Your government’s hacking tools are not safe

Motherboard reports: Recent data breaches have made it startlingly clear hacking tools used by governments really are at risk of being exposed. The actual value of the information included in each of these dumps varies, and some may not be all that helpful in and of themselves, but they still highlight a key point: hackers or other third parties can obtain powerful tools of cyber espionage that are supposedly secure. And in most cases, the government does not appear to clean up the fallout, leaving the exploits open to be re-used by scammers, criminals, or anyone else—for any purpose.

It’s as if someone posted a skeleton key online for breaking into an unimaginable number of locks.

“What we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they’ve been clearly lost, and that is plain irresponsible and unacceptable,” Claudio Guarnieri, a technologist from Amnesty International, told Motherboard in an online chat. [Continue reading…]

Facebooktwittermail

British spies were first to spot Trump team’s links with Russia

The Guardian reports: Britain’s spy agencies played a crucial role in alerting their counterparts in Washington to contacts between members of Donald Trump’s campaign team and Russian intelligence operatives, the Guardian has been told.

GCHQ first became aware in late 2015 of suspicious “interactions” between figures connected to Trump and known or suspected Russian agents, a source close to UK intelligence said. This intelligence was passed to the US as part of a routine exchange of information, they added.

Over the next six months, until summer 2016, a number of western agencies shared further information on contacts between Trump’s inner circle and Russians, sources said.

The European countries that passed on electronic intelligence – known as sigint – included Germany, Estonia and Poland. Australia, a member of the “Five Eyes” spying alliance that also includes the US, UK, Canada and New Zealand, also relayed material, one source said.

Another source suggested the Dutch and the French spy agency, the General Directorate for External Security or DGSE, were contributors.

It is understood that GCHQ was at no point carrying out a targeted operation against Trump or his team or proactively seeking information. The alleged conversations were picked up by chance as part of routine surveillance of Russian intelligence assets. Over several months, different agencies targeting the same people began to see a pattern of connections that were flagged to intelligence officials in the US. [Continue reading…]

Facebooktwittermail

Trump’s source: A greedy former judge citing an intel conspiracy theorist

The New York Times reports: Andrew Napolitano was a Superior Court judge in New Jersey until, frustrated by the constraints of his salary, he left the bench for more lucrative pastures: talk radio, a syndicated small-claims court TV series (“Power of Attorney”) and, eventually, Fox News, where he rose to become the network’s senior legal analyst.

It was in that basic-cable capacity this week that Mr. Napolitano managed to set off a cascading scandal, which by Friday had sparked a trans-Atlantic tiff between Britain and the United States while plunging President Trump’s close relationship with Fox News into new, murkier territory.

It was new ground for Mr. Napolitano, 66, who prefers being addressed as “The Judge” and once insisted that Fox News install bookshelves and wood-paneling in his newsroom office, the better to resemble a judge’s chambers.

But Mr. Napolitano’s unlikely leap into global politics can be explained by his friendship with Mr. Trump, whom he met with this year to discuss potential Supreme Court nominees. Mr. Napolitano also has a taste for conspiracy theories, which led him to Larry C. Johnson, a former intelligence officer best known for spreading a hoax about Michelle Obama. [Continue reading…]

Today, Johnson writes:

I spoke three months ago with a source that, if the source’s name was revealed, would be known and recognized as a reliable source of information. Based on that contact I reached out to friends in the intel community and asked them about the possibility that a back channel was used to get the Brits to collect on Trump associates. My sources said, “absolutely.”

There’s a mighty chasm between saying something’s possible and asserting that it happened. The very same source, if asked whether he had any evidence that such a back channel had indeed reached out to GCHQ, would have most likely followed his “absolutely,” with, “none whatsoever.”

Facebooktwittermail

Among British intelligence officials, growing concern about security threat posed by Trump

Financial Times reports: Shaken by the leaks of Edward Snowden, beset with strategic threats from Islamist militants and Russian aggression, the US-UK intelligence alliance is now facing a more unexpected although no less serious challenge — from the most powerful man within it.

Serving and former British intelligence officials worry that the US president has the power — if not necessarily the inclination — to weaken intelligence ties. After all, the White House has in the past tried to choke off sharing information with the UK and political disagreements have also sometimes led to selective disclosures on both sides.

