Squeaky Dolphin?

squeakydolphin-640x456Documents obtained by former NSA contractor Edward Snowden show that NSA analysts monitored content on The Pirate Bay and used the agency’s surveillance systems to track where it came from. The documents also show that the NSA’s British partners at the GCHQ used XKeyscore data as part of a surveillance program on sites that included WikiLeaks. That was part of a broader psychological profiling and targeting program to collect intelligence, influence individuals online, and disrupt groups like Anonymous that were considered threats.  The new documents show that the GCHQ conducted “broad real-time monitoring of social media activities, processing data on activities like watching YouTube videos and Facebook Likes to profile, categorize, and target individuals for psychological operations.” The NSA documents in the latest disclosure refer to monitoring for content that could be considered “malicious foreign activity.” But it’s clear that the NSA also used its XKeyscore surveillance to dig through traffic to the torrent-sharing site, and it could very well have profiled foreign users of sites like WikiLeaks and monitored their access to that and other websites.

However, the documents—one an internal NSA “frequently asked questions” Wiki page and the other a set of GCHQ slides on psychological operations—do not provide a picture of how much information about people accessing WikiLeaks was shared between the GCHQ and the NSA. And while the documents point to NSA monitoring of Pirate Bay, there’s no suggestion of how the information gathered was used or if it was used at all.  A third, unpublished document shows that the Obama administration apparently encouraged foreign governments in 2010 (including the UK) to pursue charges against WikiLeaks for the publication of diplomatic “wires” provided by Chelsea Manning, formerly known as Bradley Manning.

The GCHQ slide deck, published in 2012, highlights two tools used to conduct social networking, Web monitoring, and profiling. The first, called “Squeaky Dolphin,” pulls online activities within Web traffic caught by the agency’s monitoring systems. The monitoring systems are called “Airwolf” in the slides, which may be a UK codeword for the GCHQ’s equivalent of XKeyscore. That data includes webmail, blogs visited, YouTube views, Facebook “likes” clicked on websites themselves, and other data culled from individual users’ captured activity.

It runs those activities, captured in real-time, through IBM’s InfoSphere Streams processing software to create analytical feeds. Those feeds are then piped into a Splunk database and surfaced through a “dashboard” view that allows analysts to find trends in sentiment. As an example, the slides showed activity related to cricket matches in London and the surge in Facebook likes for Conservative member of Parliament Liam Fox. It can also be used to spot trends in traffic that might indicate upcoming events such as protests or other civil unrest.

While Squeaky Dolphin tends to look at things with a wider view, “AnticrisisGirl” is a bit more targeted. It can be used to passively monitor specific websites—including traffic to WikiLeaks, as the slides demonstrate. The tool can be tuned to a specific set of Internet user signatures or keywords, and it provides analytics of their behavior in real time, capturing search terms or direct Web addresses used to get to the sites in question.

SOURCE – arstechnica.com

From NSA to Gmail: Ex-Spy Launches Free Email Encryption Service

The surveillance bombshells revealed by Edward Snowden have prompted many Americans to reconsider what they say and do online.

Hoping to seize upon amplified privacy concerns, a former National Security Agency architect launched a free service this week that allows users to easily encrypt their Gmail, Yahoo and Outlook emails.

Virtru, which has received $4 million in angel financing and emerged from stealth mode to attracted significant interest from a number of potential corporate customers, including big Wall Street banks.

“There is mass concern about privacy. The issue is people don’t know where to go to take action. We’re trying to meet that need,” said John Ackerly, a former White House official who co-founded Virtru with his brother Will.

While working at the NSA, Will Ackerly helped invent an encryption format that has become the standard for sharing sensitive data between U.S. intelligence agencies. Seeing the great demand to protect personal and commercial documents, the Ackerly brothers are now deploying that platform to a much wider audience.

“Services like Virtru will probably give most commercial users a degree of security that only governments have enjoyed to this point,” said Cedric Leighton, a former NSA official who does not know the Ackerly brothers.

Virtru appears to be launching at a perfect time given the enormous amount of attention on government surveillance, which classified documents leaked by Snowden show is far greater than the American public realized.  According to a poll of 2,000 U.S. adults by Harris Interactive that Virtru commissioned, 73% of Americans online are concerned about the privacy of their email communications. But just 34% of online adults said they had taken steps like using a secure email provider or encrypted technologies.

While the Snowden revelations “caused the country tremendous harm in terms of national security,” John Ackerly said the “issues are real and the balance of power has shifted away from the individual.”

Using the open-source Trusted Data Format that Will Ackerly helped create in 2008, Virtru allows users to encrypt emails from Google’s Gmail, Yahoo, Microsoft’s Outlook and Apple’s Mac Mail. The service is powered by 256-bit AES encryption.

