Panopticon of global surveillance

[Magda Hassan]

Google did evil by joining with ALEC.

I'd like to know if Google 'turned' or if some [or all] of the main people were already 'turned' when they started it.....::darthvader::

I'll try and do dome research on who was instrumental; in that decision as I'd like to know too.

[Magda Hassan]

National Security Agency head and Internet giant's executives have coordinated through high-level policy discussions
May 6, 2014 5:00AM ET

Videos and Documents at this Link


by Jason Leopold @JasonLeopold


Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government than was implied by Silicon Valley brass after last year's revelations about NSA spying.
Disclosures by former NSA contractor Edward Snowden about the agency's vast capability for spying on Americans' electronic communications prompted a number of tech executives whose firms cooperated with the government to insist they had done so only when compelled by a court of law.
But Al Jazeera has obtained two sets of email communications dating from a year before Snowden became a household name that suggest not all cooperation was under pressure.
On the morning of June 28, 2012, an email from Alexander invited Schmidt to attend a four-hour-long "classified threat briefing" on Aug. 8 at a "secure facility in proximity to the San Jose, CA airport."
"The meeting discussion will be topic-specific, and decision-oriented, with a focus on Mobility Threats and Security," Alexander wrote in the email, obtained under a Freedom of Information Act (FOIA) request, the first of dozens of communications between the NSA chief and Silicon Valley executives that the agency plans to turn over.
Alexander, Schmidt and other industry executives met earlier in the month, according to the email. But Alexander wanted another meeting with Schmidt and "a small group of CEOs" later that summer because the government needed Silicon Valley's help.
"About six months ago, we began focusing on the security of mobility devices," Alexander wrote. "A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead … Google's participation in refinement, engineering and deployment of the solutions will be essential."
Jennifer Granick, director of civil liberties at Stanford Law School's Center for Internet and Society, said she believes information sharing between industry and the government is "absolutely essential" but "at the same time, there is some risk to user privacy and to user security from the way the vulnerability disclosure is done."
The challenge facing government and industry was to enhance security without compromising privacy, Granick said. The emails between Alexander and Google executives, she said, show "how informal information sharing has been happening within this vacuum where there hasn't been a known, transparent, concrete, established methodology for getting security information into the right hands."
The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identities of some participant tech firms and the threats they discussed.

The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identity of some participant tech firms and the threats they discussed.

Examining the NSA's relationship with Google 4:12

Al Jazeera America News | May 6, 2014
[TABLE]
[TR]
[TD][/TD]
[TD][/TD]
[TD][/TD]
[TD][/TD]
[TD][/TD]
[TD][/TD]
[TD][/TD]
[/TR]
[/TABLE]



Share Link Embed in Website






Alexander explained that the deputy secretaries of the Department of Defense, Homeland Security and "18 US CEOs" launched the ESF in 2009 to "coordinate government/industry actions on important (generally classified) security issues that couldn't be solved by individual actors alone."
"For example, over the last 18 months, we (primarily Intel, AMD [Advanced Micro Devices], HP [Hewlett-Packard], Dell and Microsoft on the industry side) completed an effort to secure the BIOS of enterprise platforms to address a threat in that area."
"BIOS" is an acronym for "basic input/output system," the system software that initializes the hardware in a personal computer before the operating system starts up. NSA cyberdefense chief Debora Plunkett in December disclosed that the agency had thwarted a "BIOS plot" by a "nation-state," identified as China, to brick U.S. computers. That plot, she said, could have destroyed the U.S. economy. "60 Minutes," which broke the story, reported that the NSA worked with unnamed "computer manufacturers" to address the BIOS software vulnerability.





But some cybersecurity experts questioned the scenario outlined by Plunkett.
"There is probably some real event behind this, but it's hard to tell, because we don't have any details," wrote Robert Graham, CEO of the penetration-testing firm Errata Security in Atlanta, on his blog in December. "It"s completely false in the message it is trying to convey. What comes out is gibberish, as any technical person can confirm."
And by enlisting the NSA to shore up their defenses, those companies may have made themselves more vulnerable to the agency's efforts to breach them for surveillance purposes.
"I think the public should be concerned about whether the NSA was really making its best efforts, as the emails claim, to help secure enterprise BIOS and mobile devices and not holding the best vulnerabilities close to their chest," said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation's digital civil liberties team.
He doesn't doubt that the NSA was trying to secure enterprise BIOS, but he suggested that the agency, for its own purposes, was "looking for weaknesses in the exact same products they're trying to secure."
The NSA "has no business helping Google secure its facilities from the Chinese and at the same time hacking in through the back doors and tapping the fiber connections between Google base centers," Cardozo said. "The fact that it's the same agency doing both of those things is in obvious contradiction and ridiculous." He recommended dividing offensive and defensive functions between two agencies.

