# More info on NSA activities.



## teckk (Aug 16, 2013)

http://www.washingtonpost.com/world...10e554-05ca-11e3-a07f-49ddc7417125_story.html
http://www.newsobserver.com/2013/08/15/3109412/nc-state-teams-up-with-nsa-on.html
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/
http://www.reuters.com/article/2013/08/15/usa-security-snowden-dell-idUSL2N0GF11220130815


----------



## Crivens (Aug 16, 2013)

To give you an idea about the storage size they build there, look here.


----------



## Goobie (Aug 16, 2013)

I wasn't entirely shocked when this news broke out. What does make me wonder is, what were all the people who drove by this thinking? There had to be some sort of explanation as to what the building was used for.


----------



## sossego (Aug 18, 2013)

Have you ever stopped to observe others? Humans are self enamored self centered creatures that only seem to recognize those others and situations similar to themselves and their own.

E.g. http://news.slashdot.org/story/13/0...oll-snowden-support-declining-among-americans

Okay. When you actually do research you find that there are only 1000 answers accepted. Let's do the math: [313.9(10^6)]/10^3= 313,900 && 1/3139=0.00031857 . When something such as the story linked is published, it will affect people because _Why should I think for myself when others can do it for me?_ exists in many of us.


----------



## Crivens (Aug 18, 2013)

If I were to drive past a place where some of these Letter-Soup-Agencies is currently building something, I'd want to make sure not to express more interest in it that does anyone else. Would you want to stick your neck out? These folks don't play fair.


----------



## sossego (Aug 18, 2013)

One must observe by not observing, my son.


----------



## Goobie (Aug 20, 2013)

I'm not saying stick your neck out and ask, I'm saying its a pretty big building, you'd think they'd offer some explanation. Or, do you think people jut didn't even bother thinking about it? I already know I'm screwed when it comes to a thought police future, but I also figured a lot of people were in the same boat.


----------



## cpm@ (Aug 20, 2013)

This stopped being a secret: The financial elites have spent decades "manufacturing" in the shadow world secret government, which currently handles and springs largely economic and political world. However, it is necessary to control the thoughts of the masses, "killing" his critical sense. For this reason, the owners of the world launched a series of powerful institutions  in order to perform certain operations of psychological warfare against the population.


----------



## jrm@ (Aug 20, 2013)

Ladar Levison interview regarding closure of Lavabit
Nicholas Merrill interview and the story of his ISP, Calyx
James Bamford on NSA Secrets, Keith Alexanderâ€™s Influence & Massive Growth of Surveillance, Cyberwar


----------



## teckk (Aug 21, 2013)

*Make it harder for them.*

https://prism-break.org/


----------



## fonz (Aug 21, 2013)

Merged with one of the other threads. We've heard this song several times in quick succession now.


----------



## jrm@ (Aug 21, 2013)

There is no way to continue doing Groklaw


----------



## h3z (Aug 22, 2013)

*Windows 8 and the N.S.A.*

Windows 8 specific N.S.A. information.

http://www.businessinsider.com/leak...es-not-to-use-windows-8--links-the-nsa-2013-8


----------



## wblock@ (Aug 24, 2013)

NSA Admits: Okay, Okay, There Have Been A Bunch Of Intentional Abuses, Including Spying On Love Interests


----------



## teckk (Aug 24, 2013)

http://www.theguardian.com/world/2013/aug/23/nsa-prism-costs-tech-companies-paid


----------



## teckk (Aug 25, 2013)

http://www.reuters.com/article/2013/08/25/us-usa-security-nsa-idUSBRE97O08120130825


----------



## teckk (Sep 13, 2013)

Couple of days old but interesting. MITM attacks are illegal, criminals use them. Can we expect an arrest for this now that we know who did it? And the perp to loose all computer privileges for a few years?
http://news.cnet.com/8301-13578_3-57602701-38/nsa-disguised-itself-as-google-to-spy-say-reports/


----------



## drhowarddrfine (Sep 14, 2013)

I love articles like this. The accusations are based on a slide. The slide does nothing but show how a MITM attack could occur but does not say anything else. One of the articles says, "Google can't be happy about this!!" yet Google released this statement:


> Google provided a short statement to Mother Jones reporter Josh Harkinson in response to his questions on the matter: "As for recent reports that the US government has found ways to circumvent our security systems, we have no evidence of any such thing ever occurring.



