NSA Decryption Multipurpose Research Facility
|
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sJBflS-7gxCzTCwycgDz118INQerQ6NPN5PzZHO2u3u9vESm5jGWPuoAxsPfs-A2g03dxp1cU5yDdf46fozvczuTimp5HLRFHMBaZs9sNCpibY-A=s0-d)
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vikkiAy1zBeX5MWSgCNJtCjQ2cj-Y7JS0zCz7GvdoOvqJuJ9P6u-zAfTdy2i1CO3dxO1aPjQ9T_gVxiWKqMCoxYZfw35NVAGHga18D2OA893ABOw=s0-d)
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t4vgkf_DLpw1LQyHqdZNJKwqlBxhbnaUQNXC6kOvjt_UM_lvW_8E7HQwqfqNUK3jEj_5VYYQzmoGW5rqO1C4XENhtRFH_-GJmBbpUKEaU9EF3L7w=s0-d)
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tPC6i0t55IB6gYLZWjF9Y22JyfCWHA278lkwSV05_mCo9RK6rP6jesVwnCIIiFp_bCKqbu-KzsBreb1bNRYFjVqauXq8kRy3sEVfYskMtVErEG=s0-d)
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_snpkPAM1ytbFiozHRUKayHcfSNTywIBYqU95YvdsQwpLI6iuzUPMn5x-chMh19pAO22G0pDsTUS4CqS1VAVp7-FdvLMWZ6Fv-Edtl4AxRAzIBUIw=s0-d)
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tsvX9hfZWxNUXi3Kk8MMH7UbFMRWiiqJNoyKcpk_-ZYurK3cnFome2DTjHD9gAraBV_REdLaG0M1Sj03yodZwPUATk_Z8zr-9-w0I235SdE9lD=s0-d)
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uRbkN67qPLpTcIEkX-ntiVnNhNbOqPuIWoNlqwyo_Edt_GPXtxRH2ZfYAk6aWGzH7mCxIg8nMroKkINczN-JWSiwDKN1BKJnt87NcjfKekqzFX=s0-d)
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uAMcO5thEKTAxxvA7iAvXdQu_LICchJnkP0EUqiFEmWg5L8IKVfXpUWfk66fohXxQ17tuk6XmvzEfaRsleTffQrnCTw9lFTZesIY5SV9wyOufH=s0-d)
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t9WRFsY-bO-oDgdwmxulR_ogflPa0yr-1LCl3rKb1vBgeF1LFLKlib26QAtLXstb23QOGx_6dF_BhD-sjtDHKCGCJ0rxzHVA6SKzsVQj_mIoCdCw=s0-d)
|
|
|
|
|
|
Tuesday, January 28, 2014
NSA Decryption Multipurpose Research Facility
Saturday, January 25, 2014
A Day in the CIA Operations Center
|
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sicCZQMv8j9eYo2k1WEFy6BK2p1F24uVjkNvS3ySzfD8HE4IS0wzCjF6p0oGfJ7esk4CMYsiX8vb0E4Fz1HaBbGTxzqyOkNbg7Ye0yCCSWgQ=s0-d)
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sYGo6dhF4x57yQzb3TEytyMRUE4XUoJZK0Aw6FsqQ9Pqr4BclSZx-uxkMTOEno634rOEFmd5ePuD6onR-8AuTQ16s98PgwLEXJPsT8pquYQYgo_mv8qw=s0-d)
Wednesday, January 15, 2014
N.S.A. Devises Radio Pathway Into Your Computers
N.S.A. Devises Radio Pathway Into Computers
JAN. 14, 2014
![[Image]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u4DT3XHaRxixcvmGP3wJnoroeyknT3KJddRbw9tYZkqPCMEsm-toC5bmVtE0XWpKKlBtJsROV3v7brJF67H12lCS9lhv9EaIi8btX2pXaHY_3tiEI=s0-d)
WASHINGTON — The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.
Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”
“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
No Domestic Use Seen
There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.