They also fret that Mr Trump’s fast-and-loose style could lead to the disclosure of highly sensitive information provided by Britain. Most sensitive of all, some British intelligence officials wonder how carefully Mr Trump might treat their “product” — particularly over Russia — if it was deemed damaging to his own political interests. [Continue reading…]

Facebooktwittermail

Trump’s foolish effort to blame GCHQ and Fox News for a diplomatic mess of his own making

Former NSA analyst and counterintelligence officer, John Schindler, writes: Napolitano has zero background in intelligence and has no idea what he’s talking about. His accusation against Britain’s Government Communications Headquarters, London’s NSA equivalent, was patently absurd, as well as malicious, demonstrating that neither Napolitano nor Fox News have the slightest notion how intelligence works in the real world.

Yet here the White House was publicly endorsing this crackpot theory—and blaming perhaps our closest ally for breaking American laws at the behest of Barack Obama. Our domestic crisis thereby became an international one, for no reason other than the administration has gone global in its efforts to deflect blame from its own stupidity and dishonesty.

This is no small matter. NSA and GCHQ enjoy the most special of special relationships, serving since the Second World War as the cornerstone of the Anglosphere Five Eyes signals intelligence alliance (the others are Canada, Australia, and New Zealand) which defeated Hitler and won the Cold War. This constitutes the most successful espionage alliance in history, and just how close NSA and GCHQ are would be difficult to overstate.

Affectionately calling each other “the cousins,” they interchange personnel and, in the event of disaster—for instance a crippling terrorist attack on agency headquarters—NSA would hand most of its functions over to GCHQ, so that Five Eyes would keep running. It’s long been a source of consternation at Langley that NSA appears to get along better with GCHQ than with CIA. I once witnessed this issue come up in a top-secret meeting with senior officials, in which a CIA boss took an NSA counterpart to task when it became apparent that a piece of highly sensitive intelligence had been shared with “the cousins” before Langley was informed. The NSA senior official’s terse reply silenced the room: “That’s because we trust them.”

Publicly attacking the NSA-GCHQ relationship was therefore a consummately bad idea, particularly by a White House that has already gone so far out of its way to anger and alienate our own spies, and the British reply was one for the record books. Late yesterday, GCHQ issued a remarkable statement:

Recent allegations made by media commentator judge Andrew Napolitano about GCHQ being asked to conduct ‘wiretapping’ against the then president-elect are nonsense. They are utterly ridiculous and should be ignored.

American spy services are famously tight-lipped in their public utterances, falling back on “we can neither confirm nor deny” with a regularity that frustrates journalists. And our spooks are positively loquacious compared to British partners, who seldom say anything on the record to the media. Calling out Fox News and the White House in this manner has no precedent, and indicates just how angry British officials are with the Trump administration. For Prime Minister Teresa May, whose efforts to build bridges with the new president have been deeply unpopular at home, this had to be galling. [Continue reading…]

Facebooktwittermail

GCHQ dismisses ‘utterly ridiculous’ claim it helped wiretap Trump

The Guardian reports: British intelligence officials have denied an allegation that the UK helped former president Barack Obama “wiretap” Donald Trump during the 2016 election.

The claim was repeated by the White House press secretary, Sean Spicer, on Thursday and dismissed as “utterly ridiculous” by a GCHQ spokesperson.

The spokesperson added in a statement: “Recent allegations made by media commentator judge Andrew Napolitano about GCHQ being asked to conduct ‘wiretapping’ against the then president-elect are nonsense. They are utterly ridiculous and should be ignored.”

This week, Napolitano, Fox News judicial analyst, claimed during an interview on the network that three intelligence sources confirmed to him that the Obama administration used GCHQ to spy on Trump so that there would be “no American fingerprints on this”.

Sean Spicer, the White House press secretary, quoted Napolitano’s allegation in an effort to validate Trump’s unfounded claim that Obama tapped his phones last year. [Continue reading…]

The Guardian reports: The Republican and Democratic leaders of the Senate intelligence committee have rubbished Donald Trump’s incendiary claim that Barack Obama placed Trump Tower under surveillance.

