March 22, 2012
By Kurt Nimmo
“Another government bureaucrat is caught lying to the people – shocking!” –KTRN
Once again, another government bureaucrat, this time the boss of the all-power National Security Agency, has taken us for idiots.
General Keith Alexander, who insists hackers can take down power grids not hooked up to the internet, recently told Congress the NSA does not have the ability to look at your email.
And there is a bridge in Brooklyn we’d like to sell you.
Here’s what Alexander told Congress:
“NSA does not have the ability to do that (spy on citizen emails) in the United States….We don’t have the technical insights in the United States. In other words, you have to have something to intercept, or some way of doing that either by going to a service provider with a warrant or you have to be collecting in that area. We’re not authorized to do that, nor do we have the equipment in the United States to collect that kind of information.”
I guess Mr. Alexander did not see the report issued by the European Parliament back in 2001 about the NSA’s Echelon. Not only can they intercept and read your email, but also your telephone calls, fax, and other data.
Then there was the AT&T employee Mark Klein. He revealed a few years ago that his company was in cahoots with the NSA and they were vacuuming up enormous amounts of data from the internet.
March 13, 2012
By Matthew Harwood
Thomas Drake, the whistle-blower whom the Obama administration tried and failed to prosecute for leaking information about waste, fraud and abuse at the National Security Agency, now works at an Apple store in Maryland. In an interview with Salon, Drake laughed about the time he confronted Attorney General Eric Holder at his store while Holder perused the gadgetry on display with his security detail around him. When Drake started asking Holder questions about his case, America’s chief law enforcement officer turned and fled the store.
But the humor drained away quickly from Drake’s thin and tired face as he recounted his ordeal since 2010 when federal prosecutors charged him with violating the Espionage Act for retaining classified information they believed he would pass on to then Baltimore Sun reporter Siobhan Gorman. While Drake never disclosed classified information, he did pass on unclassified information to Gorman revealing that the NSA had wasted billions of taxpayers’ dollars on Trailblazer, a contractor-heavy intelligence software program that failed to find terrorist threats in the tsunami of digital data the agency was sucking up globally — and sometimes unconstitutionally. While Trailblazer burned through cash, in the process enriching many NSA employees turned contractors, Drake found that another software program named ThinThread had already met the core requirements of a federal acquisition regulation that governed the proposed system at a sliver of the cost, all while protecting American civil liberties at the code level. The NSA leadership, however, had already bet their careers on Trailblazer. So Drake blew the whistle, first to Congress, then to the Department of Defense Inspector General’s Office, and finally, and fatefully, to Gorman.
Last June, the government’s case collapsed. On the eve of trial, all 10 counts were dropped. In a Kafkaesque turn of events, Drake actually helped the government find a misdemeanor to charge him with — exceeding authorized use of an NSA computer — so federal prosecutors could save face. Once facing 35 years behind bars, Drake pled guilty to the misdemeanor charge and was sentenced to one year of probation and 240 hours of community service, what he sardonically calls “his penance.”
February 22, 2012
By Paul Joseph Watson
“Google is spying on you and the government loves it.” –KTRN
Following the revelation that Google had been tracking the surfing habits of iPhone users via a code that disables the Safari browser’s privacy settings, Microsoft has now discovered that Google is using similar methods to bypass privacy protections and spy on the browsing habits of Internet Explorer users.
“When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies,” reports Microsoft on their IEblog.
Last week it was revealed that Google had circumvented Apple’s efforts to block third party cookies by default, allowing Google to track which ads Safari users clicked on.
The Internet giant, whose motto is “don’t be evil,” has now been caught using a similar process to disregard cookie preferences of Internet Explorer users, allowing targeted ads to be served based on browsing history.
“Google is trying to do is figure out things based on what you have looked at, figure out ways to serve you more relevant ads,” explains Henry Blodget. “Google intentionally circumvented some privacy protections that Apple put in place, now Microsoft is saying ‘hey wait a minute, they did the same thing to us.’”
While Google’s actions are not illegal, they will only serve to underscore the fact that the company has a flagrant disregard for privacy, which is no surprise given Google CEO Eric Schmidt’s creepy 2009 warning, when he stated, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
Indeed, as we have documented on numerous occasions, Google’s actions are completely consistent with the charge that the company is in cahoots with the National Security Agency, America’s foremost spying operation.