“N.S.A.'s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”
Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
President Obama is scheduled to announce on Friday what recommendations he is accepting from an advisory panel on changing N.S.A. practices. The panel agreed with Silicon Valley executives that some of the techniques developed by the agency to find flaws in computer systems undermine global confidence in a range of American-made information products like laptop computers and cloud services.
Embracing Silicon Valley’s critique of the N.S.A., the panel has recommended banning, except in extreme cases, the N.S.A. practice of exploiting flaws in common software to aid in American surveillance and cyberattacks. It also called for an end to government efforts to weaken publicly available encryption systems, and said the government should never develop secret ways into computer systems to exploit them, which sometimes include software implants.
Richard A. Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group’s reasoning in an email last week, saying that “it is more important that we defend ourselves than that we attack others.”
“Holes in encryption software would be more of a risk to us than a benefit,” he said, adding: “If we can find the vulnerability, so can others. It’s more important that we protect our power grid than that we get into China’s.”
From the earliest days of the Internet, the N.S.A. had little trouble monitoring traffic because a vast majority of messages and searches were moved through servers on American soil. As the Internet expanded, so did the N.S.A.'s efforts to understand its geography. A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.
A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
That map suggests how the United States was able to speed ahead with implanting malicious software on the computers around the world that it most wanted to monitor — or disable before they could be used to launch a cyberattack.
A Focus on Defense
In interviews, officials and experts said that a vast majority of such implants are intended only for surveillance and serve as an early warning system for cyberattacks directed at the United States.
“How do you ensure that Cyber Command people” are able to look at “those that are attacking us?” a senior official, who compared it to submarine warfare, asked in an interview several months ago.
“That is what the submarines do all the time,” said the official, speaking on the condition of anonymity to describe policy. “They track the adversary submarines.” In cyberspace, he said, the United States tries “to silently track the adversaries while they’re trying to silently track you.”
If tracking subs was a Cold War cat-and-mouse game with the Soviets, tracking malware is a pursuit played most aggressively with the Chinese.
The United States has targeted Unit 61398, the Shanghai-based Chinese Army unit believed to be responsible for many of the biggest cyberattacks on the United States, in an effort to see attacks being prepared. With Australia’s help, one N.S.A. document suggests, the United States has also focused on another specific Chinese Army unit.
Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China — perhaps through front companies — from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.
At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.
“The argument is not working,” said Peter W. Singer of the Brookings Institution, a co-author of a new book called “Cybersecurity and Cyberwar.” “To the Chinese, gaining economic advantage is part of national security. And the Snowden revelations have taken a lot of the pressure off” the Chinese. Still, the United States has banned the sale of computer servers from a major Chinese manufacturer, Huawei, for fear that they could contain technology to penetrate American networks.
An Old Technology
The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.
In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.
One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.
The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.
Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.
Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
The N.S.A. refused to talk about the documents that contained these descriptions, even after they were published in Europe.
“Continuous and selective publication of specific techniques and tools used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies,” Ms. Vines, the N.S.A. spokeswoman, said.
But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.
One feature of the Stuxnet attack was that the technology the United States slipped into Iran’s nuclear enrichment plant at Natanz was able to map how it operated, then “phone home” the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program.
But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
On Sunday, according to the semiofficial Fars news agency, Iran’s Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting — and making no mention of what are suspected of being its own attacks on Saudi Arabia’s largest oil producer.
N.S.A. Devises Radio Pathway Into Computers
JAN. 14, 2014
WASHINGTON -- The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
JAN. 14, 2014
WASHINGTON — The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.
Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”
“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
No Domestic Use Seen
There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.
“N.S.A.'s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”
Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
President Obama is scheduled to announce on Friday what recommendations he is accepting from an advisory panel on changing N.S.A. practices. The panel agreed with Silicon Valley executives that some of the techniques developed by the agency to find flaws in computer systems undermine global confidence in a range of American-made information products like laptop computers and cloud services.
Embracing Silicon Valley’s critique of the N.S.A., the panel has recommended banning, except in extreme cases, the N.S.A. practice of exploiting flaws in common software to aid in American surveillance and cyberattacks. It also called for an end to government efforts to weaken publicly available encryption systems, and said the government should never develop secret ways into computer systems to exploit them, which sometimes include software implants.
