Tag Archives: NSA spying

Snowden Device

Posted on by

Edward Snowden designs phone case to show when data is being monitored

Snowden and co-designer Andrew ‘Bunnie’ Huang’s ‘introspection engine’ knows when a cellular, Wi-Fi or Bluetooth connection is being used to share data

Edward Snowden
American whistleblower Edward Snowden delivers a speech during the Roskilde Festival in Denmark last month. Photograph: Scanpix Denmark/Reuters

Edward Snowden has helped design a mobile phone case called the “introspection engine” that, he claims, will show when a smartphone is transmitting information that could be monitored.

Presenting via video link to event at the MIT Media Lab in Cambridge, Massachusetts, Snowden and co-designer Andrew “Bunnie” Huang showed how the device connects to a phone’s different radio transmitters, showing its owner knows when a cellular, Wi-Fi or Bluetooth connection is being used to share or receive data.

Initial mockups of the introspection engine show a small, monochromatic display built into its casing shows whether the phone is “dark”, or whether it is transmitting, and it also can supply an iPhone with extra battery power and cover the rear-facing camera.

It could be developed to act as a sort of “kill switch” that would disconnect a phone’s power supply when it detects that a radio is transmitting data after its owner has attempted to turn it off.

The device is an academic project and nowhere near ready for the mass market, but could still influence how consumers view the “tracking devices” – otherwise known as smartphones that they rely on every day.

“If you have a phone in your pocket that’s turned on, a long-lived record of your movements has been created,” Snowden said. “As a result of the way the cell network functions your device is constantly shouting into the air by means of radio signals a unique identity that validates you to the phone company. And this unique identity is not only saved by that phone company, but it can also be observed as it travels over the air by independent, even more dangerous third parties.”

Most smartphones disable Wi-Fi, Bluetooth and cellular transmission when in airplane mode, but Snowden and Huang say that can’t be trusted.

“Malware packages, peddled by hackers at a price accessible by private individuals, can activate radios without any indication from the user interface,” they write in their paper on the device. “Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive.”

The project is an extension of Snowden’s work to inform the public about the surveillance capabilities available to governments around the world. In June 2013 he revealed information about mass surveillance programs from the National Security Agency, where he was a contractor, and he has since become the closest thing digital security has to Neil DeGrasse Tyson or Bill Nye: a recognizable name that can explain these issues in a way the average person can understand.

In addition to educating people about security risks, he now wants to help citizens defend themselves – if the introspection engine ever becomes a reality.

Snowden and Huang say there’s no guarantee the device will ever be more than a mockup. “Over the coming year, we hope to prototype and verify the introspection engine’s abilities,” they write. “As the project is run largely through volunteer efforts on a shoestring budget, it will proceed at a pace reflecting the practical limitations of donated time.” If they do receive the proper funding, they could release the device in partnership with the Freedom of the Press Foundation media advocacy group.

Snowden said the introspection engine was designed to help protect journalists. “One good journalist in the right place at the right time can change history. One good journalist can move the needle in the context of an election. One well-placed journalist can influence the outcome of a war,” he said.

“This makes them a target, and increasingly the tools of their trade [are] being used against them. Our technology is beginning to betray us not just as individuals but as classes of workers, particularly those who are putting a lot on the line in the public interest.”

Sunday Times war correspondent Marie Colvin was reportedly killed in Syria after government forces were able to trace her position, according to a new lawsuit.

Snowden and Huang are concentrating on working with Apple’s iPhone, but also said the device could be modified to work on other smartphones. It’s not immediately clear how Apple will respond to the introspection engine; while it has worked to give consumers security features meant to thwart even sophisticated attackers, the company might not be fond of a device that can separate an iPhone from all networks. Apple has not responded to a request for comment.

Still, the connection to Snowden and the rush of attention following MIT Media Lab’s event might inspire others to work on devices similar to the introspection engine. Even if the tool never becomes more than an interesting subject discussed at an academic conference, it could lead to consumers having more control over what exactly their iPhone is sharing from their pockets.

from:    https://www.theguardian.com/us-news/2016/jul/21/phone-case-privacy-data-monitor-bluetooth-wifi-snowden-introspection-engine?CMP=share_btn_tw

NSA Plans to Infect Computers described

Posted on by

How the NSA Plans to Infect ‘Millions’ of Computers with Malware

By and 622
Featured photo - How the NSA Plans to Infect ‘Millions’ of Computers with Malware One presentation outlines how the NSA performs “industrial-scale exploitation” of computer networks across the world.

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”

In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.” The system manages the applications and functions of the implants and “decides” what tools they need to best extract data from infected machines.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.”

“That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”

The NSA declined to answer questions about its deployment of implants, pointing to a new presidential policy directive announced by President Obama. “As the president made clear on 17 January,” the agency said in a statement, “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

 

“Owning the Net”

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands.

to read the rest of the article, go to:    https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/

 

Here is a link to a related video FYI:

https://firstlook.org/theintercept/document/2014/03/17/nsa-secretly-masqueraded-facebook-hack-computers-surveillance/