Wednesday, June 26, 2013

Edward Snowden: A through Z of Electronic Eavesdropping

What we've learned about electronic eavesdropping from the Edward Snowden situation - in a handy print-out-and-keep lexicon of state surveillance.

APPLE: Computer behemoth and partner in US government surveillance programs. It revealed it had received between 4,000 and 5,000 US government requests for access to user accounts in six months starting 1 December 2012. Many would relate to criminal inquiries rather than intelligence work.
BLARNEY: Collection of surveillance information by tapping choke points on the information superhighway. (Fairview is another project doing the same, but the precise differentiation between these methods is not yet clear.)
BOUNDLESS INFORMANT: National Security Agency (NSA) tool measuring the total volume of communications "metadata" (see below for definition) gathered globally in order to analyse its flows, and the agency's tasking.
COMINT: COMmunications INTelligence, in the jargon of the community. This once applied simply to phone and radio traffic between people, but today it includes the full gamut of internet-based options too. The flag COMINT attached to a security classification, as on some of the documents released by Edward Snowden, means that those handling the traffic need to be trained or "indoctrinated" in the special security procedures relating to this material, and subject to special security clearances.

Sunday, June 16, 2013

The Government’s Spying Is Not As Bad As The Whistleblower Said … It’s WORSE..

The government is attacking whistleblower Edward Snowden by claiming that he was lying about the scope of the NSA’s spying on Americans.
However, CNET reports today:
The National Security Agency has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls.
Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed “simply based on an analyst deciding that.”
If the NSA wants “to listen to the phone,” an analyst’s decision is sufficient, without any other legal authorization required, Nadler said he learned. “I was rather startled,” said Nadler, an attorney and congressman who serves on the House Judiciary committee.
Not only does this disclosure shed more light on how the NSA’s formidable eavesdropping apparatus works domestically, it also suggests the Justice Department has secretly interpreted federal surveillance law to permit thousands of low-ranking analysts to eavesdrop on phone calls.
Because the same legal standards that apply to phone calls also apply to e-mail messages, text messages, and instant messages, Nadler’s disclosure indicates the NSA analysts could also access the contents of Internet communications without going before a court and seeking approval.
The disclosure appears to confirm some of the allegations made by Edward Snowden, a former NSA infrastructure analyst who leaked classified documents to the Guardian. Snowden said in a video interview that, while not all NSA analysts had this ability, he could from Hawaii “wiretap anyone from you or your accountant to a federal judge to even the president.”

Saturday, June 15, 2013

Corporate Cyberattacks Come Out of the Shadows

Since the dawn of cybercrime in the late 1990s, public companies have largely operated under the notion that, while they have an essential responsibility to guard their data with appropriate security measures, they have little duty to report attacks to investors and regulators. That is all about to change.

A full-fledged cyber war is now completely out of the shadows and was put on center stage during the June 8-9 summit between President Barack Obama and Chinese President Xi Jinping. While little specific progress came out of the meeting, National Security Adviser Tom Donilon said afterwards that cybercrime is the “key to the future” of the U.S.-China relationship, making it ever more clear that each cyber-incident is now part of a high-level military and diplomatic dance.

This escalating, and highly publicized, battle over cybercrime is going to force U.S. businesses to be more forthcoming about attacks, exposing them to significant new legal and regulatory threats.

While it might seem obvious that companies would consider nearly any significant cyber-attack a material event to require proper disclosure, the reality is that the legal and regulatory implications of attacks are extremely murky. In fact, organizations are faced with intensely conflicting interests. A company trying to decide what and how much to disclose, and whom to disclose it to, faces a decision much like the one facing the kid who gets his lunch money stolen from the bully: Is there more risk in telling the authorities or in remaining silent?

