Tag Archives: NSA


Cisco tells Obama to stop hacking their hardware for spying, in response US sues China

What is US government’s response to CISCO’s complain that NSA’s activities are harming the businesses of US companies? They sued China. That’s not a joke, US government has filed ‘criminal’ charges against Chinese military for ‘economic’ espionage.

Cisco is not the only company that has raised issues with the US government. Almost all major companies – including Facebook and Google have voiced their complaint over NSA’s hijacking of their communication.

Who is the bad guy?

According to reports NSA was listening to calls of European leaders; NSA had hijacked Chinese companies to create backdoors and spy on them; NSA compromised Iran’s nuclear program; NSA is listening to all phone calls that goes and comes from Bahamas and what is Obama administration doing?

While US accuses China of ‘economic espionage’, NSA itself has been doing the same, according to Edward Snowden.

Snowden earlier told German TV ARD “If there’s information at Siemens that’s beneficial to U.S. national interests — even if it doesn’t have anything to do with national security — then they’ll take that information nevertheless.”

In another story NYTimes reported that NSA was involved with spying on trade talks involving Indonesian government. NSA, in coordination with its Australian counterpart, was also spying on a US-based law firm which was involved in the trade talks.

NYTimes reported, “A top-secret document, obtained by the former N.S.A. contractor Edward J. Snowden, shows that an American law firm was monitored while representing a foreign government in trade disputes with the United States.”

All this information is already in public, still the US government has the audacity to sue the Chinese government. Is this the NSA reform Mr President promised us?

We may start asking ourselves, who is the bad guy here!


Tails, Edward Snowden’s Linux distro of choice, leaves beta

The Amnesic Incognito Live System (Tails, for short), a Linux-based operating system purposed “to preserve your privacy and anonymity”, has left beta and is now available as version 1.0. The operating system is best known for being the operating system of choice for users who seek out anonymity on the internet, such as Edward Snowden, the former contractor for the National Security Administration. Wired reports that Snowden prefers this software, while the NSA sees this as a security threat, along with the anonymous browser Tor.

Tails is intended to be used off of a bootable USB or a live disc, so any computer available can be made temporarily secure. This works by not allowing the operating system to save anything to the computer’s hard disc, and force it to run entirely off the RAM memory. Many lightweight Linux distributions already allow for this, but Tails is never intended to be installed on the hard drive as to ensure complete “amnesia.”  Specific documents can be saved to the hard drive with explicit user action, but by default nothing is saved, and software is included to encrypt all external drives.

Tails sends all its online request through Tor, which routes traffic to servers hosted all around the world to ensure anonymity. It also claims security through its roots in Debian distribution, arguably an already secure build of Linux, which in turn is secure in theory and in practice. Tails warns of some issues that it cannot defend against, such as certain espionage attacks that the NSA might employ as well as the fact that institutions such as internet security providers can tell you are using specialized tools like Tor. To prevent the conspicuous signs of the operating system in public places, Tails can employ “Windows Camouflage” to divert attention.

So if you’re a government whistle-blower, undercover investigator, or just really care about privacy, Tails version 1.0 is now available for download to enhance your anonymity.


The NSA issues its own suggestions for avoiding data loss due Heartbleed exploit

The Heartbleed vulnerability has put the internet in an uproar since its discovery. A general warning has even been sent out across the internet to change passwords in order to prevent being compromised by this exploit. And now the United States National Security Agency has issued its own set of directives to help people safe guard themselves from data loss due to the Heartbleed exploit.

NSA released a document titled, “Mitigation for OpenSSL TLS/DTLS Heartbeat Extension Vulnerability”. This document also serves as the NSA’s official acknowledgement of the exploit. According to the document’s instructions, affected websites or web services are instructed to either upgrade the OpenSSL version to 1.0.1g which includes the fix for the exploit, or to disable the function entirely which introduces the flaw. This can be done by recompiling with the option “-DOPENSSL_NO_HEARTBEATS”.

Secondly, the document tells that there is a large number of affected client server software that uses the affected service. In such a case, the user is advised to contact the software provider and enquire about an update or fix for the exploit.

Lastly, the document advises to change old passwords after the updates have been applied. In addition, it also advises to revoke and reissue any of the certificates on the affected system after applying the update.

The document also says that any versions prior to 1.0.1 are free from the exploit, while any versions within the range of 1.0.1 to 1.0.1f contain the exploit. Version 1.0.1g is the version that implements the fix for the exploit.

Source: Engadget


NSA has been exploiting Heartbleed for two years, leaving Americans exposed to cyber criminals: report [updated]

As people were wondering NSA’s role in Heartbleed, it turned out that the agency was reportedly aware of the bug, as Bloomberg reports, for the last two years and has been exploiting it to spy on people. If the reports are true and NSA was aware of the bug and instead of getting it fixed it let extremely critical info of US citizens exposed to cyber criminals then NSA does need more oversight from the government.

Heartbleed was not some minor bug, it affected almost every major web-service including Gmail, Amazon, Yahoo! and many more – holding the potential of exposing sensitive data to criminals. However, as soon as the bug was discovered the Open Source community immediately responded, patched the bug and start pushing the updates.

