Tag Archives: DEA

NSA using Firefox flaw to snoop on Tor users

NSA using Firefox flaw to snoop on Tor users

Good news / Bad news in latest Snowden leak

 

The Register / UKby Iain Thomson
October 3, 2013

 

NSA using Firefox flaw to snoop on Tor users
NSA using Firefox flaw to snoop on Tor users

 

 

An NSA presentation released by Edward Snowden contains mixed news for Tor users. The anonymizing service itself appears to have foxed US and UK government snoops, but instead they are using a zero-day flaw in the Firefox browser bundled with Tor to track users.

“These documents give Tor a huge pat on the back,” security guru Bruce Schneier told The Register. “If I was a Tor developer, I’d be really smiling after reading this stuff.”

The PowerPoint slide deck, prepared in June last year and entitled “Tor stinks”, details how the NSA and the UK’s Government Communications Headquarters (GCHQ) have been stymied by trying to track Tor users, thanks to the strength of the open source system.

“We will never be able to de-anonymize all Tor users all the time,” the presentation states. “With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user.”

The presentation says that both the NSA and GCHQ run Tor nodes themselves (the Brits use Amazon Web Services for this under a project entitled Newton’s Cradle), but these are only a very small number in comparison to the whole system. This makes tracking users using traditional signals-intelligence methods impossible.

There’s also a case of diminishing returns as Tor becomes more popular. With each user acting as a transport node, the sheer scale of the system means it becomes steadily more difficult for the intelligence community to run enough nodes to be useful for tracking.

The agencies have also tried to use “quantum” cookies to track targets who are using Tor. Some cookies appear to persist after Tor sessions, the presentation notes, and the agencies are investigating if this can be developed into a working tracking system.

A separate leaked document from GCHQ, published in the Washington Post, gives an indication of how this could be done. Operation Mullenize is a technique for “staining” individual user’s computers with trackable code, and is now being rolled out after a year of development. Over 200 stains were injected onto systems in two months last year, the report notes.

There are also indications that the NSA had been trying to influence the design of Tor to make it more crackable, a somewhat Kafkaesque approach given that Tor is primarily funded by the US government itself to provide anonymity to internet users operating under repressive governments.

The NSA has been accused of this before, having been said to be deliberately weakening NIST encryption standards. But Schneier said in the case of Tor, the agency appears to have had little luck.

“It’s harder than you think to sneak stuff in,” Schneier said. “If you show up and say ‘Here, I’ve got some Tor code!’ I don’t think you’re going to get it in. As far as we know, they’ve had no success doing that.”

But documents shown the The Guardian by Snowden indicate that the intelligence organizations have also been trying sneakier methods in a delightfully named attack dubbed EgotisticalGiraffe. This targets the software that is bundled with Tor, specifically version 17 of the Firefox browser which was vulnerable to a zero-day attack.

It’s an attack vector that was adopted by the hacking community after operating system vendors started getting smarter about security, and which spawned a rash of attacks against third-party software such as Java and Adobe Reader. Now the NSA is using the same methods to track and crack Tor users.

“It should hardly be surprising that our intelligence agencies seek ways to counteract targets’ use of technologies to hide their communications,” the NSA told the paper in a statement.

“Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.”

Mozilla has now fixed the Firefox flaw used in EgotisticalGiraffe, but it seems likely that a fair few Tor users won’t have updated their software as often as they should and may still be vulnerable. But Cindy Cohn, legal director of the Electronic Frontier Foundation, told The Register that the methods used by the NSA and GCHQ were immensely worrying.

“They are using the kind of techniques that federal prosecutors send people to jail for decades for using,” she said. “These are tools that are criminal, and I’m still wondering what’s the authority? What kind of authority are they claiming that they can do this?”

Cohn said the courts need to know how data is being collected before warrants are issued. She pointed out that the NSA has already been fingered for passing information to the Drug Enforcement Agency and the Internal Revenue Service, which then covered up where they got their data from.

“You really have to question if there is a rule of law anymore?” Cohn said.

“If the government gets to essentially burn down your house because it thinks you’re engaging in illegal activity and then hide the fact by pretending there was an arsonist around at some point, it’s not a lawful situation,” she said. “There’s a fundamental thing that’s being lost here for an allegedly self-governing country.”

Direct Link:  http://www.theregister.co.uk/2013/10/04/nsa_using_firefox_flaw_to_snoop_on_tor_users/

Apparently They Are Looking! N.S.A. Said to Search Content of Messages to and From U.S.