Last year the Washington Post reported that Google and the NSA had formed an “alliance…to allow the two organizations to share critical information.”
January 25, 2012
“So other nations aren’t allowed to perform cyber attacks, but it’s perfectly acceptable for the US?” –KTRN
The assumption that the US has the technological know-how to cripple a competing nation has always been just that: as assumption. In a recent sit-down interview, however, a former spy chief confirmed that America has already waged cyber attacks.
Mike McConnell, the former director of national intelligence at the National Security Agency under George W Bush, tells Reuters this week that cyber war is more than a distant possibility. According to the current vice chairman at Booz Allen Hamilton, the US has already launched attacks on the computer networks of other nations.
McConnell did not add any input as to what countries have been hit with American cyber warfare in the past, but he did confirm that the US has already used the ability. When asked by Reuters if the United States had the capability to destroy the computer system of an adversary, McConnell responded “Yes.” When asked if it worked, he confirmed “yes” as well.
“Do we have the ability to attack, degrade or destroy? Sure. If you do that, what are the consequences? That is the question,” added McConnell.
Although the former spy chief neglected to name any countries that have been the target of American attacks, the US is believed by some to be the culprit behind a virus that targeted computer systems in Iran in 2010. Stuxnet, an advanced computer worm discovered in June of that year, impacted the computers used in conjunction with Iran’s nuclear program. In a January 2011 article in the New York Times, an American nuclear intelligence expert speaking on condition of anonymity said that the Israelis were behind Stuxnet, placing the blame on one of America’s most important allies. The expert adds in the article that Israel did indeed work hand-in-hand with the US in perfect Stuxnet before sending it to the Iranian networks, but that Washington wanted “plausible deniability.”
March 21st, 2011
Electronic Frontier Foundation
The U.S. government, with assistance from major telecommunications carriers including AT&T, has engaged in a massive program of illegal dragnet surveillance of domestic communications and communications records of millions of ordinary Americans since at least 2001.
News reports in December 2005 first revealed that the National Security Agency (NSA) has been intercepting Americans’ phone calls and Internet communications. Those news reports, plus a USA Today story in May 2006 and the statements of several members of Congress, revealed that the NSA is also receiving wholesale copies of their telephone and other communications records. All of these surveillance activities are in violation of the privacy safeguards established by Congress and the U.S. Constitution.
The evidence also shows that the government did not act alone. EFF has obtained whistleblower evidence [PDF] from former AT&T technician Mark Klein showing that AT&T is cooperating with the illegal surveillance. The undisputed documents show that AT&T installed a fiberoptic splitter at its facility at 611 Folsom Street in San Francisco that makes copies of all emails, web browsing, and other Internet traffic to and from AT&T customers, and provides those copies to the NSA. This copying includes both domestic and international Internet activities of AT&T customers. As one expert observed, “this isn’t a wiretap, it’s a country-tap.”
EFF is fighting these illegal activities on multiple fronts. In Hepting v. AT&T, EFF filed the first case against a telecom for violating its customers’ privacy. In addition, EFF is representing victims of the illegal surveillance program in Jewel v. NSA, a lawsuit filed in September 2008 against the government seeking to stop the warrantless wiretapping and hold the government officials behind the program accountable.
EFF is not alone in this fight. There are multiple cases challenging various parts of the illegal surveillance against both the telecoms and the government. This page collects information on EFF’s cases as well as cases brought by individuals, the American Civil Liberties Union of Northern California and of Illinois, the Center for Constitutional Rights, and others.
January 10th, 2011
By: Declan McCullagh
President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.
It’s “the absolute perfect spot in the U.S. government” to centralize efforts toward creating an “identity ecosystem” for the Internet, White House Cybersecurity Coordinator Howard Schmidt said.
That news, first reported by CNET, effectively pushes the department to the forefront of the issue, beating out other potential candidates including the National Security Agency and the Department of Homeland Security. The move also is likely to please privacy and civil liberties groups that have raised concerns in the past over the dual roles of police and intelligence agencies.
The announcement came at an event today at the Stanford Institute for Economic Policy Research, where U.S. Commerce Secretary Gary Locke and Schmidt spoke.