While the Americans and the people from around the globe were exposed to cybercriminals, NSA was supposedly busy harvesting passwords and other critical to add it to already massive database.

Bloomberg quotes Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer, “It flies in the face of the agency’s comments that defense comes first. They are going to be completely shredded by the computer security community for this.”

NSA is not going to get a very ‘heart-warming’ response from the world for this. We need to start asking our lawmakers (who are  more concerned whether they are good sell for Koch Brothers are not) when did ‘putting American’s security at risk became an act of ‘protecting nation’s security’?

That said, it also raises questions over the audit process of open source projects and we now need better process to find and fix those bugs.

Update: Both NSA and the White House have denied reports that they were aware of the bug. NSA went to Twitter and posted this message.

The National Security Council released this statement,  “If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL,” the statement said.”


NSA stole Huawei source code, carried out major cyber operations

It is no secret that the US government is suspicious of Huawei, the Chinese electronics manufacturer. It suspects that the company engages in espionage. However, if classified document leaked by Edward Snowden are anything to go by, it was the National Security Agency (NSA) that conducted a major offensive cyber operations against Huawei in 2009.

The reports have reportedly been viewed by The Times and Der Spiegel, which revealed that NSA actually hacked into servers located in the headquarters of Chinese telecommunications giant. It infiltrated into the email servers of Huawei that time.

The operation was named ‘Operation Shotgiant’ and was carried out jointly with the CIA, which is the White House intelligence coordinator and FBI. The aim was to find any link between Huawei and China’s People’s Liberation Army.

Not only that, it is being said that NSA also monitored via computer and telephone networks that Huawei sold to other countries. The papers suggest that “NSA stole the secret source code for certain Huawei products, and obtained the information on how to exploit Huawei’s products in order to spy on foreign customers such as Iran, Afghanistan, Pakistan, Kenya, and Cuba,” thehackernew.com reported.

William Plummer, Huawei executive in the US released a statement saying, “If it is true, the irony is that exactly what they are doing to us is what they have always charged that the Chinese are doing through us. If such espionage has been truly conducted, then it is known that the company is independent and has no unusual ties to any government and that knowledge should be relayed publicly to put an end to an era of mis- and disinformation.”

Justifying their stand, NSA spokeswoman, Caitlin Hayden, said that the US and China have been hacking each other from long time and NSA spying is strictly for the purpose of national security purposes. “We do not give intelligence we collect to US companies to enhance their international competitiveness or increase their bottom line.”

Source: Thehackernews.com

Mark Zuckerberg

Mark Zuckerberg calls Obama to know about NSA Spying

So who do you call when you got a serious query? Well, if you are Facebook’s founder, Mark Zuckerberg, you directly dial in to the President of the United States, Barack Obama!

Right after a report was published in the First Look Media website about NSA reportedly posing as a Facebook server to infect target computers, Zuckerberg called up the President as he felt it could impact general trust in the internet and may in turn jeopardize the social networking business.

Zuckerberg announced it publicly through a note he posted on Facebook. He stated, “I’ve called President Obama to express my frustration over the damage the government is creating for all of our future.”

The news was confirmed by a White House spokeswoman who said that the two actually spoke last night and discussed “recent reports in the press about alleged activities by the U.S. intelligence community.” However, she did not reveal anything more. Zuckerberg’s note appeared like he was not fully satisfied with the response he supposedly got from the President. “Unfortunately, it seems like it will take a very long time for true full reform,” Zuckerberg wrote.

Zuckerberg also wrote, “To keep the internet strong, we need to keep it secure. This is why I’ve been so confused and frustrated by the repeated reports of the behavior of the US government. When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government.”

Source: Wired.com


Boeing releases their secure, partially ‘self destructible’ Android smartphone

There have been many unlikely Android OEMs in the past, but maybe none as strange as Boeing, the American company that manufactures and fixes all sorts of aircrafts. In 2012, Boeing announced plans to build a truly secure smartphone, and now, just shy of two years later, the company has finally delivered the ‘Boeing Black (Black for short)’, their take on what a secure smartphone should be.

The Black features a 1.2Ghz dual core ARM Cortex-A9 processor, has a 4.3″ 960 x 540 screen, and stands at a height of 5.2″. Inside is support for three bands of LTE, WCDMA and GSM. The phone even has dual-SIM support baked in, which would make sense considering the international reach of such a company. With specs that are far from your average high-end Android smartphone, the Boeing Black chooses to focus on security, much like the recently announced Blackphone. Maybe in a somewhat ironic manner, the Boeing Black targets military personnel and, get this, government agencies. Well, I guess that not everyone is in on the NSA, right?

Boeing boasts of secure and encrypted hardware, a special lock for Android apps, and they have coined the term ‘PureSecure’ as the architecture to accomplish all of this. With regards to the self destruct feature, it has been reported that the phone will erase all data and software should anyone attempt to take the phone apart. This, ladies and gentlemen, is some impressive stuff.