Richard A. Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group’s reasoning in an email last week, saying that “it is more important that we defend ourselves than that we attack others.”
“Holes in encryption software would be more of a risk to us than a benefit,” he said, adding: “If we can find the vulnerability, so can others. It’s more important that we protect our power grid than that we get into China’s.”
From the earliest days of the Internet, the N.S.A. had little trouble monitoring traffic because a vast majority of messages and searches were moved through servers on American soil. As the Internet expanded, so did the N.S.A.'s efforts to understand its geography. A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.
A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
That map suggests how the United States was able to speed ahead with implanting malicious software on the computers around the world that it most wanted to monitor — or disable before they could be used to launch a cyberattack.
A Focus on Defense
In interviews, officials and experts said that a vast majority of such implants are intended only for surveillance and serve as an early warning system for cyberattacks directed at the United States.
“How do you ensure that Cyber Command people” are able to look at “those that are attacking us?” a senior official, who compared it to submarine warfare, asked in an interview several months ago.
“That is what the submarines do all the time,” said the official, speaking on the condition of anonymity to describe policy. “They track the adversary submarines.” In cyberspace, he said, the United States tries “to silently track the adversaries while they’re trying to silently track you.”
If tracking subs was a Cold War cat-and-mouse game with the Soviets, tracking malware is a pursuit played most aggressively with the Chinese.
The United States has targeted Unit 61398, the Shanghai-based Chinese Army unit believed to be responsible for many of the biggest cyberattacks on the United States, in an effort to see attacks being prepared. With Australia’s help, one N.S.A. document suggests, the United States has also focused on another specific Chinese Army unit.
Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China — perhaps through front companies — from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.
At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.
“The argument is not working,” said Peter W. Singer of the Brookings Institution, a co-author of a new book called “Cybersecurity and Cyberwar.” “To the Chinese, gaining economic advantage is part of national security. And the Snowden revelations have taken a lot of the pressure off” the Chinese. Still, the United States has banned the sale of computer servers from a major Chinese manufacturer, Huawei, for fear that they could contain technology to penetrate American networks.
An Old Technology
The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.
In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.
One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.
The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.
Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.
Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
The N.S.A. refused to talk about the documents that contained these descriptions, even after they were published in Europe.
“Continuous and selective publication of specific techniques and tools used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies,” Ms. Vines, the N.S.A. spokeswoman, said.
But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.
One feature of the Stuxnet attack was that the technology the United States slipped into Iran’s nuclear enrichment plant at Natanz was able to map how it operated, then “phone home” the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program.
But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
On Sunday, according to the semiofficial Fars news agency, Iran’s Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting — and making no mention of what are suspected of being its own attacks on Saudi Arabia’s largest oil producer.
N.S.A. Devises Radio Pathway Into Computers
JAN. 14, 2014
WASHINGTON -- The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks,
the N.S.A. has increasingly made use of a secret technology that enables
it to enter and alter data in computers even if they are not connected to
the Internet, according to N.S.A. documents, computer experts and American
officials.
The technology, which the agency has used since at least 2008, relies on
a covert channel of radio waves that can be transmitted from tiny circuit
boards and USB cards inserted surreptitiously into the computers. In some
cases, they are sent to a briefcase-size relay station that intelligence
agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems
facing American intelligence agencies for years: getting into computers that
adversaries, and some American partners, have tried to make impervious to
spying or cyberattack. In most cases, the radio frequency hardware must be
physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of "active defense" against foreign
cyberattacks than a tool to go on the offensive. But when Chinese attackers
place similar software on the computer systems of American companies or
government agencies, American officials have protested, often at the presidential
level.
