Moderators: Elvis, DrVolin, Jeff
by cptmarginal » Mon Feb 16, 2015 11:23 pm
by conniption » Tue Feb 17, 2015 5:26 am
conniption » Tue Jan 28, 2014 2:58 am wrote:Washingtons Blog
embedded links at the source
Open Letter from Top U.S. Computer Security Experts Slams NSA Spying As Destroying Security
Posted on January 25, 2014 by WashingtonsBlog
The NSA Is Making Us All Less Safe
An open letter today from a large group of professors – top US computer security and cryptography researchers – slams the damage to ecurity caused by NSA spying:
Inserting backdoors, sabotaging standards, and tapping commercial data-center links provide bad actors, foreign and domestic, opportunities to exploit the resulting vulnerabilities.
The value of society-wide surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to privacy, democracy, and the US technology sector is readily apparent. Because transparency and public consent are at the core of our democracy, we call upon the US government to subject all mass-surveillance activities to public scrutiny and to resist the deployment of mass-surveillance programs in advance of sound technical and social controls. In finding a way forward, the five principles promulgated at http://reformgovernmentsurveillance.com/ [a site launched by Google, Apple, Microsoft, Twitter, Facebook, AOL, Yahoo and LinkedIn] provide a good starting point.
The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.
The Washington Post notes that these are some of the top names in computer cryptography and security, including heavyweights in the government.
Many other top security experts agree:
IT and security professionals say spying could mess up the safety of our internet and computer systems
“By weakening encryption, the NSA allows others to more easily break it. By installing backdoors and other vulnerabilities in systems, the NSA exposes them to other malicious hackers—whether they are foreign governments or criminals. As security expert Bruce Schneier explained, ‘It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create.’”“[NSA spying] breaks our technical systems, as the very protocols of the Internet become untrusted.
***
The more we choose to eavesdrop on the Internet and other communications technologies, the less we are secure from eavesdropping by others. Our choice isn’t between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping; it’s between a digital world that is vulnerable to all attackers, and one that is secure for all users.
***
We need to recognize that security is more important than surveillance, and work towards that goal.”
“A team of [10] UK academics specialising in cryptography has warned … that ‘by weakening all our security so that they can listen in to the communications of our enemies, [the agencies] also weaken our security against our potential enemies‘….
The biggest risk, they imply, is that civilian systems and infrastructure – perhaps including physical systems such as the power grid – could become vulnerable to attack by state-sponsored hackers who are capable of exploiting the same ‘backdoors’ in software that have been planted there by the western agencies.”
And see this.
_______
embedded links at the source.
RT
Criminally insane irresponsibility led to modern ‘hacker’s paradise’
Published time: February 17, 2015
The US government has been irresponsible about cyber security for the past 25 years, essentially allowing the NSA to create a ‘hackers paradise’ through numerous infantile backdoors they planted, former US intelligence officer Robert Steele told RT...
https://www.youtube.com/watch?v=yy8r8TPiajA
continued...
by cptmarginal » Wed Mar 11, 2015 10:43 pm
seemslikeadream » Mon Feb 16, 2015 8:41 pm wrote:ForbesEquation = NSA? Researchers Uncloak Huge 'American Cyber Arsenal'
Security researchers have uncovered a trove of highly-sophisticated hacking tools used over the last 15 to 20 years to break into thousands of targets’ computers. There’s little doubt the malware and exploits used belonged to the National Security Agency, according to security experts.How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
"Equation Group" ran the most advanced hacking operation ever uncovered.
by Dan Goodin - Feb 16, 2015 1:00pm CST
New smoking gun further ties NSA to omnipotent “Equation Group” hackers
What are the chances unrelated state-sponsored projects were both named "BACKSNARF"?
by Dan Goodin - Mar 11, 2015 1:01 pm UTC
Researchers from Moscow-based Kaspersky Lab have uncovered more evidence tying the US National Security Agency to a nearly omnipotent group of hackers who operated undetected for at least 14 years.
The Kaspersky researchers once again stopped short of saying the hacking collective they dubbed Equation Group was the handiwork of the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project. Still, they heaped new findings on top of a mountain of existing evidence that already strongly implicated the spy agency. The strongest new tie to the NSA was the string "BACKSNARF_AB25" discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed "EquationDrug." "BACKSNARF," according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA's Tailored Access Operations.
"BACKSNARF" joins a host of other programming "artifacts" that tied Equation Group malware to the NSA. They include "Grok," "STRAITACID," and "STRAITSHOOTER." Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the "BACKSNARF" artifact isn't conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems infinitesimally small.
The code word is included in a report Kaspersky published Wednesday detailing new technical details uncovered about Equation Group. Among other new data included in the report, the timestamps stored inside the Equation Group malware showed that members overwhelmingly worked Monday through Friday and almost never on Saturdays or Sundays. The hours in the timestamps appeared to show members working regular work days, an indication they were part of an organized software development team. Assuming they worked a regular 8 to 5 workday, the timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US. The Kaspersky report discounted the possibility the timestamps were intentionally manipulated, since the years listed in various executable files appeared to match the availability of computer platforms the files ran on.
Previously found evidence suggesting a possible connection to the NSA included the Equation Group's aptitude for conducting interdictions that in 2009 placed highly advanced malware on a CD-ROM sent to a prestigious researcher who attended a scientific conference. That interdiction was similar to an NSA-sponsored one detailed in documents leaked by former NSA subcontractor Edward Snowden that installed covert implant firmware on a Cisco Systems router as it was being shipped to its unwitting customer. Still other ties included zero-day vulnerabilities shared between Equation Group malware and the NSA-led Stuxnet worm that sabotaged Iranian uranium enrichment efforts in 2009 or so. The countries that were and were not targeted are also consistent with Equation Group being a US-sponsored project.
Most of the new details included in Tuesday's report will be of interest only to hard-core researchers. Still, they only bolster previous findings that Equation Group was hands down the world's most advanced hacking operation ever to come to light. Whereas before the sprawling Equation Drug platform was known to support 35 different modules, Kaspersky has recently unearthed evidence there are 115 separate plugins. The architecture resembles a mini operating system with kernel- and user-mode components alike. Readers can expect more revelations to come as researchers continue to analyze new samples and further examine the malware that has already come to light.
by elfismiles » Thu Mar 19, 2015 2:25 pm
by seemslikeadream » Sun Mar 29, 2015 11:44 am
Why Wikimedia Just Might Win Its Lawsuit Over NSA Surveillance
Posted on Mar 27, 2015
By Thor Benson
The National Security Agency and the Department of Justice are being sued by Wikimedia, the nonprofit organization that runs Wikipedia—the online encyclopedia whose articles can be written or edited by anyone.
Wikimedia claims that the U.S. government’s mass surveillance programs are threatening its ability to spread free, open and honest information and that the way the NSA collects data violates the First and Fourth Amendments to the Constitution. The organization is being represented by the American Civil Liberties Union and is joined in the suit by eight other plaintiffs, including the National Association of Criminal Defense Lawyers, Human Rights Watch, Amnesty International USA and The Nation.
The suit is specifically challenging the NSA’s use of “upstream surveillance,” which taps directly into the Internet’s backbone—the network of cables and routers that makes the Web possible—and intercepts all the traffic that goes across it.
Under the 2008 Foreign Intelligence Surveillance Act, the agency only has the legal authority to gather data on foreign nationals residing outside the United States, but in reality, far more data is being collected on American citizens than on foreigners.
Advertisement
The NSA has made claims none of this data is technically “collected” until it’s been utilized in some way.
“The government plays word games and argues sometime that it doesn’t actually acquire information until it’s ingested in a particular manner,” Ashley Gorski, a fellow with the ACLU’s National Security Project, told Truthdig. She said the government is collecting these communications and searching through them but pretending it isn’t.
Wikimedia’s suit claims the NSA’s upstream surveillance is causing people to self-censor for fear of being monitored by the government.
“We believe that the NSA’s upstream surveillance has a chilling effect not only on Wikimedia’s writers and editors but on all of our plaintiffs,” Gorski said. “As a general matter, the private communications of innocent Americans don’t belong in the government’s hands, and if people know the NSA is watching, they’re going to hesitate before visiting controversial websites, before discussing controversial issues or investigating online politically sensitive questions.”
Juliet Barbara, the senior communications manager for Wikimedia, agrees.
“Mass surveillance is a threat to intellectual freedom and a spirit of inquiry, two of the driving forces behind Wikimedia,” she told Truthdig. “Wikipedia is written by people from around the world who often tackle difficult subjects. Very frequently they choose to remain anonymous, or pseudonymous. This allows them to freely create, contribute and discover without fear of reprisal. Surveillance might be used to reveal sensitive information, create a chilling effect to deter participation, or in extreme instances, identify individual users.”
There are clearly many individuals who might not want the U.S. government reading their emails, but the plaintiffs argue that the spying also hinders their ability to do their jobs properly. For example, a NACDL defense lawyer representing someone accused of terrorism or of being involved in a violent protest must be able to communicate with clients in a confidential manner.
One might think that simply encrypting the data of Wikipedia users would be the answer, but, Barbara said, sometimes it’s not that easy. With a large network like Wikipedia, encrypting every process can be difficult, though the site already offers the secure hypertext transfer protocol, or HTTPS, to give its users a layer of encryption.
“On Wikipedia, logged-in users already have the HTTPS version by default, to protect passwords and sensitive communications,” Barbara said, adding that “all Wikimedia users can enable HTTPS manually.”
The problem is that HTTPS can create performance problems for users accessing Wikimedia from countries with low bandwidth or poor connections, but its engineering team is working hard to find the best HTTPS configuration, she said.
Wikimedia has also published a transparency report, as many online organizations have done, broadly revealing the number of people the NSA has requested information on, and it has filed an amicus brief in support of Twitter’s lawsuit asking to be able to release more information on how often the NSA is requesting information on specific users.
“We adhere to detailed guidelines for responding to user data requests and scrutinize each request carefully. The Wikimedia Foundation has fulfilled just 14 percent of requests for user data in the past two years,” Barbara said. “We believe that privacy goes hand in hand with transparency.”
Gorski of the ACLU said she believes that the plaintiffs have a better chance of winning the suit than they might have had in the past “due to the Snowden disclosures and subsequent government acknowledgements about upstream surveillance.”
“There’s no question here that the plaintiffs do have standing,” she added, using the legal term referring to the ability to show the court sufficient connection to and harm from the actions being challenged.
In the 2008 case, Jewel v. NSA, the Electronic Frontier Foundation also challenged upstream surveillance but lost because the NSA cited the government’s “state secrets” privilege, arguing that if the case was to be defended properly, confidential information would have to be revealed.
In this case, Gorski doesn’t think that will happen.