In fact, one of the articles state the NSA may not have even been involved:


> It's not clear if the supposed attack in the Fantastico document was handled by the NSA or by its UK counterpart



Without bothering further, it appears all that is based on an article from a Brazilian newspaper that makes assumptions based on the slide but it's all conjecture. It's like claiming the US is planning a nuclear strike on a foreign country based on the fact that the US has such plans while ignoring that they are plans for defense and not intent to carry them out.

In the meantime, I still wake up in the morning. I go to work. I come home.


----------



## kpa (Sep 14, 2013)

MITM attacks are very hard to pull off (except on small scale) and are easily exposed when someone who knows what to look for becomes suspicious. Not a very credible story.


----------



## jrm@ (Sep 17, 2013)

It's no smoking gun, but the title of the document is "How the attack _was done_" and it has the label "Legitimate Google Servers".  If this document was actually authored at the NSA is surely seems like important evidence to me.


----------



## throAU (Sep 18, 2013)

kpa said:
			
		

> MITM attacks are very hard to pull off (except on small scale) and are easily exposed when someone who knows what to look for becomes suspicious. Not a very credible story.



Hmm.

My Steelhead device can MITM SSL traffic.  It has to in order to accelerate it.  I just need to install a certificate trusted by the end device on it.


----------



## tingo (Sep 18, 2013)

Same, same, but different. Any SSL proxy works by having one SSL session from the client to the proxy, and another session from the proxy to the server. And as you write, you need to have the correct certificate installed.


----------



## Crivens (Sep 18, 2013)

throAU said:
			
		

> Hmm.
> 
> My Steelhead device can MITM SSL traffic. It has to in order to accelerate it. I just need to install a certificate trusted by the end device on it.



Interesting that there is a turnkey ready device for this. Yes, I know that you need to do this in order to cache static parts of SSL websites, but one question : What happens if the end user does not trust the certificate you have? Can you still MITM him? Or does his connection simply not go trough?

Background: I regulary go through the list of certificates my browser thinks are OK and delete any I do not want/know/trust. So the list of trusted certificates and trusted connections is pretty limited in my case.


----------



## Savagedlight (Sep 18, 2013)

tingo said:
			
		

> Same, same, but different. Any SSL proxy works by having one SSL session from the client to the proxy, and another session from the proxy to the server. And as you write, you need to have the correct certificate installed.



That's not much of a problem to do if you have the ability to generate trusted certificates. Plenty of U.S. companies have this ability; is it then such a big leap for them to do this?


----------



## tingo (Sep 18, 2013)

Savagedlight said:
			
		

> That's not much of a problem to do if you have the ability to generate trusted certificates. Plenty of U.S. companies have this ability; is it then such a big leap for them to do this?



Well, you have to realize that the whole idea of SSL certificates is built on one core principle: *trust*. If you don't trust the parties in this (CAs, Certificate Issuers and so on) it doesn't work.


----------



## kpa (Sep 18, 2013)

Exactly. If it turns out that CAs have been generating bogus certificates for the NSA for MITM attack purposes we can say bye bye to the whole SSL/TLS system.


----------



## Danielsaan (Sep 18, 2013)

I was *recommended* (i.e. this is not my work, and I am *not* promoting it for others) to take a look at Convergence.io not so long ago. I am still working my way through the documentation, (such as it is), but it *seems* to have merits, in these days of out and out spying.

"Convergence allows you to choose who you want to trust, rather than having someone else's decision forced on you. You can revise your trust decisions at any time, so that you're not locked in to trusting anyone for longer than you want."


Best wishes

Daniel


----------



## throAU (Sep 19, 2013)

Crivens said:
			
		

> Interesting that there is a turnkey ready device for this. Yes, I know that you need to do this in order to cache static parts of SSL websites, but one question : What happens if the end user does not trust the certificate you have?



If it is signed by one of the major CAs, what reason would the end user have for refusing it?  His browser will check it out and trust it?

