US spy chief Clapper defends Prism and phone surveillance

[Magda Hassan]

James Clapper calls for Snowden and 'accomplices' to return NSA documents

Director of national intelligence condemns NSA whistleblower in blistering testimony to Senate intelligence committee

.

Such theater. 'Return the documents'. There are no documents as Clapper well knows. He is not missing any documents and Snowden doesn't have them. It is all elelctronic data. Information. He still has everything and more. Much more. He is trying to make Snowden seem like a common thief. Like someone who had 'stolen a car'. Just return the car and it sont be so bad for you. Bullshit.

[David Guyatt]

From Boiling Frogs Post:

The Entire Snowden NSA Cache Exposed Once and for All

SIBEL EDMONDS | JANUARY 31, 20146 COMMENTS
The Hidden Code in the Snowden-Greenwald MockeryI just finished reading an article titled Forget Metadata … The NSA Is Spying on EVERYTHING . It is a good article, and it is true. For the last nine months we have been reading one headline after another on Edward Snowden's documents exposing NSA from A to Z. 99% of these documents have not been published. No matter. 100% of the facts have been known for almost a decade details not withstanding and do not matter. Do you really need headline after headline churning out some meaningless and useless information? We have it for you: All exposés, one hundred percent, and in one place. Here it is, starting with NSA spying on world leaders:
NSA spies on Germany's Merkel. NSA spies on France's Hollande. I tell you what: everyone who has ever worked for FBI counterintelligence and or CIA and or NSA could tell you: The United States has been spying on all world leaders and state heads for many decades. Period. Now, help yourself and add to the sensationalized headlines: NSA spies on Turkey's Erdogan. NSA spies on Russia's Putin. NSA spies on Bolivia's Morales. Basically, fill in NSA spies on …' with every world leader and political figure. There. Now you have 11.5% of Snowden-Greenwald's fluffily sensationalized documents.
Another set of sensationalized no-news news headlines deals with NSA engaging in Industrial espionage: Edward Snowden Claims NSA Engages In Industrial Espionage In New Interview
I tell you what: Snowden has exposed a practice that is as old as the Roman Empire. Industrial espionage has been utilized and performed by every empire and every government for thousands of years. To cover another 8.3% of Edward Snowden documents you can list US industrial espionage by target countries: NSA spies on China's industry. NSA spies on Russian industry. NSA spies on … Just fill in the dots, and you now have an additional 8% of Snowden's so-called explosive documents.
Snowden has exposed computer hardware companies on the NSA's partners list as well: NSA intercepts laptop deliveries to install spyware . The companies include Cisco, Dell, Western Digital, Seagate, Maxtor, but also international companies such as Samsung andHuawei. To find out about other so-far-not-disclosed documents, go grab a list of all major computer hardware companies and list them: Apple, HP, Lenovo, … just fill in the dots, and you have it. I believe this should take care of 6.1% of so far undisclosed documents.
Snowden's major revelations, dripping slowly, one after another, point to NSA monitoring and spying on people via social networks: NSA spies via Facebook. NSA spies on Google. Time to publicize another 14.9% of Snowden's cache: NSA spies on Yahoo. NSA spies on Twitter. NSA spies on … Just fill in the dots by including all the major social networking sites and forums. Done.
Snowden has also exposed what we have known for a long time: NSA spies on News organizations! Wow! NSA Spied On Al Jazeera Communications . Here is a list of equally explosive news organizations NSA is spying on: New York Times, Washington Post, L.A. Times … Please fill in the dots with every single news organization in the U.S. and the world.
Snowden documents and leaks include NSA's spying on international organizations such as the United Nations. Aren't you shocked (Not)? Has anyone ever doubted the fact that the U.S. has been monitoring all major international organizations? Let me list a few: HRW, Amnesty, Committee to Protect Journalists … Please don't wait for Snowden and his handlers to put out this old news and make millions of dollars. Just go ahead and list every single international organization. And you have it.
Lately, Snowden seems to have reached the end of his major networking and computer name dropping list. Seriously. He is now leaking NSA's nonstop spying on game applications. I kid you not. Here it is: Angry Birds' used for NSA, British spying efforts. Other similar game and software companies will follow. I'll save you the suspense: NSA is spying on Sesame Street software. NSA is spying on Mickey Mouse software. NSA is spying on Woody Woodpecker games and software. NSA is spying on Pink Panther applications. NSA is spying on … just fill in the dots, and you've got it.
What else could be made to sound juicy and outrageous? It is possible that NSA has contracts with commode manufacturers to have them install mini tracking microchips to track your pooping pattern. NSA is very interested in our bowel movements. Bowel movements can tell a lot about a person. Once they have our pooping pattern you never know how they may use it. I kid you not. Don't write it off. Your poop matters-to the NSA.
Since 2004, through several honorable whistleblowers, the NSA's extensive and warrantless spying has been known to us. Period. Since my grandmother's era, not only the NSA, but also the FBI and the CIA have been monitoring world leaders, including their diplomatic figures in the U.S. and elsewhere. Since the Roman Empire nations have been engaged in Industrial-Commerce Espionage and Spying. Didn't Katharine Gunn expose spying on the United Nations in 2003? Surely she did. No worries, Snowden wants all credit for her work. Didn't NSA's Russell Tice sacrifice his career to inform us of NSA's massive illegal spying in 2004-2005? Of course, he did. But Snowden wants all the credit for that as well. Didn't William Binney expose NSA's warrantless spying of Americans in 2002? Aha. So what, Snowden wants to make it not so: he wants that credit as well. How aboutMark Klein of AT&T exposing the corporate-NSA collusions on illegal spying in 2006? Mark, who? Snowden doesn't know such a man exists.
Let's go back to my first paragraph in this commentary. Now we all know: NSA spies on everyone via every piece of hardware, every bit of software, every network, every ISP, every news outlet, every game, every cartoon, possibly through every poop hole. The hidden code in the Snowden-Greenwald Mockery appears to be one objective; one message: Be Afraid, people, be very Afraid. You are watched every second of every minute, and everywhere. You live in a Panopticon State, so watch out (all the time) and behave accordingly. Oh, also, give us your money.
Okay people, many of you have known the facts about the out-of-control US intel agencies for years. Please don't let a Mega Charlatan make billions of dollars by suckering you into purchasing what you already have. Please don't allow a few Mid-Level Charlatans to make millions of dollars by misleading and misdirecting you. Shoo the Lower-Level Charlatans like you'd shoo flies. Charlatans will capitalize on anything, and turn anything into a commodity (Including snake oil); only if you let them. Let's not let them.