The government has asked for Silicon Valley's help. Adam Berry / Getty Images
Two weeks after the "60 Minutes" broadcast, the German magazine Der Spiegel, citing documents obtained by Snowden, reported that the NSA inserted back doors into BIOS, doing exactly what Plunkett accused a nation-state of doing during her interview.
Google's Schmidt was unable to attend to the mobility security meeting in San Jose in August 2012.
"General Keith.. so great to see you.. !" Schmidt wrote. "I'm unlikely to be in California that week so I'm sorry I can't attend (will be on the east coast). Would love to see you another time. Thank you !" Since the Snowden disclosures, Schmidt has been critical of the NSA and said its surveillance programs may be illegal.
Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, did attend that briefing. Foreign Policy reported a month later that Dempsey and other government officials no mention of Alexander were in Silicon Valley "picking the brains of leaders throughout the valley and discussing the need to quickly share information on cyber threats." Foreign Policy noted that the Silicon Valley executives in attendance belonged to the ESF. The story did not say mobility threats and security was the top agenda item along with a classified threat briefing.
A week after the gathering, Dempsey said during a Pentagon press briefing, "I was in Silicon Valley recently, for about a week, to discuss vulnerabilities and opportunities in cyber with industry leaders … They agreed we all agreed on the need to share threat information at network speed."
Google co-founder Sergey Brin attended previous meetings of the ESF group but because of a scheduling conflict, according to Alexander's email, he also could not attend the Aug. 8 briefing in San Jose, and it's unknown if someone else from Google was sent.
A few months earlier, Alexander had emailed Brin to thank him for Google's participation in the ESF.
"I see ESF's work as critical to the nation's progress against the threat in cyberspace and really appreciate Vint Cerf [Google's vice president and chief Internet evangelist], Eric Grosse [vice president of security engineering] and Adrian Ludwig's [lead engineer for Android security] contributions to these efforts during the past year," Alexander wrote in a Jan. 13, 2012, email.
"You recently received an invitation to the ESF Executive Steering Group meeting, which will be held on January 19, 2012. The meeting is an opportunity to recognize our 2012 accomplishments and set direction for the year to come. We will be discussing ESF's goals and specific targets for 2012. We will also discuss some of the threats we see and what we are doing to mitigate those threats … Your insights, as a key member of the Defense Industrial Base, are valuable to ensure ESF's efforts have measurable impact."
A Google representative declined to answer specific questions about Brin's and Schmidt's relationship with Alexander or about Google's work with the government.
"We work really hard to protect our users from cyberattacks, and we always talk to experts including in the U.S. government so we stay ahead of the game," the representative said in a statement to Al Jazeera. "It's why Sergey attended this NSA conference."
Brin responded to Alexander the following day even though the head of the NSA didn't use the appropriate email address when contacting the co-chairman.
"Hi Keith, looking forward to seeing you next week. FYI, my best email address to use is [redacted]," Brin wrote. "The one your email went to sergey.brin@google.com I don't really check."




Document
Pages

Zoom




p. 1


p. 2


p. 3







« Page 2 of 3
»

[Peter Lemkin]

While it is CLEAR that Google is now in bed [daily and in every way] with the National Security State, I think someone needs to find out if it was or was not actually a 'creature OF' the NSA from the get go...... even though the end result would be the same. The very motto of Google is suspect as an 180-degree diversion. Al Jazeera is not beloved by the NSA [either sense of those letters], and will drop another notch, if that is possible.

[Peter Lemkin]

MPs: Snowden files are 'embarrassing indictment' of British spying oversight

All-party committee demands reforms to make security and intelligence services accountable in wake of disclosures

• Alan Travis, home affairs editor
  
  
• The Guardian, Friday 9 May 2014
  

The report says the current system of oversight of MI5, MI6 and GCHQ, pictured, is 'designed to scrutinise the work of George Smiley, not the 21st-century reality'. Photograph: Reuters

