Archive for the ‘NSA’ Category

NSA Surveillance | American Civil Liberties Union

The National Security Agencys mass surveillance has greatly expanded in the years since September 11, 2001. Disclosures have shown that, until recently, the government regularly tracked the calls of hundreds of millions of Americans. Today, it continues to spy on a vast but unknown number of Americans international calls, text messages, web-browsing activities, and emails.

The governments surveillance programs have infiltrated most of the communications technologies we have come to rely on. They are largely enabled by a problematic law passed by Congress the FISA Amendments Act (FAA), which is set to expire this year along with Executive Order 12,333, the primary authority invoked by the NSA to conduct surveillance outside of the United States. The Patriot Act has also made it easier for the government to spy on Americans right here at home over the past 15 years. Although the Foreign Intelligence Surveillance Court oversees some of the governments surveillance activities, it operates in near-total secrecy through one-sided procedures that heavily favor the government.

Our Constitution and democratic system demand that government be transparent and accountable to the people, not the other way around. History has shown that powerful, secret surveillance tools will almost certainly be abused for political ends.

The ACLU has been at the forefront of the struggle to rein in the surveillance superstructure, which strikes at the core of our rights to privacy, free speech, and association.

The FISA Amendments Act of 2008 (FAA) gives the NSA almost unchecked power to monitor Americans international phone calls, text messages, and emails under the guise of targeting foreigners abroad. The ACLU has long warned that one provision of the statute, Section 702, would be used to eavesdrop on Americans private communications. In June 2013, The Guardian published documents provided by whistleblower Edward Snowden confirming the massive scale of this international dragnet. Recent disclosures also show that an unknown number of purely domestic communications are monitored, that the rules that supposedly protect Americans' privacy are weak and riddled with exceptions, and that virtually every email that goes into or out of the United States is scanned for suspicious keywords.

In 2008, less than an hour after President Bush signed the FAA into law, the ACLU filed a lawsuit challenging its constitutionality. The case, Amnesty v. Clapper, was filed on behalf of a broad coalition of attorneys and organizations whose work requires them to engage in sensitive and sometimes privileged telephone and email communications with individuals located abroad. But in a 54 ruling handed down in February 2013, the Supreme Court held that the ACLU plaintiffs did not have standing to sue because they could not prove their communications had actually been surveilled under the law.

In March 2015, the ACLU filed Wikimedia Foundation v. NSA, a lawsuit challenging Upstream surveillance under the FAA. Through Upstream surveillance, the U.S. government copies and searches the contents of almost all international and many domestic text-based internet communications. The suit was brought on behalf of nine educational, legal, human rights, and media organizations, including the Wikimedia Foundation, operator of one of the most-visited websites on the internet. Collectively, the plaintiffs engage in more than a trillion sensitive internet communications every year, and each has been profoundly harmed by NSA surveillance.

Executive Order 12,333, signed by President Reagan in 1981 and modified many times since, is the authority primarily relied upon by the intelligence agencies to gather foreign intelligence outside of the United States. Recent disclosures indicate that the U.S. government operates a host of large-scale programs under EO 12333, many of which appear to involve the collection of vast quantities of Americans information. These programs have included, for example, the NSAs collection of billions of cellphone location records each day; its recording of every single cellphone call into, out of, and within at least two countries; and its surreptitious interception of data from Google and Yahoo user accounts as that information travels between those companies data centers located abroad.

In December 2013, the ACLU, along with the Media Freedom Information Access Clinic at Yale Law School, filed a Freedom of Information Act lawsuit demanding that the government release information about its use of EO 12,333 to conduct surveillance of Americans communications.

For many years, the government claimed sweeping authority under the Patriot Act to collect a record of every single phone call made by every single American "on an ongoing daily basis." This program not only exceeded the authority given to the government by Congress, but it violated the right of privacy protected by the Fourth Amendment, and the rights of free speech and association protected by the First Amendment. For this reason, the ACLU challenged the government's collection of our phone records under Section 215 of the Patriot Act just days after the program was revealed in June 2013 by The Guardian. In May 2015, a court of appeals found that the phone records program violated Section 215, and Congress allowed the provision to expire in June of that year. The program was reformed by the USA Freedom Act, which passed days later.