- See more at: http://www.boilingfrogspost.com/2014/01/...OjG9e.dpuf

[Malcolm Pryce]

I'm sorry, I know Sibel Edmonds commands great respect in the DPF community but this article is a shrill and silly rant. It also expounds the currently very annoying meme that we all knew'.

You see it a lot in the comment sections in the Guardian where it really translates as, I had no idea but if I kid myself I knew all along then I can carry on pretending everything is OK and carry on Watching Celebrity Big Brother.'

We all knew?

No we damn well did not. We had no idea of the scale of this. Even the experts in the field have been shocked.

You can question the characters and bona fides of Greenwald. You can even speculate that Snowden is not all that he appears. It matters but not as much as the documents Snowden has leaked.

It seems to me whatever games they may be playing the revelations at the heart of this affair are a total game-changer for the human race. It really is worse than Orwellian. Everyone knew? No way.

We needed to know this, even if it fills our hearts with despair.

Forget Snowden and Greenwald and ask yourself:

Are the documents true?
Did we know about this?
Do we need to know it?

And the picture of the toilet really does nothing for her credibility.

[David Guyatt]

I'm sorry, I know Sibel Edmonds commands great respect in the DPF community but this article is a shrill and silly rant. It also expounds the currently very annoying meme that we all knew'.

You see it a lot in the comment sections in the Guardian where it really translates as, I had no idea but if I kid myself I knew all along then I can carry on pretending everything is OK and carry on Watching Celebrity Big Brother.'

We all knew?

No we damn well did not. We had no idea of the scale of this. Even the experts in the field have been shocked.

You can question the characters and bona fides of Greenwald. You can even speculate that Snowden is not all that he appears. It matters but not as much as the documents Snowden has leaked.

It seems to me whatever games they may be playing the revelations at the heart of this affair are a total game-changer for the human race. It really is worse than Orwellian. Everyone knew? No way.

We needed to know this, even if it fills our hearts with despair.

Forget Snowden and Greenwald and ask yourself:

Are the documents true?
Did we know about this?
Do we need to know it?

And the picture of the toilet really does nothing for her credibility.

I don't disagree Malcolm. I have a lot of time for her, but this did strike me as an emotional piece rather than her usual objective essays. I have no idea what caused it. Everyone has a bad hair day from time to time, so I'll treat it as a blip in her otherwise excellent output.