“There’s enough on public record about upstream so that they can’t really invoke the state secrets doctrine with a straight face,” she said. “The government itself has acknowledged in several venues the fact that the NSA has engaged in this surveillance. It’s too public to defend.”
by seemslikeadream » Mon May 11, 2015 8:43 pm
Tech Giants Pile On In Support Of The NSA-Curtailing USA FREEDOM Act
Posted 1 hour ago by Alex Wilhelm (@alex)
Following previous gestures of support, a grip of technology trade groups representing the industry’s largest players signed and released a letter expressing support for the House’s USA FREEDOM Act, a bill that would curtail the government’s bulk surveillance programs.
Previously, the technology group Reform Government Surveillance noted its support. That consortium is now joined by TechNet, the Internet Association, the Information Technology Industry Council, and the Computer and Communications Industry Association in substantiation of the bill.
A vote is expected on the bill this week, and there are calls in the Senate to follow the lower chamber on the measure.
The groups were explicit in their praise:
The USA Freedom Act as introduced in the House and Senate on April 28th offers an effective balance that both protects privacy and provides the necessary tools for national security, and we congratulate those who participated in the bipartisan, bicameral effort that produced the legislative text. Critically, the bill ends the indiscriminate collection of bulk data, avoids data retention mandates, and creates a strong transparency framework for both government and private companies to report national security requests.
Finding a working compromise between a government that has a proven thirst for ever-increasing quantities of data of and on both domestic, and foreign individuals, and corporations focused on selling cloud-based products to extra-United States entities hasn’t been easy.
In the wake of the revelations kicked off by the controversial Edward Snowden leaks, Congress has tried, and failed, to reform the NSA.
The legal structure, however, that underpins key NSA activities is set to sunset next month, leading to an artificial, planned crisis — if the PATRIOT Act isn’t re-upped in one way or another, the authority that the NSA depends on to collect, for example, phone records on every, or nearly every phone call placed in the United States will expire.
As such, it’s a prime moment for an attempt at reform, even if prior efforts couldn’t quite find their pants. However, as TechCrunch’s own Cat Zakrzewski wrote recently, not all privacy advocates are satisfied:
But even with […] new privacy and transparency measures, the bill makes concerning concessions on that front when it comes to national security. The last FREEDOM Act failed with a string of Republicans taking the Senate floor and warning drastic reforms would hinder the fight against ISIS.
Critics say the bill is better than a clean reauthorization of the PATRIOT Act, but worry about some of the changes made. Civil liberties groups are particularly concerned about a component of the bill that would increase the statutory maximum prison sentence to 20 years for providing material support or resources to a foreign terrorist organization.
As that piece noted, the ACLU’s Jameel Jaffer said that the bill “does not go nearly far enough.” The ACLU recently won a court case ruling that the NSA’s bulk collection of telephone metadata superseded its Congressional authorization, implying an arrogation of authority.
That said, I doubt that anyone expected corporations to hold out for a fix that would suit privacy advocates, especially after the failure of the last Congress to pass anything. Call it reform by degrees.
At play in all of the above is the simple economic reality that private American technology companies want to sell cloud products around the world. And if foreign buyers presume that the NSA can, at its whim, demand their data be predicated on the fact that their chosen vendor is headquartered in the United States, they might pick an extra-U.S.-based provider. And that’s, say, unpopular with profit-seeking tech firms.
Ergo, the letter.
by seemslikeadream » Tue May 12, 2015 9:39 am
Why NSA surveillance is worse than you’ve ever imagined
By James Bamford May 11, 2015
Last summer, after months of encrypted emails, I spent three days in Moscow hanging out with Edward Snowden for a Wired cover story. Over pepperoni pizza, he told me that what finally drove him to leave his country and become a whistleblower was his conviction that the National Security Agency was conducting illegal surveillance on every American. Thursday, the Second Circuit Court of Appeals in New York agreed with him.
In a long-awaited opinion, the three-judge panel ruled that the NSA program that secretly intercepts the telephone metadata of every American — who calls whom and when — was illegal. As a plaintiff with Christopher Hitchens and several others in the original ACLU lawsuit against the NSA, dismissed by another appeals court on a technicality, I had a great deal of personal satisfaction.
It’s now up to Congress to vote on whether or not to modify the law and continue the program, or let it die once and for all. Lawmakers must vote on this matter by June 1, when they need to reauthorize the Patriot Act.
Edward Snowden during an interview with Glenn Greenwald and Laura Poitras, June 6, 2013. WIKIPEDIA/Screenshot of a Laura Poitras film by Praxis Films
A key factor in that decision is the American public’s attitude toward surveillance. Snowden’s revelations have clearly made a change in that attitude. In a PEW 2006 survey, for example, after the New York Times’ James Risen and Eric Lichtblau revealed the agency’s warrantless eavesdropping activities, 51 percent of the public still viewed the NSA’s surveillance programs as acceptable, while 47 percent found them unacceptable.
After Snowden’s revelations, those numbers reversed. A PEW survey in March revealed that 52 percent of the public is now concerned about government surveillance, while 46 percent is not.
Given the vast amount of revelations about NSA abuses, it is somewhat surprising that just slightly more than a majority of Americans seem concerned about government surveillance. Which leads to the question of why? Is there any kind of revelation that might push the poll numbers heavily against the NSA’s spying programs? Has security fully trumped privacy as far as the American public is concerned? Or is there some program that would spark genuine public outrage?
Few people, for example, are aware that a NSA program known as TREASUREMAP is being developed to continuously map every Internet connection — cellphones, laptops, tablets — of everyone on the planet, including Americans.
“Map the entire Internet,” says the top secret NSA slide. “Any device, anywhere, all the time.” It adds that the program will allow “Computer Attack/Exploit Planning” as well as “Network Reconnaissance.”
One reason for the public’s lukewarm concern is what might be called NSA fatigue. There is now a sort of acceptance of highly intrusive surveillance as the new normal, the result of a bombardment of news stories on the topic.
I asked Snowden about this. “It does become the problem of one death is a tragedy and a million is a statistic,” he replied, “where today we have the violation of one person’s rights is a tragedy and the violation of a million is a statistic. The NSA is violating the rights of every American citizen every day on a comprehensive and ongoing basis. And that can numb us. That can leave us feeling disempowered, disenfranchised.”
An illustration picture shows logos of Google and Yahoo connected with LAN cables in Berlin
An illustration picture shows the logos of Google and Yahoo connected with LAN cables in a Berlin office, October 31, 2013. REUTERS/Pawel Kopczynski
In the same way, at the start of a war, the numbers of Americans killed are front-page stories, no matter how small. But two years into the conflict, the numbers, even if far greater, are usually buried deep inside a paper or far down a news site’s home page.
In addition, stories about NSA surveillance face the added burden of being technically complex, involving eye-glazing descriptions of sophisticated interception techniques and analytical capabilities. Though they may affect virtually every American, such as the telephone metadata program, because of the enormous secrecy involved, it is difficult to identify specific victims.
The way the surveillance story appeared also decreased its potential impact. Those given custody of the documents decided to spread the wealth for a more democratic assessment of the revelations. They distributed them through a wide variety of media — from start-up Web publications to leading foreign newspapers.
One document from the NSA director, for example, indicates that the agency was spying on visits to porn sites by people, making no distinction between foreigners and “U.S. persons,” U.S. citizens or permanent residents. He then recommended using that information to secretly discredit them, whom he labeled as “radicalizers.” But because this was revealed by The Huffington Post, an online publication viewed as progressive, and was never reported by mainstream papers such as the New York Times or the Washington Post, the revelation never received the attention it deserved.
Another major revelation, a top-secret NSA map showing that the agency had planted malware — computer viruses — in more than 50,000 locations around the world, including many friendly countries such as Brazil, was reported in a relatively small Dutch newspaper, NRC Handelsblad, and likely never seen by much of the American public.
A parabolic reflector with a diameter of 18.3 metres (60 ft.) is pictured at the former monitoring base of the National Security Agency (NSA) in Bad Aibling
A parabolic reflector with a diameter of 18.3 metres (60 ft.) at the National Security Agency’s former monitoring base in Bad Aibling, south of Munich, June 6, 2014. REUTERS/Michaela Rehle
Thus, despite the volume of revelations, much of the public remains largely unaware of the true extent of the NSA’s vast, highly aggressive and legally questionable surveillance activities. With only a slim majority of Americans expressing concern, the chances of truly reforming the system become greatly decreased.
While the metadata program has become widely known because of the numerous court cases and litigation surrounding it, there are other NSA surveillance programs that may have far greater impact on Americans, but have attracted far less public attention.
In my interview with Snowden, for example, he said one of his most shocking discoveries was the NSA’s policy of secretly and routinely passing to Israel’s Unit 8200 — that country’s NSA — and possibly other countries not just metadata but the actual contents of emails involving Americans. This even included the names of U.S. citizens, some of whom were likely Palestinian-Americans communicating with relatives in Israel and Palestine.
An illustration of the dangers posed by such an operation comes from the sudden resignation last year of 43 veterans of Unit 8200, many of whom are still serving in the military reserves. The veterans accused the organization of using intercepted communication against innocent Palestinians for “political persecution.” This included information gathered from the emails about Palestinians’ sexual orientations, infidelities, money problems, family medical conditions and other private matters to coerce people into becoming collaborators or to create divisions in their society.
Another issue few Americans are aware of is the NSA’s secret email metadata collection program that took place for a decade or so until it ended several years ago. Every time an American sent or received an email, a record was secretly kept by the NSA, just as the agency continues to do with the telephone metadata program. Though the email program ended, all that private information is still stored at the NSA, with no end in sight.
With NSA fatigue setting in, and the American public unaware of many of the agency’s long list of abuses, it is little wonder that only slightly more than half the public is concerned about losing their privacy. For that reason, I agree with Frederick A. O. Schwartz Jr., the former chief counsel of the Church Committee, which conducted a yearlong probe into intelligence abuses in the mid-1970s, that we need a similarly thorough, hard-hitting investigation today.
“Now it is time for a new committee to examine our secret government closely again,” he wrote in a recent Nation magazine article, “particularly for its actions in the post-9/11 period.”
Until the public fully grasps and understands how far over the line the NSA has gone in the past — legally, morally and ethically — there should be no renewal or continuation of NSA’s telephone metadata program in the future.
by seemslikeadream » Wed Jun 24, 2015 11:28 am
French hold crisis meeting, denounce 'unacceptable' U.S. spying
By KIM WILLSHER France Europe National Security Agency Edward Snowden
French President Francois Hollande held a crisis meeting of the country's Defense Council on Wednesday after newspapers published WikiLeaks documents showing that the United States eavesdropped on him and two predecessors.
After the meeting, the council issued a statement lambasting U.S. spying as "unacceptable" and declaring that France had demanded two years ago that the National Security Agency stop snooping on its leaders.