“Based on the information available to us, we see no indications that Trump Tower was the subject of surveillance by any element of the United States government either before or after election day 2016,” the Republican Richard Burr of North Carolina and the Democrat Mark Warner of Virginia said in a joint statement on Thursday.

Burr and Warner helm one of the congressional committees investigating ties to Russia by Trump’s associates. Those unfolding inquiries have expanded their focus to include Trump’s evidence-free accusation, made on Twitter on 4 March, that Obama ordered surveillance of his eventual successor.

Their counterparts on the House intelligence committee, the Republican Devin Nunes and the Democrat Adam Schiff, both of California, announced the same conclusion on Wednesday. [Continue reading…]

CNN reports: The White House has apologized to the British government after alleging that a UK intelligence agency spied on President Donald Trump at the behest of former President Barack Obama.

National security adviser H.R. McMaster spoke with his British counterpart on Thursday about press secretary Sean Spicer’s comment from the White House podium about a Fox News report that said British intelligence helped wiretap Trump Tower during the 2016 campaign, a White House official said Friday.

The official described the conversation as “cordial” where McMaster described Spicer’s comment as “unintentional.”

McMaster also told his counterpart that “their concerns were understood and heard and it would be relayed to the White House.”

The official said there were “at least two calls” from British officials on Thursday and that the British ambassador to the United States called Spicer to discuss the comment.

“Sean was pointing to the breadth of reporting, not endorsing any specific story,” the official said.

A senior administration official told CNN that Spicer and McMaster offered what amounted to an apology to the British government.

Earlier Friday, a spokesman for British Prime Minister Theresa May said senior UK officials had protested to the Trump administration after the claims were repeated by Spicer. [Continue reading…]

Facebooktwittermail

UK security agencies unlawfully collected data for 17 years, court rules

The Guardian reports: British security agencies have secretly and unlawfully collected massive volumes of confidential personal data, including financial information, on citizens for more than a decade, senior judges have ruled.

The investigatory powers tribunal, which is the only court that hears complaints against MI5, MI6 and GCHQ, said the security services operated an illegal regime to collect vast amounts of communications data, tracking individual phone and web use and other confidential personal information, without adequate safeguards or supervision for 17 years.

Privacy campaigners described the ruling as “one of the most significant indictments of the secret use of the government’s mass surveillance powers” since Edward Snowden first began exposing the extent of British and American state digital surveillance of citizens in 2013.

The tribunal said the regime governing the collection of bulk communications data (BCD) – the who, where, when and what of personal phone and web communications – failed to comply with article 8 protecting the right to privacy of the European convention of human rights (ECHR) between 1998, when it started, and 4 November 2015, when it was made public. [Continue reading…]

Facebooktwittermail

UK spy agencies have collected bulk personal data since 1990s, files show

The Guardian reports: Britain’s intelligence agencies have been secretly collecting bulk personal data since the late 1990s and privately admit they have gathered information on people who are “unlikely to be of intelligence or security interest”.

Disclosure of internal MI5, MI6 and GCHQ documents reveals the agencies’ growing reliance on amassing data as a prime source of intelligence even as they concede that such “intrusive” practices can invade the privacy of individuals.

A cache of more than 100 memorandums, forms and policy papers, obtained by Privacy International during a legal challenge over the lawfulness of surveillance, demonstrates that collection of bulk data has been going on for longer than previously disclosed while public knowledge of the process was suppressed for more than 15 years.

The files show that GCHQ, the government’s electronic eavesdropping centre based in Cheltenham, was collecting and developing bulk data sets as early as 1998 under powers granted by section 94 of the 1984 Telecommunications Act.

The documents offer a unique insight into the way MI5, MI6, and GCHQ go about collecting and storing bulk data on individuals, as well as authorising discovery of journalists’ sources.

Bulk personal data includes information extracted from passports, travel records, financial data, telephone calls, emails and many other open or covert sources. Often they are “fused” together to help pinpoint suspects. [Continue reading…]

Facebooktwittermail

British government’s new plans for mass surveillance welcomed by opposition

The Guardian reports: New surveillance powers will be given to the police and security services, allowing them to access records tracking every UK citizen’s use of the internet without any judicial check, under the provisions of the draft investigatory powers bill unveiled by Theresa May.