The Obama administration is currently drafting what it’s calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by the president in the next few months. (An early version was publicly released last summer.)
“We are not talking about a national ID card,” Locke said at the Stanford event. “We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.”
The Commerce Department will be setting up a national program office to work on this project, Locke said.
Details about the “trusted identity” project are unusually scarce. Last year’s announcement referenced a possible forthcoming smart card or digital certificate that would prove that online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions.
Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. “I don’t have to get a credential if I don’t want to,” he said. There’s no chance that “a centralized database will emerge,” and “we need the private sector to lead the implementation of this,” he said.
Inter-agency rivalries to claim authority over cybersecurity have exited ever since many responsibilities were centralized in the Department of Homeland Security as part of its creation nine years ago. Three years ago, proposals were were circulating in Washington to transfer authority to the secretive NSA, which is part of the U.S. Defense Department.
In March 2009, Rod Beckstrom, director of Homeland Security’s National Cybersecurity Center, resigned through a letter that gave a rare public glimpse into the competition for budgetary dollars and cybersecurity authority. Beckstrom said at the time that the NSA “effectively controls DHS cyber efforts through detailees, technology insertions,” and has proposed moving some functions to the agency’s Fort Meade, Md., headquarters.
WASHINGTON — The Obama administration is drawing up legislation to make it easier for US intelligence services to eavesdrop on the Internet, including email exchanges and social networks, The New York Times said Monday.
The White House intends to submit a bill before Congress next year that would require all online services that enable communications to be technically capable of complying with a wiretap order, including being able to intercept and unscramble encrypted messages, the Times reported.
The services would include encrypted email transmitters like BackBerry, social networking websites like Facebook and peer-to-peer messaging software like Skype.
Federal law enforcement and national security officials are seeking the new regulations, arguing that extremists and criminals are increasingly communicating online rather than using phones.
“We’re talking about lawfully authorized intercepts,” said Federal Bureau of Investigation (FBI) general counsel Valerie Caproni.
“We’re not talking expanding authority. We’re talking about preserving our ability to execute our existing authority in order to protect the public safety and national security.”
Officials from the White House, Justice Department, National Security Agency, FBI and other agencies have been meeting in recent months to craft the proposals, the Times said.
But, citing officials familiar with the discussions, it said the participants had not yet agreed on important elements, such as how to define which entities are considered communications service providers.
President Barack Obama’s administration is seeking a broad mandate that would also apply to companies whose servers are operated abroad, such as Research in Motion, the Canadian maker of BlackBerry smartphones.
As an example, officials told the Times that investigators discovered that Faisal Shahzad, the suspect from the failed Times Square bombing in May, had been using a communication service without prebuilt interception capacity.
That meant that there would have been a delay before he could have been wiretapped, had he aroused suspicion beforehand, the officials said.
July 8, 2010
The Wall Street Journal
By: Siobhan Gorman
The federal government is launching an expansive program dubbed “Perfect Citizen” to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.
The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.
Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million, said a person familiar with the project.
An NSA spokeswoman said the agency had no information to provide on the program. A Raytheon spokesman declined to comment.
Some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide.
“The overall purpose of the [program] is our Government…feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security,” said one internal Raytheon email, the text of which was seen by The Wall Street Journal. “Perfect Citizen is Big Brother.”
Raytheon declined to comment on this email.
A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It’s a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.
U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure. Officials are unable to describe the full scope of the problem, however, because they have had limited ability to pull together all the private data.
Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems—which run everything from subway systems to air-traffic control networks—have since been linked to the Internet, making them more efficient but also exposing them to cyber attack.
The goal is to close the “big, glaring holes” in the U.S.’s understanding of the nature of the cyber threat against its infrastructure, said one industry specialist familiar with the program. “We don’t have a dedicated way to understand the problem.”
The information gathered by Perfect Citizen could also have applications beyond the critical infrastructure sector, officials said, serving as a data bank that would also help companies and agencies who call upon NSA for help with investigations of cyber attacks, as Google did when it sustained a major attack late last year.
The U.S. government has for more than a decade claimed a national-security interest in privately owned critical infrastructure that, if attacked, could cause significant damage to the government or the economy. Initially, it established relationships with utility companies so it could, for instance, request that a power company seal a manhole that provides access to a key power line for a government agency.