I'd say if it is POSSIBLE that the root CAs could issue bogus certs, then based on the strongarm tactics used by the NSA and other federal organisations with regards to goings-on on the internet (e.g., Dotcom) then we should assume that it has actually been going on for some time.



			
				kpa said:
			
		

> Exactly. If it turns out that CAs have been generating bogus certificates for the NSA for MITM attack purposes we can say bye bye to the whole SSL/TLS system.



Pretty much.  I'd suggest that the only way to be properly secure is to use your own CA infrastructure (don't trust the root CAs) and exchange certificates/keys out of band somehow (disc/etc. via snail mail or in person).

Of course that relies on the fact that your endpoints aren't backdoored and send the contents of their certificate/key store to the NSA, and that the RNG used to generate the keys is sound.  Which may or may not be the case.



edit:
Also pertinent (from 1999):  http://www.heise.de/tp/artikel/5/5263/1.html



> According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs that handles encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPU's with encrypted instruction sets already been deployed, we would have never found out about NSAKEY."


----------



## Crivens (Sep 19, 2013)

Well, it turns out that things can be really interesting...

Backdoor your OS? Why bother...


----------



## jrm@ (Sep 25, 2013)




----------



## teckk (Sep 29, 2013)

http://www.nytimes.com/2013/09/29/u...works-of-us-citizens.html?pagewanted=all&_r=0


----------



## RichardET (Oct 2, 2013)

I haven't been here in a while, missed this thread entirely!  My answer to all this is, "if everyone is so upset over this NSA leak, then why is Google still rising in wealth and popularity?" Apparently it's not really the "big deal" everyone ranting about it claims that it is. I still use Gmail, how about you?


----------



## Erratus (Oct 2, 2013)

I never trusted Gmail. But I stopped using email at all. Since then I saved a lot of money while not buying online anymore.


----------



## drhowarddrfine (Oct 3, 2013)

RichardET said:
			
		

> everyone ranting about it claims that it is.


Gives them something to do. Keeps them off the streets.


----------



## ronaldlees (Oct 3, 2013)

Goobie said:
			
		

> I'm not saying stick your neck out and ask, I'm saying its a pretty big building, you'd think they'd offer some explanation. Or, do you think people jut didn't even bother thinking about it? I already know I'm screwed when it comes to a thought police future, but I also figured a lot of people were in the same boat.



Actually, the purpose of that building (put in very generalized terms) has been in the mainstream press for over a year!

Of course, nobody paid any attention to that news, as usual.  There were never any comments after the articles.  Now suddenly, it's important.  We're just a bunch of nose ringers if you ask me ...


----------



## ronaldlees (Oct 3, 2013)

kpa said:
			
		

> Exactly. If it turns out that CAs have been generating bogus certificates for the NSA for MITM attack purposes we can say bye bye to the whole SSL/TLS system.



And you're not smoking any twirly weed there, my man.  Check out Bruce Schneier's blog for this issue.  You'll probably stop using the internet.


----------



## Erratus (Oct 4, 2013)

For those who prefer action films:
http://www.theguardian.com/world/2013/oct/03/lavabit-ladar-levison-fbi-encryption-keys-snowden

This one needs a closer look
http://www.theguardian.com/world/2013/oct/03/edward-snowden-files-john-lanchester
Do not click unless you are willing to spend a minimum of half an hour reading â€“ and probably you need some extra time for digesting.


----------



## Erratus (Oct 30, 2013)

RichardET said:
			
		

> I haven't been here in a while, missed this thread entirely! My answer to all this is, "if everyone is so upset over this NSA leak, then why is Google still rising in wealth and popularity?" Apparently it's not really the "big deal" everyone ranting about it claims that it is. I still use Gmail, how about you?


Do you still add to the wealth of the Googles & Co. ?

http://www.washingtonpost.com/world...166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1

Really no a big deal isn't it?


----------



## saxon3049 (Oct 31, 2013)

I think this (in the story above) covers the NSA / GCHQ attitude to their activities:


----------



## ronaldlees (Nov 1, 2013)

Crivens said:
			
		

> Well, it turns out that things can be really interesting...
> 
> Backdoor your OS? Why bother...



