Julian Assange "The Real Battle Is To Make Sure It Is Hard To Intercept Everyone At Once" VIDEO
Cops Keep Quiet About Cell-Tracking Technology
Police across the country may be intercepting phone calls or text messages to find suspects using a technology tool known as Stingray. But they're refusing to turn over details about its use or heavily censoring files when they do.
Police say Stingray, a suitcase-size device that pretends it's a cell tower, is useful for catching criminals, but that's about all they'll say.
For example, they won't disclose details about contracts with the device's manufacturer, Harris Corp., insisting they are protecting both police tactics and commercial secrets. The secrecy — at times imposed by nondisclosure agreements signed by police — is pitting obligations under private contracts against government transparency laws.
Even in states with strong open records laws, including Florida and Arizona, little is known about police use of Stingray and any rules governing it.
A Stingray device tricks all cellphones in an area into electronically identifying themselves and transmitting data to police rather than the nearest phone company's tower. Because documents about Stingrays are regularly censored, it's not immediately clear what information the devices could capture, such as the contents of phone conversations and text messages, what they routinely do capture based on how they're configured or how often they might be used.
In one of the rare court cases involving the device, the FBI acknowledged in 2011 that so-called cell site simulator technology affects innocent users in the area where it's operated, not just a suspect police are seeking.
Earlier this month, journalist Beau Hodai and the American Civil Liberties Union of Arizona sued the Tucson Police Department, alleging in court documents that police didn't comply with the state's public-records law because they did not fully disclose Stingray-related records and allowed Harris Corp. to dictate what information could be made public.
Revelations about surveillance programs run by the federal National Security Agency have driven a sustained debate since last summer on the balance between privacy and government intrusion. Classified NSA documents, leaked to news organizations, showed the NSA was collecting telephone records, emails and video chats of millions of Americans who were not suspected of crimes.
That debate has extended to state and local governments. News organizations in Palm Springs, Calif.; Tallahassee, Fla.; Sacramento, Calif., and Pittsburgh are among those that have been denied records about Stingrays or Stingray-like devices, including details of contracts that Harris has with government agencies.
In a response to a records request from the Tallahassee Democrat newspaper about Florida's use of cell-tracking technology, the state's top police agency provided a four-page, heavily censored document signed by a police investigator. The newspaper reported that the document referred to guidelines concerning the purchase of items and sought the department's agreement to the "provisions/content of the Non-Disclosure Agreement."
The Desert Sun of Palm Springs made a similar request to the San Bernardino County Sheriff's Department, which said it had to maintain secrecy even though the newspaper found information online about cell site simulators.
And in Sacramento, the local sheriff's office told a TV station it would "be inappropriate for us to comment about any agency that may be using the technology" in light of a Harris nondisclosure agreement.
Many of the requests were part of an effort to investigate the devices by Gannett Co. Inc., which publishes USA Today and owns other newspapers and television stations around the country.
"I don't see how public agencies can make up an agreement with a private company that breaks state law," said David Cuillier, the director of the University of Arizona's journalism school and a national expert on public-records laws. "We can't have the commercial sector running our governments for us. These public agencies need to be forthright and transparent."
A representative for Melbourne, Fla.-based Harris Corp. declined to comment or elaborate on how the company's agreements comport with open records laws. Court documents in Hodai's case show Harris' agreement required the Tucson city government not to "discuss, publish, release or disclose any information" about its products without the company's written consent.
The agreement also required the city to contact Harris when it receives public-records requests about a "protected product," like a Stingray, so that the company can "challenge any such request in court." The police department declined to comment on Hodai's lawsuit.
He had sought Harris contracts and police emails about how the technology is used. Email records show a Harris contract manager advised a Tucson police sergeant on what records couldn't be released to the public; the manager relied on the U.S. Freedom of Information Act, which governs records of the executive branch of the federal government.
Nathan Freed Wessler, a staff attorney with the ACLU, said there's often a distinction in public-records laws to protect bona fide trade secrets — such as circuit board diagrams — as opposed to broader information like agency policies governing a Stingray's use or purchase agreements. He said police in Florida have declined to tell judges about the use of Stingrays because of nondisclosure agreements.
