The US National Security Agency (NSA) snoops on people by accessing user data from smart phones manufactured by all companies, new documents reveal. American spies can tap into iOS, Android, and even BlackBerry systems.
The US spying agency can get access to such data as contact lists, SMS traffic, notes and location information about where a user has been, said the documents obtained by Der Spiegel.
Continue after the break.
The NSA has reportedly been most successful in accessing iPhone user data, and at times has been able to hack into the computer used to sync with the mobile device. This allows the agency to run a mini-program dubbed “scripts,” which enables additional access to at least 38 more iPhone features.
According to the newspaper, the American spy agency also has set up special working groups to deal with each operating system.
NSA also got into the BlackBerry’s mail system, which is known to be extremely secure.
Company officials refused to comment on the new leak: "It is not for us to comment on media reports regarding alleged government surveillance of telecommunications traffic" adding that they have not built a “back door pipeline” into the system.
The material viewed by Der Spiegel suggests that the spying on smart phones has been targeted in some cases in an individually tailored manner and without the knowledge of the smart phone companies.
Thousands in German anti-NSA protest
Thousands took to the streets in Berlin Saturday in protests against Internet surveillance activities by the US National Security Agency and other intelligence agencies, and the German government's perceived lax reaction to them.
Organisers, among them the opposition Greens, The Left and Pirates parties, said 20,000 people turned out. Police would not confirm the figure, saying only their "tally differs from that of the organisers".
The protest was organised under the slogan "Freedom Rather Than Fear" and demonstrators carried banners saying: "Stop spying on us" and, more sarcastically: "Thanks to PRISM (the US government's vast data collection programs) the government finally knows what the people want".
"Intelligence agencies like the NSA shamelessly spy on telephone conversations and Internet connections worldwide (and) our government, one of whose key roles is the protection from harm, sends off soothing explanations," said one speaker, Kai-Uwe Steffens.
On Thursday, newly leaked documents alleged that US and British intelligence agencies have cracked the encryption that secures a wide range of online communications - including emails, banking transactions and phone conversations.
The documents provided by former US intelligence contractor Edward Snowden to The New York Times, ProPublica and The Guardian suggest that the spy agencies are able to decipher data even with the supposedly secure encryption designed to make it private.
New Snowden documents say US, British spy agencies crack web encryption
US and British intelligence agencies have cracked the encryption that secures a wide range of online communications including emails, banking transactions and phone conversations, according to newly leaked documents.
The documents provided by former US intelligence contractor Edward Snowden to The New York Times, ProPublica and The Guardian suggest that the spy agencies are able to decipher data even with the supposedly secure encryption to make it private.
The US National Security Agency, working with its British counterpart, GCHQ, accomplished the feat by using supercomputers, court orders, and some cooperation from technology companies, the documents indicate.
If the reports are accurate, the highly secretive program would defeat much of the protection that is used to keep data secure and private on the Internet, from emails to chats to communications using smartphones.
The Times and ProPublica cited an intelligence document saying the NSA spends more than $250 million a year on its "Sigint Enabling Project," which "actively engages the US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs" to make them "exploitable."
It is unclear from the articles how often technology companies voluntarily agreed to allow covert access to their offerings through back doors and how often the NSA compelled them to do so through secret court orders.
The New York Times and ProPublica said they were asked not to publish their findings by intelligence officials who argued that their foreign targets might switch to newer forms of encryption or communications if the NSA tactics were revealed.
"Some specific facts" were removed, the New York Times said. The articles do not say which mainstream encryption systems have been effectively broken.
The undertaking, codenamed Bullrun, followed the abandonment in 1990s of a US effort to force back doors into services through what was called the Clipper Chip.
Back doors in software or hardware allow for access that is typically unseen by the user.
Because the NSA has great expertise and is charged with protecting US assets as well as spying electronically, it has been a frequent contributor to public processes for choosing security techniques. That could now come to a halt.
The disclosure that the NSA succeeded in subverting some unspecified processes for setting security standards is likely to enrage those who were willing to allow the defensive experts from the agency to participate in vetting proposals.