The latest WikiLeaks revelations, published by the daily newspaper Liberation and the investigative news website Mediapart, claim the NSA eavesdropped on telephone conversations of former Presidents Jacques Chirac and Nicolas Sarkozy as well as Hollande.
France to provide air support in Iraq, but no ground troops
WikiLeaks spokesman Kristinn Hrafnsson said he was confident the documents were authentic, noting that WikiLeaks' previous mass disclosures — including a large cache of Saudi diplomatic memos released last week — had proved to be accurate.
French Foreign Minister Laurent Fabius summoned the American ambassador to Paris, Jane Hartley, to the ministry on Wednesday evening to demand an explanation of the alleged spying, which has sparked indignation and anger in France.
"These are unacceptable facts that have already been the subject of clarification between the U.S. and France, notably at the end of 2013 when the first revelations were made and during a state visit by the president of the Republic to the United States in February 2014," read the Defense Council statement.
"Promises were made by the American authorites. They must remember and strictly respect them. France, which has reinforced its control and protection measures, will not tolerate any scheming that threatens its security and the protection of its interests," it read.
Government spokesman Stephane Le Foll said a senior French intelligence official was headed to the United States for talks with his American counterparts.
In 2013, evidence provided by National Security Agency leaker Edward Snowden showed that the United States had intercepted some 70 million pieces of data on French telecommunications. Snowden also revealed that the United States had been monitoring the cellphone communications of German Chancellor Angela Merkel.
After the Merkel disclosures, Obama ordered a review of NSA spying on allies. Officials suggested that senior White House officials had not specifically approved many operations that were largely on auto-pilot. After the review, U.S. officials said Obama had ordered a halt to spying on the leaders of allied countries or their aides.
The WikiLeaks website listed the contents of what it said were five selected “top” intercepts of communications involving French presidents between 2006 and 2012 on subjects including a top United Nations appointment, the Middle East peace process and the handling of the euro crisis.
The report also noted in a chart what were said to be an NSA list of the phone numbers of top French official “intercept targets,” including that of the French president's cellphone, with some digits crossed out.
The purported intelligence reports describe French relations with Germany and the perilous state of the Greek economy. A March 24, 2010, report describes Sarkozy's frustration at the U.S. refusal to sign an espionage pact: “As [then-French Ambassador to the U.S. Pierre] Vimont and [Sarkozy's diplomatic advisor Jean-David] Levitte understand it, the main sticking point is the U.S. desire to continue spying on France,” it says.
In the National Assembly on Wednesday, French Prime Minister Manuel Valls repeated that the U.S.'s "systematic and continued spying on the leaders of foreign countries" was "not legitimate, not acceptable and not normal."
"This information is extremely serious," Valls told lawmakers. "It's not legitimate in the name of national interests to carry out eavesdropping -- and, no, France does not spy on its European partners or its allies."
French police hold man suspected of plotting church attack
"France will not tolerate any scheming that threatens its security and fundamental interest," Valls added. He said the U.S. now had to make an effort to "repair the damage" caused by the revelations.
Hollande was expected to telephone President Obama later Wednesday.
U.S. National Security Council spokesman Ned Price said in a statement that the American government would not comment on the specifics of the leak.
“As a general matter, we do not conduct any foreign intelligence surveillance activities unless there is a specific and validated national security purpose. This applies to ordinary citizens and world leaders alike,” he said.
The WikiLeaks revelations came just hours before members of the French parliament were expected to approve a new bill giving government intelligence services sweeping new powers to snoop on their own people. Critics have said that the new law is a threat to individual liberties, but the government argues that the measures are necessary following the January attacks in Paris by Islamist extremists.
Members of the country's far-right Front National called on Paris to break off the TransAtlantic Treaty negotiations.
by Elvis » Wed Jun 24, 2015 5:47 pm
by seemslikeadream » Wed Sep 30, 2015 7:59 am
SEPTEMBER 30, 2015
EU Court Advocate General Deals Severe Blow to NSA Surveillan
by ALFREDO LOPEZ
A legal case, virtually unreported in the U.S., could very well unhinge a major component of this country’s surveillance system. In any case, it certainly challenges it.
Yves Bot, he Advocate General of the European Court of Justice (the European Union’s litigation arena) just published an “opinion” that the privacy and data sharing arrangements between the EU’s 28 countries and the United States are “invalid”, must be revised and cannot now be used to regulate data transfer.
This is to surveillance what an earthquake would be to a city: it wouldn’t halt surveillance but it would destroy one of its major components. While the EU court’s 15 justices have yet to issue their ruling on the opinion, they seldom deviate very much from their AG’s advice and, given that they published his opinion and circulated it to the media, it’s a good bet they are going to approve something close to it. They’ll make that ruling later this year.
But the opinion alone is undoubtedly sending shudders through the halls of the NSA which gets all kinds of data from cooperating big-data companies (like Facebook and Google) and steals data from the ones that don’t cooperate through a program called PRISM.
That’s where one must start in understanding this: PRISM, a highly sophisticated data capture program used by the NSA to steal data from servers in this country and overseas. It’s the most comprehensive spy program in U.S. history and much of its activity involves servers in other countries because that’s where much of the data the NSA wants is stored.
With the advent of the cloud storage programs, your data is “distributed. For instance, an email you send is cut up into little pieces stored in various servers throughout the world. This makes for a more efficient use of storage space. When you ask for your data, the servers cooperate in putting it together and sending it to you. PRISM takes the data as soon as its together, often from a European server right before it is sent out or brought in.
For many years, PRISM was clandestine until whistle-blower Edward Snowden told the world about it.
Enter Maximillian Schrems. An Austrian activist, Schrems has been a Facebook user for many years and, like most activists, he was deeply concerned about Facebook’s policy of transferring his data to the U.S. whenever U.S. Facebook wanted. His logic: Facebook is subject to PRISM data capture and his data would end up with the NSA.
So he sued, targeting Facebook whose European headquarters are in Ireland.
Ireland wouldn’t hear the case; they sent it to the EU’s court where U.S. litigators sniffed at Schrems’ case. If all the data belongs to Facebook, they argued, certainly Facebook can move data wherever if wants. But, argued Schrems’ lawyers, there are actually data laws in various countries preventing that action because several of the EU’s member have strict privacy-protecting and data-collection restriction laws. The U.S. doesn’t.
The simple fact is that it’s much easier for the NSA to get your data from the Internet in the U.S. than it would be in, say, France or Germany. In Europe, companies must be certified as “safe” by the country’s government and must prove they have put into place a series of security and privacy measures. In the United States, the companies “self-certify” by issuing a document detailing what they have in place that can be viewed by users. Nobody checks to see if any of that is true.
So, if you want to give data to the government, move it to the U.S. The AG’s opinion stops that.
In that opinion, Bot cites two concerns:
That the U.S. government has failed to take the appropriate steps Europe has to protect privacy. This is the first incidence of the conflict between the United States and its allied continent many experts have been predicting. Europe has taken steps to protect rights that the U.S. has refused to take.
Also, the fact that U.S. companies can “self-certify” gives them “an enormous advantage” in functioning.
Bot carefully, and diplomatically, avoids the main issue and the main impact but plaintiff Schrems was clear about that:
“This could be a major issue for Apple, Facebook, Google, Microsoft or Yahoo,” he said. “All of them operate data centres in Europe, but may need to fundamentally restructure their data storage architecture and maybe even their corporate structure.”
In other words, if a company is going to give its data to the NSA, it can’t operate cloud storage as it used to because part of the cloud is in a country that doesn’t allow companies to give up data so easily.
The court’s final decision, which all should be watching for, may prove monumental.
by seemslikeadream » Sat Oct 03, 2015 9:48 am
A DEATH IN ATHENS
Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?
JUST OUTSIDE THE MAIN DOWNTOWN part of Athens lies Kolonos, an old Athenian neighborhood near the archaeological park of Akadimia Platonos, where Plato used to teach. Along the maze of narrow streets, flower-filled balconies hang above open-air markets, and locals gather for hours at lazy sidewalk cafes, sipping demitasse cups of espresso and downing shots of Ouzo in quick gulps.
It was a neighborhood Costas Tsalikidis knew well. He lived at No. 18 Euclid Street, a loft apartment just down the hall from his parents. Slim and dark-haired, with a strong chin and a sly smile, he was born in Athens 38 years earlier to a middle-class family in the construction business. Talented in math and physics from an early age, he earned a degree in electrical engineering from the National Technical University of Athens, considered the most prestigious college in Greece, where he specialized in telecommunications, and later obtained his master’s in computer science in England. Putting his skills to good use, for the last 11 years he had worked for Vodafone-Panafon, also known as Vodafone Greece, the country’s largest cell phone company, and was promoted in 2001 to network-planning manager at the company’s headquarters in the trendy Halandri section of Athens.
On March 9, 2005, Costas’ brother, Panagiotis, dropped by the apartment. He thought he’d have a coffee before a business meeting scheduled for that morning. But as he entered the building, he found his mother, Georgia, running up and down the corridor yelling for help.
“Cut him down!” she was saying. “Cut him down!”
Panagiotis had no idea what she was talking about until he went inside his brother’s apartment and saw Costas hanging from a rope tied to pipes above the lintel of his bathroom door, an old wooden chair nearby. He and his mother cut the rope and laid Costas down on the bed.
Costas Tsalikidis Photo: Courtesy of the Tsalikidis familyThe day before his death, Costas’ boss at Vodafone had ordered that a newly discovered code — a powerful and sophisticated bug — be deactivated and removed from its systems. The wiretap, placed by persons unknown, targeted more than 100 top officials, including then Prime Minister Kostas Karamanlis and his wife, Natassa; the mayor of Athens; members of the Ministerial Cabinet; as well as journalists, capturing not only the country’s highest secrets, but also its most intimate conversations. The question was, who did it?
For a year, the eavesdropping case remained secret, but when the affair finally became public, it was regarded as Greece’s Watergate. One newspaper called it “a scandal of monumental proportions.” And at its center was the dark underside of the 2004 Summer Olympic Games in Athens. While the athletes were competing for medals as millions watched, far in the shadows spies had hacked into the country’s major telecom systems to listen and record.
A decade later, Costas’ death is caught up in an investigation into what now appears to have been a U.S. covert operation in Greece. Last February, Greek authorities took the extraordinary step of issuing an international arrest warrant for a CIA official the Greeks believe was a key figure in the operation while based in Athens. Unnoticed by the U.S. press, the warrant was a nearly unprecedented action by an allied country. The intelligence official, identified as William George Basil, was accused of espionage and eavesdropping. But by then he had already left the country, and the U.S. government, as it has done for the past 10 years, continues to stonewall Greek authorities on the agency’s involvement.