N.S.A. Said to Search Content of Messages to and From U.S.

 

The New York Times
by Charlie Savage
August 8, 2013

 

WASHINGTON —

The National Security Agency is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country, hunting for people who mention information about foreigners under surveillance, according to intelligence officials.

The N.S.A. is not just intercepting the communications of Americans who are in direct contact with foreigners targeted overseas, a practice that government officials have openly acknowledged. It is also casting a far wider net for people who cite information linked to those foreigners, like a little used e-mail address, according to a senior intelligence official.

Read the full article at… Direct Link:  http://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html?pagewanted=1&_r=0&nl=todaysheadlines&emc=edit_th_20130808

THE MACHINE LIVES!: All the Infrastructure a Tyrant Would Need, Courtesy of Bush and Obama

All the Infrastructure a Tyrant Would Need, Courtesy of Bush and Obama

More and more, we’re counting on having angels in office and making ourselves vulnerable to devils.

The Atlantic
by Conor Friedersdorf
June 7, 2013

 

All the Infrastructure a Tyrant Would Need, Courtesy of Bush and Obama
All the Infrastructure a Tyrant Would Need, Courtesy of Bush and Obama

 

Let’s assume that George W. Bush, Dick Cheney, Barack Obama, Joe Biden, their staffers, and every member of Congress for the last dozen years has always acted with pure motives in the realm of national security. Say they’ve used the power they’ve claimed, the technology they’ve developed, and the precedents they’ve established exclusively to fight al-Qaeda terrorists intent on killing us, that they’ve succeeded in disrupting what would’ve been successful attacks, and that Americans are lucky to have had men and women so moral, prudent, and incorruptible in charge.

Few Americans believe all of that to be so. Combining the people who didn’t trust Bush and the ones who don’t trust Obama adds up to a sizable part of the citizenry. But even if all the critics were proved wrong, even if the CIA, NSA, FBI, and every other branch of the federal government had been improbably filled, top to bottom, with incorruptible patriots constitutionally incapable of wrongdoing, this would still be so: The American people have no idea who the president will be in 2017. Nor do we know who’ll sit on key Senate oversight committees, who will head the various national-security agencies, or whether the moral character of the people doing so, individually or in aggregate, will more closely resemble George Washington, Woodrow Wilson, FDR, Richard Nixon, Ronald Reagan, John Yoo, or Vladimir Putin.

What we know is that the people in charge will possess the capacity to be tyrants — to use power oppressively and unjustly — to a degree that Americans in 1960, 1970, 1980, 1990, or 2000 could’ve scarcely imagined. To an increasing degree, we’re counting on having angels in office and making ourselves vulnerable to devils. Bush and Obama have built infrastructure any devil would lust after. Behold the items on an aspiring tyrant’s checklist that they’ve provided their successors:

  • A precedent that allows the president to kill citizens in secret without prior judicial or legislative review
  • The power to detain prisoners indefinitely without charges or trial
  • Ongoing warrantless surveillance on millions of Americans accused of no wrongdoing, converted into a permanent database so that data of innocents spied upon in 2007 can be accessed in 2027
  • Using ethnic profiling to choose the targets of secret spying, as the NYPD did with John Brennan’s blessing
  • Normalizing situations in which the law itself is secret — and whatever mischief is hiding in those secret interpretations
  • The ability to collect DNA swabs of people who have been arrested even if they haven’t been convicted of anything
  • A torture program that could be restarted with an executive order


Even if you think Bush and Obama exercised those extraordinary powers responsibly, what makes you think every president would? How can anyone fail to see the huge potential for abuses?

I am not saying no one would resist a tyrant. Perhaps Congress would assert itself. Perhaps the people would rise up. Then again, perhaps it would be too late by the time the abuses were evident. (America has had horrific abuses of power in the past under weaker executives who were less empowered by technology; and numerous other countries haven’t recognized tyrants until it was too late.) Part of the problem is how much the Bush-Obama paradigm permits the executive to do in secret. Take that paradigm, add another successful 9/11-style attack, even after many years of very little terrorism, and who knows what would happen?

No one does.

That’s because we’re allowing ourselves to become a nation of men, not laws. Illegal spying? Torture? Violating the War Powers Resolution and the convention that mandates investigating past torture?