Among the most frequent targets of the N.S.A. and its Pentagon partner, United
States Cyber Command, have been units of the Chinese Army, which the United
States has accused of launching regular digital probes and attacks on American
industrial and military targets, usually to steal secrets or intellectual
property. But the program, code-named Quantum, has also been successful in
inserting software into Russian military networks and systems used by the
Mexican police and drug cartels, trade institutions inside the European Union,
and sometime partners against terrorism like Saudi Arabia, India and Pakistan,
according to officials and an N.S.A. map that indicates sites of what the
agency calls "computer network exploitation."
"What's new here is the scale and the sophistication of the intelligence
agency's ability to get into computers and networks to which no one has ever
had access before," said James Andrew Lewis, the cybersecurity expert at
the Center for Strategic and International Studies in Washington. "Some of
these capabilities have been around for a while, but the combination of learning
how to penetrate systems to insert software and learning how to do that using
radio frequencies has given the U.S. a window it's never had before."
Friday, January 10, 2014
Snowden Document and Page Count Assessment
The count of Snowden files has ranged from an initial low end of 10,000 to
the latest high of 1,700,000, although the high end is likely exaggerated
by officials to maximize alleged damage.
The number of pages in these files has not been estimated but about 1,000 pages have been released, mostly as PDFs and images. How many total pages might be in the files and now long would it take Snowden to read them to assure least harm to the US?
For comparison, Cryptome's archive is about 70,000 files. Converting these files to pages comes to about 1,000,000 pages. These files are PDFs, HTMLs, DOCs, TXTs, DWGs, images, spreadsheets, with a few videos and films excluded from the count. To get the page count all files were converted to PDFs. The page count of documents ranges from 1 to 2,200. This might be a fair range of types and page counts of files in the Snowden batch.
An average file then, of 70,000 files with 1,000,000 pages, comes to 14.28 pages per file. Using this as a guide for the Snowden files, the number of pages could range from 142,800 pages for 10,000 files to 24,276,000 pages for 1.7 million files.
Examining the low end of 142,800 pages would be about like reading 476 books of 300 pages length. Examining the high end of 24,276,000 pages would be like reading 80,920 books of 300 pages each.
Snowden is smart and knows his material thoroughly so time to speed read a 300-page book of NSA material, could be done in, say, 2 hours.
On the low end it would take 952 hours to read 142,800 pages, reading 10 hours a day, would come to 95 days, or about 3 months.
On the high end it would take 161,890 hours to read 24,276,000 pages, reading 10 hours a day, would come to 1,619 days or about 54 months -- 4 1/2 years.
4 1/2 years is longer than Snowden is reported to have worked for Dell and Booz Allen as contractor to NSA.
It is unlikely Snowden would have examined 24 million pages.
More likely Snowden used a program to quickly analyze large data collections and rank intelligence actionability in the NSA manner. Glenn Greenwald told Buzzfeed that the documents had been beautifully organized, “almost to a scary degree.” As if prepared with a purposeful program for analyzing and data sharing with avid customers.
There are information security programs which compartmentalize data for multiple levels of security and access as well as controls for the distribution and timing of release. These are used to manage classified data handling among a variety of personnel and agencies with varying clearances.
It could be that Snowden remains in control of his material's release by way of programmed implants in the material for access and timing although the material is physically distant from him. This too is conventional security practice.
These practices would be characteristic of a seasoned security person who could not be certain of media outlets' long-term behavior, their transmission and storage security, their theft and spying prevention capabilities, their susceptiblity to coercion or persuasion by officials or by inducements to betray him to protect themselves.
Events have shown that these meticulous security measures would have been and remain appropriate.
It also allows Snowden to remain in charge of any negotiations for return of the material, for accurate accounting of the material's scope, retention, distribution and release, and for assuring his safety without relying on the fickle fingers of fate of informants and turncoats which have beckoned the all-too-trusting to long-term imprisonment.
__________
As an aside, another way to surmise what Snowden allegedly had on four laptops is by file size. Cryptome's 70,000 files comes to about 17GB, or an average of 243KB per file. Using that as a guide to Snowden's files, the total size ranges from 2.43GB for 10,000 files to 413GB for 1,700,00 files. On the high end that's about 103GB per laptop. No problem, laptops with 100GB-250GB disks are common.