The Greek charges only touch the surface, however, and Basil may be less a key figure than simply a spy guilty of poor tradecraft. An investigation by The Intercept has uncovered not only the role of the CIA, but also that of the NSA, as well as how and why the operation was carried out. The investigation began while I was producing a documentary for PBS NOVA on cyberwarfare, scheduled to air on October 14, for which some of the interviews were conducted. In addition, I have had exclusive access to highly classified and previously unreported NSA documents released by Edward Snowden.
The Intercept, along with the Greek newspaper Kathimerini, interviewed over two dozen people familiar with the wiretapping case, ranging from U.S. intelligence officials and Greek government officials to those involved in the investigation and its aftermath. Many of those interviewed agreed to talk on condition that their names not be used, fearing criminal prosecution for speaking on intelligence matters or professional retribution. While some questions remain, the evidence points to a massive illegal eavesdropping program that may have led to Costas’ tragic death.
“COSTAS WAS ENGAGED,” his brother, Panagiotis, told me last year. “He was planning to get married.” Like Costas, who was three years younger, Panagiotis spoke fluent English, the product of frequent trips to the U.S., both on business and vacation.
After a dinner of lamb and hummus at a restaurant not far from the apartment where Costas died, Panagiotis spoke emotionally about his brother. “He had met the woman of his life and they were planning to get married really soon. And for that reason, they were looking to get a house and they had already started buying things that they could use in their new household. Costas was happy and optimistic and things had been working out really good for him.”
At the time, Panagiotis couldn’t understand what had happened; Costas was in good health and, at least until recently, seemed to love his job at Vodafone. “I thought there was no reason for him to commit suicide,” he said, although he acknowledged Costas had been under more pressure than usual. “In the last year of his life, he was working very hard because Greece had undertaken the Olympic Games of 2004,” he said. “And that meant a lot of hours at work and a lot of planning to beef up the networks.”
Given the enormous numbers of journalists and tourists who were planning to attend the events, all wanting to communicate, Costas’ workload increased enormously in the months before the games were to begin. Eventually, the technical infrastructure created by the Athens Olympics Organizing Committee for staff and media involved more than 11,000 computers, 23,000 fixed-line telephone devices, and 9,000 mobile phones. But the Olympics ended more than six months before Costas’ death, so there had to be another reason.
At work, things suddenly began to change. Costas told his brother that he wanted to quit. “He tendered his resignation to the company, but it wasn’t accepted,” Panagiotis told me. “He wanted to get out.” And he sent a text to his fiancée, a piano teacher named Sara Galanopoulou, saying he had to leave his job, adding cryptically that it was a “matter of life and death.”
As Costas Tsalikidis and his colleagues at Vodafone worked overtime in the months leading up to the games, thousands of miles away another group was also getting ready for the Summer Olympics in Greece: members of the U.S. National Security Agency. But rather than communicating, they were far more interested in listening. According to previously undisclosed documents from the Snowden archive, NSA has a long history of tapping into Olympic Games, both overseas and within the U.S. “NSA has had an active role in the Olympics since 1984 Los Angeles games,” according to a classified document from 2003, “and has seen its involvement increase with the recent games in Atlanta, Sydney, and Salt Lake City. During the 2002 Winter Olympics in Salt Lake City, the focus was on counterterrorism, and NSA acted largely in support of the FBI in a fusion cell known as the Olympics Intelligence Center (OIC). … NSA’s support to the 2004 Olympics in Athens will be much more complicated.”
In 2004, for the first time since the 9/11 attacks of 2001, the Summer Olympic Games would be held outside the U.S., and thus the difficulties would be far greater. “Several factors will make the Athens Olympics vastly different,” the document continued, “not the least of which is the fact these Olympics will not be held at a domestic location. Also different is that the security organization that NSA will support is the EYP, or Greek National Intelligence Service. NSA will gather information and tip off the EYP of possible terrorist or criminal actions. Without a doubt, the communication between NSA and EYP will take some coordination, and for that reason preparations are already underway.”
According to a former senior U.S. intelligence official involved with the operation, there was close cooperation between NSA and the Greek government. “The Greeks identified terrorist nets, so NSA put these devices in there and they told the Greeks, OK, when it’s done we’ll turn it off,” said the source. “They put them in the Athens communications system, with the knowledge and approval of the Greek government. This was to help with security during the Olympics.”
The Olympic Games ran smoothly — there were no serious terrorist threats and Greece had its best medal tally in more than a century. On August 29, 16 days after the games began, closing ceremonies were held at the Athens Olympic Stadium. As 70,000 people watched, Greek performers displayed traditional dances, a symbolic lantern was lit with the Olympic Flame, and Dr. Jacques Rogge, president of the International Olympics Committee, gave a short speech and then officially closed the games.
Two weeks later, the Paralympics ended, and at that point, keeping their promise to the Greek government, the NSA employees should have quietly disconnected their hardware and deleted their software from the local telecommunications systems, packed up their bugging equipment, and boarded a plane for Fort Meade. The problem was, they didn’t. Instead, they secretly kept the spying operation active, but instead of terrorists, they targeted top Greek officials. According to the former U.S. intelligence official involved with the operation, the NSA began conducting the operation secretly, without the approval or authorization of the CIA chief of station in Athens, the U.S. ambassador, or the Greek government.
“We had a huge problem right after the Greek Olympics,” the source said. “They [NSA] said when the Olympics is over, we’ll turn it off and take it away. And after the Olympics they turned it off but they didn’t take it away and they turned it back on and the Greeks discovered it. They triangulated some signals, anonymous signals, and it all pointed back to the embassy.”
At that point, the source said, someone from the Greek government called Richard Eric Pound, the CIA chief of station at the embassy in Athens and the person officially responsible for all intelligence operations in the country. Pound had arrived in May 2004, replacing Michael F. Walker, the agency’s former deputy director of the paramilitary Special Activities Division, as chief of station in Athens. Describing himself as “a small town boy from Indiana who set off to see the world,” Pound had joined the agency in 1976. Hefty and mustachioed, he was a veteran of the agency’s backwater posts in Africa.
Pound, according to the source, knew nothing about the operation having been turned back on, so he called his boss at CIA headquarters to ask about it. “He says, ‘What in God’s name is this all about?’” said the source (Pound declined to speak to The Intercept). Pound’s boss then immediately called his NSA counterpart. “Oh, yeah, we were going to tell you about that,” the NSA official told Pound’s CIA boss, according to the source. “They didn’t take it out and they turned it back on.”
National Security Agency Deputy Director John Chris Inglis testifies before the House Select Intelligence Committee on the NSA's PRISM program, which tracks web traffic and US citizens' phone records, during a hearing on Capitol Hill in Washington, DC, June 18, 2013. AFP PHOTO / Saul LOEB (Photo credit should read SAUL LOEB/AFP/Getty Images) National Security Agency Deputy Director John Chris Inglis in Washington, D.C., June 18, 2013. Photo: Saul Loeb/AFP/Getty ImagesNot informing the chief of station and the ambassador was an enormous breach of protocol. The chain of events surprised another source, a long-time veteran of the CIA’s National Clandestine Service, who was once a colleague of Basil in Athens. “I can’t think of another time in my experience when that ever happened, that’s how unusual it is,” the source said. “I’m astounded by that.”
In 2006, Chris Inglis became the NSA’s deputy director, the agency’s No. 2 official, who was thus in a position to discover what had happened. In an interview, I questioned him about the scandal and the illegal bugging operation. “Was the NSA involved?” I asked. Inglis offered no denial. “I couldn’t say whether NSA was involved in that or any other activity that might have been alleged to be conducted by an intelligence service, let alone NSA.”
Inglis did confirm, however, that NSA operations in foreign countries would normally have the approval of the CIA chief of station. “The chief of station,” he said, “would speak on intelligence matters for the nation, or essentially be expected to adjudicate matters on behalf of the nation.” He added, “So if NSA was expected to conduct an intelligence operation physically in some particular place of the world, I would expect that the chief of mission — the ambassador — and that the chief of station — the intelligence rep — would have some influence on that, some kind of ability to understand what it was and to ensure that it was done in the proper way.”
I also put the question to Gen. Michael Hayden, the NSA director at the time. “Do you remember the incident that came up involving Greece?” I asked. “Not anything we’re going to talk about here,” he said. “Did that come to your attention?” I pressed. “Not something I can talk about,” he replied.
At the time of the Greek bugging operation, Hayden was also secretly running the NSA’s illegal warrantless eavesdropping and metadata dragnet surveillance programs, the largest domestic spying operations in U.S. history.
FILE - In this Dec. 6, 2002 an aerial file photo of the US embassy in Athens, Greece. Theodoros Pangalos a former foreign minister of Greece said on Tuesday, Oct. 29, 2013 the U.S. is not the only country eavesdropping on foreign diplomats: his country's secret services did that to U.S. ambassadors in Athens and Ankara in the 1990s. (AP Photo/Thanassis Stavrakis, File) An aerial file photo of the U.S. Embassy in Athens, Greece, Dec. 6, 2002. Photo: Thanassis Stavrakis/AP
Stonewalled by the U.S., over the past decade Greek investigators were nevertheless able to follow a digital trail right to the front door of the U.S. Embassy in Athens, and then to William George Basil, a mysterious embassy official with a Greek background.
Although very little is publicly known about Basil, interviews with his relatives and childhood friends in Greece, as well as fellow embassy employees and intelligence officials in Athens and the U.S., shed light on his background.
Basil was born on December 10, 1950, in Baltimore, where many of his relatives had settled after emigrating from Greece. Much of his extended family came from the small Greek island of Karpathos in the Aegean Sea, a port of call for the Argonauts traveling between Libya and Crete, and mentioned in Homer’s Iliad. There, his ancestors worked as stonemasons and as farmhands in mountainside wheat fields.
His father, George, had emigrated to the U.S. where Basil and his sister, Maria, spent their early years. But when Basil was 9, his now-divorced father became engaged to a woman from Karpathos and they all traveled to the island for the wedding. An old snapshot shows a young Basil in a suit jacket sitting uneasily on the back of a donkey. After a few months, the family returned to the U.S., then in the 1960s, when Basil was in his early teens, moved back to Karpathos for good.
Today, childhood friends there still remember Basil as “Billy,” an Americanized youth who liked to spend time on the beach. His cousin Nikos Kritikos often played sports with him. “He played rugby when he was young,” Nikos said. “He was amazingly smart. … We grew up in the same house; his stepmother, Marigoula, raised us.” And Basil’s uncle Manolis Kritikos, a local schoolteacher, remembered him as “a happy kid who smiled.” “He was always restless as a young man, he searched things,” he said. “Most of all he liked the history of this place, the folklore. … And he loved Greece and [the Karpathos village of] Olympos more than anything.”