No matter. Just intone that your priority is keeping America safe. Don’t like the law? Just get someone in the Office of Legal Counsel to secretly interpret it in a way that twists its words and betrays its spirit.

You’ll never be held accountable.

This isn’t a argument about how tyranny is inevitable. It is an attempt to grab America by the shoulders, give it a good shake, and say: Yes, it could happen here, with enough historical amnesia, carelessness, and bad luck. We’re not special. Our voters won’t always pick good men and women to represent us. Some good women will be corrupted by power, and some bad men will slip through. Other democracies have degraded into quasi-authoritarian states; they didn’t expect that to happen until it was too late to stop. We have safeguards to prevent us from following in their footstep. Stop casting them off because you fear al-Qaeda. Stop tempting fate.

Stop acting like the president takes an oath to keep us safe, when his job is to protect and defend the Constitution. Doing so keeps the American project safe. Past generations fought monarchies, slaveholders, and Nazis to win, expand, and protect that project. And we’re so risk-averse — not that we’re actually minimizing risk — that we’re “balancing” the very rights in our Constitution against a threat with an infinitesimal chance of killing any one of us? That makes about as much sense as the 5,000 American lives lost when the same ruling class that built the national-security state found it prudent to preempt a perceived threat from Iraq. And we still trust them?

“We have suffered several thousand casualties from 9/11 through today. Suppose we had a 9/11-level attack with 3,000 casualties per year every year. Each person reading this would face a probability of death from this source of about 0.001% each year,” Jim Manzi once pointed out at National Review. This is why we’re letting the government build an Orwellian spy state more sophisticated than any in history?

Manzi went on:

To demand that the government “keep us safe” by doing things out of our sight that we have refused to do in much more serious situations so that we can avoid such a risk is weak and pathetic.

He was speaking of torture, but the logic applies more generally.

I am not saying that terrorism poses no threat — of course it does. Of course we ought to dedicate substantial resources to preventing all the attacks that can be stopped without violating our founding documents, laws, values, or sense of proportion. For the national-security state, loosed of the Constitution’s safeguards, is a far bigger threat to liberty than al-Qaeda will ever be. Vesting it with more power every year — expanding its size, power, and functions in secret without any debate about the wisdom of the particulars — is an invitation to horrific abuses, and it renders the concept of government by the people a joke. The ruling class is trying to keep us ignorant of what it’s doing on behalf of us, because it doesn’t want us to object!

You’d think, listening to those who defend the national security state’s expansion, that the excesses detailed in the Church Committee report never happened; that the horrific abuses of our own era never happened; that the FBI and the CIA have unblemished records respecting the rights of Americans. In fact, America always overestimates its ability to anticipate and preempt abuses.

Yet Americans think they’re special. If you doubt that, ask yourself what the average American would say if they heard about China pulling call records on millions of innocent Chinese people.

“Those authoritarian Communists.”

We go easier on our own.

America has stepped back from the brink in the past when wars ended. But we’ve never had a “war” go on this long — and there’s no end in sight. It’s time for the people to pressure their elected representatives, so that, through Congress, we can dismantle the infrastructure Bush and Obama have built. In less than four years, an unknown person will start presiding over the national-security state. He or she will be an ambitious power seeker who will guiltlessly misrepresent his or her character to appeal to different voters, lie countless times on the campaign trail, and break numerous promises while in office. That’s a best-case scenario that happens every time!

For once, let’s preempt that threat.

Direct Link:  http://www.theatlantic.com/politics/archive/2013/06/all-the-infrastructure-a-tyrant-would-need-courtesy-of-bush-and-obama/276635/

The 1993 World Trade Center bombers: Where are they now?

The 1993 World Trade Center bombers: Where are they now?

CBS News
by Joshua Norman
February 26, 2013

 

A police photographer adjusts a light at the edge of the crater in an underground parking garage at the World Trade Center February 28, 1993.

A police photographer adjusts a light at the edge of the crater in an underground parking garage at the World Trade Center February 28, 1993. 
/ Getty Images

 

On Feb. 26, 1993, an ugly new phase of terrorism was ushered in when Jordanian Eyad Ismoil drove Kuwaiti Ramzi Yousef and a 1,300-pound nitrate-hydrogen gas enhanced bomb also stuffed with cyanide into the parking garage below the World Trade Center in Manhattan.

Yousef lit a 20-foot fuse, and the two fled quickly enough to evade immediate capture by authorities. The bomb killed six people and injured more than 1,000 that day.