The number of pages in these files has not been estimated but about 1,000 pages have been released, mostly as PDFs and images. How many total pages might be in the files and now long would it take Snowden to read them to assure least harm to the US?
For comparison, Cryptome's archive is about 70,000 files. Converting these files to pages comes to about 1,000,000 pages. These files are PDFs, HTMLs, DOCs, TXTs, DWGs, images, spreadsheets, with a few videos and films excluded from the count. To get the page count all files were converted to PDFs. The page count of documents ranges from 1 to 2,200. This might be a fair range of types and page counts of files in the Snowden batch.
An average file then, of 70,000 files with 1,000,000 pages, comes to 14.28 pages per file. Using this as a guide for the Snowden files, the number of pages could range from 142,800 pages for 10,000 files to 24,276,000 pages for 1.7 million files.
Examining the low end of 142,800 pages would be about like reading 476 books of 300 pages length. Examining the high end of 24,276,000 pages would be like reading 80,920 books of 300 pages each.
Snowden is smart and knows his material thoroughly so time to speed read a 300-page book of NSA material, could be done in, say, 2 hours.
On the low end it would take 952 hours to read 142,800 pages, reading 10 hours a day, would come to 95 days, or about 3 months.
On the high end it would take 161,890 hours to read 24,276,000 pages, reading 10 hours a day, would come to 1,619 days or about 54 months -- 4 1/2 years.
4 1/2 years is longer than Snowden is reported to have worked for Dell and Booz Allen as contractor to NSA.
It is unlikely Snowden would have examined 24 million pages.
More likely Snowden used a program to quickly analyze large data collections and rank intelligence actionability in the NSA manner. Glenn Greenwald told Buzzfeed that the documents had been beautifully organized, “almost to a scary degree.” As if prepared with a purposeful program for analyzing and data sharing with avid customers.
There are information security programs which compartmentalize data for multiple levels of security and access as well as controls for the distribution and timing of release. These are used to manage classified data handling among a variety of personnel and agencies with varying clearances.
It could be that Snowden remains in control of his material's release by way of programmed implants in the material for access and timing although the material is physically distant from him. This too is conventional security practice.
These practices would be characteristic of a seasoned security person who could not be certain of media outlets' long-term behavior, their transmission and storage security, their theft and spying prevention capabilities, their susceptiblity to coercion or persuasion by officials or by inducements to betray him to protect themselves.
Events have shown that these meticulous security measures would have been and remain appropriate.
It also allows Snowden to remain in charge of any negotiations for return of the material, for accurate accounting of the material's scope, retention, distribution and release, and for assuring his safety without relying on the fickle fingers of fate of informants and turncoats which have beckoned the all-too-trusting to long-term imprisonment.
__________
As an aside, another way to surmise what Snowden allegedly had on four laptops is by file size. Cryptome's 70,000 files comes to about 17GB, or an average of 243KB per file. Using that as a guide to Snowden's files, the total size ranges from 2.43GB for 10,000 files to 413GB for 1,700,00 files. On the high end that's about 103GB per laptop. No problem, laptops with 100GB-250GB disks are common.
Tuesday, January 7, 2014
NSA San Antonio Data Mining Facility
The Panopticon Economy: NSA San Antonio Data Mining Facility 2008:
http://www2.sacurrent.com/news/story.asp?id=69607
Surrounded by barbwire fencing, the anonymous yet massive building on West Military Drive near San Antonio’s Loop 410 freeway looms mysteriously with no identifying signs of any kind. Surveillance is tight, with security cameras surrounding the under-construction building. Readers are advised not to take any photos unless you care to be detained for at least a 45-minute interrogation by the National Security Agency, as this reporter was.
There’s a strangely blurry line during such an interrogation. After viewing the five photos I’d taken of the NSA’s new Texas Cryptology Center, the NSA officer asked if I would delete them. When I asked if he was ordering me to do so, he said no; he was asking as a personal favor. I declined and was eventually released.
