Snowden leaks had already indicated that the NSA had been busy hacking into Yahoo servers
(and Google, Microsoft), obtaining data via the back door in addition to PRISM data they were collecting up front. Now another Guardian release of Snowden documents
indicates that UK intelligence agency GCHQ, with help from the NSA, intercepted and stored webcam content from millions of Yahoo users, regardless of whether or not they had been suspected of any wrong doing:
GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not. In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.
Yahoo, one of the few companies to try and stand up to PRISM data collection in court, unsurprisingly wasn't pleased with the revelations, calling project optic nerve "a whole new level of violation of our users' privacy."
A malicious worm has been detected on roughly 1,000 different Linksys branded routers, according to a statement from SANS ISC
. According to the report, "TheMoon" worm takes advantage of a CGI script within the administration interface of multiple Linksys’ E-Series router models. An exploit writer has published a proof of concept exploit
, also noting that some older Wireless-N access points and routers may also be impacted. "The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled," Linksys says. "Linksys ships these products with the Remote Management Access feature turned off by default."
In April of last year, wireless carriers and the government announced
that they'd be collaborating on building a new nationwide database to track stolen phones (specifically the IMEI number, not just the SIM card ID). The goal is to reduce the time that stolen phones remain useful, thereby drying up the market for stolen phones and reducing the ability of criminals to use the devices to dodge surveillance.
NBC has received a lot of attention this week for a story
that proclaims that visitors to the Sochi games will immediately find that every device they own -- from laptop to phone -- will be hacked immediately upon stepping outside at the games. NBC reporter Richard Engel worked with a "security expert" and claimed that, while sitting at a cafe in Russia, hackers had compromised his devices "before we even finished our coffee" -- "giving hackers the option to tap or even record my phone calls."
Except according to a blog post by Errata Security
, the story is "100% fabricated." Notes Errata's Robert Graham:
•They aren't in Sochi, but in Moscow, 1007 miles away.
For a long time Verizon was dead silent regarding their cooperation with the NSA, with the only public comment at one point being to mock Yahoo and Google
for demanding greater government transparency. Recently Verizon has been more chatty; issuing their first ever transparency report
, and even blogging about intelligence issues.
The government has reached a settlement with several of the nation's biggest Internet companies (Google, Facebook, Yahoo, Microsoft and Apple) which had (to various degrees) to be able to reveal more information on how many data requests they receive from government. While the government has allowed increased disclosure on national security letters (NSLs, or gag letters), companies have been restricted to only stating a range of numbers of such letters they've received (see Verizon's recent transparency report
that the China Internet Network Information Center (CNNIC), a state-run department, blamed a "malfunction in root servers" for a massive, 8 hour Internet failure that occurred on Tuesday across the giant country. Security analysts quoted by the official Xinhua news agency said this could have been the result of a cyber attack by hackers -- though this has yet to be proven.
The New York Times
notes that whatever happened, much of China's Internet traffic was instead amusingly routed to a small, 1,700-square-foot house in Cheyenne, Wyoming:
The China Internet Network Information Center, a state-run agency that deals with Internet affairs, said it had traced the problem to the country’s domain name system...Those servers, which act as a switchboard for Internet traffic behind China’s Great Firewall, routed traffic from some of China’s most popular sites, including Baidu and Sina, to a block of Internet addresses registered to Sophidea Incorporated, a mysterious company housed on a residential street in Cheyenne, Wyo.
While speculation was originally focused on hackers or cyberattacks, the Times notes that speculation has since shifted to a problem caused by China's massive Internet censorship systems.
Karsten Nohl, chief scientist with Berlin's Security Research Labs, tells Reuters
that cell carriers worldwide aided the NSA's data collection capabilities by failing to implement relatively basic and long-available security updates, SIM and encryption improvements, and hardware and software patches. "I couldn't imagine it is complicity. I think it is negligence," he said. "I don't want to believe in a worldwide conspiracy across all worldwide network operators. I think it is individual laziness and priority on network speed and network coverage and not security." Nohl helps maintain GSMMap.org
, which evaluates the security of mobile operators around the globe.
While the shift to faster and more reliable wireless network technology has paid very obvious dividends, new analysis by Heavy Reading suggests that wireless carriers lose $15 billion to network outages annually. According to the study
, carriers say physical link failures and network congestion are primary causes of these outages, though few report network attacks as prominent causes; though that may be because many wireless carriers aren't aware of them. "Part of the reason for that is many operators actually have little or no visibility of the malicious traffic in the network," says researcher Patrick Donegan. "When they do have incidents, often they are not actually aware if it may have been a malicious attack that caused it."
Reddit users point out
that security researcher Eloi Vanderbeken has posted documentation to GitHub
indicating they've found an exploit in a number of older DSL modem gateways made by both Netgear and Linksys. Vanderbeken posted uh, creative Powerpoint presentations and sample code
highlighting how the exploits allow an intruder to reset a machine's configuration and gain access to the devices' administrative control panel. So far, he's confirmed the backdoor is present in the Linksys WAG200G, Netgear DM111Pv2, Linksys WAG320N, Linksys WAG54G2, DGN1000 Netgear N150, Netgear DG834G, and Diamond DSL642WLG. The (sort of) good news? It requires the attacker be on your local network.
