Tag Archives: NSA

Using Stylometry DHS have id’d Bitcoin creator Nakamoto with help from NSA PRISM & MUSCULAR programs

Allegedly using word surveillance and stylometry the effort took less than a month. Apparently using encryption and complex obfuscation methods is not a defence when the “seeker” has access to trillions of writing samples from a billion or so people across the globe.

By taking Satoshi’s texts and finding the 50 most common words, the NSA was able to break down his text into 5,000 word chunks and analyse each to find the frequency of those 50 words. This would result in a unique 50-number identifier for each chunk. The NSA then placed each of these numbers into a 50-dimensional space and flatten them into a plane using principal components analysis. The result is a ‘fingerprint’ for anything written by Satoshi that could easily be compared to any other writing.

It is worth noting that the original post is littered with comments that request more details on the source of the information that informed the post or some other such proof of the veracity of the claims being made but the author declared in response:

Many readers have asked that I provide third party citations to ‘prove’ the NSA identified Satoshi using stylometry. Unfortunately, I cannot as I haven’t read this anywhere else — hence the reason I wrote this post. I’m not trying to convince the reader of anything, instead my goal is to share the information I received and make the reader aware of the possibility that the NSA can easily determine the authorship of any email through the use of their various sources, methods, and resources.

Many readers have asked who Satoshi is and I’ve made it clear that information wasn’t shared with me. Based on my conversation I got the impression (never confirmed) that he might have been more than one person. This made me think that perhaps the Obama administration was right that Bitcoin was created by a state actor. One person commented on this post that Satoshi was actually four people. Again, I have no idea.

If it is true then “The moral of the story? You can’t hide on the internet anymore. Your sentence structure and word use is MORE unique than your own fingerprint. If an organization, like the NSA, wants to find you [sic] they will.

Full story by Alexander Muse is on Medium.

ENDS

Quick Reference Resource: WikiLeaks CIA Vault7 Leak #15 – BothanSpy & Gyrfalcon

BothanSpy is Microsoft Windows implant that targets the SSH client program Xshell and steals user credentials for all active SSH sessions. Gyrfalcon is a CentOS, Debian, RHEL, SUSE, and Ubuntu Linux Platform implant that targets the OpenSSH client not only steals user credentials of active SSH sessions but is also capable of collecting full or partial OpenSSH session traffic. Both implants save the collected information in an encrypted file for later exfiltration while the BothanSpy implant also implements exfiltration in real time to a CIA server thus leaving no footprint on the target system storage disk(s).

The 6th July 2017 WikiLeaks release overview:

“Today, July 6th 2017, WikiLeaks publishes documents from the BothanSpy and Gyrfalcon projects of the CIA. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors. BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted [sic] file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine. Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.

Three documents were also published alongside this release BothanSpy V1.0 Tool Documentation, Gyrfalcon V2.0 User’s Guide, and Gyrfalcon 1.0 User Manual.

Previous and subsequent Vault 7 WikiLeaks dumps #1 – #14 and #16 synopses are available on WikiLeaks and analysis of BothanSpy & Gyrfalcon at The Hacker News.

ENDS

Edited Image courtesy of The Hacker News – Twitter @TheHackersNews – Original Image edited to add extract from BothanSpy Tool Documentation Page 8 Screenshot 07/16/2017.

Quick Reference Resource: WikiLeaks CIA Vault7 Leak #16 – HighRise

HighRise is an android (V4.0 to V4.3) implant for SMS redirect to listening posts.

The 13th July 2017 WikiLeaks release overview:

“Today, July 13th 2017, WikiLeaks publishes documents from the HighRise project of the CIA. HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts. HighRise acts as a SMS proxy that provides greater separation between devices in the field (“targets”) and the listening post (LP) by proxying “incoming” and “outgoing” SMS messages to an internet LP. HighRise provides a communications channel between the HighRise field operator and the LP with a TLS/SSL secured internet communication.”

A HighRise User’s Guide was also published.

Previous Vault 7 WikiLeaks dumps #1 – #15 synopses are available on WikiLeaks and analysis of HighRise at The Hacker News.

ENDS

Image courtesy of The Hacker News – Twitter @TheHackersNews

Related Posts: #WikiLeaks #Vault7 Leak #16: #HighRise, #android implant for #SMS redirect #LP @TheHackersNews

https://airgapanonymitycollective.com/2017/07/15/wikileaks-cia-vault7-leak-16-highrise/

NSA Technology Transfer Program

The NSA Technology Transfer Program (TTP) transfers NSA-developed technology to industry, academia, and other research organisations.

The program, is located within the Research Directorate, and is operated under a federal mandate. Through this program the agency is tasked with moving technologies out of the NSA lab and seeking commercialisation opportunities.