VIDEO – See how Virtru works…

SOURCE – foxbusiness.com

Lavabit fights the good fight…

The U.S. government in July obtained a search warrant demanding that Edward Snowden’s e-mail provider, Lavabit, turn over the private SSL keys that protected all web traffic to the site, according to to newly unsealed documents.  The July 16 order came after Texas-based Lavabit refused to circumvent its own security systems to comply with earlier orders intended to monitor a particular Lavabit user’s metadata, defined as “information about each communication sent or received by the account, including the date and time of the communication, the method of communication, and the source and destination of the communication.”  lavabitThe records in the case, which is now being argued at the 4th U.S. Circuit Court of Appeals, were unsealed by a federal judge in Alexandria, Virginia. They confirm much of what had been suspected about the conflict between the pro-privacy e-mail company and the federal government, which led to Lavabit voluntarily closing in August rather than compromise the security it promised users.  The filings show that Lavabit was served on June 28 with a so-called “pen register” order requiring it to record, and provide the government with, the e-mail “from” and “to” lines on every e-mail, as well as the IP address used to access the mailbox. Because they provide only metadata, pen register orders can be obtained without “probable cause” that the target has committed a crime.

“The privacy of … Lavabit’s users are at stake,” Lavabit attorney Jesse Binnall told Hilton. “We’re not simply speaking of the target of this investigation. We’re talking about over 400,000 individuals and entities that are users of Lavabit who use this service because they believe their communications are secure. By handing over the keys, the encryption keys in this case, they necessarily become less secure.”

I love this next part… Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type!  I love this guy!

“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.  The court ordered Levison to provide a more useful electronic copy. By August 5, Lavabit was still resisting the order, and the judge ordered that Levison would be fined $5,000 a day beginning August 6 until he handed over electronic copies of the keys.  On August 8, Levison shuttered Lavabit, making any attempt at surveillance moot. Still under a gag order, he posted an oblique message saying he’d been left with little choice in the matter.

“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit,” Levison wrote at the time. “After significant soul searching, I have decided to suspend operations.”

Lavabit has raised approximately $30,000 in an online fundraising drive to finance its appeal to the 4th Circuit. Today the appeals court extended the deadline for opening briefs to October 10.  Friends, your absolute right to privacy is under attack.  Spread the word, donate or help out any way you can and helo Lavabit fight the good fight!

SOURCE – Wired

UPDATE – Lavabit to Briefly Reinstate Services for Data Recovery

XKeyscore?

Looks like Edward Snowden has leaked another little tidbit about the NSA’s domestic surveillance programs.  According to The Guardian, the NSA taps all you do online and XKeyscore is the program they use to do it.  This program essentially makes available everything you’ve ever done on the Internet – browsing history, searches, content of your emails, online chats, even your metadata – available without any prior authorization — no warrant, no court clearance, no signature on a dotted line. snowdenSome NSA flunky simply plugs in a private email address, and seconds later, your online history is no longer private.  That is more power than government should have over its own people.  XKeyscore is the second black mark on the NSA’s record in the past few weeks. The Guardian’s first story uncovered PRISM, a highly controversial surveillance program that reportedly allows the security agency to access the servers of major Internet organizations including Facebook, Google, Apple, Microsoft, Yahoo, YouTube and Skype, among others.  As I mentioned on a previous post, you should have no expectation of privacy when communicating digitally.  There are however, steps you can take to limit what is collected about you.  I’ve started using the Startpage search engine rather than Google.  StartPage combines the powerful search results of Google with the strong privacy features of Ixquick, the world’s most private search engine.  No IP addresses are stored, no personal data is gathered or passed on to third parties, and no identifying cookies are placed on your browser. Startpage also offers secure SSL encryption, a proxy option that allows anonymous web surfing, full third-party certification, and numerous other privacy features.  I recommend switching to Startpage immediately.  FYI, work continues on the Villainous VooDoo data encryption solution; stay tuned…

UPDATE – 08/21/13 – A new report by the Wall Street Journal says the NSA “has the capacity to reach roughly 75% of all U.S. Internet traffic.” And while the NSA is only supposed to “target” foreigners, the NSA sometimes “retains the written content of e-mails sent between citizens within the U.S.”

Privacy is something you have to make for yourself…

Whistleblower Edward Snowden claims that American & multinational telecom companies collaborate with the NSA.  Well Duh!  Of course!, do you really think the NSA needs to collaborate with anyone to read your email?  Let’s get real; you should have no expectation of privacy when communicating digitally.  Period.  There are steps you can take to secure your online presence and while some methods work better than others, I prefer Tor.  As for your data, any fully vetted public-key cryptosystem such as PGP (with an appropriate key length) should meet most peoples needs.  Most people.  For those of you looking to up your game in data encryption, the Villainous VooDoo has been hard at work on something.  Stay tuned…

UPDATE – 08/16/13 – It seems the NSA has been quite busy infringing on our privacy rights.  A newly leaked NSA audit documents 2,776 violations of privacy rules or court orders, mostly involving unauthorized collection of data on Americans or eavesdropping on foreign intelligence targets who entered the United States.  Watch what you say, big brother is listening…

UPDATE – 08/21/13 – A new report by the Wall Street Journal says the NSA relies on extensive collaboration with domestic telecommunications companies to get access to Internet traffic. “The programs, code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others, filter and gather information at major telecommunications companies.” Filtering occurs at more than a dozen “major Internet junctions.”

  • Ads