Jacob Appelbaum made waves yesterday with a piece over at Der Spiegel
highlighting the catalog of 50 different options (some rather amazing) that the NSA has at their disposal when snooping on individuals or organizations.
Speaking at the Chaos Communications Congress in Hamburg, Appelbaum shared a few more nifty details provided by Edward Snowden, including the NSA's use of pre-packaged exploits that allowed control over iOS devices and any phone communicating through GSM.
Der Spiegel has since added this interactive graphic
that is worth taking a look at.
Applebaum also highlighted how the NSA's own slides claim the agency has the ability to use Wi-Fi to seed exploits via packet injection from up to eight miles away
, purportedly using this tool
"under ideal environmental conditions."
Granted the documents revealing this are from 2007, so things have likely evolved since then.
A new report by Der Spiegel
, based on yet another round of leaked NSA documents, indicates how the NSA uses a wide variety of backdoors to access computers, hard drives, routers, and other devices from companies such as Cisco, Dell, Western Digital, Seagate, Maxtor, Samsung, and Huawei. An accompanying Spiegel report highlights how the NSA uses a fifty page catalog of tools
used by an NSA division named ANT (Advanced or Access Network Technology) uses to gain access to devices and network gear. All of the companies cited in the report (see this Cisco blog post
, for example) deny knowledge of any backdoors in their hardware.
dropped a bit of a bombshell on Friday with a report claiming that security firm RSA was paid $10 million by the NSA to incorporate a deliberately flawed encryption algorithm into products, then promote those products knowing they weren't truly secure. RSA, now a subsidiary of computer storage giant EMC Corp, only started warning their customers about the weakened encryption after the Snowden revelations.
"RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," the company claimed in a statement. "Decisions about the features and functionality of RSA products are our own."Update
: RSA has posted another non-denial denial of sorts, here
Verizon and AT&T's silence during the recent NSA Snowden revelations was quite telling, neither telco obviously wanting to risk legal liability (or government contracts) for what numerous whistleblowers have now shown is incredibly deep
and often illegal
(at least until they lobbied to have the laws changed) cooperation with government. In fact, the only time Verizon spoke on the matter at all was to mock Google and Yahoo
for "grandstanding" as the companies fought for the right to disclose FISA court government data requests.
The NSA has used the Internet data collected from their myriad of sources to track porn consumption among individuals in order to discredit "radicalizers," according to the latest leaked documents by whistleblower Edward Snowden. According to the Huffington Post
, an NSA program was designed to specifically target the "personal vulnerabilities" of specific targets, including the “viewing of sexually explicit material online" and "using sexually explicit persuasive language when communicating with inexperienced young girls."
The government notes that such activities are standard intelligence procedure to shame or even turn potential targets:
Stewart Baker, a one-time general counsel for the NSA and a top Homeland Security official in the Bush administration, said that the idea of using potentially embarrassing information to undermine targets is a sound one. "If people are engaged in trying to recruit folks to kill Americans and we can discredit them, we ought to," said Baker. "On the whole, it's fairer and maybe more humane" than bombing a target, he said, describing the tactic as "dropping the truth on them."
Others, however, note that many of the targets were simply activists not involved in terrorist plots, and groups like the ACLU worry that the broad collection of American citizen browsing habits allows for the potential for the broader abuse of such tactics against peaceful activists.
Security research firm Renesys has authored an interesting blog post
noting how they're seeing a significant uptick in the number of large-scale man in the middle attacks. What's more, insists the firm, these attacks are increasingly gobbling up a larger and larger share of overall Internet traffic without most people bothering to notice.
On the heels of companies like Google
rushing to encrypt server to server links after the ever-blooming NSA scandal, Techdirt
directs our attention to a new report card over at the EFF
that grades the Internet's largest companies on their use of encryption.
Just four companies: Dropbox, Google, SpiderOak and Sonic.net get a perfect score on all criteria measured, including encrypting server to server links, https support, https strict support, forward secrecy support, and STARTTLS support.
You'll of course note the dismal ranking of AT&T, Verizon and Comcast who handle traffic for all of these companies -- and then some.
A UK blogger calling himself DoctorBeat
claims to have discovered that certain connected LG Smart TVs are quietly tracking users viewing habits, then transmitting that data back unsecurely to LG via broadband. A setting on the TV supposedly allowing the user to turn this function off does nothing. "This information appears to be sent back unencrypted and in the clear to LG every time you change channel, even if you have gone to the trouble of changing the setting above to switch collection of viewing information off." It's worth adding that a researcher recently found that the security on connected TVs
tends to be virtually nonexistent.
·more stories, story search, most popular ..
Recent news contributors
, Karl Bode