Basil 9 years old attending his father's wedding on Karpathos Basil, 9 years old, attending his father’s wedding on Karpathos. After graduating from high school at the American Community Schools in Athens in 1968, Basil joined the Army for five years and was posted to Alaska. Then, according to Basil’s former CIA colleague, he took a job as a Baltimore County deputy sheriff and later joined the CIA’s Office of Security as a polygraph expert. But, after nearly two decades, said the colleague, he grew bored with strapping recruits and potential agents to lie detector machines and sought a position in the agency’s Directorate of Operations. Largely based on his Greek heritage and fluency in the language, he was accepted and quickly disappeared behind the agency’s heavy black curtain, emerging undercover as a Foreign Service Officer with the State Department.
With a black diplomatic passport in his pocket, he was soon on his way to Athens, a city he knew well; he had owned an apartment in the city for many years, which he rented out. Soon after arriving, he moved into an apartment near the beach in Glyfada, one of the most exclusive areas of the city, home to ship owners and wealthy business executives. A long-time biker, he would often cruise around the city on his motorcycle.
At the U.S. Embassy in Athens, he was officially a second secretary in the regional affairs section, later promoted to first secretary. In reality, he joined the CIA station as a terrorism expert. The station, located on the embassy’s top floor (with the forgery section in the basement), was one of the largest in Europe, because it often served smaller Middle East stations with logistical help and temporary personnel. Protected by a bulletproof vest under his shirt, a 9 mm pistol strapped to his belt, and a small M38 handgun on his ankle, Basil, who had a reputation as an Olympic-level shooter, drove around the city in an armored car looking for informants to recruit and liaising with the Greek police organization. According to a confidential report by Greek prosecutor Yiannis Diotis, obtained by The Intercept, Basil played a role in a March 2003 operation — just prior to the U.S. invasion of Iraq — that involved an informant recruited by the embassy’s CIA station. The operation, code-named “Net,” led to the discovery, by a joint U.S.-Greek team, of a small cache of guns and explosives in the basement of the Iraq Embassy in Athens.
While most CIA assignments to Athens were two years, Basil kept extending his tour, giving him an opportunity to spend time on Karpathos, visiting friends and relatives and playing backgammon. “He never withheld where he was working or what he was doing,” recalled his cousin Nikos. “A lot of times we would call each other and he would tell me, ‘I am in the Middle East.’ His job was to report on the sentiment of those countries’ society. … From what he said he had a lot of friends in high places. I understood that he was acquainted with Ministers of Interior and Ministers of Public Order in Greece.”
One person who knew Basil in passing was John Brady Kiesling, a now-retired career Foreign Service Officer who had worked as the embassy’s political officer from July 2000 to March 2003. I spoke to him in his apartment in the historic Plaka section of Athens, a labyrinth of winding streets and colorful shops in the shadow of the Acropolis. After leaving his post at the embassy, he decided to remain in Greece, where he has followed the bugging case closely. When I brought up the possibility of the NSA conducting a covert operation out of the embassy, without the knowledge of either the ambassador or the CIA chief of station, he looked surprised. “I would say that a rogue agency was performing it if it was performed without the prior clearance with the ambassador, as the president’s representative in Greece,” he said. “It definitely is something that is hanging as a sort of swinging sword blade over the U.S.-Greek relationship.”
But according to Basil’s former CIA colleague in Athens, there are occasions when an ambassador is not informed by the agency because of the sensitivity of the operation. However, there was never a time when a chief of station was kept in the dark. “There were times we didn’t inform the ambassador — it was just too sensitive — and we would have to get a waiver signed,” the source said.
william-george-basil Visa from U.S. passport of William George Basil. A half-dozen miles southwest of Athens is the city of Piraeus. The largest passenger port in Europe and the third largest in the world, it services about 20 million passengers a year. Piraeus is to ships what Chicago’s O’Hare Airport is to planes. There are long rows of ferries, endless quays, hydrofoils and mega-yachts, tankers and cruise ships. It was here, not far from the pier for ferries to Karpathos that the planning ended and the operation began. According to the Greek prosecutor’s report, on June 8, 2004, someone entered the Mobile Telecommunication Center at 31 Akti Miaouli Street, and in the name of a “Markos Petrou,” purchased the first four of what would eventually be 14 prepaid cell phones.
They would become the “shadow” phones. As normal calls from Vodafone went to and from legitimate parties, a parallel stream of digitized voice and data — an exact copy — was directed to the NSA’s shadow phones. The data would then be automatically transferred miles away to NSA receivers and computers for monitoring, analysis, and storage.
Not long after, according to the Snowden documents I reviewed, the NSA contingent began arriving at US-966G, the surveillance agency’s code for the Athens embassy. The planning had already been underway. “Although the first race, dive, and somersault are still a year away,” noted a Signals Intelligence Directorate document, “SID Today,” dated August 15, 2003, “in truth, NSA has been gearing up for the 2004 Olympics for quite some time, in anticipation of playing a larger role than ever before at the international games.” The document then noted that NSA would be sending “the largest contingent of personnel in support of the games in our history. A team of 10 NSA analysts will arrive in Greece anywhere from 30-45 days before the Olympics and stay until the flame is extinguished. … The scope of the Olympics is tremendous, and so will be the support of SID [Signals Intelligence Directorate] and NSA.”
Then, in a note of unintended irony, the writer added, “The world will be watching and so will NSA!”
A key part of the operation would be obtaining secret access to the Greek telecom network. And it is here that Costas Tsalikidis may have entered the picture. As a senior engineer in charge of network planning, working for the country’s largest cellular service provider, he would have been one of those in a position to become the team’s inside person. But he was also far from the only one. “Of course, it could have even been me,” said another Vodafone technician interviewed.
The operation could have been accomplished a number of ways. At the beginning, the installation of the bugging software, while illegal according to Greek law, had been secretly authorized by the Greek government. Thus, an inside person would have been operating outside the law in providing assistance to U.S. intelligence, but with the patriotic objective of helping protect Greece from terrorists. Also, the person may never have been told that the software was supposed to be removed following the conclusion of the games. In any case, it is unlikely that the person would have known who the targets were since they were just lists of phone numbers.
In fact, recruiting a foreign telecom employee as an “inside person” for a major bugging operation was standard operating procedure for both the NSA and the CIA, according to the senior intelligence official involved with the Athens operation. “What the NSA really doesn’t like to admit, about 70 percent of NSA’s exploitation is human enabled,” the former official said. “For example, at a foreign Ministry of Post and Telecommunications, if NSA determines it needs to get access to that system, NSA and/or the CIA in coordination would come up with a mechanism that would allow them to replicate the existing switch to be swapped out. The CIA would then go and seek out the person who had access to that switch — like a Nortel switch or a router — go in there, and then it would be the CIA that would effect the operation. And then the take from it would be exploited by the NSA.”
And according to a highly classified NSA document provided by Snowden and previously published by The Intercept, covertly recruiting employees in foreign telecom companies has long been one of the NSA’s deepest secrets. A program code-named “Sentry Owl,” for example, deals with “foreign commercial platform[s]” and “human asset[s] cooperating with the NSA/CSS [Central Security Service].” The document warns that information related to Sentry Owl must be classified at an unusually high level, known as ECI, or Exceptionally Controlled Information, well above top secret.
“Human intelligence guys can provide sometimes the needed physical access without which you just can’t do the signals intelligence activity,” Gen. Hayden, the NSA head at the time of the Athens bugging, who later ran the CIA, told me.
Basil’s ties to Greece made him very good at developing local agents. “He was the best recruiter the station had, the best,” said the former CIA associate in Athens. “[Basil] may have been in charge of recruiting the guy on the inside. He may have made the initial recruitment.”
With an agent in place inside the network, the next step would be to implant spyware capable of secretly transmitting the conversations of the NSA’s targets to the shadow phones where they could be resent to NSA computers. Developing such complex malware is the job of the NSA’s Tailored Access Operations (TAO) organization. And, according to the previously undisclosed Snowden documents, members of the group “performed CNE [Computer Network Exploitation] operations against Greek communications providers” as part of the preparations for the Olympics. In lay terms, this means they developed malware to secretly extract communications data. Also involved were members of the Special Source Operations (SSO) group, the specialists who work covertly with telecom companies, such as AT&T — or in this case Vodafone — to get secret access to their networks.
The key to the operation was hijacking a particular piece of software, the “lawful intercept” program. Installed in most modern telecom systems, it gave a telecom company the technical capability to respond to a legal warrant from the local government to monitor a suspect’s communications. Vodafone’s central switching equipment was made by Ericsson, the large Swedish company, and on January 31, 2002, Ericsson delivered to Vodafone an upgrade containing the lawful intercept program, a piece of software known as the Remote Control Equipment Subsystem (RES). According to a report by Greece’s Authority for Communication Security and Privacy (ADAE), Costas was the Vodafone employee who accepted delivery of the upgrade.
Normally, when a lawful warrant is submitted to a company such as Vodafone Greece, the information, including the target phone numbers, would first be logged into a program called the Interception Management System (IMS). This creates a permanent record of the request that can later be audited. The information is then sent to the RES, which initiates the actual monitoring by secretly creating a duplicate communications stream for the targeted number. That duplicate stream is then transmitted, along with the metadata — date, time, and number calling or being called — to the law enforcement agency.
But despite having the capability to initiate wiretaps with the RES program, at the time of the Olympics Greece did not have laws in place to permit them. As a result, Vodafone never paid the additional fee to Ericsson for the IMS program and the digital key to activate the system. Far behind the NSA, the Greek government had only simple wiretap technology. “All they had was some primitive suitcase methods that would allow very limited surveillance of very specific targets,” said Kiesling, the former U.S. Embassy official. “From an American point of view, that was terrifyingly primitive.”
Thus, according to Greek sources, prior to the Olympics U.S. officials began asking the Greek government for permission to secretly activate the lawful intercept program, which led to the government agreeing to the U.S. bugging operation. Ironically, the presidential decree permitting widespread eavesdropping was finally enacted on March 10, 2005, the day after Costas’ death.
For NSA, the missing IMS program was the technical opening its operatives needed. In essence, they created malware that would secretly turn on the RES program and begin tapping. But without the IMS program there would be no audit trail, no indication or evidence that eavesdropping was going on as the target numbers were being tapped and transmitted to the shadow phones by the RES. “It was a very complex system, because it was invisible to detection,” Vodafone Greece CEO George Koronias told investigators. “It functioned independently of whether the lawful interception system was activated, and bypassed the security alarm.”
Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA. According to a previously unreleased top-secret PowerPoint presentation from 2012, titled “Exploiting Foreign Lawful Intercept Roundtable,” the agency’s “countries of interest” for this work included, at that time, Mexico, Indonesia, Egypt, and others. The presentation also notes that NSA had about 60 “Fingerprints” — ways to identify data — from telecom companies and industry groups that develop lawful intercept systems, including Ericsson, as well as Motorola, Nokia, and Siemens.