Interesting article.  Hardware is already a target, and I doubt it affects only the military.   I thought the article was VERY interesting.    There was a fictional novel written a few years back, that described a "world takeover".  Offshore electronics giants had conspired to turn everything off on a certain day.  All the chips stopped working, causing monumental turmoil, the collapse of world finance, and other things that comprised the action in the book.  I never read it - only read the promos.  Anybody remember the name?  

Maybe after the dust settled in such a scenario, things would be better? Nah.


----------



## Crivens (Nov 4, 2013)

Some nice side order to go with the backdooring of the hardware or "BadBios". Have fun.


----------



## ronaldlees (Nov 4, 2013)

Crivens said:
			
		

> Some nice side order to go with the backdooring of the hardware or "BadBios". Have fun.



OMH!!!  Really, I had always figured on the likelihood that hard disks were compromiseable with hacks utilizing the  disk controller's on-board processor(s).  But an ARM9!?  Coupled with a hack to install a custom linux kernel, triggered to  run in  the hard disk controller's ARM9 processor, and set about doing nefarious things! Amazing! Now I feel justified about my pocket full of bootable thumb drives ...


----------



## Crivens (Nov 6, 2013)

Last year's CCC congress had a talk describing how to create a USB device which can detect the OS it is connected to, or if it is being duplicated by dd or something equivalent and then serve different content.

This means that you *can not* check a memory stick for malware when it is connected to your (administrator) machine which is running something the hand picket target for the malware does not use. Sysadmins would check the device before allowing the PHB to connect it to some company equipment. Paranoid sysadmins would make a copy, check copy and stick, but would still not find the content which is pushed into the file system when the device is connected to some Windows machine (or MacOS, or...). Even using some $TARGET_OS in a virtual machine might not work as the timings would most likely be different.


----------



## Savagedlight (Nov 6, 2013)

Crivens said:
			
		

> Last year's CCC congress had a talk describing how to create a USB device which can detect the OS it is connected to, or if it is being duplicated by dd or something equivalent and then serve different content.
> 
> This means that you *can not* check a memory stick for malware when it is connected to your (administrator) machine which is running something the hand picket target for the malware does not use. Sysadmins would check the device before allowing the PHB to connect it to some company equipment. Paranoid sysadmins would make a copy, check copy and stick, but would still not find the content which is pushed into the file system when the device is connected to some Windows machine (or MacOS, or...). Even using some $TARGET_OS in a virtual machine might not work as the timings would most likely be different.



Sounds like the really paranoid sysadmins would make a complete copy onto hardware they trust, check that, and pass that along for use with the sensitive equipment.


----------



## da1 (Nov 6, 2013)

Crivens said:
			
		

> Last year's CCC congress had a talk describing how to create a USB device which can detect the OS it is connected to, or if it is being duplicated by dd or something equivalent and then serve different content.
> 
> This means that you *can not* check a memory stick for malware when it is connected to your (administrator) machine which is running something the hand picket target for the malware does not use. Sysadmins would check the device before allowing the PHB to connect it to some company equipment. Paranoid sysadmins would make a copy, check copy and stick, but would still not find the content which is pushed into the file system when the device is connected to some Windows machine (or MacOS, or...). Even using some $TARGET_OS in a virtual machine might not work as the timings would most likely be different.



Sounds interesting. Do you have any evidence to support this?


----------



## ronaldlees (Nov 6, 2013)

da1 said:
			
		

> Sounds interesting. Do you have any evidence to support this?



In Criven's link to the badbios research, it more or less describes the scenario.  The researcher has not yet revealed the data to many others, excepting for a bios dump, and so there is some skepticism.  Regardless of skepticism, the news prompted me to look at USB storage, in general.  People (including myself) tend to look at new memory sticks as being benign.  Yet - typical sticks possess ARM9 processors running at about 180Mhz, and utilizing half a meg of various types of (system used) memory.  When you plug your USB stick into your computer, you're really connecting a computer to a computer.  Gives one pause, if one has always been of the ilk to gloss over any impact from the little things (guilty).