It includes new powers requiring internet and phone companies to keep “internet connection records” – tracking every website visited but not every page – for a maximum of 12 months but will not require a warrant for the police, security services or other bodies to access the data. Local authorities will be banned from accessing internet records.

The proposed legislation will also introduce a “double-lock” on the ministerial approval of interception warrants with a new panel of seven judicial commissioners – probably retired judges – given a veto before they can come into force.

But the details of the bill make clear that this new safeguard for the most intrusive powers to spy on the content of people’s conversations and messages will not apply in “urgent cases” – defined as up to five days – where judicial approval is not possible.

The draft investigatory powers bill published on Wednesday by the home secretary aims to provide a “comprehensive and comprehensible” overhaul of Britain’s fragmented surveillance laws. It comes two-and-a-half years after the disclosures by the whistleblower Edward Snowden of the scale of secret mass surveillance of the global traffic in confidential personal data carried out by Britain’s GCHQ and the US’s National Security Agency (NSA).

It will replace the current system of three separate commissioners with a senior judge as a single investigatory powers commissioner.

May told MPs that the introduction of the most controversial power – the storage of everyone’s internet connection records tracking the websites they have visited, which is banned as too intrusive in the US and every European country including Britain – was “simply the modern equivalent of an itemised phone bill”.

Her recommendations were broadly welcomed by the shadow home secretary, Andy Burnham, but received a more cautious welcome from the former Conservative shadow home secretary David Davis, the former shadow home secretary Yvette Cooper and Nick Clegg, the former deputy prime minister. [Continue reading…]

Facebooktwittermail

GCHQ’s surveillance hasn’t proved itself to be worth the cost to human rights

By Fiona de Londras, University of Birmingham

The release of yet more of Edward Snowden’s leaked files reveals the still-astonishing scale and breadth of government surveillance after more than a year of revelations. These recent papers revealed to The Intercept website discuss a programme within Britain’s GCHQ known as “Karma Police”, in which the intelligence agency gathered more than 1.1 trillion pieces of information on UK citizens between August 2007 and March 2009.

Spurred on by the expansion of intercept warrants under the Terrorism Act 2006, this information is users’ internet metadata – details of phone calls, email messages and browser connections that includes passwords, contacts, phone numbers, email addresses, and folders used to organise emails, but not the actual content of messages or emails.

Metadata can help identify people of interest, build profiles, and assist with decisions to start or escalate surveillance of individuals. All this information can be collected often at a fraction of the cost of doing this through traditional methods. In other words, metadata is not insignificant – and this is precisely why governments are so committed to collecting and processing it. However, bulk metadata collection – where information is collected from everyone whether a “person of interest” or not – is rightly a source of deep anxiety from both security and human rights perspectives.

[Read more…]

Facebooktwittermail

How GCHQ tracks web users’ online identities

The Intercept reports: There was a simple aim at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.”

Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs.

The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ.

The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.[Continue reading…]

Facebooktwittermail

Duncan Campbell’s career exposing GCHQ’s secrets

Duncan Campbell writes: I stepped from the warmth of our source’s London flat. That February night in 1977, the air was damp and cool, the buzz of traffic muted in this leafy North London suburb, in the shadow of the iconic Alexandra Palace. A fellow journalist and I had just spent three hours inside, drinking Chianti and talking about secret surveillance with our source, and now we stood on the doorstep discussing how to get back to the south coast town where I lived.

Events were about to take me on a different journey. Behind me, sharp footfalls broke the stillness. A squad was running, hard, toward the porch of the house we had left. Suited men surrounded us. A burly middle-aged cop held up his police ID. We had broken “Section 2″ of Britain’s secrecy law, he claimed. These were “Special Branch,” then the elite security division of the British police.

For a split second, I thought this was a hustle. I knew that a parliamentary commission had released a report five years earlier that concluded that the secrecy law, first enacted a century ago, should be changed. I pulled out my journalist identification card, ready to ask them to respect the press.

But they already knew that my companion that evening, Time Out reporter Crispin Aubrey, and I were journalists. And they had been outside, watching our entire meeting with former British Army signals intelligence (Sigint) operator John Berry, who at the time was a social worker.