[Malcolm Pryce]

Sure David, we all have off days, I agree, and Sibel Edmonds is clearly on the side of the angels. But it is a dispiriting feature of 9/11 Truth and similar movements that they devour themselves sometimes with in-fighting and factionalism. When I look back at this period I don't think I will greatly care whether Greenwald turned out to be a phoney. I will remember what he revealed. If 5% of it is true it would appear we are living in a world in which all the cliches of a B-movie sci-fi dystopia have come true. What a depressing thought. Even more depressing, I really don't know what can be done about it. Does anyone?

[David Guyatt]

Sure David, we all have off days, I agree, and Sibel Edmonds is clearly on the side of the angels. But it is a dispiriting feature of 9/11 Truth and similar movements that they devour themselves sometimes with in-fighting and factionalism. When I look back at this period I don't think I will greatly care whether Greenwald turned out to be a phoney. I will remember what he revealed. If 5% of it is true it would appear we are living in a world in which all the cliches of a B-movie sci-fi dystopia have come true. What a depressing thought. Even more depressing, I really don't know what can be done about it. Does anyone?

I couldn't agree more, Malcolm. The regular in-fighting, the bursts of ego swaggering, blood letting and ritual seppuku of our community drives me to despair on a fairly regular basis. As I keep saying, the powers that be don't really need to worry about this community, as we'll assassinate each other for them.

All I can say is that, eventually, the tide will turn and then reverse. It always does. Night changes to day, winter to summer etc. But I agree it looks pretty bleak at the present.

[Magda Hassan]

During a quick chat with Sibel this morning she briefly said that Snowden had done the NSA a real favor by his actions as it plays into the normalisation of the NSA panopticon. Also that the new media project will function as a controlled opposition.

[Magda Hassan]

More on Gehlen Org, sorry Germany, and the NSA.

Somewhat oddly:

Der Spiegel said the interview was conducted while Snowden was living in Hawaii, via encrypted emails with US documentary maker Laura Poitras and hacker Jacob Appelbaum.

Which begs the question, why has Der Spiegel waited until now to publish details of the interview....

Edward Snowden tells Der Spiegel NSA is 'in bed with the Germans'

Interview carried out before NSA whistleblower fled to Hong Kong appears to contradict Merkel's public surprise at snooping

Reuters in Berlin
guardian.co.uk, Sunday 7 July 2013 17.22 BST
Jump to comments (55)

Angela Merkel
German opposition parties insist that somebody in Merkel's office must have known what was going on. Photograph: Johannes Eisele/AFP/Getty Images

America's National Security Agency works closely with Germany and other Western states on a "no questions asked"-basis, former NSA employee Edward Snowden said in comments that undermine Chancellor Angela Merkel's indignant talk of "Cold War" tactics.

"They are in bed with the Germans, just like with most other Western states," German magazine Der Spiegel quotes him as saying in an interview published on Sunday that was said to be carried out before he fled to Hong Kong in May and divulged details of extensive secret US surveillance.

"Other agencies don't ask us where we got the information from and we don't ask them. That way they can protect their top politicians from the backlash in case it emerges how massively people's privacy is abused worldwide," he said.

His comments about cooperation with governments overseas, which he said were led by the NSA's foreign affairs directorate, appear to contradict the German government's show of surprise at the scale of the US electronic snooping.

Germany has demanded explanations for Snowden's allegations of large-scale spying by the NSA, and by Britain via a programme codenamed 'Tempora', on their allies including Germany and other European Union states, as well as EU institutions and embassies.

Chancellor Angela Merkel pointed out during President Barack Obama's recent visit that Germany had avoided terrorist attacks thanks to information from allies. But she says there must be limits to the intrusion on privacy and wants this discussed next week in parallel with the start of EU-US free trade talks.

Berlin has alluded repeatedly to "Cold War" tactics Merkel used the term again on Saturday at a political rally and has said spying on friends is unacceptable. Her spokesman has said a transatlantic trade deal requires a level of "mutual trust".

The domestic intelligence chief has said he knew nothing of such widespread surveillance by the NSA. But German opposition parties with an eye on September's federal election insist that somebody in Merkel's office, where the German intelligence agencies are coordinated, must have known what was going on.

The government did not immediately respond to a request for comment on the Der Spiegel report, which follows a report last week in French daily Le Monde saying France also had an extensive surveillance programme.
Der Spiegel has reported that on an average day, the NSA monitored about 20 million German phone connections and 10 million internet data sets, rising to 60 million phone connections on busy days.