Edward Snowden's disclosures of the scale of mass surveillance are "an embarrassing indictment" of the weak nature of the oversight and legal accountability of Britain's security and intelligence agencies, MPs have concluded.
A highly critical report by the Commons home affairs select committee published on Friday calls for a radical reform of the current system of oversight of MI5, MI6 and GCHQ, arguing that the current system is so ineffective it is undermining the credibility of the intelligence agencies and parliament itself.
The MPs say the current system was designed in a pre-internet age when a person's word was accepted without question. "It is designed to scrutinise the work of George Smiley, not the 21st-century reality of the security and intelligence services," said committee chairman, Keith Vaz. "The agencies are at the cutting edge of sophistication and are owed an equally refined system of democratic scrutiny. It is an embarrassing indictment of our system that some in the media felt compelled to publish leaked information to ensure that matters were heard in parliament."
The cross-party report is the first British parliamentary acknowledgement that Snowden's disclosures of the mass harvesting of personal phone and internet data need to lead to serious improvements in the oversight and accountability of the security services.
The MPs call for radical reform of the system of oversight including the election of the membership of the intelligence and security committee, including its chairman, and an end to their exclusive oversight role. Its chairman should also be a member of the largest opposition party, the MPs say, in direct criticism of its current head, Sir Malcolm Rifkind, who is a former Conservative foreign secretary.
Rifkind, however, said he had read the report, and had concluded: "The recommendations regarding the ISC are old hat. For several years, Mr Vaz has been trying to expand the powers of his committee so that they can take evidence from MI5, MI6 and GCHQ. This is what this bit of his report is all about."
Rifkind attempted to head off some of the MPs' conclusions by announcing that the ISC would conduct its own inquiry into personal privacy and state surveillance. He also attacked Snowden and his supporters for their "insidious use of language such as mass surveillance and Orwellian" which, he argued, "blurs, unforgivably, the distinction between a system that uses the state to protect the people, and one that uses the state to protect itself against the people".
However, a complete overhaul of the "part-time" and under-resourced system of oversight commissioners is recommended by the MPs, as is an end to some of the secrecy surrounding the Investigatory Powers Tribunal the only body that is able to investigate individual complaints against the security agencies.
A parliamentary inquiry into the principal legal framework that legitimises state communications surveillance, the Regulation of Investigatory Powers Act 2000, should be launched, they say, to bring it up to date with modern technology and improve its oversight safeguards.
The committee also voices strong concerns that a data protection ruling by the European court of justice last month has left the legality of the bulk collection of communications data by the phone and internet companies in serious doubt. "It is essential that the legal position be resolved clearly and promptly," say the MPs, who reveal that the home secretary, Theresa May, has ordered urgent work into the ruling's full implications for the police and security services.
The MPs say they decided to look at the oversight of the intelligence agencies following the theft of a number of National Security Agency documents by Snowden in order to publicise the mass surveillance programmes run by a number of national intelligence agencies.
Their report says Alan Rusbridger, editor of the Guardian, responded to criticism of newspapers that decided to publish Snowden's disclosures, including the head of MI6's claim that it was "a gift to terrorists", by saying that the alternative would be that the next Snowden would just "dump the stuff on the internet".
The MPs say: "One of the reasons that Edward Snowden has cited for releasing the documents is that he believes the oversight of security and intelligence agencies is not effective. It is important to note that when we asked British civil servants the national security adviser and the head of MI5 to give evidence to us they refused. In contrast, Mr Rusbridger came before us and provided open and transparent evidence."
The report makes clear the intelligence chiefs should drop their boycott of wider parliamentary scrutiny. "Engagement with elected representatives is not, in itself, a danger to national security and to continue to insist so is hyperbole," it says.
But a move by Labour and Lib Dem MPs to congratulate the Guardian and other media outlets for "responsibly reporting" the disclosures saying they had opened a "wide and international public debate" was voted down by four Tory MPs.
Yvette Cooper, the shadow home secretary, said the report showed there was a cross-party consensus behind Labour's proposals, including reform of the commissioners system and an opposition chair of the ISC. "The government should now set out plans for oversight reforms," she said.
Nick Clegg has also outlined proposals for reforming the oversight system.
Cooper added that the select committee had added their voice to the growing number of MPs, who were calling for reform. She said that the police and security services needed to keep up with the challenges of the digital age but stronger safeguards and limits to protect personal privacy and sustain confidence in their vital were also needed: "The oversight and legal frameworks are now out of date," said the shadow home secretary.Emma Carr, of Big Brother Watch, the privacy campaign group, said: "When a senior committee of parliament says that the current oversight of our intelligence agencies is not fit for purpose, ineffective and undermines the credibility of parliament, the government cannot and must not continue to bury its head in the sand."
Last night, a statement by the Association of Chief Police Officers (Acpo) and the Terrorism and Allied Matters (TAM) Board consisting of assistant commissioner Cressida Dick, chief constable Sara Thornton, chief constable Sir Peter Fahy, chief constable Chris Sims, chief constable Mark Gilmore and chief constable Matt Baggott said they were "concerned" the committee had recommended that responsibility for counter-terrorism policing should be moved to the National Crime Agency.
The statement described it as "a decision that does not appear to supported by the evidence and is based on an apparent misunderstanding of the role played by the Metropolitan Police Service."Counter-terrorism policing is not directed through a single lead force but rather has responsibility vested in nine chief constables across the UK in areas where the threat is considered to be the greatest. These chief constables act collaboratively and effectively on behalf of all forces, while at the same time maintaining close and critical links into local policing."
The statement added: "The Home Secretary has previously confirmed that she will conduct a review of counter-terrorism structures. We welcome any such review and look forward to participating fully and constructively in it. "
The Home Office said: "Our security agencies and law enforcement agencies operate within a strict legal and policy framework and under the tightest of controls and oversight mechanisms. This represents one of the strongest systems of checks and balances and democratic accountability for secret intelligence anywhere in the world."

