other criteria’ that segregate incoming packets and route to specific queues which read the information rating on various keyword and message structure' are then given priority and assigned to specific analysts. Very easy to separate from noise of regular internet traffic.

-

 

Still doesn't prove an ominous NSA All-your-MS-boxes-are-belong-to-us-MUHAHAHA-ploy.
Data-dragnets are applied to everyone and their dog and that's what should be the main topic imo.
But their high-target hw&sw exploit arsenal aimed at individuals, isn't used on every Joe and Jane Average.
Not everyone is a top-Iranian nuclear scientist or German Bundes Kanzlerin.
I don't worry about the NSA ability to exploit potentially every piece of software or hardware I use. I'm not that interesting.
The endless list of programs, currently harvesting data indiscriminately and storing that for decades, a cradle-to-coffin data set on a large part of human kind, is my worry.

If the next NSA slide released by Snowden, proves me utterly wrong, I'll humbly apologize of course

 

Why are you still talking about backdoors in Windows? That discussion ended on my part when I said neither I nor you could prove there were or weren't any in Windows. That still is quite true. You're very much entitled to your belief, but it isn't proof. I'm discussing the fact that they don't need backdoors to get it. I don't quite think that it is boring however. Obvious yes, boring not really. More like sad and pathetic.

Justintime, I'm aware of their flagging system. And I'm sure even it is inundating them with data because those flags can be tweaked and added to at any time. That's another of their issues. The governments idea of "threat" and ours is often quite different.

Baserk, I think the exploit arsenal has been handed over to the FBI for use instead of the NSA. Just the other day an article pointed out that the FBI mission statement has been changed from law enforcement to national security. They've been in on the spying game for a while, but it looks like they're being told to become another intelligence agency instead of just a crime fighting agency.