The thinking behind this NSA / Private Sector co-operation according to the agencies website is:

  1. Successful transfer and commercialisation of NSA technologies gives traction to the federal government’s annual commitment to research and development, now totalling over $145 billion;
  2. Accelerates NSA mission solutions;
  3. Creates new companies, new jobs, and new revenue; and
  4. Strengthens the economy, which in turn, strengthens national security.

The NSA publishes the patent portfolio annually listing all of the agency developed technologies that are available for licensing. If you spot something that is of interest to your firm then there is an eight step process of engaging with the agency and there are five possible deal structures.

These deal structures are broadly categorised as:

  1. Patent License Agreement (PLA) – Enables businesses and entrepreneurs to commercialise NSA technology;
  2. Cooperative Research and Development Agreement (CRADA) – Allows NSA to partner with companies, academia, non-profits, and state and local governments;
  3. Education Partnership Agreement (EPA) – Establishes the foundation of partnerships between NSA and educational institutions;
  4. Open Source Software (OSS) Releases – Gives NSA innovators the ability to share technology with the public;
  5. Technology Transfer Sharing Agreement (TTSA) – Enables other government agencies to access NSA-developed technologies.

ENDS

 

When The Privacy Advocate Becomes An Apologist For The Opponent

It does not matter to me whether the “The Guardian Falsely Slammed WhatsApp For a “Security Backdoor” – It’s Actually Not” according to a Peter Stone thread on Peerlyst.

Bruce Schneier also weighed into the debate saying “This is not a backdoor. This really isn’t even a flaw. It’s a design decision that put usability ahead of security in this particular instance.”

Tellingly though he went to say that “How serious this is depends on your threat model. If you are worried about the US government — or any other government that can pressure Facebook — snooping on your messages, then this is a small vulnerability. If not, then it’s nothing to worry about.”

The main stream media sponsored spat had @Moxie from @WhisperSystems siding with @WhatsApp and @Facebook in a face off against @Guardian and their contributor @tobiasboelter (Security and Crypto at UC Berkeley) in a “man in the middle” versus “design” versus “vulnerability” versus “backdoor” versus “privacy” versus “convenience” versus “user experience” tit for tat.

If you take Schneier’s statement about who should worry about the WhatsApp “design choice” in handling “blocking” / “non-blocking” then irony drips from Moxie’s apologist defence of the WhatsApp handling of key changes when one notes that in a Jun 12, 2013 blog post he wrote “We Should All Have Something To Hide” .

Moxie at Open Whisper Systems, the designers of the well respected SIGNAL encrypted voice and messaging app, responded to the “backdoor” allegations in WhatsApp’s implementation of the SIGNAL protocol in a blog post on their site.

It was in response to Mr. Boelter’s piece in the Guardian newspaper “WhatsApp vulnerability explained: by the man who discovered it” which they say was in response to the Facebook denial that the vulnerability was a deliberate loophole.

The debate is complicated for people not involved in the security industry there are pro’s and con’s in the arguments that both sides make. Some of it is pure semantics, some of it represents shades of opinion other aspects are “interpretations”.

It all essentially stems from WhatsApp approach to handling encryption key changes in certain scenarios and their attitude to “non-blocking”. SIGNAL handles all key changes with “blocking” but WhatsApp chooses to go with “non-blocking”. There is therefore a fundamental difference between the WhatsApp app’s implementation of the Open Whisper System protocol and the implementation that underpins the SIGNAL app.

The integrity of the SIGNAL app is not being questioned. The Wall Street Journal stated about the latter in a Jan. 24, 2017 11:16 a.m. ET article that “Messaging App Has Bipartisan Support Amid Hacking Concerns” describing SIGNAL “as a smartphone app that allows users to send encrypted messages, is gaining popularity in the political world amid rising fears about hacking and surveillance in the wake of a tumultuous election year.”

My worry is not about WhatsApp’s Open Whisper Systems implementation because frankly I would not use it. I would not use it because I do not trust Facebook (the owners of WhatsApp or Zuckerberg). Zuckerberg because he tried to cover up the Facebook facilitation of the NSA PRISM program before the Snowden revelations embarrassed him into trying to apply a retrofit fix to his betrayal of Facebook users. And WhatsApp because frankly they are sharing their users data with Facebook despite denials.

When the advocates become apologists for the mainstream then they longer deserve to be called advocates in the purest sense of the word. And Moxie does consider himself “pure”. He is not.

In July 2016 Wired wrote “Meet Moxie Marlinspike, the Anarchist Bringing Encryption to All of Us” but being an “anarchist” and an ally of Zuckerberg are incompatible ideological stances.

