Tag Archive: GCHQ


Researchers Uncover Government Spy Tool Used To Hack Telecoms And Belgian Cryptographer

 

 

Regin-Architecture

 

 

” It was the spring of 2011 when the European Commission discovered it had been hacked. The intrusion into the EU’s legislative body was sophisticated and widespread and used a zero-day exploit to get in. Once the attackers established a stronghold on the network, they were in for the long haul. They scouted the network architecture for additional victims and covered their tracks well. Eventually, they infected numerous systems belonging to the European Commission and the European Council before being discovered.

  Two years later another big target was hacked. This time it was Belgacom, the partly state-owned Belgian telecom. In this case, too, the attack was sophisticated and complex. According to published news reports and documents leaked by Edward Snowden, the attackers targeted system administrators working for Belgacom and used their credentials to gain access to routers controlling the telecom’s cellular network. Belgacom publicly acknowledged the hack, but has never provided details about the breach.

  Then five months after that announcement, news of another high-profile breach emerged—this one another sophisticated hack targeting prominent Belgian cryptographer Jean-Jacques Quisquater. “

 

 

 

 

 

” Now it appears that security researchers have found the massive digital spy tool used in all three attacks. Dubbed “Regin” by Microsoft, more than a hundred victims have been found to date, but there are likely many others still unknown. That’s because the espionage tool—a malicious platform capable of taking over entire networks and infrastructures—has been around since at least 2008, possibly even earlier, and is built to remain stealth on a system for years.

  The threat has been known since at least 2011, around the time the EU was hacked and some of the attack files made their way to Microsoft, who added detection for the component to its security software. Researchers with Kaspersky Lab only began tracking the threat in 2012, collecting bits and pieces of the massive threat. Symantec began investigating it in 2013 after some of its customers were infected. Putting together information from each, it’s clear the platform is highly complex and modulated and can be customized with a wide range of capabilities depending on the target and the attackers’ needs. Researchers have found 50 payloads so far for stealing files and other data, but have evidence that still more exist.

“ It’s a threat that everyone has detected for some time, but no one has exposed [until now],” says Eric Chien, technical director of Symantec’s Security Technology and Response division.

  The researchers have no doubt that Regin is a nation-state tool and are calling it the most sophisticated espionage machine uncovered to date—more complex even than the massive Flame platform, uncovered by Kaspersky and Symantec in 2012 and crafted by the same team who created Stuxnet. “

 

The whole story may be read at Wired

 

 

 

 

 

 

 

 

 

Yahoo Webcam Images From Millions Of Users Intercepted By GCHQ

 

GCHQ Yahoo Webcam Spying

 

 

” Britain’s surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.

  GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.

  In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.

  Yahoo reacted furiously to the webcam interception when approached by the Guardian. The company denied any prior knowledge of the program, accusing the agencies of “a whole new level of violation of our users’ privacy“.

  GCHQ does not have the technical means to make sure no images of UK or US citizens are collected and stored by the system, and there are no restrictions under UK law to prevent Americans’ images being accessed by British analysts without an individual warrant.

  The documents also chronicle GCHQ’s sustained struggle to keep the large store of sexually explicit imagery collected by Optic Nerve away from the eyes of its staff, though there is little discussion about the privacy implications of storing this material in the first place.”

 

 

    While the webcam intrusions allegedly took place between 2008 and 2010 the Guardian says that Operation Optic Nerve was ongoing at least as late as 2012 …

 

 

” Optic Nerve, the documents provided by NSA whistleblower Edward Snowden show, began as a prototype in 2008 and was still active in 2012, according to an internal GCHQ wiki page accessed that year.

  The system, eerily reminiscent of the telescreens evoked in George Orwell’s 1984, was used for experiments in automated facial recognition, to monitor GCHQ’s existing targets, and to discover new targets of interest. Such searches could be used to try to find terror suspects or criminals making use of multiple, anonymous user IDs.”

 

 

 

   The Guardian has much more on the latest revelations of Statism brought to light by Edward Snowden’s courageous act of defiance . 