A December 2013 investigation by USA Today found roughly 1 in 4 law enforcement agencies it surveyed had performed tower dumps, and slightly fewer owned a Stingray. But the report also said 36 additional agencies refused to provide details on their use, with most denying the newspaper's public-records requests.
THE SURVEILLANCE STATE: Canadian News Warned Us About BIG BROTHER 32 Years Ago! VIDEO
Is your smart TV spying on you?
Ofcom warns internet-linked systems could be harvesting data or filming you on the sofa
As you sit down in front of your hi-tech television, you may think you are the only one watching.
But as you catch up on your favourite shows, your internet-enabled 'smart TV' could be harvesting your personal data or even filming you through a camera, the Ofcom chairman warned yesterday.
Dame Colette Bowe, who is stepping down from her post at the media regulator later this month, warned of the risks posed by new televisions that contain cameras and microphones, suggesting companies could use them to spy on customers.
She told the Lords' Communications Committee she was concerned about the 'relatively unknown risks and dangers that consumers face'.
She continued: 'If you have a smartphone you are carrying a computer around in your pocket. A smart TV may well have a camera and a microphone in it. It is there in your living room. What is that smart TV doing? Do people realise that?'
As head of Ofcom, Dr Bowe is in charge of overseeing the regulation of most of the UK's television industry, as well as its mobile telephone networks and internet providers.
She warned the problem of protecting consumers' data was the biggest challenge the sector currently faces, but stopped short of calling for new laws to protect privacy.
She said: 'In terms of big challenges coming towards us it is in the area of data, privacy and people's willingness to yield up information about themselves and place themselves in positions of some risk, because of poorly understood uses of this technology. It is a major challenge, though whether it is a legislative challenge I'm not sure.'
In November, smart TV manufacturer LG was accused of collecting data about its customers' viewing habits, even after they enabled privacy settings on their sets.
An IT consultant claimed his set was monitoring the channels he was watching and had uploaded information about the contents of devices he connected to it.
The South Korean manufacturer announced an investigation into what it called a 'possible data breach', but insisted: 'Customer privacy is a top priority'.
The Information Commissioner's Office also launched an investigation into the firm for a possible breach of the Data Protection Act.
Many new TVs include built-in cameras to allow people to make video calls from their living rooms.
But experts have warned it is possible for voyeuristic hackers to access cameras installed in some TV sets remotely, and spy on users in their own homes.
On March 31, Dr Bowe will step down from her post after five years to be replaced by former BBC policy director Patricia Hodgson. She used one of her last public appearances to call for changes in the way the BBC is run.
Recommending that the corporation appoints a board of non-executive directors, she said its current management structure is a 'mistake' and 'highly regrettable'.
And she suggested rival broadcasters such as Channel 4 ought to be allowed to use BBC technology such as iPlayer to distribute their programmes.
US-UK special spy relations - Whistleblower & Snowden's lawyer speak VIDEO
'GCHQ in your sheets': UK spies collect Yahoo web chat images VIDEO
British spy agency GCHQ intercepted webcam images from millions of Yahoo users around the world
British spy agency GCHQ intercepted webcam images from millions of Yahoo users around the world, according to a report in the Guardian.
Yahoo denied prior knowledge of the alleged programme, describing it as a "completely unacceptable" privacy violation.
According to leaked documents, sexually explicit images were among those gathered - although not intentionally.
In a statement GCHQ has said all of its actions are in accordance with the law.
The operation, which was called Optic Nerve and was aided by the US National Security Agency, is alleged to have stored images between 2008 and 2010. In one six-month period in 2008, images from 1.8m users were gathered.
The report originated from documents leaked by whistleblower Edward Snowden.
It suggested that sexually explicit content would be captured by the system.
"Unfortunately … it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person," it read.
"Also, the fact that the Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography."