Germans are particularly sensitive about eavesdropping because of the intrusive surveillance in the communist German Democratic Republic (GDR) and during the Nazi era.

Snowden, a US citizen, fled in May a few weeks before the details he provided about the NSA were published and is believed to have been holed up in Moscow airport since June 23.

Bolivia offered asylum on Saturday to Snowden, joining leftist allies Venezuela and Nicaragua in defiance of Washington, which is demanding his arrest for divulging details of the secret US spy programs.

Der Spiegel said the interview was conducted while Snowden was living in Hawaii, via encrypted emails with US documentary maker Laura Poitras and hacker Jacob Appelbaum.

Snowden told them that America's closest allies sometimes went even further than the NSA in their zeal for gathering data.

The Tempora programme of Britain's GCHQ eavesdropping agency is known in the intelligence world as a "full take".

"It sucks up all information, no matter where it comes from and which laws are broken," Snowden said. "If you send a data packet and goes through Britain, we'll get it. If you download anything, and the server is in Britain, we'll get it."

If the NSA is ordered to target an individual, it virtually take over that person's data "so the target's computer no longer belongs to him, it more or less belongs to the U.S. government".

Hackers file complaint against German government over NSA scandal

German hackers and activists have filed a criminal complaint against their government for allegedly breaking the law by aiding foreign spies. They point to documents released by the NSA leaker Edward Snowden as evidence.


The Chaos Computer Club, International League for Human Rights and electronic civil-liberties watchdog Digitalcourage announced their complaint Monday.
The groups claim Chancellor Angela Merkel's government and intelligence services tolerated espionage, effectively helping the US National Spy Agency (NSA) and Britain's Government Communications Headquarters (GCHQ) spy on German citizens.
In a statement, the groups wrote that they intended the criminal complaint to spark a "long-overdue investigation by federal prosecutors" into alleged lawbreaking by German officials and foreign spies.
The groups also called for the NSA whistleblower Edward Snowden to be brought to Germany as a witness in espionage investigations. In October, it emerged through documents released by Snowden that the NSA had been keeping tabs on Merkel's personal communications.
"When Angela Merkel's mobile phone is kept under surveillance, it's clear that this is not about terrorism suspicions," Digitalcourage's Rena Tangens told the German news agency DPA.
For months, federal prosecutors have considered opening an investigation into NSA activities within Germany.

http://www.dw.de/hackers-file-complaint-...a-17405119

[David Guyatt]

From Tomgram:

Tomgram: Pratap Chatterjee, The Wild West of Surveillance
Posted by Pratap Chatterjee at 7:11am, February 6, 2014.
Follow TomDispatch on Twitter @TomDispatch.


Email Print


The question Senator Ron Wyden asked on March 12th of last year was straightforward enough and no surprise for Director of National Intelligence James Clapper. He had been given it a day in advance of his testimony before the Senate Intelligence Committee and after he was done, Senator Wyden and his staff offered him a chance to "amend" his answer if he wished. Did the National Security Agency, Wyden wanted to know, gather "any type of data at all on millions or hundreds of millions of Americans"? Being on that committee and privy to a certain amount of secret intelligence information, Wyden already knew the correct answer to the question. Clapper, with a day to prepare, nonetheless answered, "No, sir. Not wittingly. There are cases where they could inadvertently perhaps collect, but not wittingly."
That was a bald-faced lie, though Clapper would later term it the "least untruthful" thing he felt he could say. As we now know, the NSA was, among many other things, gathering the phone "data" of every American and storing it for future use. In other words, after some forethought, the director perjured himself.
Mind you, Clapper isn't exactly shy about charging other people with implicit crimes. In recent testimony before Congress, he demanded that whistleblower and former NSA contractor Edward Snowden "and his accomplices" return all agency documents. It was a stunning use of a term whose only meaning is criminal and clearly referred to the journalists -- Glenn Greenwald, filmmaker Laura Poitras, and reporters from the Guardian, the New York Times, and the Washington Post, among other papers -- who have been examining and writing about the Snowden documents.
It caught something of the chutzpah of the top officials who run Washington's national security state -- and little wonder that they feel emboldened and demanding. After all, not only is Clapper not going to be charged with perjury, but he has retained his post without a blink. He has kept the "support" of President Obama, who recently told CNN's Jake Tapper(in what passes these days for a rebuke of our surveiller-in-chief), "Jim Clapper himself would acknowledge, and has acknowledged, that he should have been more careful about how he responded." More careful indeed!
I've long argued that while we, the citizens of the U.S., remain in legal America, the U.S. national security state exists in "post-legal America" because no illegal act from warrantless surveillance to torture committed in its service will ever be prosecuted. So it's no surprise that Clapper won't even be forced to resign for lying to Congress. He's free as a bird and remains powerful indeed. Tell that to some of our whistleblowers.
In his latest post, TomDispatch regular Pratap Chatterjee offers an anatomy of a surveillance world that grows more, not less, powerful and full of itself with every passing moment and technological advance, a national security world whose global ambitions know no bounds.Tom