 

 

 

 

 

 

 

 

 

How Covert Agents Infiltrate The Internet To Manipulate, Deceive, And Destroy Reputations

 

 

 

 

” One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents.

  Over the last several weeks, I worked with NBC News to publish a series of articles about “dirty trick” tactics used by GCHQ’s previously secret unit, JTRIG (Joint Threat Research Intelligence Group). These were based on four classified GCHQ documents presented to the NSA and the other three partners in the English-speaking “Five Eyes” alliance. Today, we at the Intercept are publishing another new JTRIG document, in full, entitled “The Art of Deception: Training for Online Covert Operations.”

  By publishing these stories one by one, our NBC reporting highlighted some of the key, discrete revelations: the monitoring of YouTube and Blogger, the targeting of Anonymous with the very same DDoS attacks they accuse “hacktivists” of using, the use of “honey traps” (luring people into compromising situations using sex) and destructive viruses. But, here, I want to focus and elaborate on the overarching point revealed by all of these documents: namely, that these agencies are attempting to control, infiltrate, manipulate, and warp online discourse, and in doing so, are compromising the integrity of the internet itself.

  Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. Here is one illustrative list of tactics from the latest GCHQ document we’re publishing today:”

 

 

 

 

” We submitted numerous questions to GCHQ, including: (1) Does GCHQ in fact engage in “false flag operations” where material is posted to the Internet and falsely attributed to someone else?; (2) Does GCHQ engage in efforts to influence or manipulate political discourse online?; and (3) Does GCHQ’s mandate include targeting common criminals (such as boiler room operators), or only foreign threats?

  As usual, they ignored those questions and opted instead to send their vague and nonresponsive boilerplate: “It is a longstanding policy that we do not comment on intelligence matters. “

 

 

   This Glenn Greenwald piece is a must read for all that have any interaction with the internet . Yes , this means you . We’re all targets now . No one is safe from attempts to destroy dissent facilitated with our own tax dollars and conducted by our own government .

 

 

 

 

 

 

 

 

 

 

 

Spy Agencies Tap Data Streaming From Phone Apps

 

 

” When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spies could be lurking in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents.”

” In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.

  According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from the smartphone identification codes of users to where they have been that day.”

 

 

 

World Of Spycraft: NSA And CIA Spied In Online Games

 

 

 

 

” Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe, according to newly disclosed classified documents.

  Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels.

  The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players, according to the documents, disclosed by the former National Security Agency contractor Edward J. Snowden. Because militants often rely on features common to video games — fake identities, voice and text chats, a way to conduct financial transactions — American and British intelligence agencies worried that they might be operating there, according to the papers.

  GATHERING INTELLIGENCE: U.S. and British intelligence agencies — including the Central Intelligence Agency, Defense intelligence agency and Britain’s Government Communications Headquarters — have operated in virtual worlds and gaming communities to snoop and try to recruit informants. For example, according to Snowden documents, the U.S. has conducted spy operations in Second Life (pictured), where players create human avatars to socialize, buy and sell goods and explore exotic virtual destinations. (Second Life image via Linden Lab)

  Online games might seem innocuous, a top-secret 2008 NSA document warned, but they had the potential to be a “target-rich communication network” allowing intelligence suspects “a way to hide in plain sight.” Virtual games “are an opportunity!,” another 2008 NSA document declared.”

 

 

 

 

 

 

 

 

Indian High Commission Uses Old Technology For Secret Documents After Edward Snowden’s NSA Revelations

 

 

” The Indian diplomatic mission in London has turned to typewriters for writing sensitive documents to avoid snooping by security agencies, after it emerged that New Delhi’s diplomatic missions in New York and Washington were bugged by the National Security Agency (NSA). 

The High Commission of India in the UK has also urged Indian diplomatic staff to be extra careful in dealing with top-secret documents, while officials have been warned about potential bugs inside the buildings.

The new policy comes days after it was revealed – through Edward Snowden’s disclosures – that the NSA planted high-tech bugs to spy on Indian diplomats in Washington and at the UN headquarters.

India is not the first country to use typewriters to battle security leaks. The Kremlin’s communications watchdog, the Federal Protection Service (FSO), has ordered typewriters to produce sensitive documents.