America’s top spy agency has taken over the former Sony microchip plant and is transforming it into a new data-mining headquarters — oddly positioned directly across the street from a 24-hour Walmart — where billions of electronic communications will be sifted in the agency’s mission to identify terrorist threats.
“No longer able to store all the intercepted phone calls and e-mail in its secret city, the agency has now built a new data warehouse in San Antonio, Texas,” writes author James Bamford in the Shadow Factory, his third book about the NSA. “Costing, with renovations, upwards of $130 million, the 470,000-square-foot facility will be almost the size of the Alamodome. Considering how much data can now be squeezed onto a small flash drive, the new NSA building may eventually be able to hold all the information in the world.”
Bamford’s book focuses on the NSA’s transformation since 9/11, with the impetus for the new facility being a direct ramification of those attacks. At the time, the NSA had only about 7 percent of its facilities outside the Washington D.C./Baltimore area. But the realization that additional attacks could virtually wipe out the agency catalyzed a regional expansion. [See “Secret Agency Man,” November 5, 2008.]
The new facility is a potential boon to the local economy since it’s reportedly going to employ around 1,500 people, but questions remain about whether there will be adequate oversight to prevent civil-rights violations like Uncle Sam’s recent notorious warrantless wiretapping program. The NSA would suggest the facility’s ability to sort through surveillance data is one of America’s top defenses against terrorist threats, but the NSA’s presence comes with concerns that abuse of its secretive power could see the agency become akin to the “Thought Police” of 1984, George Orwell’s classic novel depicting the nightmare of a total surveillance society — and all for nothing. Even as the facility is completed, a new government-backed report has concluded that data surveillance is an ineffective method for identifying potential terrorists or preventing attacks.
So just what will be going on inside the NSA’s new San Antonio facility? Bamford describes former NSA Director Mike Hayden’s goals for the data-mining center as knowing “exactly what Americans were doing day by day, hour by hour, and second by second. He wanted to know where they shopped, what they bought, what movies they saw, what books they read, the toll booths they went through, the plane tickets they purchased, the hotels they stayed in… In other words, Total Information Awareness, the same Orwellian concept that John Poindexter had tried to develop while working for the Pentagon’s [Defense Advanced Research Projects Agency].” ...
Bamford writes about how NSA and Microsoft had both been eyeing San Antonio for years because it has the cheapest electricity in Texas, and the state has its own power grid, making it less vulnerable to power outages on the national grid. He notes that it seemed the NSA wanted assurance Microsoft would be here, too, before making a final commitment, due to the advantages of “having their miners virtually next door to the mother lode of data centers.” The new NSA facility is just a few miles from Microsoft’s data center of the same size. Bamford says that under current law, NSA could gain access to Microsoft’s stored data without even a warrant, but merely a fiber-optic cable.
“What the Microsoft people will have will be just storage of a lot of the email that is being sent. They keep this email — I don’t know why — and there should be some legislation saying how long it should be kept,” said Bamford in a phone interview last week. “The post office doesn’t keep copies of our letters when we mail letters; why should the telecom companies or the internet providers keep copies of our email? It doesn’t make sense to me. But there’s no legislation. So they need a place to store it, and that’s where they’re storing all this stuff.” (Microsoft did not return a call for comment before press deadline.) ...
NSA’s new facility also gives the agency easy access to UTSA’s Institute for Cyber Security and the school’s Center for Infrastructure Assurance and Security. The ICS was founded in 2007 with a $3.5-million grant from the Texas Emerging Technology Fund to continue efforts to protect American communities against cyber-attacks, with the CIAS — a think tank launched in 2001 — being rolled into the ICS. All of this led U.S. Representative Ciro Rodriguez (D-San Antonio) to declare San Antonio “the center of cybersecurity, in the country and the world.”
ICS Founding Executive Director Ravi Sandhu acknowledges some synergy between the NSA presence in San Antonio and UTSA’s cybersecurity work.
“Cybersecurity in the public domain has largely been about defense, but there’s certainly an attack component to it. To some degree, the U.S. Department of Defense and intelligence agencies are now starting to talk about the attack component in the public domain,” says Sandhu.