To bring greater transparency to the NSA's surveillance under the Patriot Act, the ACLU filed two motions with the secretive FISC asking it to release to the public its opinions authorizing the bulk collection of Americans' data by the NSA.

Our earlier work to reform the Patriot Act includes a number of successful challenges to the government's use of and secrecy surrounding National Security Letters.

The ACLU has long fought to bring greater transparency and public access to the FISC the secretive court that oversees the governments surveillance programs. When the FISC was first established in 1978, it primarily assessed individual surveillance applications to determine whether there was probable cause to believe a specific surveillance target was an agent of a foreign power. In recent years, however, the FISCs responsibilities have changed dramatically, and the FISC today oversees sweeping surveillance programs and assesses their constitutionality all without any public participation or review.

The ACLU has been advocating and petitioning for access to the FISC for more than a decade, working with Congress and the executive branch, and appearing before the court itself to push for greater transparency. Days after the courts Section 215 order was published in the press in June 2013, we filed a motion seeking access to the secret judicial opinions underlying the NSA's mass call tracking program. We have since filed two other access motions in the FISC, seeking significant legal opinions authorizing bulk collection and those interpreting the governments secret surveillance powers in the years after 9/11. We also signed a brief filed in the FISC in support of the First Amendment rights of the recipients of FISC orders, such as telephone and internet companies, to release information about the type and volume of national security requests they receive from the NSA and the FBI.

Secret law has no place in a democracy. Under the First Amendment, the public has a qualified right of access to FISC opinions concerning the scope, meaning, or constitutionality of the surveillance laws, and that right clearly applies to legal opinions interpreting Americans' bedrock constitutional rights. We all have a right to know, at least in general terms, what kinds of information the government is collecting about innocent Americans, on what scale, and based on what legal theory.

See the original post:
NSA Surveillance | American Civil Liberties Union

Russian hackers used NSA’s leaked EternalBlue exploit to spy on hotel guests – CSO Online

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Your message has been sent.

There was an error emailing this page.

A Russian government-sponsored cyberespionage group has been accused of using a leaked NSA hacking tool in attacks against one Middle Eastern and at least seven European hotels in order to spy on guests.

Why reinvent the wheel, or a hacking tool, when the NSA created such an effective one? The NSAs EternalBlue was leaked online by the Shadow Broker in April. Now the security firm FireEye says it has a moderate confidence that Fancy Bear, or APT28, the hacking group linked to the Russian government and accused of hacking the Democratic National Committee last year, added EternalBlue to its arsenal in order to spy on and to steal credentials from guests at European and Middle Eastern hotels.

In a campaign aimed at the hospitality industry, attackers leveraged a malicious document in spear-phishing emails. The hostile hotel form, which Microsoft Threat Intelligence Center General Manager John Lambert tweeted about in July, appeared to be a hotel reservation document. If macros were allowed to run on the computers used by the hotel employees who opened it, then Fancy Bears Gamefish malware would be installed.

Fancy Bear, according to a report by the security firm FireEye, used novel techniques involving the EternalBlue exploit and the open source tool Responder to spread laterally through networks and likely target travelers. Once inside the network of a hospitality company, APT28 sought out machines that controlled both guest and internal Wi-Fi networks.

The Gamefish malware would download and run EternalBlue to spread to computers which were connected to corporate and guest Wi-Fi networks. After gaining access, Fancy Bear deployed Responder which listens for broadcasts from victim computers attempting to connect to network resources. Responder, FireEye explained, masquerades as the sought-out resource and causes the victim computer to send the username and hashed password to the attacker-controlled machine.

Its definitely a new technique for Fancy Bear, FireEyes cyber espionage researcher Ben Read told Wired. Its a much more passive way to collect on people. You can just sit there and intercept stuff from the Wi-Fi traffic.

While FireEye didnt observe business travelers credentials being stolen via hotel Wi-Fi networks in July, the security firm cited a similar hotel attack by Fancy Bear in 2016.