[Peter Lemkin]

Inside the NSA's Secret Efforts to Hunt and Hack System Administrators
By Ryan Gallagher and Peter Maass
20 Mar 2014, 7:07 PM EDT
A secret document reveals how the NSA tracks down system administrators for surveillance. Illustration: Josh Begley.

Across the world, people who work as system administrators keep computer networks in order and this has turned them into unwitting targets of the National Security Agency for simply doing their jobs. According to a secret document provided by NSA whistleblower Edward Snowden, the agency tracks down the private email and Facebook accounts of system administrators (or sys admins, as they are often called), before hacking their computers to gain access to the networks they control.

The document consists of several posts one of them is titled "I hunt sys admins" that were published in 2012 on an internal discussion board hosted on the agency's classified servers. They were written by an NSA official involved in the agency's effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet. By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks.

The classified posts reveal how the NSA official aspired to create a database that would function as an international hit list of sys admins to potentially target. Yet the document makes clear that the admins are not suspected of any criminal activity they are targeted only because they control access to networks the agency wants to infiltrate. "Who better to target than the person that already has the keys to the kingdom'?" one of the posts says.

The NSA wants more than just passwords. The document includes a list of other data that can be harvested from computers belonging to sys admins, including network maps, customer lists, business correspondence and, the author jokes, "pictures of cats in funny poses with amusing captions." The posts, boastful and casual in tone, contain hacker jargon (pwn, skillz, zomg, internetz) and are punctuated with expressions of mischief. "Current mood: devious," reads one, while another signs off, "Current mood: scheming."

The author of the posts, whose name is being withheld by The Intercept, is a network specialist in the agency's Signals Intelligence Directorate, according to other NSA documents. The same author wrote secret presentations related to the NSA's controversial program to identify users of the Tor browser a privacy-enhancing tool that allows people to browse the Internet anonymously. The network specialist, who served as a private contractor prior to joining the NSA, shows little respect for hackers who do not work for the government. One post expresses disdain for the quality of presentations at Blackhat and Defcon, the computer world's premier security and hacker conferences:



It is unclear how precise the NSA's hacking attacks are or how the agency ensures that it excludes Americans from the intrusions. The author explains in one post that the NSA scours the Internet to find people it deems "probable" administrators, suggesting a lack of certainty in the process and implying that the wrong person could be targeted. It is illegal for the NSA to deliberately target Americans for surveillance without explicit prior authorization. But the employee's posts make no mention of any measures that might be taken to prevent hacking the computers of Americans who work as sys admins for foreign networks. Without such measures, Americans who work on such networks could potentially fall victim to an NSA infiltration attempt.

The NSA declined to answer questions about its efforts to hack system administrators or explain how it ensures Americans are not mistakenly targeted. Agency spokeswoman Vanee' Vines said in an email statement: "A key part of the protections that apply to both U.S. persons and citizens of other countries is the mandate that information be in support of a valid foreign intelligence requirement, and comply with U.S. Attorney General-approved procedures to protect privacy rights."

As The Intercept revealed last week, clandestine hacking has become central to the NSA's mission in the past decade. The agency is working to aggressively scale its ability to break into computers to perform what it calls "computer network exploitation," or CNE: the collection of intelligence from covertly infiltrated computer systems. Hacking into the computers of sys admins is particularly controversial because unlike conventional targets people who are regarded as threats sys admins are not suspected of any wrongdoing.

In a post calling sys admins "a means to an end," the NSA employee writes, "Up front, sys admins generally are not my end target. My end target is the extremist/terrorist or government official that happens to be using the network some admin takes care of."