Selling Your Secrets
The Invisible World of Software Backdoors and Bounty Hunters
By Pratap Chatterjee
Imagine that you could wander unseen through a city, sneaking into houses and offices of your choosing at any time, day or night. Imagine that, once inside, you could observe everything happening, unnoticed by others -- from the combinations used to secure bank safes to the clandestine rendezvous of lovers. Imagine also that you have the ability to silently record everybody's actions, whether they are at work or play without leaving a trace. Such omniscience could, of course, make you rich, but perhaps more important, it could make you very powerful.
That scenario out of some futuristic sci-fi novel is, in fact, almost reality right now. After all, globalization and the Internet have connected all our lives in a single, seamless virtual city where everything is accessible at the tap of a finger. We store our money in online vaults; we conduct most of our conversations and often get from place to place with the help of our mobile devices. Almost everything that we do in the digital realm is recorded and lives on forever in a computer memory that, with the right software and the correct passwords, can be accessed by others, whether you want them to or not.
Now -- one more moment of imagining -- what if every one of your transactions in that world was infiltrated? What if the government had paid developers to put trapdoors and secret passages into the structures that are being built in this new digital world to connect all of us all the time? What if they had locksmiths on call to help create master keys for all the rooms? And what if they could pay bounty hunters to stalk us and build profiles of our lives and secrets to use against us?
Well, check your imagination at the door, because this is indeed the brave new dystopian world that the U.S. government is building, according to the latest revelations from the treasure trove of documents released by National Security Agency whistleblower Edward Snowden.