ENDS

Silencing the Canary & The Key Powers & Reach of The IPA

Please Note: This post is not an advertisement for or an endorsement of ProtonMail 

The Investigatory Powers Bill (IPB) was approved by the UK Parliament and after receiving Royal Assent this week will become The Investigatory Powers Act (IPA) coming into force in 2017. The law gives broad new powers to the UK’s intelligence agencies (GCHQ, MI5, MI6) and law enforcement.

In theory, companies offering encryption services, that are not based in the UK, do not fall under the jurisdiction of the IPA – but that is not actually the reality. Strong encryption isn’t just important for privacy, but also key to providing security in the digital age.

Laws like the IPA pose an unprecedented threat to democracy, and are strikingly similar to surveillance laws from totalitarian states but there are tools today that can help protect your digital rights.

Below is a short summary of the most relevant points of the IPA which was written by ProtonMail, a Swiss based firm that offers encrypted email services. The key powers of the Investigatory Powers Act are:

(Start of ProtonMail Summary – Paraphrased)

Retention of Internet browsing records for 1 year

This is in our opinion the worst part of the law. Imagine your browsing history for the entire past year accessible to the government or police without a warrant. This would allow the construction of detailed profiles on every citizen, and categorization based on political views, personal beliefs, and much more. All UK communication service providers (so Internet providers, phone companies, email providers, etc), will be required to retain 1 year of your internet connection records in a central database. This database includes what sites you visited, when you visited the site, for how long, who you called, who you emailed, etc. All of this data will be stored in a central database accessible to the government and law enforcement. More troubling is that no warrant or judicial oversight is required to gain access to this database, the police will have sole discretion to decide when they need to access this database.

Bulk collection of communications data

British communications providers will be required by law to assist in intercepting communications data in relation to an investigation. So far, foreign companies are not required to comply, but as we will discuss below, there are some caveats to this.

Breaking Encryption

Communication providers will be mandated by law to remove encryption whenever it is “practical”. The law is particularly dangerous because it doesn’t well define what is the meaning of “practical”, which means this can be subject to the government’s interpretation.

Enforcement of gag orders

When a communications provider receives a request for data, it is not permitted to reveal that the request took place. Under the IPA, it is now a criminal offense for either the communications provider, or somebody working for the provider, to reveal a data request. Thus, if the powers of the IPA are abused, a whistleblower would be committing a criminal offense by revealing the abuse.

Impact of the IPA outside of the UK

In theory, the IPA only applies to UK companies, but today with the rise of large multinational tech companies, even non-UK companies can be pressured to comply if they have a significant UK presence and employees in the UK.

Since any such requests will happen behind the scenes, we will never know if foreign companies do comply with the IPA. Since the UK is a member of the Five Eyes network, along with the USA, Canada, Australia, and New Zealand, the intelligence scooped up by the IPA will also be shared with US intelligence so UK residents could find their private data being shared beyond UK borders.

Encrypted email accounts can protect your email communications from being intercepted or read by government agencies. The rest of your online activities can also be protected. In particular, using VPN services that don’t have a physical presence in the UK, and also using apps like Signal for text messaging, or Tresorit for file sharing.

Most importantly, everyone needs to spread the word that more surveillance and less encryption isn’t the solution to today’s security challenges.

(End of ProtonMail Summary)

Silencing the Canary 

A warrant canary is a colloquial term for a regularly published statement that a service provider has not received legal process that it would be prohibited from saying it had received. The canary is a reference to the canaries used to provide warnings in coal mines, which would become sick before miners from carbon monoxide poisoning, warning of the danger.

Once a service provider does receive legal process, the speech prohibition goes into place, and the canary statement is removed. Warrant canaries are often provided in conjunction with a transparency report, listing the process the service provider can publicly say it received over the course of a particular time period.

A company might issue a semi-annual transparency report, stating that it had not received any national security letters in the six month period. NSLs under the Patriot Act come with a gag, which purports to prevent the recipient from saying it has received one. (While a federal court has ruled that the NSL gags are unconstitutional, that order is currently stayed pending the government’s appeal). When the company who is in receipt of an NSL issues a subsequent transparency report without that statement, the reader may infer from the silence that the company has now received an NSL.

The IPA has a different approach to this Silencing the Canary: the lawfulness of the U.K. Investigatory Powers Bill’s secrecy provisions under the ECHR .

END

NSA, GCHQ, The Five Eyes Handing Ireland Cyber-Security Opportunity

It is perfectly achievable to maintain national security and manage the security risks posed domestically by extremists without instituting mass-surveillance programs of ones own citizens and corporate entities.

While this would seem like common sense, the continuing activities of authorities in the United States of America and the United Kingdom would suggest otherwise. But the French have also dipped a toe (or rather an entire leg) in these waters when after the Paris attacks they expanded the 1955 State of Emergency law and legislated for a French mass-surveillance program.