'Whole new level'
"We were not aware of nor would we condone this reported activity," Yahoo said in an emailed statement.
"This report, if true, represents a whole new level of violation of our users' privacy that is completely unacceptable and we strongly call on the world's governments to reform surveillance law consistent with the principles we outlined in December.
"We are committed to preserving our users' trust and security and continue our efforts to expand encryption across all of our services."
A statement from GCHQ said it would not comment on matters of intelligence, but added: "All of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee.
"All our operational processes rigorously support this position."
Legality of GCHQ surveillance questioned by leading lawyer VIDEO
Cabinet ministers have long insisted that GCHQ's surveillance programmes are legal. But a leading lawyer has questioned this claim. Jemima Stratford QC says the laws on spying are vague and outdated and ministers have 'unfettered' power to approve certain activities. So if the laws don't work, can GCHQ really rely on them?
British Spies Scouring The Internet (Social Media) For Clues That Might Lead To Future Events VIDEO
Full Disclosure: The Internet Dark Age
When the Government, Telecommunications companies and Internet Service
Providers, implant secret spying equipment in your home without your
knowledge or consent under the guise of something else, then use that
equipment to infect your computers and spy on your private network activity
not the internet
), we believe you have a
right to know.
It is not possible to make these claims without actual proof and without
naming the actual companies involved.
These events coincide with the global surveillance systems recently disclosed
and they further confirm the mass scale of the surveillance and how deeply
entrenched the Governments are in our personal lives without our knowledge.
The methods we disclose are a violation of security and trust. Good
Information Security (InfoSec) dictates that when we discover such back
doors and activity, we analyze, understand, publicize and fix/patch such
Doing otherwise is morally wrong
What is revealed here is the missing piece to the global surveillance puzzle,
that answers key InfoSec questions which include:
How do the NSA/GCHQ perform Computer Network Exploitation?
We reveal the
used by the NSA/GCHQ and others that allows
peer into your personal effects without regard for your
privacy, without your knowledge and without legal due process of law, thus
violating your Human Rights, simply because
The risks taken when such activity is undertaken is “
the activity being “
”, as well as the “
Loss of Capability
Source of this Information
“The simple knowledge that we may be clandestinely observed in our own
homes provided the determination to find the truth, which we did.”
This information is
the result of any knowledge of classified documents or
leaks, but based on information in the public domain and our own fact finding
mission due to
Forensic and Network Analysis Investigations
of private SOHO
networks located in the UK.
As we detail the methods used, you will see that information was uncovered
and on private property using privately owned
There is no law that we are aware of that grants to the UK Government the
ability to install dual use surveillance technology in millions of homes and
businesses in the UK.
Furthermore, there is no law we are aware of that further grant the UK
Government the ability to use such technology to spy on individuals, families
in their own homes on the mass scale that this system is deployed.
If there are such hidden laws, the citizens of the UK are certainly unaware of
them and should be
that such laws exist and that such activity is
being engaged in by their own Government.
All of the evidence presented is fully reproducible.
It is our belief that this activity is NOT limited to the UK.
Snowden: Bulk data collection is euphemism for mass surveillance VIDEO
N.S.A. Devises Radio Pathway Into Computers
The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.
Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”
“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
The N.S.A. and the Pentagon’s Cyber Command have implanted nearly 100,000 “computer network exploits” around the world, but the hardest problem is getting inside machines isolated from outside communications.
No Domestic Use Seen
There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.
“N.S.A.'s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”
Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
President Obama is scheduled to announce on Friday what recommendations he is accepting from an advisory panel on changing N.S.A. practices. The panel agreed with Silicon Valley executives that some of the techniques developed by the agency to find flaws in computer systems undermine global confidence in a range of American-made information products like laptop computers and cloud services.
Embracing Silicon Valley’s critique of the N.S.A., the panel has recommended banning, except in extreme cases, the N.S.A. practice of exploiting flaws in common software to aid in American surveillance and cyberattacks. It also called for an end to government efforts to weaken publicly available encryption systems, and said the government should never develop secret ways into computer systems to exploit them, which sometimes include software implants.