I went looking on the vendor's sites for software to reset original state of the little critters, but such software seemed disappointingly missing from them.   Yet, offers of such software can be found on  "free software" sites unending, and kept in the repositories at (seemingly, to this casual observer) "malware look and feel" domains ...


----------



## Crivens (Nov 6, 2013)

da1 said:
			
		

> Sounds interesting. Do you have any evidence to support this?



The 27c3 video feeds contain one entry about backdooring embedded controllers. This might to be considered when thinking about the BadBIOS thing. 

The 29C3 contains, for example, one talk about breaking the cisco phones. So no suprise there, this is public knowledge. But the talk about the USB devices is also in the 29C3, here.

Sadly I have not enough time to view it all, but one can try.


----------



## ronaldlees (Nov 7, 2013)

From: twitter/dragosr



> "I've been going through about $300 in USB sticks a week isolating this. :-( they've become use once devices for me"



The author makes mention of a plane flight and something about "packing up forensics" - so maybe there will be some disclosure upcoming ...


----------



## Erratus (Nov 23, 2013)

Global Hacker Contest: Aaand the winner iiiis... [Daemons: please don't edit this!] 
http://www.nrc.nl/nieuws/2013/11/23/nsa-infected-50000-computer-networks-with-malicious-software/

The Dutch hacker groups (with a range of IT skills)- AIVD and MIVD â€“ "have displayed interest in hacking". Ha! But their new boygroup is prohibited by law from performing the type of operations carried out by the NSA as Dutch law does not allow this type of Internet searches. They should have known this, as my mom always said: "Boy! Do not hack! Hacking is illegal."


----------



## drhowarddrfine (Nov 23, 2013)

Wait a minute. Hardware back doors were supposed to be the area the Chinese were involved in. I don't think they're going to be happy if the NSA is in there, too. This could cause an international incident! Maybe the UN needs to get involved.


----------



## Erratus (Nov 23, 2013)

For visualizing government driven cyber threat in expressive, flexible, and as human-readable as possible way STIX is a collaborative community-driven effort to define and develop a standardized language to represent structured cyber threat information. For reflecting the latest developments have this slide handy for your presentations:


----------



## tzoi516 (Nov 23, 2013)

Do you have a bigger picture?


----------



## Erratus (Nov 23, 2013)

Have fun!


----------



## teckk (Nov 26, 2013)

http://www-nc.nytimes.com/2013/11/26/te ... tml?=_r=6&
http://www.theregister.co.uk/2013/11/25/nsa_botnet/
http://rt.com/usa/snowden-leak-expand-s ... -goal-185/
http://www.reuters.com/article/2013/11/ ... Y120131125
http://www.mcclatchydc.com/2013/11/25/2 ... rylink=cpy


----------



## teckk (Dec 31, 2013)

http://www.zerohedge.com/news/2013-12-3 ... opout-jeep

http://www.zerohedge.com/news/2013-12-2 ... s-revealed


----------



## rusty (Dec 31, 2013)

Singling out Jason Applebaum's superb talk at 30c3 (due to FreeBSD being mentioned in slides) - http://www.youtube.com/watch?v=vILAlhwUgIU

Some awesome speeches regarding government activities and abilities, quite disconcerting - http://www.youtube.com/user/CCCen/videos


----------



## drhowarddrfine (Dec 31, 2013)

Does anyone have any links to current Chinese activities? Or England? Or Russia? Or Japan? Or Australia? Or France? 

I know they are all very active doing exactly the same thing and there must be a blizzard of covert activity while everyone else is focused on the NSA.

What I don't understand is, how did people find out all those information now, that they never had before, about the most secret organization in the world? And I'm not talking about any Snowden stuff. Hmm.


----------



## tzoi516 (Dec 31, 2013)

I think the point is those other countries it's a given because of their societal structure, but in the "land of the free" our information is being collected and retained (constitutional violation) without our consent.


----------



## drhowarddrfine (Jan 1, 2014)

Ok. It's situation normal for them and they're used to it. So how come so many non-US citizens are posting about it here? It should be just, meh, to them but they're complaining. I just don't get it.

Is this the same FreeBSD forum where I can bring up Al-qaeda activities and terrorist plots?