The first step, according to the posts, is to collect IP addresses that are believed to be linked to a network's sys admin. An IP address is a series of numbers allocated to every computer that connects to the Internet. Using this identifier, the NSA can then run an IP address through the vast amount of signals intelligence data, or SIGINT, that it collects every day, trying to match the IP address to personal accounts.

"What we'd really like is a personal webmail or Facebook account to target," one of the posts explains, presumably because, whereas IP addresses can be shared by multiple people, "alternative selectors" like a webmail or Facebook account can be linked to a particular target. You can "dumpster-dive for alternate selectors in the big SIGINT trash can" the author suggests. Or "pull out your wicked Google-fu" (slang for efficient Googling) to search for any "official and non-official e-mails" that the targets may have posted online.

Once the agency believes it has identified a sys admin's personal accounts, according to the posts, it can target them with its so-called QUANTUM hacking techniques. The Snowden files reveal that the QUANTUM methods have been used to secretly inject surveillance malware into a Facebook page by sending malicious NSA data packets that appear to originate from a genuine Facebook server. This method tricks a target's computer into accepting the malicious packets, allowing the NSA to infect the targeted computer with a malware "implant" and gain unfettered access to the data stored on its hard drive.

"Just pull those selectors, queue them up for QUANTUM, and proceed with the pwnage," the author of the posts writes. ("Pwnage," short for "pure ownage," is gamer-speak for defeating opponents.) The author adds, triumphantly, "Yay! /throws confetti in the air."

In one case, these tactics were used by the NSA's British counterpart, Government Communications Headquarters, or GCHQ, to infiltrate the Belgian telecommunications company Belgacom. As Der Speigel revealed last year, Belgacom's network engineers were targeted by GCHQ in a QUANTUM mission named "Operation Socialist" with the British agency hacking into the company's systems in an effort to monitor smartphones.

While targeting innocent sys admins may be surprising on its own, the "hunt sys admins" document reveals how the NSA network specialist secretly discussed building a "master list" of sys admins across the world, which would enable an attack to be initiated on one of them the moment their network was thought to be used by a person of interest. One post outlines how this process would make it easier for the NSA's specialist hacking unit, Tailored Access Operations (TAO), to infiltrate networks and begin collecting, or "tasking," data:



Aside from offering up thoughts on covert hacking tactics, the author of these posts also provides a glimpse into internal employee complaints at the NSA. The posts describe how the agency's spies gripe about having "dismal infrastructure" and a "Big Data Problem" because of the massive volume of information being collected by NSA surveillance systems. For the author, however, the vast data troves are actually something to be enthusiastic about.

"Our ability to pull bits out of random places of the Internet, bring them back to the mother-base to evaluate and build intelligence off of is just plain awesome!" the author writes. "One of the coolest things about it is how much data we have at our fingertips."

Micah Lee contributed to this report.

[Magda Hassan]

It's one of their Achilles heels. They need us to run their system. They are powerless with out us.

[Peter Lemkin]

The document can be found here http://firstlook.org/theintercept/docume...ys-admins/

[Magda Hassan]

Photos of an NSA "upgrade" factory show Cisco router getting implant

Servers, routers get "beacons" implanted at secret locations by NSA's TAO team.

by Sean Gallagher - May 15 2014, 5:30am AEST

• Hacking
  
• National Security
  

254

NSA techs perform an unauthorized field upgrade to Cisco hardware in these 2010 photos from an NSA document.

A document included in the trove of National Security Agency files released with Glenn Greenwald's book No Place to Hide details how the agency's Tailored Access Operations (TAO) unit and other NSA employees intercept servers, routers, and other network gear being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they're delivered.
These Trojan horse systems were described by an NSA manager as being "some of the most productive operations in TAO because they pre-position access points into hard target networks around the world."
The document, a June 2010 internal newsletter article by the chief of the NSA's Access and Target Development department (S3261) includes photos (above) of NSA employees opening the shipping box for a Cisco router and installing beacon firmware with a "load station" designed specifically for the task.
The NSA manager described the process:

Here's how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets' electronic devices. These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO.

http://arstechnica.com/tech-policy/2014/...g-implant/

[Peter Lemkin]

https://maps.google.com/maps/ms?msid=205...,67.631836

[all inter-coordinated, along with mobile ones in police vehicles and sometimes set up and moved by police and other agencies]; all fed into a single database that can be 'mined' to know where you have traveled, who and where you have gone, done and visited, etc.

[Drew Phipps]

In Texas, it is illegal for customized license plate frames to come too close or obscure any part of the official plate letters/numbers, so automated license plate reading has been planned for some time.