Articles about NSA

Seven hours is all it takes to crack the encryption that is in place on some supposedly secure websites. Security experts blame the US government's ban on the use of strong encryption back in the 1990s for a vulnerability that has just come to light. Named FREAK (Factoring attack on RSA-EXPORT Keys), the flaw exists on high-profile websites including, ironically, NSA.gov.

Restrictions that limited security to just 512-bit encryptions were lifted in the late 90s, but not before it was baked into software that is still in use today. The ban on the shipping of software with stronger encryption apparently backfired as it found its way back into the States. Security experts say the problem is serious, and the vulnerability is relatively easy to exploit.

Continue reading →

Gemalto, the world’s largest producer of SIM cards which reportedly had its encryption keys stolen by the NSA and GCHQ spying agencies, announced today that its network was hacked, but it didn’t result in massive theft of keys used to encrypt conversations, messages and data traffic, a conclusion it reached after a thorough investigation.

The Netherlands-based SIM manufacturer says that it noted sophisticated attacks on its networks between 2010 and 2011 that appear to have been carried out by the aforementioned intelligence agencies. But the company notes that the agencies couldn’t get in far enough to get access to SIM encryption keys.

Continue reading →

Gemalto, the world’s largest producer of SIM cards, which made headlines last week for reportedly gettings its encryption keys stolen by the mighty NSA and GCHQ spying agencies, says its SIM cards, as well as banking cards, passports and other products are secure, a conclusion it reached after conducting a round of initial investigations.

The Intercept published a detailed report last week based on confidential documents it gleaned from whistleblower Edward Snowden, in which it revealed that America’s NSA and UK’s GCHQ hacked the systems at Gemalto to steal the encryption keys. By getting access to the keys, the agencies were able to directly tap phone calls, and monitor messages, among other things, on millions of mobile phones.

Continue reading →

In mid-2013, Edward Snowden revealed that the government-backed agency NSA monitored everything happening on the Internet, including spying on individuals' phone calls, messaging, and emails to glean information and pinpoint suspicious activities in an attempt to stop the growing terrorist acts.

Since the revelations -- which changed everyone's perspective on privacy -- the leaked information from Snowden and acceptance from major technology companies have given us an understanding of how the NSA managed to get our data from the services we heavily rely on. Essentially, either providers agreed to turn over our data or the NSA found another way, a backdoor, to obtain it. But how it manage to tap our phone calls was mostly unclear. Last year, Vodafone did acknowledge that it allowed the NSA to place surveillance tools inside its data centers. But as it turns out, the agency had more ways to log our phone activities.

Continue reading →

In a new twist to the on-going NSA story, security firm Kaspersky Lab has discovered that a threat actor of previously unknown complexity and sophistication has been embedding surveillance software on hard drives produced by a number of well-known manufacturers. With names such as Western Digital, Seagate and Toshiba mentioned, and the reach of the spy program stretching to dozens of countries, it's not clear quite how many people may be affected.

Although Kapersky does not go as far as naming the NSA, or even specifying which country is responsible for the advanced surveillance, it seems that the spying campaign is somehow related to Stuxnet -- the tool used by the NSA to attack Iran -- and the Flame group.

Continue reading →

It is just about impossible to be an internet user without being aware of the surveillance that has been carried out by the NSA; cheers for the tip, Mr Snowden. While it was the NSA's activities that hit the headlines, governments in other countries used -- and continue to use -- similar surveillance techniques and even share information between each other.

We already know that GCHQ believes that online privacy has never been an absolute right, but this does not change the fact that data sharing between the NSA and GCHQ was illegal before December. Now Privacy International, one of the organizations opposed to such spying, has launched a campaign to help people find out if GCHQ illegally received information about them from the NSA.

Continue reading →

Iran might have learned advanced cyber warfare from the US, recently revealed government documents have shown.

Leaked National Security Agency (NSA) documents published by The Intercept show fears that the American cyberattacks on Iran might have helped that country develop sophisticated cyber tactics and strategies.

Continue reading →

A secret UK court has ruled that the UK's intelligence agency GCHQ acted unlawfully by intercepting information gathered by the NSA. Investigatory Powers Tribunal said that because the rules surrounding the UK’s access to the NSA's PRISM and UPSTREAM program data were secret, data sharing between the US and UK was illegal. A case has been brought against GCHQ by Privacy International, Bytes for All, Liberty, and Amnesty International.