Previous disclosures by Snowden included an order from the Foreign Intelligence Surveillance Court, which meets in secret, compelling phone company Verizon Communications Inc to turn over all records showing which US numbers called which.
A small seller of encrypted email services that Snowden used, Lavabit LLC, shut down last month rather than comply with secret order that it said would impact all of its users.
"Without Congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States," owner Ladar Levison wrote at the time.
Since then, some privacy activists gave pointed to language in the amended Foreign Intelligence Surveillance Act that requires recipients of US demands to "immediately provide the government with all information, facilities, or assistance necessary to accomplish the acquisition" of targeted communications.
"Assistance" could be construed to include decryption, said Caspar Bowden, a former chief policy advisor to Microsoft. In other cases, decryption keys may be stolen. Some cyber attacks overseas attributed to the United States have used purloined SSL certificates to falsely authenticate malicious software as legitimate.
Thursday's stories are the first to be produced by the three-way partnership struck after the British government threatened the Guardian with legal action unless it destroyed copies of materials leaked by Snowden.
The Guardian did destroy computers in London containing the material, but also advised senior UK officials that copies of the documents had been sent to media outside Britain.
US intelligence officials had no immediate comment on the stories.
Extremist groups try to infiltrate US intelligence - report
Al-Qaeda and other hostile groups have repeatedly sought to infiltrate US intelligence agencies, which are investigating thousands of their employees to counter the threat.
The CIA found that about a fifth of job applicants with suspect backgrounds had "significant terrorist and/or hostile intelligence connections," the Washington Post reported Monday citing a classified budget document.
The document was provided to the paper by former National Security Agency contractor Edward Snowden, now a fugitive in Russia under temporary asylum.
Although the file did not describe the nature of the jobseekers' extremist or hostile ties, it cited Hamas, Hezbollah and Al-Qaeda and its affiliates most often.
The fear of infiltration is such that the NSA planned last year to investigate at least 4,000 staff who obtained security clearances.
The NSA detected potentially suspicious activity among staff members after trawling through trillions of employee keystrokes at work.
The suspicious behavior included staffers accessing classified databases they do not usually use for their work or downloading several documents, two people familiar with the software used to monitor staff told the Post.
But serious delays and uneven implementation have hit the multimillion-dollar effort, and the spy agencies never detected Snowden copying a wide range of the NSA's highly classified documents.
The fugitive leaker is wanted by Washington on espionage charges linked to media disclosures about US surveillance programs.
"Over the last several years, a small subset of CIA's total job applicants were flagged due to various problems or issues," one official told the Post.
"Over the last several years, a small subset of CIA's total job applicants were flagged due to various problems or issues," one official told the Post.
"During this period, one in five of that small subset were found to have significant connections to hostile intelligence services and or terrorist groups."
The NSA is also creating a huge database known as WILDSAGE to help share sensitive intelligence among cybersecurity centers, according to the budget document. But the move has raised concern that the database could be infiltrated.
Intelligence agencies have stepped up scrutiny of insider threats following the disclosure of hundreds of thousands of military and diplomatic files by WikiLeaks in 2010.
Army Private Bradley Manning, an intelligence analyst now known as Chelsea Manning, had leaked the documents to the anti-secrecy group.
In 2011, Congress ordered Director of National Intelligence James Clapper to set up an "automated insider threat detection program" to prevent further such leaks, stop possible abuses and identify double agents.
But the project was delayed several times as the intelligence community dealt with the aftermath of Manning's leaks, the Post said.
President Barack Obama's administration has cracked down on insider threats.
In November 2012, Obama issued a National Insider Threat Policy that defined the threats as coming from "espionage, terrorism (or) unauthorized disclosure of national security information."
The policy places whistleblowers, spies and "terrorists" in a single category, and has triggered outcries from critics who say the three are distinct.
Der Spiegel, AFP, Reuters The Washington Pos
Read more: http://voiceofrussia.com/news/2013_09_08/Privacy-scandal-NSA-can-track-BlackBerry-iOS-and-Android-data-6280/
Read more: http://voiceofrussia.com/news/2013_09_08/Privacy-scandal-NSA-can-track-BlackBerry-iOS-and-Android-data-6280/
No comments:
Post a Comment