When the bomb went off, their goal of bringing down the Twin Towers failed, but the event was the first in a continuing string of indiscriminate attacks on civilians by terrorists designed solely to kill as many as possible.

1993 World Trade Center, bombers, ramzi yousef
The seven men convicted for the 1993 World Trade Center bombing in New York City

/ FBI.gov

By 1997, seven men had been convicted for the attack: Yousef, Ismoil, Egyptian Mahmud Abouhalima, Palestinian Mohammad Salameh, Kuwaiti Nidal A. Ayyad, Iraqi Abdul Rahman Yasin and Palestinian Ahmad Ajaj. Only six of them, however, had been caught.

The one thing that bound them all was a radical Egyptian cleric, Omar Abdel Rahman, a blind sheik who had once set up shop in Jersey City, New Jersey. Rahman was ultimately convicted of masterminding several attacks — some carried out, some not — on American interests.

Khalid Sheikh Mohammed holds up a piece of paper during a court recess at a military tribunal pretrial hearing at the Guantanamo Bay Naval Base in Cuba, Oct. 15, 2012, in this picture of a sketch by courtroom artist Janet Hamlin and reviewed by the U.S. Department of Defense.
Khalid Sheikh Mohammed holds up a piece of paper during a court recess at a military tribunal pretrial hearing at the Guantanamo Bay Naval Base in Cuba, Oct. 15, 2012, in this picture of a sketch by courtroom artist Janet Hamlin and reviewed by the U.S. Department of Defense.
/ AP Photo/Janet Hamlin

Rounding out the circle of plotters is the infamous Khalid Sheikh Mohammed, who is not only Yousef’s uncle, but also later claimed to be the mastermind of the 9/11 attacks which ultimately brought the Twin Towers down. Mohammed gave Yousef advice, tips, and cash in the run up to the 1993 bombing.

Five of the seven main bombers are serving life sentences in the federal Supermax prison in Florence, Colo.

Yousef is currently suing for more human contact after 15 years in prison. According to the Los Angeles Times, he wrote to the warden: “I request an immediate end to my solitary confinement and ask to be in a unit in an open prison environment where inmates are allowed outside their cells for no less than 14 hours a day.”

Nidal Ayyad, an alleged Rutgers University graduate, is apparently serving his life sentence in a federal penitentiary in Terre Haute, Indiana

Abdul Yasin was tracked down by “60 Minutes” in May of 2002 in an Iraqi facility outside of Baghdad. He had successfully fled the U.S. after the 1993 bombing and remained high on the most-wanted list the entire time.

Yasin, 40 at the time, expressed regret to Leslie Stahl about the bombing and claimed he was talked into it by his fellow bombers, whom he met for the first time while living in Jersey City.

“[Yousef and Salameh] used to tell me how Arabs suffered a great deal and that we have to send a message that this is not right … to revenge for my Palestinian brothers and my brothers in Saudi Arabia,” Yasin told Stahl. He added that they also prodded him about being an Iraqi who should avenge the defeat of Iraq in the Gulf War.

The “60 Minutes” interview is likely the last time any Westerner officially spoke to Yasin, who by all accounts remains on the lam to this day.

Khaled Sheikh Mohammed is currently on trial in Guantanamo Bay for his role in the 9/11 attacks. Mohammed is kept under such heavy security that his lawyers can’t even reveal routine conversations with their client. Prosecutors are seeking the death penalty.

Blind sheik Omar Abdel-Rahman sits and prays inside an iron cage at the opening of court session in Cairo Aug. 6, 1989.
Blind sheik Omar Abdel Rahman sits and prays inside an iron cage at the opening of court session in Cairo Aug. 6, 1989.
/ AFP/Getty Images

The true “celebrity” of the attacks, for lack of a better term, is the so-called “Blind Sheik,” Omar Abdel Rahman. His name and his teachings are repeatedly invoked by jihadists and conservative Muslims the world over as inspiration.

In September 2003, he was transferred from the federal Supermax prison in Colorado to a medical prison in Springfield, Mo., after officials said Rahman might lose his limbs to diabetes.

Militants who attacked the Ain Amenas gas field in the Sahara in January of this year had offered to release two of the three Americans eventually killed in the attack in exchange for the freedom of Rahman and Aafia Siddiqui, a Pakistani scientist convicted of shooting at two U.S. soldiers in Afghanistan. The Obama administration rejected the offer outright.