But while the IPT said that accessing this information breached human rights laws this is no longer the case. Why? The illegality of sharing data collected through these surveillance programs centered on the very fact that they were secret. In blowing the whistle about what the NSA was doing, Edward Snowden unwittingly made this data sharing legal. Whoops.

Continue reading →

When Sony Pictures was hacked, the US was quick to point the finger of blame at North Korea. Security experts may have disagreed, but newly declassified documents show that the NSA had been monitoring the nation as far back as 2010 -- and there are even hints that the US was aware of the possibility of North Korea launching some form of cyberattack.

With the help of allies such as South Korea, US intelligence services were able to tap into North Korean web traffic. The NSA also went as far as installing malware on North Korean computers with a view to monitoring the activity of key systems. New papers published by Der Spiegel show that it is this spying that helped to pin the blame for the Sony attack on NK.

Continue reading →

In a near-perfect example of how there is always more than one way to look at things, Edward Snowden has very different views on Amazon than Amazon users do. On Friday, Snowden appeared -- as ever -- via video link at the surveillance symposium at the Cato Institute. He condemned Amazon's lack of encryption of customers' searches, referring to the practice as "morally irresponsible".

But Snowden's condemnation of Amazon comes at the same time as a study by Bizrate Insights which finds that more than 45 percent of online shoppers trust the site with their payment and personal information. So why the disparity?

Continue reading →

Usually it's the big guys, or at least national and international organizations, that stand up to fight against the government. But on Monday, a nurse from Idaho will continue to fight the case she brought against Barack Obama and government intelligence agencies. Anna Smith says her Fourth Amendment rights were violated when the NSA collected data about her from phone records.

A district court ruled against Smith when she first started to fight the case, but now she has the backing of the Electronic Frontier Foundation (EFF), the American Civil Liberties Union (ACLU) and the American Civil Liberties Union of Idaho.

Continue reading →

Amnesty International hit out at a court ruling that found communication surveillance carried out by UK secret services did not breach human rights. Amnesty UK and Privacy International brought the case to court following revelations by Edward Snowden that showed GCHQ (UK secret services) and the NSA had been spying on people by monitoring their correspondence.

But a panel of judges found that the actions of GCHQ do not contravene the European Convention of Human Rights. Amnesty said the result was "disappointing if unsurprising" and indicated that it will appeal at the European Court of Human Rights in Strasbourg.

Continue reading →

A bill that could have curtailed the surveillance activities of the NSA has been rejected by the US Senate. The USA Freedom Act was blocked as a bloc of Republican senators voted against the Obama-backed bill. After the Edward Snowden revelations, there have been many vocal calls for the powers of the NSA to be reined in. This was the bill that was supposed to deliver, but right wing opponents referred to it as a "gift to terrorists".

The bill passed the House of Representatives in May and had the backing of many of the biggest technology companies. One of the main aims of the USA Freedom Act was to stop the collection of domestic phone records, but there were also implications for the agency's online dragnet-style data trawling. Now it seems that the fight for privacy starts afresh.

Continue reading →

The head of GCHQ, the UK's equivalent of the NSA, says that the Edward Snowden leaks have helped terrorist organizations such as ISIS who have taken to the web to spread propaganda. Writing in the Financial Times, Robert Hannigan points out that ISIS is the first terrorist group whose members have grown up on the internet. He says that the group has made use of "messaging and social media services such as Twitter, Facebook and WhatsApp, and a language their peers understand" and that the security tools that have popped up post-Snowden makes the work of GCHQ in tracking communication much harder.

This might not come as a surprise, but something else that Hannigan says is likely to raise eyebrows. His assertion that "privacy has never been an absolute right" goes against the grain of what many web users believe, but he suggests that the challenges facing governments and intelligence agencies in fighting back against terrorists can "only be met with greater co-operation from technology companies".

Continue reading →

There is now great interest in the level of governmental interference that takes place into online activity. Edward Snowden told the world about what the NSA was up to and there are now numerous websites dealing with the revelation that he made. One such site is The Intercept, and it has just published the secret manuals that are supplied to governments who want to use a suite of specialist tools to monitor web users' activities.

Sub-titled "the hacking suite for governmental interception", RCS 9 (or Remote Control System) is a suite of tools from Hacking Team. The Italian security and surveillance company is responsible for providing hacking and monitoring guides and software to a list of countries including Colombia, Korea, Mexico, Nigeria, and Saudi Arabia. RCS itself is "a solution designed to evade encryption" -- the sort of encryption put in place by Google.

Continue reading →