Aubrey and I were arrested on suspicion of possessing unauthorized information. They said we’d be taken to the local police station. But after being forced into cars, we were driven in the wrong direction, toward the center of London. I became uneasy. [Continue reading…]

Facebooktwittermail

Privacy campaigners win concessions in UK surveillance report

The Guardian reports: Privacy campaigners have secured significant concessions in a key report into surveillance by the British security agencies published on Tuesday.

The 132-page report, A Democratic Licence To Operate, which Nick Clegg commissioned last year in the wake of revelations by the US whistleblower Edward Snowden, acknowledges the importance of privacy concerns.

“Privacy is an essential prerequisite to the exercise of individual freedom, and its erosion weakens the constitutional foundations on which democracy and good governance have traditionally been based in this country,” the report says. [Continue reading…]

Facebooktwittermail

GCHQ spied on Amnesty International, tribunal tells group in email

The Guardian reports: The government’s electronic eavesdropping agency GCHQ spied illegally on Amnesty International, according to the tribunal responsible for handling complaints against the intelligence services.

Confirmation that surveillance took place emerged late on Wednesday, when the human rights group revealed that the Investigatory Powers Tribunal (IPT) sent it an email correcting an earlier judgment.

The extraordinary revision of a key detail in the ruling given on 22 June may alarm many supporters of Amnesty, who will want to know why it has been targeted.

In the original judgment, the IPT said that communications by the Egyptian Initiative for Personal Rights and the South African non-profit Legal Resources Centre had been illegally retained and examined.

In the email sent on Wednesday, the tribunal made it clear that it was Amnesty and not the Egyptian organisation that had been spied on – as well as the Legal Resources Centre in South Africa. [Continue reading…]

Facebooktwittermail

Snowden leak: Governments’ hostile reaction fuelled public’s distrust of spies

The Guardian reports: The hostile reaction of the British and US governments to the Snowden disclosures of mass surveillance only served to heighten public suspicion of the work of the intelligence agencies, according to an international conference of senior intelligence and security figures.

The recently published official account of a Ditchley Foundation conference last month says one of the event’s main conclusions was that greater transparency about the activities and capabilities of the security services would be essential if their credibility was to be preserved and enhanced around the world.

The account of the conference chaired by Sir John Scarlett, the former head of MI6, was published on Friday and makes clear the foundation recognised the widespread public unease following the revelations and that the conditions of data collection about individuals and who has access to it are legitimate areas of concern. [Continue reading…]

Facebooktwittermail

Snowden’s files and the files Snowden took: Is Glenn Greenwald playing dumb?

An article in Britain’s Sunday Times this weekend, claimed: “Russia and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden, forcing MI6 to pull agents out of live operations in hostile countries, according to senior officials in Downing Street, the Home Office and the security services.”

Glenn Greenwald writes:

The government accusers behind this story have a big obstacle to overcome: namely, Snowden has said unequivocally that when he left Hong Kong, he took no files with him, having given them to the journalists with whom he worked, and then destroying his copy precisely so that it wouldn’t be vulnerable as he traveled. How, then, could Russia have obtained Snowden’s files as the story claims — “his documents were encrypted but they weren’t completely secure ” — if he did not even have physical possession of them?

The only way this smear works is if they claim Snowden lied, and that he did in fact have files with him after he left Hong Kong.

In fact, the article says nothing about how the files were allegedly obtained by Russian and China, while Greenwald claims the only way they could have been accessed would be directly from Snowden.

Yet in 2013, Greenwald told the Daily Beast that Snowden “has taken extreme precautions to make sure many different people around the world have these archives to insure the stories will inevitably be published.”

So aside from Snowden himself (who if taken at his word, no longer possesses the files) there many different people (we don’t know how many or who they all are) who also have or had the files.

Are we to assume that each and every one of them is an unfailing master of digital security and these files could never have been obtained by a third party?

In a world where a data security company like Kaspersky can get hacked, I wouldn’t put it outside the realms of possibility that by some means or other, Russia and/or China might have gained access to the files Snowden took.

There are, however, several reasons to question this report — not because it came from anonymous sources, or necessitates believing the Snowden has lied — but because had these sources been able to substantiate their claims with credible evidence, they would most likely have turned to a better newspaper.

Facebooktwittermail