With the growth in concern about cyber attacks, these relationships began to extend into the electronic arena, and the only U.S. agency equipped to manage electronic assessments of critical-infrastructure vulnerabilities is the NSA, government and industry officials said.
The NSA years ago began a small-scale effort to address this problem code-named April Strawberry, the military official said. The program researched vulnerabilities in computer networks running critical infrastructure and sought ways to close security holes.
That led to initial work on Perfect Citizen, which was a piecemeal effort to forge relationships with some companies, particularly energy companies, whose infrastructure is widely used across the country.
The classified program is now being expanded with funding from the multibillion-dollar Comprehensive National Cybersecurity Initiative, which started at the end of the Bush administration and has been continued by the Obama administration, officials said. With that infusion of money, the NSA is now seeking to map out intrusions into critical infrastructure across the country.
Because the program is still in the early stages, much remains to be worked out, such as which computer control systems will be monitored and how the data will be collected. NSA would likely start with the systems that have the most important security implications if attacked, such as electric, nuclear, and air-traffic-control systems, they said.
Intelligence officials have met with utilities’ CEOs and those discussions convinced them of the gravity of the threat against U.S. infrastructure, an industry specialist said, but the CEOs concluded they needed better threat information and guidance on what to do in the event of a major cyber attack.
Some companies may agree to have the NSA put its own sensors on and others may ask for direction on what sensors to buy and come to an agreement about what data they will then share with the government, industry and government officials said.
While the government can’t force companies to work with it, it can provide incentives to urge them to cooperate, particularly if the government already buys services from that company, officials said.
Raytheon, which has built up a large cyber-security practice through acquisitions in recent years, is expected to subcontract out some of the work to smaller specialty companies, according to a person familiar with the project.
March 8, 2010
By Declan McCullagh
Homeland Security and the National Security Agency may be taking a closer look at Internet communications in the future.
The Department of Homeland Security’s top cybersecurity official told CNET on Wednesday that the department may eventually extend its Einstein technology, which is designed to detect and prevent electronic attacks, to networks operated by the private sector. The technology was created for federal networks.
Greg Schaffer, assistant secretary for cybersecurity and communications, said in an interview that the department is evaluating whether Einstein “makes sense for expansion to critical infrastructure spaces” over time.
Not much is known about how Einstein works, and the House Intelligence Committee once charged that descriptions were overly “vague” because of “excessive classification.” The White House did confirm this week that the latest version, called Einstein 3, involves attempting to thwart in-progress cyberattacks by sharing information with the National Security Agency.
Greater federal involvement in privately operated networks may spark privacy or surveillance concerns, not least because of the NSA’s central involvement in the Bush administration’s warrantless wiretapping scandal. Earlier reports have said that Einstein 3 has the ability to read the content of emails and other messages, and that AT&T has been asked to test the system. (The Obama administration says the “contents” of communications are not shared with the NSA.)
“I don’t think you have to be Big Brother in order to provide a level of protection either for federal government systems or otherwise,” Schaffer said. “As a practical matter, you’re looking at data that’s relevant to malicious activity, and that’s the data that you’re focused on. It’s not necessary to go into a space where someone will say you’re acting like Big Brother. It can be done without crossing over into a space that’s problematic from a privacy perspective.”
If Einstein 3 does perform as well as Homeland Security hopes, it could help less-prepared companies fend off cyberattacks, including worms sent through e-mail, phishing attempts, and even denial of service attacks.
On the other hand, civil libertarians are sure to raise questions about privacy, access, and how Einstein could be used in the future. If it can perform deep packet inspection to prevent botnets from accessing certain Web pages, for instance, could it also be used to prevent a human from accessing illegal pornography, copyright-infringing music, or offshore gambling sites?
“It’s one thing for the government to monitor its own systems for malicious code and intrusions,” said Greg Nojeim, senior counsel at the Center for Democracy and Technology. “It’s quite another for the government to monitor private networks for those intrusions. We’d be concerned about any notion that a governmental monitoring system like Einstein would be extended to private networks.”
AT&T did not respond to a request for comment on Wednesday.
Cooperation, or a loss of control?
At the RSA Conference here on Wednesday, Homeland Security Secretary Janet Napolitano stressed the need for more cooperation between the government and the private sector on cybersecurity, saying that “we need to have a system that works together.”