Richard A. Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group’s reasoning in an email last week, saying that “it is more important that we defend ourselves than that we attack others.”
Publishing this information, regardless of what domestic overreach the N.S.A. is guilty of, helps our enemies abroad and will weaken us in the future.
“Holes in encryption software would be more of a risk to us than a benefit,” he said, adding: “If we can find the vulnerability, so can others. It’s more important that we protect our power grid than that we get into China’s.”
From the earliest days of the Internet, the N.S.A. had little trouble monitoring traffic because a vast majority of messages and searches were moved through servers on American soil. As the Internet expanded, so did the N.S.A.'s efforts to understand its geography. A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.
A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
That map suggests how the United States was able to speed ahead with implanting malicious software on the computers around the world that it most wanted to monitor — or disable before they could be used to launch a cyberattack.
A Focus on Defense
In interviews, officials and experts said that a vast majority of such implants are intended only for surveillance and serve as an early warning system for cyberattacks directed at the United States.
“How do you ensure that Cyber Command people” are able to look at “those that are attacking us?” a senior official, who compared it to submarine warfare, asked in an interview several months ago.
“That is what the submarines do all the time,” said the official, speaking on the condition of anonymity to describe policy. “They track the adversary submarines.” In cyberspace, he said, the United States tries “to silently track the adversaries while they’re trying to silently track you.”
If tracking subs was a Cold War cat-and-mouse game with the Soviets, tracking malware is a pursuit played most aggressively with the Chinese.
The United States has targeted Unit 61398, the Shanghai-based Chinese Army unit believed to be responsible for many of the biggest cyberattacks on the United States, in an effort to see attacks being prepared. With Australia’s help, one N.S.A. document suggests, the United States has also focused on another specific Chinese Army unit.
Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China — perhaps through front companies — from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.
An Old Technology
The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.
In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.
One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.
The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.
Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.
Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
The N.S.A. refused to talk about the documents that contained these descriptions, even after they were published in Europe.
“Continuous and selective publication of specific techniques and tools used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies,” Ms. Vines, the N.S.A. spokeswoman, said.
But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.
One feature of the Stuxnet attack was that the technology the United States slipped into Iran’s nuclear enrichment plant at Natanz was able to map how it operated, then “phone home” the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program.
But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
On Sunday, according to the semiofficial Fars news agency, Iran’s Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting — and making no mention of what are suspected of being its own attacks on Saudi Arabia’s largest oil producer.
Sn-Oops! 'NSA thwarted one attack in 12 yrs' VIDEO
How 'spy in the pocket' phones track your every move
The extent to which mobile phones act as ‘spies in our pockets’ has been exposed by a senior Tory MP.
Former Shadow Home Secretary David Davis discovered how closely we can be watched when he asked his phone provider for the information it held on him – and found it could track his every move.
Mr Davis investigated after American whistleblower Edward Snowden revealed that the security services were forcing phone companies to hand over data on their customers.
The campaigning MP, who writes about his discoveries in today’s Mail on Sunday, says the list of times and co-ordinates – known as metadata – showed ‘where I had been at any one time for a year’.
It was so detailed that Mr Davis was able to plot out his movements over a day.
The one he chose was during last year’s party conference in Manchester, and the data mapped his meetings with members of the public, journalists and parliamentary colleagues.
‘I could see exactly where I had been at pretty much every point of the day,’ writes Mr Davis.
‘So in conjunction with those people’s phone records, the data would show everybody I met that day.’
Mr Davis has been an opponent of efforts by Home Secretary Theresa May to introduce a ‘snooper’s charter’ extending the State’s power to monitor communications.
He added: ‘The State rarely asks for information which isn’t of use to it. With this metadata they can learn as much about me as they can by reading my emails or eavesdropping on my calls.
‘Since the Snowden revelations, we know that our security services have engaged in legally dubious monitoring of our metadata.
‘We know that they, along with many Ministers, want the legal power to do this on an even bigger scale.
‘This has serious implications for our privacy.’