In the 2016 incident, the victim was compromised after connecting to a hotel Wi-Fi network. Twelve hours after the victim initially connected to the publicly available Wi-Fi network, APT28 logged into the machine with stolen credentials. These 12 hours could have been used to crack a hashed password offline. After successfully accessing the machine, the attacker deployed tools on the machine, spread laterally through the victim's network, and accessed the victim's OWA account. The login originated from a computer on the same subnet, indicating that the attacker machine was physically close to the victim and on the same Wi-Fi network.

The latest hotel attacks, FireEye added, is the first time we have seen APT28 incorporate this exploit [EternalBlue] into their intrusions. While the investigation is still going on, FireEye told Reuters it is moderately confident that Fancy Bear is behind the attacks. We just don't have the smoking gun yet.

The targeted hotels were not named, but were described as the type where valuable guests would stay. FireEye told Wired, These were not super expensive places, but also not the Holiday Inn. Theyre the type of hotel a distinguished visitor would stay in when theyre on corporate travel or diplomatic business.

FireEye wants travelers, such as business and government personnel, to be aware of the threats like having their information and credentials passively collected when connecting to a hotels Wi-Fi. While traveling abroad, high value targets should take extra precautions to secure their systems and data. Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible. Wired suggested the safest approach for travelers is to bring their own hotspot and altogether skip connecting to the hotels Wi-Fi.

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Sponsored Links

See more here:
Russian hackers used NSA's leaked EternalBlue exploit to spy on hotel guests - CSO Online

StarTimes pay courtesy call on NSA boss – Ghana News Agency

Print Sunday 13th August, 2017 Accra, Aug. 11, GNA - StarTimes, official Broadcaster of the Ghana Premier League, on Friday, met the leadership of the National Sports Authority (NSA). The StarTimes delegation held fruitful discussion with the Director General of the NSA, Mr. Robert Sarfo Mensah concerning the development of sports in the country. As part of StarTimes' aim of getting involved in promoting all sports in Ghana,

Accra, Aug. 11, GNA - StarTimes, official Broadcaster of the Ghana Premier League, on Friday, met the leadership of the National Sports Authority (NSA).

The StarTimes delegation held fruitful discussion with the Director General of the NSA, Mr. Robert Sarfo Mensah concerning the development of sports in the country.

As part of StarTimes' aim of getting involved in promoting all sports in Ghana, the NSA boss was consulted to partner the dream.

According to the Country Director of StarTimes, Leo Hao, sports must have a new look in Ghana.

"It is our dream to help grow Ghana sports.

"We want a successful collaboration that will see all sports get a better face lift as we are committed to grow sports in all aspects."

Mr. Sarfo Mensah was delighted to meet the StarTimes delegation and confirmed his office's readiness to partner them.

"My office wants to give Ghana sports the best, in terms of development.

"We are actually preparing to host the National Sports Festival, where more talents will be identified and nurtured. "

"I am very glad to have you and am confident that we can together promote Ghana sports," he noted.

GNA

Read this article:
StarTimes pay courtesy call on NSA boss - Ghana News Agency

Film: The Tiny West Virginia Town Haunted by an NSA Secret – The Intercept

Sugar Grove, West Virginia was, by the accounts of its residents, a fine place to live until the Pentagon shuttered the sprawling naval base that sustained the town for decades leaving it with a state secret as its sole remaining attraction. A new documentary film by director Elaine McMillion Sheldon, a longtime chronicler of West Virginian life, visitsSugar Grove after the base was decommissioned and being auctionedoff, and traces the abiding shadow of a nearby National Security Agency facility still looming over the town.

The film is embedded above.

Antennae at the NSA listening post, codenamed TIMBERLINE, were built to capture Soviet satellite messages as they bounced off the moon, imbuing a pristine stretch of Appalachia with a sort of cosmic gravity. Residents lived with the knowledge that something was hidden away on a hilltop above the town, even if it was something they could never know. TIMBERLINEs mission has, to say the least, changed in the intervening years, as submarine-laid internet cables have become a greater priority for American spies than foreign satellite communication.