Over the last eight months, journalists have dug deep into these documents to reveal that the world of NSA mass surveillance involves close partnerships with a series of companies most of us have never heard of that design or probe the software we all take for granted to help keep our digital lives humming along.
There are three broad ways that these software companies collaborate with the state: a National Security Agency program called "Bullrun" through which that agency is alleged to pay off developers like RSA, a software security firm, to build "backdoors" into our computers; the use of "bounty hunters" like Endgame and Vupen that find exploitable flaws in existing software like Microsoft Office and our smartphones; and finally the use of data brokers like Millennial Media to harvest personal data on everybody on the Internet, especially when they go shopping or play games like Angry Birds, Farmville, or Call of Duty.
Of course, that's just a start when it comes to enumerating the ways the government is trying to watch us all, as I explained in a previous TomDispatch piece, "Big Bro is Watching You." For example, the FBI uses hackers to break into individual computers and turn on computer cameras and microphones, while the NSA collects bulk cell phone records and tries to harvest all the data traveling over fiber-optic cables. In December 2013, computer researcher and hacker Jacob Appelbaum revealed that the NSA has also built hardware with names like Bulldozer, Cottonmouth, Firewalk, Howlermonkey, and Godsurge that can be inserted into computers to transmit data to U.S. spooks even when they are not connected to the Internet.
"Today, [the NSA is] conducting instant, total invasion of privacy with limited effort," Paul Kocher, the chief scientist of Cryptography Research, Inc. which designs security systems, told the New York Times. "This is the golden age of spying."
Building Backdoors
Back in the 1990s, the Clinton administration promoted a special piece of NSA-designed hardware that it wanted installed in computers and telecommunication devices. Called the Clipper Chip, it was intended to help scramble data to protect it from unauthorized access -- but with a twist. It also transmitted a "Law Enforcement Access Field" signal with a key that the government could use if it wanted to access the same data.
Activists and even software companies fought against the Clipper Chip in a series of political skirmishes that are often referred to as the Crypto Wars. One of the most active companies was RSA from California. It even printed posters with a call to "Sink Clipper." By 1995, the proposal was dead in the water, defeated with the help of such unlikely allies as broadcaster Rush Limbaugh and Senators John Ashcroft and John Kerry.
But the NSA proved more tenacious than its opponents imagined. It never gave up on the idea of embedding secret decryption keys inside computer hardware -- a point Snowden has emphasized (with the documents to prove it).
A decade after the Crypto Wars, RSA, now a subsidiary of EMC, a Massachusetts company, had changed sides. According to an investigative report by Joseph Menn of Reuters, it allegedly took $10 million from the National Security Agency in exchange for embedding an NSA-designed mathematical formula called the Dual Elliptic Curve Deterministic Random Bit Generator inside its Bsafe software products as the default encryption method.
The Dual Elliptic Curve has a "flaw" that allows it to be hacked, as even RSA now admits. Unfortunately for the rest of us, Bsafe is built into a number of popular personal computer products and most people would have no way of figuring out how to turn it off.
According to the Snowden documents, the RSA deal was just one of several struck under the NSA's Bullrun program that has cost taxpayers over $800 million to date and opened every computer and mobile user around the world to the prying eyes of the surveillance state.
"The deeply pernicious nature of this campaign -- undermining national standards and sabotaging hardware and software -- as well as the amount of overt private sector cooperation are both shocking," wrote Dan Auerbach and Kurt Opsahl of the Electronic Frontier Foundation, a San Francisco-based activist group that has led the fight against government surveillance. "Back doors fundamentally undermine everybody's security, not just that of bad guys."
Bounty Hunters
For the bargain basement price of $5,000, hackers offered for sale a software flaw in Adobe Acrobat that allows you to take over the computer of any unsuspecting victim who downloads a document from you. At the opposite end of the price range, Endgame Systems of Atlanta, Georgia, offered for sale a package named Maui for $2.5 million that can attack targets all over the world based on flaws discovered in the computer software that they use. For example, some years ago, Endgame offered for sale targets in Russia including an oil refinery in Achinsk, the National Reserve Bank, and the Novovoronezh nuclear power plant. (The list was revealed by Anonymous, the online network of activist hackers.)
While such "products," known in hacker circles as "zero day exploits," may sound like sales pitches from the sorts of crooks any government would want to put behind bars, the hackers and companies who make it their job to discover flaws in popular software are, in fact, courted assiduously by spy agencies like the NSA who want to use them in cyberwarfare against potential enemies.
Take Vupen, a French company that offers a regularly updated catalogue of global computer vulnerabilities for an annual subscription of $100,000. If you see something that you like, you pay extra to get the details that would allow you to hack into it. A Vupen brochure released by Wikileaks in 2011 assured potential clients that the company aims "to deliver exclusive exploit codes for undisclosed vulnerabilities" for "covertly attacking and gaining access to remote computer systems."
At a Google sponsored event in Vancouver in 2012, Vupen hackersdemonstrated that they could hijack a computer via Google's Chrome web browser. But they refused to hand over details to the company, mocking Google publicly. "We wouldn't share this with Google for even $1 million," Chaouki Bekrar of Vupen boasted to Forbes magazine. "We don't want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers."
In addition to Endgame and Vupen, other players in this field include Exodus Intelligence in Texas, Netragard in Massachussetts, and ReVuln in Malta.
Their best customer? The NSA, which spent at least $25 million in 2013 buying up dozens of such "exploits." In December, Appelbaum and his colleagues reported in Der Spiegel that agency staff crowed about their ability to penetrate any computer running Windows at the moment that machine sends messages to Microsoft. So, for example, when your computer crashes and helpfully offers to report the problem to the company, clicking yes could open you up for attack.
The federal government is already alleged to have used such exploits (including one in Microsoft Windows) -- most famously when the Stuxnet virus was deployed to destroy Iran's nuclear centrifuges.
"This is the militarization of the Internet," Appelbaum told the Chaos Computer Congress in Hamburg. "This strategy is undermining the Internet in a direct attempt to keep it insecure. We are under a kind of martial law."
Harvesting your Data
Among the Snowden documents was a 20-page 2012 report from the Government Communications Headquarters -- the British equivalent of the NSA -- that listed a Baltimore-based ad company, Millennial Media. According to the spy agency, it can provide "intrusive" profiles of users of smartphone applications and games. The New York Times has noted that the company offers data like whether individuals are single, married, divorced, engaged, or "swinger," as well as their sexual orientation ("straight, gay, bisexuall, and not sure'").
How does Millennial Media get this data? Simple. It happens to gather data from some of the most popular video game manufacturers in the world. That includes Activision in California which makes Call of Duty, a military war game that has sold over 100 million copies; Rovio of Finland, which has given away 1.7 billion copies of a game called Angry Birds that allows users to fire birds from a catapult at laughing pigs; and Zynga -- also from California -- which makes Farmville, a farming game with 240 million active monthly users.
In other words, we're talking about what is undoubtedly a significant percentage of the connected world unknowingly handing over personal data, including their location and search interests, when they download "free" apps after clicking on a licensing agreement that legally allows the manufacturer to capture and resell their personal information. Few bother to read the fine print or think twice about the actual purpose of the agreement.
The apps pay for themselves via a new business model called "real-time bidding" in which advertisers like Target and Walmart send you coupons and special offers for whatever branch of their store is closest to you. They do this by analyzing the personal data sent to them by the "free" apps to discover both where you are and what you might be in the market for.
When, for instance, you walk into a mall, your phone broadcasts your location and within a millisecond a data broker sets up a virtual auction to sell your data to the highest bidder. This rich and detailed data stream allows advertisers to tailor their ads to each individual customer. As a result, based on their personal histories, two people walking hand in hand down a street might get very different advertisements, even if they live in the same house.
This also has immense value to any organization that can match up the data from a device with an actual name and identity -- such as the federal government. Indeed, the Guardian has highlighted an NSA document from 2010 in which the agency boasts that it can "collect almost every key detail of a user's life: including home country, current location (through geolocation), age, gender, zip code, marital status… income, ethnicity, sexual orientation, education level, and number of children."
In Denial