More here:

Friday, June 14, 2013

The corporate costs of surveillance

hen your firm hosts personal data for millions of people, "privacy is a big selling point,"said Hayley Tsukayama at The Washington Post. That's why AOL, Apple, Facebook, Google, Microsoft, and Yahoo have been so assiduous in denying that they have granted the government access to their servers as part of the National Security Agency's PRISM surveillance program. Google this week asked the government to allow it to release information it believes would show that the scope and volume of surveillance orders are smaller than people have been led to believe. "There's no backdoor, there's no lockbox," said a Google executive. Microsoft, Twitter, and Facebook also want to reassure users that they aren't systematically ratting them out to Big Brother. After all, "trust is the currency on which tech companies build their businesses."
Yet the industry's denials "obscure a larger truth," said Michael Hirsh at The Atlantic. The government's huge data-collection system was built "not by professional spies or Washington bureaucrats but by Silicon Valley and private defense contractors." Michael Hayden, a former NSA director, said recently that none of the computers and phones at NSA headquarters are even owned by the government; the massive operation has been constructed and maintained by private-sector companies. And that's not surprising; Silicon Valley had "the best stuff and the best minds" to deal with the security threats after 9/11, so that's where the government turned. We don't know how deeply the big U.S. Internet companies are involved, but there's no doubt that even for them, the long marriage between the government and Silicon Valley "has become an acute embarrassment."

Tuesday, June 11, 2013

How to shield calls, chats, & browsing from surveillance.

If you have followed the startling revelations about the scope of the U.S. government's surveillance efforts, you may have thought you were reading about the end of privacy. But even when faced with the most ubiquitous of modern surveillance, there are ways to keep your communications away from prying eyes.

First, instead of browsing the Internet in a way that reveals your IP address, you can mask your identity by using an anonymizing tool like Tor or by connecting to the Web using a Virtual Private Network. Additionally, you can avoid Google search by using an alternative like Ixquick, which has solid privacy credentials and says it does not log any IP addresses or search terms or share information with third parties.

When it comes to sending emails, if you are using a commercial provider that has been linked to the PRISM spy initiative, you can throw a spanner in the NSA's works by learning how to send and receive encrypted emails. PGP or its free cousin GPG are considered the standard for email security, and these can be used to both encrypt and decrypt messages — meaning you can thwart surveillance unless you are unlucky enough to have Trojan spyware installed on your computer.

Sunday, June 9, 2013

NSA sucks in data from 50 companies

Analysts at the National Security Agency can now secretly access real-time user data provided by as many as 50 American companies, ranging from credit rating agencies to internet service providers, two government officials familiar with the arrangements said.
Several of the companies have provided records continuously since 2006, while others have given the agency sporadic access, these officials said. These officials disclosed the number of participating companies in order to provide context for a series of disclosures about the NSA's domestic collection policies. The officials, contacted independently, repeatedly said that "domestic collection" does not mean that the target is based in the U.S. or is a U.S. citizen; rather, it refers only to the origin of the data.
The Wall Street Journal reported today that U.S. credit card companies had also provided customer information. The officials would not disclose the names of the companies because, they said, doing so would provide U.S. enemies with a list of companies to avoid. They declined to confirm the list of participants in an internet monitoring program revealed by the Washington Postand the Guardian, but both confirmed that the program existed.
"The idea is to create a mosaic. We get a tip. We vet it. Then we mine the data for intelligence," one of the officials said.

Saturday, June 8, 2013

Celebration man accused of planting hidden cameras in NY home to spy on renters

A Long Island landlord is being accused of planting hidden cameras around his house to spy on renters, including families with children.

Newsday says 69-year-old Donald Torr, of Celebration, Fla., pleaded not guilty Wednesday to unlawful surveillance and endangering the welfare of a child.

Prosecutors say Torr charged $7,000 a week last summer to rent his house in the wealthy town of East Hampton. They say four cameras were planted in the master bedroom and one in a bathroom.

Tenants who discovered the cameras have sued Torr in federal court in Central Islip.

Defense attorney Bruce Barket says the cameras were only used for security and that Torr never watched any videos of tenants.

If convicted, Torr faces up to 20 years in prison.

Tuesday, June 4, 2013

Security risks to your business that require your attention

In contemporary society, security is constantly at risk in ways that most people don’t even realize.  It is important to guard against these security threats or you will eventually see the consequences.  As global counterespionage specialists, the experts at ComSec have seen it all.  And for this reason, we have compiled a list of security risks that do not garner enough attention from people looking to protect their privacy.  You see it all the time on the news- intelligence leaks and security breaches are everywhere.  Thinking it won’t happen to you?  Think again.  Take a look at this list and honestly ask yourself: are you taking enough precautions to protect you privacy?