TIMBERLINE remains operational, but the facility, known to locals as the off-limits Upper Base, was never what kept Sugar Grove alive. The towns heart was the sprawling Lower naval base that served as a robust employer and de facto community center until the Sept. 11 attacks, when residents say even the Navy gym and recreational areas theyd always enjoyed were sealed up, like forbidding TIMBERLINE. Sheldons film reveals a parcel of the country thats dealing not just with a faltering economy and collapsed job base hardly unique to Sugar Grove but also with a legacy thats literally unspeakable. One of the only moments the film captures of anyone talking about the NSAs presence in Sugar Grove comes from a General Services Administration auctioneer Kristine Carson in a vacant naval gymnasium. Asked about the Upper Base, Carson notes, with a small smile, Its underground, I understand. Of course I cant speak to that.

Top video: The film is directed and produced by Elaine McMillion Sheldon/Field of Vision.

Read more here:
Film: The Tiny West Virginia Town Haunted by an NSA Secret - The Intercept

EFF Urges Supreme Court to Take On Unconstitutional NSA Surveillance, Reverse Dangerous Ruling That Allows … – EFF

WASHINGTON, D.C.The Electronic Frontier Foundation (EFF) asked the Supreme Court to review and overturn an unprecedented ruling allowing the government to intercept, collect, and storewithout a warrantmillions of Americans electronic communications, including emails, texts, phone calls, and online chats.

This warrantless surveillance is conducted by U.S. intelligence agencies under Section 702 of the Foreign Intelligence Surveillance Act. The law is exceedingly broadSection 702 allows the government to conduct surveillance of any foreigner abroadand the law fails to protect the constitutional rights of Americans whose texts or emails are incidentally collected when communicating with those people.

This warrantless surveillance of Americans is unconstitutional and should be struck down.

Yet the U.S. Court of Appeals for the Ninth Circuit, ruling in U.S. v. Mohamud, decided that the Fourth Amendment doesnt apply to Americans whose communications were intercepted incidentally and searched without a warrant. The case centered on Mohammed Mohamud, an American citizen who in 2012 was charged with plotting to bomb a Christmas tree lighting ceremony in Oregon. After he had already been convicted, Mohamud was told for the first time that information used in his prosecution was obtained using Section 702. Further disclosures clarified that the government used the surveillance program known as PRISM, which gives U.S. intelligence agencies access to communications in the possession of Internet service providers such as Google, Yahoo, or Facebook, to obtain the emails at issue in the case. Mohamud sought to suppress evidence gathered through the warrantless spying, arguing that Section 702 was unconstitutional.

In a dangerous and unprecedented ruling, the Ninth Circuit upheld the warrantless search and seizure of Mohamuds emails. EFF, the Center for Democracy & Technology, and New Americas Open Technology Institute filed a petition today asking the Supreme Court to review that decision.

The ruling provides an end-run around the Fourth Amendment, converting sweeping warrantless surveillance directed at foreigners into a tool for spying on Americans, said EFF Senior Staff Attorney Mark Rumold. Section 702 is unlike any surveillance law in our countrys history, it is unconstitutional, and the Supreme Court should take this case to put a stop to this surveillance.

Section 702, which is set to expire in December unless Congress reauthorizes it, provides the government with broad authority to collect, retain, and search Americans international communications, even if they dont contain any foreign intelligence or evidence of a crime.

We urge the Supreme Court to review this case and Section 702, which subjects Americans to warrantless surveillance on an unknown scale, said EFF Staff Attorney Andrew Crocker. We have long advocated for reining in NSA mass surveillance, and the incidental collection of Americans private communications under Section 702 should be held unconstitutional once and for all.

For the petition: https://www.eff.org/document/mohamud-eff-cert-petition

For more on Section 702: https://www.eff.org/document/702-one-pager-adv

For more on NSA spying:https://www.eff.org/nsa-spying

See the rest here:
EFF Urges Supreme Court to Take On Unconstitutional NSA Surveillance, Reverse Dangerous Ruling That Allows ... - EFF