There are also a variety of “Access Methods” used to penetrate other countries’ lawful intercept programs. These include using the highly secret Special Collection Service. Known internally as “F-6,” it is described in another Snowden document as “a joint NSA-CIA organization whose mission is to covertly collect SIGINT [Signals Intelligence] from official U.S. establishments abroad, such as embassies and consulates.” The organization’s job, according to the PowerPoint, is to intercept microwaves, the thousands of communications-packed signals that crisscross a city. The PowerPoint also suggested using the Special Source Operations unit, the people who work out secret arrangements with the local telecom companies. And with the Tailored Access Operations unit, techniques could be developed to hack into the country’s telecom systems. For the Athens Olympics operation, it would be a full house.
With the malware installed, the NSA was set to go, with more than a dozen shadow phones purchased and a contingent of employees from at least 11 different NSA organizations poised to begin eavesdropping during “24-hour watches.” According to the ADAE report, the tappers first activated the malware at Vodafone’s communications centers on August 4, 2004, and five days later they began inserting the target phone numbers. Then on September 28, following the conclusion of the Paralympic Games, some of the malware was removed. But less than a week later, long after the Olympic Torch had been extinguished, new malware was implanted.
“And then,” said Kiesling, looking both troubled and perplexed, “the mystery becomes why it continued after the Olympics, and that’s a mystery that still has not been solved.” It was a question I asked a former senior NSA official with long involvement in worldwide eavesdropping operations. “They never [remove it],” the official said with a laugh. “Once you have access, you have access. You have the opportunity to put implants in, that’s an opportunity.”
“FEVER,” COSTAS WROTE. Several of the antennas used for the bugging operation were heating up, and to Costas, it was as if they had a fever. After the Olympic Games concluded, Costas started having problems at work. In the weeks following Costas’ death, his brother discovered one of his notebooks, dating from October and November 2004, after the Olympics, and it described a number of incidents. “In his notes he said that at certain points in time certain antennas seemed to get overworked and they were trying to figure out why that was happening,” said Panagiotis. “Now it turned out that those antennas were the same antennas that were connected with the system of the wiretapping.” In another entry, which Panagiotis submitted to the prosecutor, Costas wrote about a month before he died: “Something is not right at the company.”
Then, at 7:56 p.m. on January 24, 2005, someone installed a routine update in the NSA’s bugging software at Vodafone’s facility in the Paiania section of the city. It would turn out to be anything but routine. Within seconds, errors appeared, which caused hundreds of text messages from customers to go undelivered, and people began complaining. At the same time, an automatic failure report was sent to Vodafone management. It was as if a burglar alarm had gone off during a robbery. As normally happens, Vodafone sent the voluminous logs and data dumps to Ericsson for analysis, while those involved quietly waited — and worried. The once cheerful and upbeat Costas turned glum and angry. “We have heard that Costas was in meetings inside the company, in meetings that were very loud and a lot of people were arguing,” said Panagiotis. “He tendered his resignation to the company, but it wasn’t accepted. … He wanted to get out.”
On March 4, after weeks of investigation, Ericsson notified Vodafone that it had discovered a sophisticated piece of malware, containing a hefty 6,500 lines of code — evidence of a large bugging operation. The company also turned up the target phone numbers of the prime minister and his wife, the mayor of Athens, members of the Ministerial Cabinet, and scores of high officials, as well as the numbers for the shadow phones and the metadata describing when the calls were made.
Three days later, Vodafone technicians isolated the malware. Then on March 8, before law enforcement had an opportunity to get involved, Koronias, the Vodafone Greece CEO, ordered the software deactivated and removed, thus hampering any future investigation. Apparently alerted, those involved in the bugging operation immediately turned off their shadow phones. “Vodafone’s decision to deactivate the software meant our hands were tied,” Yiannis Korandis, the chief of the EYP, the Greek National Intelligence Service, told investigators.
The next morning Panagiotis discovered his brother’s body hanging from a white rope tied to a pipe above the bathroom doorway. To this day, he is convinced that Costas was murdered to keep him quiet and prevent him from quitting and going public with the details. “He probably wanted answers there and then and I think that led to his demise,” he said. The bugging, Panagiotis suspects, may have been the reason Costas sent the text to his fiancée about leaving his job being a “matter of life and death.”
Athens, GREECE: Vodafone Greece Chief Executive Officer George Koronias holds documents 06 April 2006 before the start of a parliamentary committee hearing investigating the case of a phone-tapping scandal, which targeted Prime Minister Costas Karamanlis and top officials during and after the 2004 Athens Olympics games. AFP PHOTO / Louisa Gouliamaki (Photo credit should read LOUISA GOULIAMAKI/AFP/Getty Images) Vodafone Greece CEO George Koronias holds documents in April 2006 before the start of a parliamentary committee hearing investigating the phone-tapping scandal. Photo: Louisa Gouliamaki /AFP/Getty ImagesWithin hours of Costas’ death, Ericsson prepared a formal “Incident Case Description,” outlining technical details about the malware and how it worked. It contained the warning: “This document is to be treated as highly confidential and … all necessary steps to protect this information must be taken, including the mandatory use of Entrust encryption within Ericsson.” After seven pages of technical detail, the report concluded that someone had loaded unauthorized “corrections,” i.e. malware implants, “designed to introduce RES functionality in such a way that it is not visible to any observer. Neither Ericsson nor Vodafone have any knowledge of the corrections. Nor is it known who supplied the correction, who loaded them or how long they have been loaded in the network.” In other words, someone had introduced malware to secretly activate the lawful intercept’s tapping function while at the same time hiding the fact that it had been turned on. On March 10, the report was turned over to Vodafone Greece CEO Koronias.
The Tsalikidis family’s former lawyer, Themistoklis Sofos, believes that Costas discovered the spy software by chance and then reported it. “Some people were afraid that he would talk so they killed him in a professional manner,” he told a Greek newspaper. Although the official coroner’s report said he took his own life, no suicide note was ever found, and the initial forensic report was inconclusive.
Nevertheless, Supreme Court prosecutor Dimitris Linos said that Costas’ death was clearly tied to the eavesdropping operation. “If there had not been the phone tapping, there would not have been a suicide,” he said in June 2006. In his report, prosecutor Yiannis Diotis also said that Costas had knowledge of the illegal phone-tapping software. And Giorgos Constantinopoulos, a former colleague in charge of communications security for Vodafone, reportedly told prosecutors that he was sure Costas was in a position to know about the spy software, and that his death was likely connected to that discovery.
THROUGHOUT THIS PAST SUMMER in Athens as the debt crisis mounted, crowds of pro-government demonstrators filled Syntagma Square shouting angry chants against European creditors. A few blocks away on Panepistimiou Street, an anarchy symbol was spray-painted on the walls of the headquarters of the Bank of Greece. And behind the Doric columns and yellow neo-classical façade of the Parliament Building, nervous politicians huddled and debated what to do next.
But a mile and a half away, in a heavily guarded compound near Pedion tou Areos, one of the largest parks in Athens, prosecutors were finally bringing to a close a decade of investigations. And on June 26 the finger of guilt was pointed directly at America’s Central Intelligence Agency. Now it is up to the Justices’ Council to decide how to proceed, and it may prove very embarrassing for the United States.
From the very start, according to a former senior Greek official involved in the investigation, there was no doubt within the highest levels of government that the U.S. was behind the bugging. On Friday, March 25, 2005, two weeks after Panagiotis cut the rope from his brother’s neck, Greeks celebrated Independence Day, followed by a weekend of festivities. But in Maximos Mansion, the Greek White House, the talk was far from jubilant. As Greek Navy helicopters flew low over the Acropolis during a military parade, members of the Greek inner circle were meeting with Prime Minister Costas Karamanlis about the bugging scandal that had targeted him and his wife.
A few days before, Foreign Minister Petros Molyviatis was in Washington engaged in high-level meetings with top officials. Secretary of State Condoleezza Rice spoke of the “excellent state of relations between Greece and the United States,” and President George W. Bush issued a proclamation declaring “our special ties of friendship, history, and shared values with Greece.” He noted, “Our two Nations are founded on shared ideals of liberty.” But based on the investigation up to that point, close aides, including Foreign Minister Molyviatis, were convinced that U.S. intelligence was behind the operation. Although at least one member of the group wanted to bury the whole matter rather than cause a rupture in relations with the U.S., Karamanlis disagreed, according to the source. “No way,” Karamanlis said. “If they find this on us 10 years from now, things will prove really difficult.”
The decision was made to have the police and the EYP intelligence service launch an investigation. Although far from exhaustive, with many questions left unanswered, Minister of Public Order George Voulgarakis and several other officials finally held a televised press conference in February 2006. Scribbling with a blue marker on a white board, they noted that the 14 shadow cell phones were using four mobile phone antennas with a radius of about 2 kilometers in central Athens.
Within that area was the U.S. Embassy on Vassilissis Sofias Avenue, which turned out to be a matter of great embarrassment for both the U.S. and Greek governments. “The U.S. has been fingered in the media as the culprit,” U.S. Ambassador Charles P. Ries noted in a classified memo to Washington, released by WikiLeaks. Ries suspected Voulgarakis of the leak. Calling him “a less reliable ally,” Ries said Voulgarakis “has allowed rumors to circulate that the U.S. is behind [the] major eavesdropping case in Greece.” Nevertheless, both sides wanted to pretend all was normal. Thus, Foreign Minister Molyviatis suggested to Ries that they move a previously scheduled meeting between them from the ambassador’s residence to the very public Grande Bretagne Hotel in central Athens. There, Ries noted in his memo, “All could see that the U.S.-Greece relationship was unimpaired.”
It was an odd lunch. Molyviatis was sitting across from the man whose embassy, he believed, had been listening in on his cell phone for months. And Ries, out of the loop because it was a rogue NSA/CIA operation, still may not have known of his embassy’s involvement. “Addressing the eavesdropping case,” Ries said in his memo, “Molyviatis gave his opinion that the whole hullabaloo [the press conference] had been unnecessary. It would have been sufficient to hand the matter to the judicial authorities for investigation and, if appropriate, prosecution, he said. But now, both he and the Prime Minister were keen to show that the current hysteria did not detract from excellent U.S.-Greece relations.”
For some, however, the cozy relations only seemed to increase the anger. In May, a Greek terrorist organization, “Revolutionary Struggle,” attempted to assassinate Voulgarakis with a remote-controlled bomb. Pointing to the wiretapping scandal and weakening Greek sovereignty as a key reason for the attack, the group said it opposed state-sponsored “terrorism of mass surveillance.” At the U.S. Embassy, the deputy chief of mission sent a classified cable to Washington, released by WikiLeaks, with a warning. “This group is to be taken seriously,” he said. “While there is no mention thus far of targeting foreign ‘capitalist-imperialists,’ it would not be a leap of faith for RS to focus its attention on the U.S. presence in Greece.” Ten months later, the group fired a rocket at the embassy.