Sandhu says UTSA’s cybersecurity students are recruited by many of San Antonio’s local employers and doesn’t doubt that NSA is one of them. “Recruiting is one end … but it’s an attractive thing for NSA employees [too]. They can further their education — they can do degrees part-time, they can do advanced degrees … so there are advantages beyond direct recruitment of NSA students.”
Does automated data mining even work?
While the opening of the NSA’s massive new data center heightens existing civil-rights concerns, a new report from the National Research Council questions whether such data-mining is even effective. Sponsored by the Department of Homeland Security and the National Science Foundation and released in October of this year, the report suggests that pattern-based data-mining is not even a viable way to identify terrorists.
The 352-page study —“Protecting Individual Privacy in the Struggle Against Terrorists” — concludes that identification of terrorists through automated data-mining “is neither feasible as an objective nor desirable as a goal of technology development efforts.” It also says inevitable false positives will result in “ordinary, law-abiding citizens and businesses” being erroneously flagged as suspects.
“Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result,” says the report. The question, then, is how rigorously will human analysts vet such information before alleged leads are pursued, and who has oversight of the process?
“Part of the problem is … jurisdiction over national-security issues is very divided in Congress. You have the Homeland Security committee, the Justice committee, but, of course, you also have some basic issues — government oversight, appropriations,” says Professor Fred Cate, the NRC committee member who wrote most of the report and who serves as director of Indiana University’s Center for Applied Cybersecurity Research. “So I think in some ways one of the issues is the need for a more streamlined oversight system so that somebody takes responsibility for it.”
http://www2.sacurrent.com/news/story.asp?id=69607
Surrounded by barbwire fencing, the anonymous yet massive building on West Military Drive near San Antonio’s Loop 410 freeway looms mysteriously with no identifying signs of any kind. Surveillance is tight, with security cameras surrounding the under-construction building. Readers are advised not to take any photos unless you care to be detained for at least a 45-minute interrogation by the National Security Agency, as this reporter was.
There’s a strangely blurry line during such an interrogation. After viewing the five photos I’d taken of the NSA’s new Texas Cryptology Center, the NSA officer asked if I would delete them. When I asked if he was ordering me to do so, he said no; he was asking as a personal favor. I declined and was eventually released.
America’s top spy agency has taken over the former Sony microchip plant and is transforming it into a new data-mining headquarters — oddly positioned directly across the street from a 24-hour Walmart — where billions of electronic communications will be sifted in the agency’s mission to identify terrorist threats.
“No longer able to store all the intercepted phone calls and e-mail in its secret city, the agency has now built a new data warehouse in San Antonio, Texas,” writes author James Bamford in the Shadow Factory, his third book about the NSA. “Costing, with renovations, upwards of $130 million, the 470,000-square-foot facility will be almost the size of the Alamodome. Considering how much data can now be squeezed onto a small flash drive, the new NSA building may eventually be able to hold all the information in the world.”
Bamford’s book focuses on the NSA’s transformation since 9/11, with the impetus for the new facility being a direct ramification of those attacks. At the time, the NSA had only about 7 percent of its facilities outside the Washington D.C./Baltimore area. But the realization that additional attacks could virtually wipe out the agency catalyzed a regional expansion. [See “Secret Agency Man,” November 5, 2008.]
The new facility is a potential boon to the local economy since it’s reportedly going to employ around 1,500 people, but questions remain about whether there will be adequate oversight to prevent civil-rights violations like Uncle Sam’s recent notorious warrantless wiretapping program. The NSA would suggest the facility’s ability to sort through surveillance data is one of America’s top defenses against terrorist threats, but the NSA’s presence comes with concerns that abuse of its secretive power could see the agency become akin to the “Thought Police” of 1984, George Orwell’s classic novel depicting the nightmare of a total surveillance society — and all for nothing. Even as the facility is completed, a new government-backed report has concluded that data surveillance is an ineffective method for identifying potential terrorists or preventing attacks.