It's increasingly clear that the online world is, for both government surveillance types and corporate sellers, a new Wild West where anything goes. This is especially true when it comes to spying on you and gathering every imaginable version of your "data."
Software companies, for their part, have denied helping the NSA and reacted with anger to the Snowden disclosures."Our fans' trust is the most important thing for us and we take privacy extremely seriously," commented Mikael Hed, CEO of Rovio Entertainment, in a public statement. "We do not collaborate, collude, or share data with spy agencies anywhere in the world."
RSA has tried to deny that there are any flaws in its products. "We have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential backdoors' into our products for anyone's use," the company said in a statement on its website. "We categorically deny this allegation." (Nonetheless RSA has recently started advising clients to stop using the Dual Elliptical Curve.)
Other vendors like Endgame and Millennial Media have maintained a stoic silence. Vupen is one of the few that boasts about its ability to uncover software vulnerabilities.
And the NSA has issued a Pravda-like statement that neither confirms nor denies the revelations. "The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency," an NSA spokeswoman told the Guardian. "Any implication that NSA's foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true."
The NSA has not, however, denied the existence of its Office of Tailored Access Operations (TAO), which Der Spiegel describes as "a squad of [high-tech] plumbers that can be called in when normal access to a target is blocked."
The Snowden documents indicate that TAO has a sophisticated set of tools at its disposal -- that the NSA calls "Quantum Theory" -- made up of backdoors and bugs that allow its software engineers to plant spy software on a target computer. One powerful and hard to detect example of this is TAO's ability to be notified when a target's computer visits certain websites like LinkedIn and to redirect it to an NSA server named "Foxacid" where the agency can upload spy software in a fraction of a second.
Which Way Out of the Walled Garden?
The simple truth of the matter is that most individuals are easy targets for both the government and corporations. They either pay for software products like Pages and Office from well known manufacturers like Apple and Microsoft or download them for free from game companies like Activision, Rovio, and Zynga for use inside "reputable" mobile devices like Blackberries and iPhones.
These manufacturers jealously guard access to the software that they make available, saying that they need to have quality control. Some go even further with what is known as the "walled garden" approach, only allowing pre-approved programs on their devices. Apple's iTunes, Amazon's Kindle, and Nintendo's Wii are examples of this.
But as the Snowden revelations have helped make clear, such devices and software are vulnerable both to manufacturer's mistakes, which open exploitable backdoors into their products, and to secret deals with the NSA.
So in a world where, increasingly, nothing is private, nothing is simply yours, what is an Internet user to do? As a start, there is an alternative to most major software programs for word processing, spreadsheets, and layout and design -- the use of free and open source software like Linux and Open Office, where the underlying code is freely available to be examined for hacks and flaws. (Think of it this way: if the NSA cut a deal with Apple to copy everything on your iPhone, you would never know. If you bought an open-source phone -- not an easy thing to do -- that sort of thing would be quickly spotted.) You can also use encrypted browsers like Tor and search engines like Duck Duck Go that don't store your data.
Next, if you own and use a mobile device on a regular basis, you owe it yourself to turn off as many of the location settings and data-sharing optionsas you can. And last but hardly least, don't play Farmville, go out and do the real thing. As for Angry Birds and Call of Duty, honestly, instead of shooting pigs and people, it might be time to think about finding better ways to entertain yourself. Pick up a paintbrush, perhaps? Or join an activist group like the Electronic Frontier Foundation and fight back against Big Brother.