The implications of the Snowden revelations were slow to filter through to ordinary people not working in the security domain. The NSA, the PRISM program and the Patriot Act had produced a culture of widespread surveillance of ordinary citizens’ activities with the assistance of many household names and brands.

Shocking news. Huge outcry. Much apologising and “contextualising” and “perspective” setting occurred. “Expediency” and “imminent threat” were debated and on it went.

The collaborators in the form of telco’s, social networks, media organisations and household brands went into overdrive to backpedal from the disastrous PR outcome their involvement created.

At the same time – encryption and privacy software companies made wild claims about the strength of their products and hundreds of new entrants emerged to fill the public demand for Private Messaging, Email Encryption, Secure Voice, VPN’s, Proxy Spoofers and other privacy tools – a space previously reserved for paranoid board room members, activists and some well informed underworld organisations.

It was supposed to have been a watershed  – the worst excesses of intelligence agencies exposed and now oversight, accountability and proportionate measures would rule the day.

Not so.

The Investigatory Powers Bill

The Investigatory Powers bill will become law in the United Kingdom sometime toward the end of 2016. Inside this legal maze of mass surveillance facilitators the UK alphabet agencies can now:

  • Hack any device, any network or any service;
  • Perform these hacks without restriction and against any target;
  • Store the resulting information indefinitely;
  • Maintain databases of private and confidential information on any citizen of the United Kingdom or person in the United Kingdom;
  • Targets do not have to be “persons of interest” nor do they have to be of any interest whatsoever – at this time;
  • It is an omnipresent power to simply gather information on everyone, at anytime, from anywhere – without any reason and store it – “just in case”;
  • In the commercial context the law allows the state to pressure any company to perform decryption on any data that they store – on request – without reason or right to appeal;
  • This in so many words means that un-compromised commercially available encryption products will no longer exist in the United Kingdom after the Bill becomes Law and no company that is based in the United Kingdom  can make that claim to its users and no company that stores its data in the United Kingdom can assure it’s users that it is safe from hacking or more likely simply being handed over to whatever department of the government of the United Kingdom asks for it;
  • It also requires communications service providers to maintain an ongoing log of all digital services their users connect to for a full year.

It has been quite rightly criticised widely and has already been named the most extreme law ever passed in a democracy — because it cements the legality of mass surveillance.

The English Speaking World Is Giving Ireland the Chance for Privacy Leadership 

This blog has already discussed the The “Five Eyes” (FVEY‍) intel‍ alliance many times. The organisation unifies elements of the national alphabet agencies of the United Kingdom, the United States, Australia, Canada and New Zealand and their intel gathering infrastructures.

The AA’s in each member country and the terms of their information exchange mandate is encapsulated in the multilateral‍ agreement called the “UKUSA Agreement”.

This alliance and it’s mass-surveillance capabilities leading to large scale undermining of personal freedoms and civil liberty has really only come into its own with the advent of social networks, big data, the cloud and AI.

Brexit, Trump, US Corporation Tax & Mass Surveillance 

Brexit presents challenges for Ireland but it also presents opportunities. This is one of them.

Trump will shortly be in the White House and he has pledged to end the Irish FDI arrangement of convenience with US corporations. His attitude to surveillance is well known and not categorised by its message of restraint.

Brexit, Trump, The Five Eyes, PRISM, the NSA, GCHQ and now the Investigatory Powers Bill are a frontal assault of epic proportions on the right to privacy of citizens in democracies.

A sort of perfect storm of oppression and suppression tools just standing there waiting – in the wings – for a time when someone will come along and use them for the polar opposite purpose of what they were allegedly created for.

Out of Adversity, Opportunity

The opportunity created by this adversity is not to convince Facebook, Google, Microsoft, Yahoo, Paypal, eBay or the host of other US corporations in Ireland who are either facilitators of the surveillance culture or, like Twitter, engaged in widespread in-house censorship.

But if for once the Irish government showed some spine then the opportunity exists to create an entirely new sector catering to the privacy needs of freedom loving citizens and organisations who dwell in jurisdictions governed by these Stasi like surveillance laws.

And the market size? Well, it’s somewhere around seven billion people and rising.

The attitude of these politicians (Trump, May, Valls & Co.) and their intelligence organisations and the new “laws” – in the form of the revised Patriot Act and the Investigatory Powers Bill – means that’s the vast majority of the worlds English speaking population now live under governments who can – legally – invade their privacy at will – whether at home, at work or at leisure – store the information and use it for any purpose, at any time, at any point in the future – for any reason.

But Ireland has a long way to go to create credibility – the view that Ireland is a Privacy Advocate for the world whose lives are described on social media sites whose data is located in the Irish jurisdiction is a total myth.

I dearly hope that for once Ireland can take the lead – despite its size and influence – and act even if out of self-interest as a stopgap for the complete erosion of civil liberty and privacy in the Western World.

 

END