So just what will be going on inside the NSA’s new San Antonio facility? Bamford describes former NSA Director Mike Hayden’s goals for the data-mining center as knowing “exactly what Americans were doing day by day, hour by hour, and second by second. He wanted to know where they shopped, what they bought, what movies they saw, what books they read, the toll booths they went through, the plane tickets they purchased, the hotels they stayed in… In other words, Total Information Awareness, the same Orwellian concept that John Poindexter had tried to develop while working for the Pentagon’s [Defense Advanced Research Projects Agency].” ...
Bamford writes about how NSA and Microsoft had both been eyeing San Antonio for years because it has the cheapest electricity in Texas, and the state has its own power grid, making it less vulnerable to power outages on the national grid. He notes that it seemed the NSA wanted assurance Microsoft would be here, too, before making a final commitment, due to the advantages of “having their miners virtually next door to the mother lode of data centers.” The new NSA facility is just a few miles from Microsoft’s data center of the same size. Bamford says that under current law, NSA could gain access to Microsoft’s stored data without even a warrant, but merely a fiber-optic cable.
“What the Microsoft people will have will be just storage of a lot of the email that is being sent. They keep this email — I don’t know why — and there should be some legislation saying how long it should be kept,” said Bamford in a phone interview last week. “The post office doesn’t keep copies of our letters when we mail letters; why should the telecom companies or the internet providers keep copies of our email? It doesn’t make sense to me. But there’s no legislation. So they need a place to store it, and that’s where they’re storing all this stuff.” (Microsoft did not return a call for comment before press deadline.) ...
NSA’s new facility also gives the agency easy access to UTSA’s Institute for Cyber Security and the school’s Center for Infrastructure Assurance and Security. The ICS was founded in 2007 with a $3.5-million grant from the Texas Emerging Technology Fund to continue efforts to protect American communities against cyber-attacks, with the CIAS — a think tank launched in 2001 — being rolled into the ICS. All of this led U.S. Representative Ciro Rodriguez (D-San Antonio) to declare San Antonio “the center of cybersecurity, in the country and the world.”
ICS Founding Executive Director Ravi Sandhu acknowledges some synergy between the NSA presence in San Antonio and UTSA’s cybersecurity work.
“Cybersecurity in the public domain has largely been about defense, but there’s certainly an attack component to it. To some degree, the U.S. Department of Defense and intelligence agencies are now starting to talk about the attack component in the public domain,” says Sandhu.
Sandhu says UTSA’s cybersecurity students are recruited by many of San Antonio’s local employers and doesn’t doubt that NSA is one of them. “Recruiting is one end … but it’s an attractive thing for NSA employees [too]. They can further their education — they can do degrees part-time, they can do advanced degrees … so there are advantages beyond direct recruitment of NSA students.”
Does automated data mining even work?
While the opening of the NSA’s massive new data center heightens existing civil-rights concerns, a new report from the National Research Council questions whether such data-mining is even effective. Sponsored by the Department of Homeland Security and the National Science Foundation and released in October of this year, the report suggests that pattern-based data-mining is not even a viable way to identify terrorists.
The 352-page study —“Protecting Individual Privacy in the Struggle Against Terrorists” — concludes that identification of terrorists through automated data-mining “is neither feasible as an objective nor desirable as a goal of technology development efforts.” It also says inevitable false positives will result in “ordinary, law-abiding citizens and businesses” being erroneously flagged as suspects.
“Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result,” says the report. The question, then, is how rigorously will human analysts vet such information before alleged leads are pursued, and who has oversight of the process?
“Part of the problem is … jurisdiction over national-security issues is very divided in Congress. You have the Homeland Security committee, the Justice committee, but, of course, you also have some basic issues — government oversight, appropriations,” says Professor Fred Cate, the NRC committee member who wrote most of the report and who serves as director of Indiana University’s Center for Applied Cybersecurity Research. “So I think in some ways one of the issues is the need for a more streamlined oversight system so that somebody takes responsibility for it.”
Subscribe to:
Posts (Atom)