Pratap Chatterjee, a TomDispatch regular, is executive director ofCorpWatch and a board member of Amnesty International USA. He is the author of Halliburton's Army and Iraq, Inc.From Tomgram

[David Guyatt]

Edward Snowden revelations: GCHQ using online viruses and honey traps to discredit targets'







Documents released by the American former CIA employee claim that the agency is at the forefront of efforts to develop "offensive" online techniques

CAHAL MILMO

Sunday 09 February 2014

Britain's GCHQ has a covert unit which uses dirty tricks from "honey trap" sexual liaisons to texting anonymous messages to friends and neighbours to discredit targets from hackers to governments, according to the latest leaks from whistleblower Edward Snowden.

Documents released by the American former CIA employee claim that the Cheltenham-based intelligence agency is at the forefront of efforts to develop "offensive" online techniques for use against criminals, and individuals and regimes considered to pose a threat to national security.
The revelations on Sunday sparked criticism that GCHQ is adopting tactics used by illegal hackers, such as so-called denial of service (DoS) attacks to disable chatrooms, which have no clear authority under British law and may have infringed the rights of other internet users.
The Snowden documents, obtained by American broadcaster NBC, also provide evidence that GCHQ has moved beyond its role as a surveillance agency and now occupies operational territory more traditionally associated with its confreres, MI6 and MI5.
The covert GCHQ unit - the Joint Intelligence Threat Research Group (JTRIG) - runs what it terms an "Effects" programme against Britain's enemies under what it calls the four Ds: "Deny/ Disrupt/ Degrade/ Deceive." The mission of the unit is: "Using online techniques to make something happen in the real or cyber world."
Slides from a 2012 presentation, marked Top Secret, outline JTRIG's role in discrediting targets using both online techniques, such as using blogs to leak confidential information to companies or journalists, and "real life" methods like the honey trap - a time-honoured intelligence trick of luring an individual into a sexual encounter to gain information and leverage, potentially for blackmail.
Under the heading "Discredit a target", one slide notes: "Honey trap; a great option. Very successful when it works. Get someone to go somewhere on the internet, or a physical location to be met by a friendly face'."
The agency also suggests accessing a target's social networking accounts to replace their photograph, adding approvingly: "Photo change; you have been warned, JTRIG is about!!' Can take paranoia' to a whole new level."

As well as sending emails and texts to colleagues and friends of an individual as part of "infiltration work", the GCHQ unit details how it can discredit companies and "get another country to believe a secret'" by passing off disinformation via computers.
The file also reveals that the agency has perfected software, codenamed Ambassadors Reception, which will "encrypt itself, delete all emails, encrypt all files, make screen shake, no more log on".
The virus, which is used alongside DoS attacks, appears to have been widely deployed with considerable success. The document adds: "Has been used in a variety of different areas, very effective."
Civil liberties campaigners said the revelations, which follow the release of documents last week showing that DoS attacks were used by GCHQ to target so-called hacktivist groups such as Anonymous, added weight to calls for closer control of intelligence agencies.
A Privacy International spokesman said: "Whether it's mass interception of data through undersea cable tapping or cyber attacks, it has become clear that the current legal framework governing intelligence activities in the UK is unfit for purpose in the modern digital era, and reform is urgently needed. Given the deeply flawed nature of this present investigation by the ISC, we hope that a full and independent inquiry is called. Without explaining the application and interpretation of the current legal framework, the ISC cannot properly reassure the public that UK intelligence agencies have not acted beyond the law or undermined cyber security."
Jake Davis, a former computer hacker who was targeted by GCHQ and jailed last year for attacks on several websites, said: "When we look at what Western governments are doing - snooping on our emails, infecting our computers, intercepting our phone communications, following our avatars around in online games, encouraging illicit activity and even engaging in their own illicit activity - we have to ask ourselves: who are the real criminals here?
"Throughout the Snowden revelations, GCHQ has insisted its activities are within the law and the subject of ministerial and parliamentary scrutiny.The documents show the techniques developed by JTRIG to block a target's communications have been used in Afghanistan against the Taliban, sending text messages and calls to enemy fighters at a rate of one per minute. The unit has also been active in preventing the spread of nuclear weapons technology. NBC claimed that British intelligence agencies were involved in the attack in 2010 on Iran's atomic facilities using the Stuxnet virus.
GCHQ did not comment on the latest documents. In a statement, the agency said: "All of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate."

.