During a House appropriations hearing on February 26, Napolitano refused to discuss Einstein 3 unless the hearing were closed to the public. “I don’t want to comment publicly on Einstein 3, per se, here in an unclassified setting,” she said. “What I would suggest, perhaps, is a classified briefing for members of the subcommittee who are interested.”
Some privacy concerns about Einstein have popped up before. An American Bar Association panel said this about Einstein 3 in a September 2009 report: “Because government communications are commingled with the private communications of non-governmental actors who use the same system, great caution will be necessary to insure that privacy and civil liberties concerns are adequately considered.”
Jacob Appelbaum, a security researcher and programmer for the Tor anonymity project, said that expanding Einstein 3 to the private sector would amount to a partial outsourcing of security. “It’s clearly a win for people without the security know-how to protect their own networks,” Appelbaum said. “It’s also a clear loss of control. And anyone with access to that monitoring system, legitimate or otherwise, would be able to monitor amazing amounts of traffic.”
Einstein grew out of a still-classified executive order, called National Security Presidential Directive 54, that President Bush signed in 2008.
While little information is available, former Homeland Security Secretary Michael Chertoff once likened it to a new “Manhattan Project,” and the Washington Post reported that the accompanying cybersecurity initiative represented the “single largest request for funds” in last year’s classified intelligence budget. The Electronic Privacy Information Center has filed a lawsuit (PDF) to obtain the text of the order.
Homeland Security has published (PDF) a privacy impact assessment for a less capable system called Einstein 2–which aimed to do intrusion detection and not prevention–but has not done so for Einstein 3.
The department did, however, prepare a general set of guidelines (PDF) for privacy and civil liberties in June 2009. In addition, the Bush Justice Department wrote a memo (PDF) saying Einstein 2 “complies with” the U.S. Constitution and federal wiretap laws.
That justification for Einstein 2 “turned on the consent of employees in the government that are being communicated with, and on the notion that a person who communicates with the government can’t then complain that the government read the communication,” said CDT’s Nojeim. “How does that legal justification work should Einstein be extended to the private sector?”
October 29, 2009
by J. Nicholas Hoover
The NSA is building the facility to provide intelligence and warnings related to cybersecurity threats, cybersecurity support to defense and civilian agency networks, and technical assistance to the Department of Homeland Security, according to a transcript of remarks by Glenn Gaffney, deputy director of national intelligence for collection, who is responsible for oversight of cyber intelligence activities in the Office of the Director of National Intelligence.
“Our country must continue to advance its national security efforts and that includes improvements in cybersecurity,” Sen. Robert Bennett, R-Utah, said in a statement. “As we rely more and more on our communications networks for business, government and everyday use, we must be vigilant and provide agencies with the necessary resources to protect our country from a cyber attack.”
The data center will be built at Camp Williams, a National Guard training center 26 miles south of Salt Lake City, which was chosen for its access to cheap power, communications infrastructure, and availability of space, Gaffney said. The complex will comprise up to 1.5 million square feet of building space on 120 to 200 acres, according to the NBC affiliate in Salt Lake City.
According to a budget document for the project, the 30-megawatt data center will be cooled by chilled water and capable of Tier 3, or near carrier-grade, reliability. The design calls for the highest LEED (Leadership in Energy and Environmental Design) standard within available resources.
The U.S. Army Corps of engineers will host a conference in Salt Lake City to provide further detail the data center building and acquisition plans. The project will require between 5,000 and 10,000 workers during construction, and the data center will eventually employ between 100 and 200 workers.
As part of its mission, NSA monitors communications “signals” for intelligence related to national security and defense. Gaffney gave assurances that the work going on at the data center will protect civil liberties. “We will accomplish this in full compliance with the U.S. Constitution and federal law and while observing strict guidelines that protect the privacy and civil liberties of the American people,” Gaffney said.
On Nov. 30, the Department of Homeland Security will formally open a new cybersecurity operations center, the National Cybersecurity and Communications Integration Center, in Arlington, Va. The facility will house the National Cyber Security Center, which coordinates cybersecurity operations across government, the National Coordinating Center for Telecommunications, which operates the government’s telecommunications network, and the United States Computer Emergency Readiness Team, which works with industry and government to protect networks and alert them of malicious activity.