Around the time the eavesdropping was discovered, Basil left the country, apparently with a quick reassignment by CIA to Sudan. Then, according to Greek documents obtained by The Intercept, on August 4, as things quieted down, he obtained a visa at the Greek Embassy in Khartoum and returned 10 days later to Athens and his cover job as first secretary for regional affairs. The diplomatic position gave him immunity from arrest.
The investigation was the first of what would be five major probes stretching over a decade in which more than 500 witnesses would be questioned, including agents of the EYP. Evidence built up slowly as investigators picked apart the telltale computer logs, traced the cell phone signals, and dissected layers and layers of software. Over the years, piece after piece, the puzzle began to come together.
In his testimony, Ericsson’s managing director for Greece, Bill Zikou, laid out the “how,” describing the method by which the bugging was accomplished. “What happened in this incident,” he said, “is that a complex, sophisticated, non-Ericsson intruder piece of software was planted into the Vodafone Greece network,” which by activating the RES function “thus made illegal interceptions possible.”
william-basil200 William George Basil. Date unknown. Photo: FacebookThen investigators turned to the “who.” At the conclusion of its operation, the NSA was hoping that it could disappear into the night without leaving a trace. “Unlike the athletes, when the Olympics are over, the NSA team is hoping you won’t even know they were there,” said one of the classified documents. It bore the ironic title, “Another Successful Olympics Story.” But as a result of sloppy intelligence tradecraft by the American spies, each step pointed the investigators closer and closer to the U.S.
One person who spent a great deal of time buying shadow phones was William Basil. “We used to call him the telephone man,” said the former CIA colleague in Athens. “All we do is we buy burner phones. Just drive in any direction you want and go to a random phone store and just buy a phone, make a call, and throw the phone away.”
But Basil wasn’t the only one buying shadow phones. According to the prosecutor’s confidential report, issued June 26, 2015 and obtained by The Intercept, investigators traced four of the shadow cell phones to the shop in Piraeus. There, the prosecutor showed pictures of Basil and his wife, Irene, to the store’s manager. “She is known” to the store, the manager said. The prosecutor then noted in his report that Irene was “acting as designated by him [Basil] and on his behalf.” And according to registered deeds, the family of Irene Basil has long owned a home in Piraeus just a few miles from the shop.
Things got even sloppier. After purchasing the four shadow phones, meant to be untraceable, the SIM card from one of them was removed and placed in a cell phone registered to the U.S. Embassy. It was a direct link between the covert operation and the U.S. government. Investigators then traced more than 40 calls to and from the U.S. Embassy involving the phone. The numbers listed in the ADAE report include the embassy’s main number, the emergency after-hours number, the Marine guard, and the FBI office. There was even a call to a women’s clothing store in Athens, Rouge Paris.
Then, on the same shadow phone using another SIM card, investigators found calls to Maryland. Based on the phone numbers, The Intercept was able to determine that those calls were made to Ellicott City, where Basil and his wife used to own property, and to neighboring Cantonsville, both bedroom communities for NSA. The implications greatly worried the investigators. “We were scared,” one told a parliamentary committee. “This is something that the Foreign and Justice Ministries should investigate.”
Finally, after years of slow, ineffective, and politically hindered investigations that produced more fog than clarity, the determined work of the ADAE and a few others began paying off. The evidence pointed at the U.S. Embassy, and with a bit of luck and thanks to the American spies’ mistakes, prosecutors came up with a name, William Basil, and the international arrest warrant was issued last February.
But by then, he was long gone. After Athens, Basil was promoted to deputy chief of station in Islamabad, Pakistan, then sent back to a desk job at headquarters, that of director of human resources at the agency’s Counterterrorism Center. Now retired and no longer protected by diplomatic immunity, he may never see Greece again, the country where his wife currently lives in her family’s home in Piraeus. In 2012, according to a petition he signed protesting a planned marine park on Karpathos, he wrote, “I own property in Karpathos and plan to retire there next year.”
Today the two-story house near the beach in Diafani sits empty; construction materials are stacked on the porch, its exterior unpainted. Nearby, friends and relatives can’t believe that Billy from Karpathos could have secretly wiretapped their top officials, or spied on their government. “There’s no way he did what they say he did,” said Basil’s cousin Nikos. “Because of his love [for] Greece, they would know that if that thing [the wiretapping] needed to be done, they would most certainly ask somebody else to do it. No way he did it. It is well known that he was first and foremost a Greek patriot.”
Months before the arrest warrant was issued, Basil had been in touch by phone with a prominent criminal lawyer in Athens, Ilias G. Anagnostopoulos, according to a Greek source, who asked not to be named because of the confidential nature of the information. When asked by the attorney if he would be willing to testify if it came to that, Basil, according to the source, replied: “If there are questions, of course I can answer them.” The attorney met with the prosecutor, but after leaks to the press, Basil told Anagnostopoulos to drop the matter for the time being. Complicating matters, the prosecutor has filed the eavesdropping case alongside a much larger, but unconnected, conspiratorial case involving an assassination attempt on former Prime Minister Karamanlis, a key target of the wiretapping operation.
CIA Chief of Station Eric Pound left Athens in 2007, returning to headquarters to become chief of the External Operations and Cover Division, the organization responsible for creating front companies overseas for clandestine officers masquerading as business executives or other occupations. After he retired in September 2009, Pound mentioned to a college audience that the CIA has an obsession to learn the truth. He added, “But obsession does not always lead to success.”
Costas Tsalikides March 9, 2005 Costas Tsalikidis, March 9, 2005.
Panagiotis and other family members also want the truth. In 2011, Costas’ family asked two coroners to reexamine the medical records. One was Dr. Steven Karch, a forensic pathologist and former medical examiner in San Francisco, and the other was Dr. Theodoros Vougiouklakis, an associate professor of forensic medicine in Greece. Karch called the original autopsy “farcical.” Based on pictures of the body, the coroners concluded that the marks to Costas’ neck couldn’t have come from simply jumping off the chair. “Something was done to him prior,” Karch told The Intercept.
The family agrees with this conclusion. “I believe there are people who know what happened, what exactly and who exactly did it and they will give us those facts,” said Panagiotis. “I believe that as time goes by the reasons for protecting the perpetrators will fade and mouths will open.” Last March, on the 10th anniversary of Costas’ death, his mother spoke to a local Greek reporter for the first time. “I want to know what happened to my child and nobody that investigated until now, 10 years [later], gave me the slightest response,” she said. “As long as I live I will live with this suffering. I want to punish those who are guilty for what happened, and those who know [but] do not speak.”
There appears little chance that her questions will be answered, however. It is extremely unlikely the Obama administration will ever allow Basil, or any other intelligence official, to be extradited. Nor is it likely that Basil will return to Greece voluntarily with an arrest warrant waiting for him. Around 2009 he appeared in a Facebook picture, seemingly in disguise, sporting a long white beard and moustache. “Dude, Santa’s job isn’t available for what … another seven months,” a friend joked on Facebook. Though he has not responded to requests for an interview, pictures online show him in Greece in 2013 attending his daughter’s wedding, without the beard, in the Glyfada section of Athens. Multiple attempts to reach Basil by phone, and through family members, were unsuccessful. Both the CIA and NSA declined to comment on any issue surrounding the Athens wiretapping, including Basil’s indictment.
As for the NSA, a classified review of the Greek Olympics asked the now ironic question, “After this year’s gold medal performance, what comes next?” Next will certainly be the Olympics scheduled for Rio de Janeiro, Brazil, next summer. According to a previously published top-secret NSA slide, the agency has already planted malware throughout the country’s telecommunications system. And, if history is any guide, in the weeks leading up to the start of the games, teams from the SCS, SSO, TAO, and other organizations will arrive once again to begin 24/7 eavesdropping. And as in Greece, they may just happen to leave some of their monitoring equipment behind.
Sitting in his apartment overlooking Athens’ Plaka, John Brady Kiesling could make little sense of it all. “I don’t see a shred of evidence that this wiretapping did the U.S. government any good,” he said. “I think it’s just important to underscore that intelligence gathering is never free. It always comes at a human and political cost to someone. In this case it was paid by an innocent Vodafone technician.”
Aggelos Petropoulos of the Athens-based newspaper Kathimerini contributed reporting from Greece, and Ryan Gallagher, senior reporter at The Intercept, contributed research and reporting from the Snowden Archive.
by seemslikeadream » Thu Oct 08, 2015 12:17 pm
Carly Fiorina May Have Revealed State Secrets by Bragging About Helping the NSA
Written by
LORENZO FRANCESCHI-BICCHIERAI
STAFF WRITER
October 7, 2015 // 02:12 PM EST
Last week, Republican presidential candidate Carly Fiorina bragged about providing truckloads of HP servers to the NSA after 9/11, at the urgent request of then-NSA-chief Michael Hayden.
In an interview with Yahoo News, she boasted about receiving a call from Hayden, after which she swiftly redirected an order of HP servers to Fort Meade. “Carly, I need stuff and I need it now,” he reportedly told her. The NSA needed the machines to implement its warrantless wiretapping program codenamed “STELLARWIND.”
“I felt it was my duty to help, and so we did,” Fiorina, who was the CEO of HP at the time, said.
Until Fiorina bragged about it, this episode of obedient collaboration between the computer giant and the spy agency had never come out—because, evidence suggests, it might have been classified.
Paul Dietrich, an activist and independent researcher, noticed that a document leaked by Edward Snowden and in 2013 contains a possible reference to Fiorina’s assist. The document, a top secret working draft of an NSA Inspector General report on STELLARWIND, refers to an order of 50 “computer servers to store and process data acquired under the new authority.” In a footnote, the document reveals that “a vendor diverted a shipment of servers” to the NSA “because of the heightened terrorist threat” on Oct. 13, 2001.
The document was partially declassified by the NSA earlier this year, but the page that contains the reference to the diverted servers remained entirely blacked out, hinting that the US government considers this specific part of the report still classified.
The fact that the document doesn’t specify the name of the vendor is not entirely surprising. As Dietrich put it in an email, the NSA “REALLY HATES talking about corporate relationships.” For example, it took a group of reporters a lot of sleuthing to reveal that AT&T was the unnamed company working with the NSA on another surveillance program called FAIRVIEW.
But the spy agency has many more partners. In fact, another leaked document from the Snowden cache, published in Glenn Greenwald’s book No Place to Hide, shows that HP is among the NSA’s “strategic” partners.
When asked about the episode, an HP spokesperson initially referred all questions to the NSA, declining to comment. When I followed up asking whether that meant HP is bound by an Non-Disclosure Agreement, the spokesperson replied in an email: “It means exactly that.”
The NSA, however, did not respond to Motherboard’s repeated requests for comment. Fiorina’s spokesperson Anna Epstein also did not respond to Motherboard’s emails and calls.