----------



## sossego (Jan 1, 2014)

Look up Pulitzer and the Yellow Kid. Objectivity exists where balance must be watched like some mad quantum mechanic's puzzle. Culture norms constantly differentiate yet the standard remains as "clouded within the individual's own perception." As humans, we have the tendency to believe that our individual perceptions and experiences constitute more of the truth than any others' around us. We exist on this world along with a vast number of other people, animals - of which we are, plants, and everything else I have missed. 

We walk about blind and oblivious to those around us. What do we really share when it comes to emotions or experience? Neither I nor you can interfere into another's life without becoming a part of it. Perception is the mirror of desire and within it, we can see/view/perceive the possible reasons another would take such actions. Cultures differ to the point that they can be nicknamed as genres.

In those other places, they have been conditioned - as have/are we - to act and react a certain way. To break this standard procedure and be independent of the socio-culturoi-political grade means causing havok before a moment of growth. Perhaps there are similar people waiting in those places ready to speak for themselves. And perhaps we keep forgetting that we are not the only ones on this planet in this universe.


----------



## tzoi516 (Jan 2, 2014)

drhowarddrfine said:
			
		

> So how come so many non-US citizens are posting about it here? It should be just, meh, to them but they're complaining. I just don't get it.



My personal opinion on this is because Americans are perceived to be arrogant. Who doesn't root for the arrogant to be taken down a peg?


----------



## Crivens (Jan 2, 2014)

tzoi516 said:
			
		

> drhowarddrfine said:
> 
> 
> 
> ...



To make his point a bit more clear - the point itself is correct - let me add to this from the viewpoint as one of these non-US citizen.

These non-US citizents, which are a huge majority of the affected people, do not like to be sniffed at more than you would do. Any other nation doing the same is smart enough not to be caught with the pants down or is polite enough to apologize and then continue a bit more discreet. But the official statements from the US (or more precisely, the Powers That Be there) are arrogant indeed. 

You, as a US citizen, might be considered arrogant by association - colateral damage, so to speak. I do not consider US citizens as arrogant by default, but sometimes they create that impression on their own 

Well, now you whould all know that the NSA not only spies on the evils outside of the "land of the brave" but also tracks you where they can. Get used to it, it is already "situation normal" for you as well. Spooks simply don't care about laws, or the constitution, or any other law anywhere.


----------



## throAU (Jan 2, 2014)

tzoi516 said:
			
		

> I think the point is those other countries it's a given because of their societal structure, but in the "land of the free" our information is being collected and retained (constitutional violation) without our consent.



No.

Australia (where I live) and the UK have people who have been just as duped as you guys are, we just haven't had a Snowden go rogue here yet, so we don't have concrete info to leak.  But there is no doubt that it is going on.

The US / NSA is copping all the flack because GCHQ and DSD (Australia) are just lap dogs for the NSA anyway - the governments of the US/UK/AU are all just puppets no doubt, the real leadership is no doubt out of the spotlight controlling the NSA.  In fact one thing I read recently about the US for example is that when you're in an official state of war, the shadow government (i.e., secret, so they can't be taken out) is activated.  Don't you still have an official "war on terror" going on?  Obama (or whoever else wins next time) is just a sideshow.

Australia has been in the news recently actually for spying on the Indonesian government in a similar manner to how the NSA targeted Merkel.


----------



## drhowarddrfine (Jan 2, 2014)

@throAU That's exactly the point I'm making.


----------



## throAU (Jan 14, 2014)

No doubt some will dismiss this as tinfoil hat stuff, but I'd wager there's more truth in here than some are willing to accept:

http://www.constitution.org/shad4816.htm

Note:  written in 1994.


----------



## Crivens (Jan 14, 2014)

No tin foil hat alert here. Simply look at the flags of the East India trading company and draw your own conclusions.


----------



## throAU (Jan 14, 2014)

Hah.

Well I never...

http://en.wikipedia.org/wiki/East_India_Company


----------



## Crivens (Jan 14, 2014)

Spooky, ain't it?
Hidden in plain sight.


----------



## DutchDaemon (Jan 14, 2014)

We don't do political and/or speculation stuff on here, or this gets locked. Stay factual.


----------