Other noteworthy additions include a modular feature which may see qualified persons swap back plates to gain satellite phone, radio capabilities or even solar power or biometric sensors. Boeing has definitely done some research, and, should these features work as intended, I would say that the two year period was well worth the wait. With the host of NSA related leaks that have popped up recently, we think it’s just a matter of time before someone else, whether popular or otherwise, creates a phone and labels it as being secure. It will be nice to see some of these features implemented into our usual set of phones, especially the much needed solar feature. Are you listening Nexus team?

Sources: Boeing, Engadget


Snowden docs reveal NSA, GCHQ spied on WikiLeaks and its supporters

The National Security Agency (NSA) and Government Communications Headquarters (GCHQ)–Britain’s top spy agency, consistently spied on Julian Assange and WikiLeaks in the past years, according to new documents from communications surveillance whistleblower Edward Snowden.

The documents published on The Intercept reveal that the US and British governments targeted “the human network that supports WikiLeaks” besides the organization itself.

“GCHQ used its surveillance system to secretly monitor visitors to a WikiLeaks site. By exploiting its ability to tap into the fiber-optic cables that make up the backbone of the Internet, the agency confided to allies in 2012, it was able to collect the IP addresses of visitors in real time, as well as the search terms that visitors used to reach the site from search engines like Google,” the report said.

Furthermore, a third document from July 2011 reveals that NSA officials even considered designating WikiLeaks as “a ‘malicious foreign actor’ for the purpose of targeting”. Such a designation allowed the agency to target WikiLeaks “with extensive electronics surveillance – without the need to exclude U.S. persons from the surveillance searches.”

In response to these revelations, Julian Assange has released a statement through the Wikileaks website.

“WikiLeaks strongly condemns the reckless and unlawful behavior of the National Security Agency. We call on the Obama administration to appoint a Special Prosecutor to investigate the extent of the NSA’s criminal activity against the media including WikiLeaks and its extended network,” he said.

“The NSA and its UK accomplices show no respect for the rule of law. But there is a cost to conducting illicit actions against a media organisation. We have already filed criminal cases against the FBI and US military in multiple European jurisdictions…. No entity, including the NSA, should be permitted to act against journalists with impunity. We have instructed our general counsel Judge Baltasar Garzón to prepare the appropriate response.

“The investigations into attempts to interfere with the work of Wikileaks will go wherever they need to go. Make no mistake: those responsible will be held to account and brought to justice.”


NSA reportedly allowed foreign agency to spy on a US law firm

We’ve been inundated with news regarding the NSA’s spying both in and out of the US, but now we’re learning that the spying works both ways. Edward Snowden has recently leaked that the NSA may have been ‘keeping an eye’ on a US law firm that was employed by the Indonesian government for business and trade deals between the two countries. The shocking part is that, according to Snowden, the NSA actually received their information from the Australian equivalent of the NSA; the ‘Australian Signals Directorate‘ (ASD).

After gaining access to the information and the details that were exchanging hands, the ASD offered to share the information with the notorious NSA according to the report. ASD members are quoted as saying that, “information covered by attorney-client privilege may be included” in the gathering of intelligence while communicating with an NSA representative. Further information states that the ASD, recognizing that the NSA were experienced in such matters, and considering that an American firm was involved, also sought guidance from NSA regarding their spying and were given permission to continue their surveillance of the matter at hand.

As is customary, the NSA has refused to comment on the recent leak and whether or not sensitive information was indeed shared with competing firms or even the US trade officials. The news casts a new shadow on the kind of spying that takes place around the globe. How many more countries have sensitive information on major deals and discussions without the knowledge of those involved? As great as the Information Age is, our privacy, or what’s left of it, has been totally removed.

Sources: NY Times


Google-backed Developer Group condemns NSA over app spying

Reacting to recent revelations that smartphone apps such as Angry Birds and Google Maps are being used by the National Security Agency (NSA) and Britain’s Government Communications Headquarter (GCHQ) to spy on their users, the Application Developers Alliance has condemned the NSA for damaging the industry.

The Application Developers Alliance is an industry association that includes over 25,000 individual developers and over 135 companies, including Google and AT&T.

Documents released by NSA whistle-blower Edward Snowden reveal that the NSA and GCHQ have managed to gain users’ personal data via advertising attached to popular smartphone and location-sharing apps.

The app list includes Angry Birds, Google Maps, Facebook, Flickr, Twitter and Flixter.

“Uninhibited collection of consumers’ personal data by governments hacking into apps is unacceptable. Developers are surprised and disappointed to learn that personal information entrusted to them by users has been secretly collected and stored. This surveillance damages our entire industry and undermines the hard work of app developer entrepreneurs everywhere,” the Application Developers Alliance states.

“App developers are constantly innovating new ways to protect consumers’ privacy. In support of that work, last year, we took a leading role in drafting the voluntary code of conduct for mobile app privacy that resulted from multi-stakeholder talks held by the U.S. Department of Commerce. This year, we’ll be participating in similar talks on the topic of facial recognition technologies,” the Alliance says about its plans.