A passage in Shane Harris’ @War book also hints that this episode was supposed to remain secret.
“The agency didn’t want a record of it suddenly buying a lot of new equipment,” Harris writes in the book. “So officials asked a server vendor to divert a shipment intended for another recipient to the NSA instead, and tell no one.”
”Officials asked a server vendor to divert a shipment intended for another recipient to the NSA instead, and tell no one.”
Hayden, who personally asked Fiorina for the servers, told me that “there’d be no record of it” because the request “was informal—it was a phone call.”
“We just wanted the equipment, alright? We just wanted to get their products, and we couldn’t wait for the normal purchasing agreement to go through,” he said in an interview after an event in Manhattan on Tuesday. “We paid for them. We did all the paperwork, but I needed them right away.”
“We asked for computers, we got them,” he added. “Were some of them used for STELLARWIND? Yes.”
by seemslikeadream » Thu Oct 15, 2015 11:12 am
Europe’s privacy rules conflict with NSA spying: EU Court Declares NSA Surveillance Illegal
by Alfredo Lopez | October 15, 2015 - 7:26am
As expected, the European Union court has thrown out an agreement, forged in 2000, that allows virtually uninhibited data sharing and transfer between the United States and EU countries and is the legal basis for National Security Agency's on-line surveillance and data capture programs.
The Court's decision is binding on all EU members and violation of its decisions could end in punitive measures including fines and trade restrictions.
The decision validates an opinion issued by the EU Court's Advocate General last month that the Safe Harbor Framework -- a group of trade regulations approved by the EU in 2000 -- violates the laws of various EU member countries and the EU's 2009 Charter of Fundamental Rights.
Essentially, Safe Harbor allows the United States to retrieve huge amounts of data from servers and other storage devices in a European country without having to worry about the country's privacy laws, which are frequently stricter than those in the United States and are now uniformly compliant with the 2009 Charter. In fact, since these are American officials operating abroad, they don't have to worry about U.S. privacy laws either because these don't apply to activities outside the U.S.
Since much of the data from users of services like Google (including Gmail), Apple and Facebook (as well as 4500 other companies and agencies) is stored in Europe, which is more cost-effective than in the U.S., the NSA was capturing most data without any constraint. That, now, has ended.
The opinion issued by Advocate General Yves Bot last month was a response to a case brought by Austrian technologist Maximillian Schrems. Schrems used information made public by whistle-blower Edward Snowden to demonstrate that the NSA's PRISM program, the agency's main data collection program, was effectively illegal in much of Europe and Safe Harbor was actually facilitating a crime.
After being turned down by Ireland's courts -- the European division of Facebook, the lawsuit's initial target, is based in Ireland -- Schrems took his case to the EU courts which almost immediately saw a major contradiction in the Safe Harbor Framework...
by seemslikeadream » Thu Oct 15, 2015 9:11 pm
Researchers claim to have solved NSA crypto-breaking mystery
Researchers claim to have solved NSA crypto-breaking mystery Ralph Merkle, Martin Hellman and Whitfield Diffie, who developed the first public-key crypto exchange, in 1975. Source: Stanford University.
Able to decrypt almost a fifth of top million HTTPS websites.
Researchers believe they have worked out how the United States National Security Agency (NSA) is able to break digital encryption used on the internet and intercept potentially trillions of connections.
A team of computer scientists from US and French universities alongside Microsoft looked into rumours that the NSA has in recent years been able to crack present encryption.
They studied the Diffie-Hellman method of exchanging digital keys between internet-connected computers to encrypt virtual private networking, website, email and other traffic.
Diffie-Hellman has until now been thought to be safe against encryption breaking and protect against mass surveillance, if keys larger than 512 bits are used.
The D-H protocol negotiation starts with the client and server agreeing on a large prime number with a particular form, which would require a vast amount of computational effort to calculate.
However, a paper entitled Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice [pdf] points to an implementation weakness within many clients and servers that means they reuse the same prime numbers.
Two of the researchers, Alex Haldeman and Nadia Heninger, said that for 1024-bit primes, the most common D-H key strength used currently, a special-purpose hardware-equipped computer would cost a few hundred million US dollars to build.
It's a sum well within the NSA's computer network exploitation budget of US$1 billion in 2013.
Such a system would be able to break one Diffie-Hellman prime a year.
Researcher Nicholas Weaver of the International Computer Science Institute in Berkeley, California, analysed the paper, and said the scientists were "almost certainly correct that the technique they describe is used by the NSA, in bulk, to perform a massive amount of decryption of internet traffic."
Weaver noted that while an NSA supercomputer could break 1024-bit Diffie-Hellman, longer keys like 3072-bit, elliptic curve D-H and RSA encryption could not be cracked in the same way.
For the NSA, being able to break commonly used encryption would have an enormous payoff, the researchers said.
"Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally," they wrote.
"Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20 percent of the top million HTTPS websites.
"In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."
While the researchers said they could not prove for certain that the NSA is breaking internet encryption and eavesdropping and intercepting traffic, they believe their analysis of the weaknesses in Diffie-Hellman implementations fits what is known already about the spy agency's decryption abilities better than other explanations.
The NSA working as both the poacher and game keeper when it comes to encryption is problematic, Haldeman and Heninger said. It means the agency could be exploiting weak Diffie-Hellman while only taking small steps to fix the problems.
"This state of affairs puts everyone’s security at risk. Vulnerability on this scale is indiscriminate—it impacts everybody’s security, including American citizens and companies—but we hope that a clearer technical understanding of the cryptanalytic machinery behind government surveillance will be an important step towards better security for everyone," they wrote.
Weaver said it was critical that users who wish to protect themselves from "Applied Kleptography" or stealing of digital keys for mass surveillance move away from 1024-bit Diffie-Hellman.
Devices deployed today will be in use for a decade, the researchers wrote, which is as long as adverseries can use the above-mentioned techniques for eavesdropping and interception.
by seemslikeadream » Mon Nov 23, 2015 11:08 am
It’s official—NSA did keep its e-mail metadata program after it “ended” in 2011
The New York Times gets a new NSA doc confirming what some had long suspected.
by Cyrus Farivar - Nov 20, 2015 5:30pm CST
“We’ve taken significant steps down the road towards a surveillance state."
Though it was revealed by Edward Snowden in June 2013, the National Security Agency's (NSA) infamous secret program to domestically collect Americans’ e-mail metadata in bulk technically ended in December 2011. Or so we thought. A new document obtained through a lawsuit filed by The New York Times confirms that this program effectively continued under the authority of different government programs with less scrutiny from the Foreign Intelligence Surveillance Court (FISC).
The bulk electronic communications metadata program was initially authorized by the government under the Pen Register and Trap and Trace (PRTT) provision, also known as Section 402 of the Foreign Intelligence Surveillance Act. The Times’ document, a previously-top secret National Security Agency Inspector General (NSA IG) report from January 2007, contains a lot of intelligence jargon but crucially notes: "Other authorities can satisfy certain foreign intelligence requirements that the PRTT program was designed to meet."
While such a theory had been pushed previously by some national security watchers, including Marcy Wheeler, this admission had yet to be officially confirmed. Wheeler argued that not only do the post-PRTT programs achieve the same goal, but she believed they were in fact more expansive than what was previously allowed.
The bulk metadata program, which began in secret under authorization from the FISC in 2004, allowed the NSA to collect all domestic e-mail metadata including to, from, date, and time. When this program was revealed by the Snowden leaks in The Guardian, the government said that the PRTT program had been shut down 18 months earlier for "operational and resource reasons."
It was believed that the FISC imposed a number of restrictions on the PRTT program, according to the Office of the Director of National Intelligence (ODNI) itself.
The databases could be queried using an identifier such as an email address only when an analyst had a reasonable and articulable suspicion that the email address was associated with certain specified foreign terrorist organizations that were the subject of FBI counterterrorism investigations. The basis for that suspicion had to be documented in writing and approved by a limited number of designated approving officials identified in the Court’s Order. Moreover, if an identifier was reasonably believed to be used by a United States person, NSA’s Office of General Counsel would also review the determination to ensure that the suspected association was not based solely on First Amendment-protected activities.
FURTHER READING
THE EXECUTIVE ORDER THAT LED TO MASS SPYING, AS TOLD BY NSA ALUMNI
Feds call it “twelve triple three”; whistleblower says it's the heart of the problem.
The PRTT program was designed to help the intelligence community intercept and analyze "one-end foreign" communication—in other words, people in the US communicating with people outside the US.
EO 12333 strikes again
The newly public document cites two legal authorities that govern foreign data collection: Section 702 of the FISA Amendments Act and the Special Procedures Governing Communications Metadata Analysis (SPCMA), which sits under Executive Order (EO) 12333.
Section 702 largely governs content collection wholly outside the United States (it’s what PRISM falls under). Meanwhile, EO 12333, which ex-government officials (including Snowden himself) have complained about, is a broad Reagan-era authority that allows data collection on Americans even when Americans aren't specifically targeted. Without this executive order, such actions would be forbidden under the Foreign Intelligence Surveillance Act (FISA) of 1978.
Enlarge
EdwardSnowden.com
EO 12333 specifically allows the intelligence community to "collect, retain, or disseminate information concerning United States persons" if that information is "obtained in the course of a lawful foreign intelligence, counterintelligence, international narcotics, or international terrorism investigation."'
According to John Tye, a former State Department official who spoke with Ars in August 2014, EO 12333 has the potential to be abused as it could "incidentally" collect foreign-held data on Americans. "12333 is used to target foreigners abroad, and collection happens outside the US," he told Ars. "My complaint is not that they’re using it to target Americans, my complaint is that the volume of incidental collection on US persons is unconstitutional."
Tye continued:
There are networks of servers all over the world and there have been news stories on Google and Yahoo—the minute the data leaves US soil it can be collected under 12333. That’s true not just for Google and Yahoo, that’s true for Facebook, Apple iMessages, Skype, Dropbox, and Snapchat. Most likely that data is stored at some point outside US or transits outside the US. Pretty much every significant service that Americans use, at some point it transits outside the US.
Hypothetically, under 12333 the NSA could target a single foreigner abroad. And hypothetically if, while targeting that single person, they happened to collect every single Gmail and every single Facebook message on the company servers not just from the one person who is the target, but from everyone—then the NSA could keep and use the data from those three billion other people. That’s called 'incidental collection.' I will not confirm or deny that that is happening, but there is nothing in 12333 to prevent that from happening.
UPDATE Saturday 12:55pm ET: Tye also e-mailed Friday evening, adding:
Yes, this is consistent with what I've been saying. One of the key points is that section 215 provides only a small part of the data that the NSA collects on US persons; most such data is collected outside the borders of the US under EO 12333.
There is a lot more than even the Savage article explains. We're beginning to scratch the surface.
Users browsing this forum: No registered users and 39 guests