It is unclear whether Britain’s eavesdropping agency, GCHQ, allegedly involved in several other snooping activities along with the NSA, played any part in spying on Indian interests.”

 

 

 

 

 

 

 

British Spy Agency Reported To Tap Fibre-Optic Cables

 

 

 

 

” New details of cable tapping has been reported by British daily, The Guardian. The report reveals that Britain’s spy agency the GCHQ has tapped fibre-optic cables that carry international phone and internet traffic. It is also sharing large amounts of personal information with the United States National Security Agency. The project has the codename “Tempora”. “

 

 

 

 

 

 

GCHQ Intercepted Foreign Politicians’ Communications At G20 Summits

 

 

 

” Foreign politicians and officials who took part in two G20 summit meetings in London in 2009 had their computers monitored and their phone calls intercepted on the instructions of their British government hosts, according to documents seen by the Guardian. Some delegates were tricked into using internet cafes which had been set up by British intelligence agencies to read their email traffic.

The revelation comes as Britain prepares to host another summit on Monday – for the G8 nations, all of whom attended the 2009 meetings which were the object of the systematic spying. It is likely to lead to some tension among visiting delegates who will want the prime minister to explain whether they were targets in 2009 and whether the exercise is to be repeated this week.

There have often been rumours of this kind of espionage at international conferences, but it is highly unusual for hard evidence to confirm it and spell out the detail. The evidence is contained in documents – classified as top secret – which were uncovered by the NSA whistleblower Edward Snowden and seen by the Guardian. They reveal that during G20 meetings in April and September 2009 GCHQ used what one document calls “ground-breaking intelligence capabilities” to intercept the communications of visiting delegations.

This included:

• Setting up internet cafes where they used an email interception programme and key-logging software to spy on delegates’ use of computers;

• Penetrating the security on delegates’ BlackBerrys to monitor their email messages and phone calls;

• Supplying 45 analysts with a live round-the-clock summary of who was phoning who at the summit;” 

 

 

More at the Guardian

 

 

 

 

 

 

 

 

 

U.S., British Intelligence Mining Data From Nine U.S. Internet Companies In Broad Secret Program

 

 

 

 

” The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.

Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

London’s Guardian newspaper reported Friday that GCHQ, Britain’s equivalent of the NSA, also has been secretly gathering intelligence from the same internet companies through an operation set up by the NSA.

According to documents obtained by The Guardian, PRISM would appear to allow GCHQ to circumvent the formal legal process required in Britain to seek personal material such as emails, photos and videos from an internet company based outside of the country.”

 

 

Despite the spate of corporate denials it would appear that they are all willing participants … shame .

 

 

In exchange for immunity from lawsuits, companies such as Yahoo and AOL are obliged to accept a “directive” from the attorney general and the director of national intelligence to open their servers to the FBI’s Data Intercept Technology Unit, which handles liaison to U.S. companies from the NSA. In 2008, Congress gave the Justice Department authority for a secret order from the Foreign Surveillance Intelligence Court to compel a reluctant company “to comply.”

In practice, there is room for a company to maneuver, delay or resist. When a clandestine intelligence program meets a highly regulated industry, said a lawyer with experience in bridging the gaps, neither side wants to risk a public fight. The engineering problems are so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company.

 

The money quote …

 

As it is written, there is nothing to prohibit the intelligence community from searching through a pile of communications, which may have been incidentally or accidentally been collected without a warrant, to deliberately search for the phone calls or e-mails of specific Americans,” Udall said.

 

 

 

Related:

Google CEO Larry Page On PRISM: ‘What The…?’

Apple: ‘We Have Never Heard Of PRISM’

Dissecting Big Tech’s Denial of Involvement in NSA’s PRISM …

Google and Facebook Double Down on Prism Denials

PRISM’s NSA fallout: Apple, Google, Facebook issue denials …

Evolution Of The PRISM Denials: This May Be Why They Seem …

Apple, Google, Facebook, Yahoo, Microsoft, Paltalk, AOL issue …

Liberal England: PRISM: Should we believe the internet companies …

 

 

 

 

 

 

 

 

—-