Al Qaeda’s current leader, Ayman Al-Zawahri, has repeatedly invoked Rahman as a reason for kidnapping and killing Westerners. In an undated two-hour videotape posted last October on militant forums, he said that abducting nationals of “countries waging wars on Muslims” is the only way to free “our captives, and Sheik Omar Abdel Rahman.”

Even more moderate Muslims appear to revere the Blind Sheik. In his first public speech last June addressing tens of thousands of mostly Islamist supporters, Egypt’s then-president-elect Mohammed Morsi vowed to free Rahman.

The U.S. has not budged in its refusal to consider freeing Rahman in any negotiations so far, so it is highly unlikely Morsi will succeed.

 

Related Links:

Direct Link:  http://www.cbsnews.com/8301-201_162-57571334/the-1993-world-trade-center-bombers-where-are-they-now/

Court OKs warrantless use of hidden surveillance cameras

Court OKs warrantless use of hidden surveillance cameras

In latest case to test how technological developments alter Americans’ privacy, federal court sides with Justice Department on police use of concealed surveillance cameras on private property.

 

C/NET News
by DeClan McCullagh
October 30, 2012

 

Warrantless Government Surveillance

 

Police are allowed in some circumstances to install hidden surveillance cameras on private property without obtaining a search warrant, a federal judge said yesterday.

CNET has learned that U.S. District Judge William Griesbach ruled that it was reasonable for Drug Enforcement Administration agents to enter rural property without permission — and without a warrant — to install multiple “covert digital surveillance cameras” in hopes of uncovering evidence that 30 to 40 marijuana plants were being grown.

This is the latest case to highlight how advances in technology are causing the legal system to rethink how Americans’ privacy rights are protected by law. In January, the Supreme Court rejected warrantless GPS tracking after previously rejecting warrantless thermal imaging, but it has not yet ruled on warrantless cell phone tracking or warrantless use of surveillance cameras placed on private property without permission.

Yesterday Griesbach adopted a recommendation by U.S. Magistrate Judge William Callahan dated October 9. That recommendation said that the DEA’s warrantless surveillance did not violate the Fourth Amendment, which prohibits unreasonable searches and requires that warrants describe the place that’s being searched.

“The Supreme Court has upheld the use of technology as a substitute for ordinary police surveillance,” Callahan wrote.

Two defendants in the case, Manuel Mendoza and Marco Magana of Green Bay, Wis., have been charged with federal drug crimes after DEA agent Steven Curran claimed to have discovered more than 1,000 marijuana plants grown on the property, and face possible life imprisonment and fines of up to $10 million. Mendoza and Magana asked Callahan to throw out the video evidence on Fourth Amendment grounds, noting that “No Trespassing” signs were posted throughout the heavily wooded, 22-acre property owned by Magana and that it also had a locked gate.

 

U.S. Attorney James Santelle, who argued that warrantless surveillance cameras on private property “does not violate the Fourth Amendment.” (Credit: U.S. Department of Justice)

Callahan based his reasoning on a 1984 Supreme Court case called Oliver v. United States, in which a majority of the justices said that “open fields” could be searched without warrants because they’re not covered by the Fourth Amendment. What lawyers call “curtilage,” on the other hand, meaning the land immediately surrounding a residence, still has greater privacy protections.

“Placing a video camera in a location that allows law enforcement to record activities outside of a home and beyond protected curtilage does not violate the Fourth Amendment,” Justice Department prosecutors James Santelle and William Lipscomb told Callahan.

As digital sensors become cheaper and wireless connections become more powerful, the Justice Department’s argument would allow police to install cameras on private property without court oversight — subject only to budgetary limits and political pressure.

About four days after the DEA’s warrantless installation of surveillance cameras, a magistrate judge did subsequently grant a warrant. But attorneys for Mendoza and Magana noticed that the surveillance took place before the warrant was granted.

“That one’s actions could be recorded on their own property, even if the property is not within the curtilage, is contrary to society’s concept of privacy,” wrote Brett Reetz, Magana’s attorney, in a legal filing last month. “The owner and his guest… had reason to believe that their activities on the property were not subject to video surveillance as it would constitute a violation of privacy.”

A jury trial has been scheduled for January 22.

 

Direct Link:  http://news.cnet.com/8301-13578_3-57542510-38/court-oks-warrantless-use-of-hidden-surveillance-cameras/