CdM, Extremist - courtesy of the NSA? Or maybe not?

Started by Syt, July 04, 2014, 02:28:42 AM

Previous topic - Next topic

Syt

Seedy, you asked about TOR a while back here: http://languish.org/forums/index.php/topic,8491.0.html


http://www.theregister.co.uk/2014/07/03/nsa_xkeyscore_stasi_scandal/

QuoteUse Tor or 'EXTREMIST' Tails Linux? Congrats, you're on an NSA list

Alleged leaked documents about the NSA's XKeyscore snooping software appear to show the paranoid agency is targeting Tor and Tails users, Linux Journal readers – and anyone else interested in online privacy.

Apparently, this configuration file for XKeyscore is in the divulged data, which was obtained and studied by members of the Tor project and security specialists for German broadcasters NDR and WDR.

In their analysis of the alleged top-secret documents, they claim the NSA is, among other things:

    Specifically targeting Tor directory servers
    Reading email contents for mentions of Tor bridges
    Logging IP addresses of people who search for privacy-focused websites and software
    And possibly breaking international law in doing so.

We already know from leaked Snowden documents that Western intelligence agents hate Tor for its anonymizing abilities. But what the aforementioned leaked source code, written in a rather strange custom language, shows is that not only is the NSA targeting the anonymizing network Tor specifically, it is also taking digital fingerprints of any netizens who are remotely interested in privacy.

These include readers of the Linux Journal site, anyone visiting the website for the Tor-powered Linux operating system Tails – described by the NSA as "a comsec mechanism advocated by extremists on extremist forums" – and anyone looking into combining Tails with the encryption tool Truecrypt.

If something as innocuous as Linux Journal is on the NSA's hit list, it's a distinct possibility that El Reg is too, particularly in light of our recent exclusive report on GCHQ – which led to a Ministry of Defence advisor coming round our London office for a chat.

If you take even the slightest interest in online privacy or have Googled a Linux Journal article about a broken package, you are earmarked in an NSA database for further surveillance, according to these latest leaks.

This is assuming the leaked file is genuine, of course.

Other monitored sites, we're told, include HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion. The IP address of computer users even looking at these sites is recorded and stored on the NSA's servers for further analysis, and it's up to the agency how long it keeps that data.

The XKeyscore code, we're told, includes microplugins that target Tor servers in Germany, at MIT in the United States, in Sweden, in Austria, and in the Netherlands. In doing so it may not only fall foul of German law but also the US's Fourth Amendment.

"The fact that a German citizen is specifically traced by the NSA, in my opinion, justifies the reasonable suspicion of the NSA carrying out secret service activities in Germany," said German IT attorney Thomas Stadler. "For this reason, the German Federal Public Prosecutor should look into this matter and initiate preliminary proceedings."

The nine Tor directory servers receive especially close monitoring from the NSA's spying software, which states the "goal is to find potential Tor clients connecting to the Tor directory servers." Tor clients linking into the directory servers are also logged.

"This shows that Tor is working well enough that Tor has become a target for the intelligence services," said Sebastian Hahn, who runs one of the key Tor servers. "For me this means that I will definitely go ahead with the project."

When questioned about the code analysis the NSA issued the following statement. Make of it what you will:

Quote

    In carrying out its mission, NSA collects only what it is authorized by law to collect for valid foreign intelligence purposes - regardless of the technical means used by foreign intelligence targets. The communications of people who are not foreign intelligence targets are of no use to the agency.

    In January, President Obama issued U.S. Presidential Policy Directive 28, which affirms that all persons - regardless of nationality - have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities.

    The president's directive also makes clear that the United States does not collect signals intelligence for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion.

    XKeyscore is an analytic tool that is used as a part of NSA's lawful foreign signals intelligence collection system. Such tools have stringent oversight and compliance mechanisms built in at several levels. The use of XKeyscore allows the agency to help defend the nation and protect U.S. and allied troops abroad. All of NSA's operations are conducted in strict accordance with the rule of law, including the President's new directive.

While the German reporting team has published part of the XKeyscore scripting code, it doesn't say where it comes from. NSA whistleblower Edward Snowden would be a logical pick, but security experts are not so sure.

"I do not believe that this came from the Snowden documents," said security guru Bruce Schneier. "I also don't believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there."

If so, the NSA is in for much more scrutiny than it ever expected. ®
Bootnote

Robert Graham of Errata Security has dissected the configuration code leaked today, concluding: "The source definitely seems like something the NSA would use to monitor network traffic, but at the same time, seems fairly limited in scope."

He does attempt to tackle various peculiarities in the file's language, from the clumsy comments about extremists to the way it suggests Uncle Sam performs deep packet inspection. While some believe the config document is fake, Graham suggests it could be part of prototype technology – although the file refers to version 5 of the scripting language, hinting that it could be operational by now.

Anyone have any idea if this "reveal" is genuine or not?
I am, somehow, less interested in the weight and convolutions of Einstein's brain than in the near certainty that people of equal talent have lived and died in cotton fields and sweatshops.
—Stephen Jay Gould

Proud owner of 42 Zoupa Points.

Norgy

Slashdot reports it too.
I use Tor sometimes.  :ph34r:

CountDeMoney

We were concerned about TOR from a Corporate Security perspective for external and internal threats.

That's what makes the whole "NSA-is-spying-on-you" thing so utterly and hilariously hypocritical;  people freak out over the concept that the NSA stockpiles your personal data in the remote chance that they may need it in a court of law, but they have absolutely no idea how much more more interested the private sector is in you, your data, what you're doing online and how much more active they are in trying to get it done.

The Minsky Moment

XKeyscore itself as it has been described is basically just a front-end user interface/search tool for accessing data collected by other means.

This article as many of its kind is rather sparse in explaining exactly what data is being collected.
The only thing concrete is the claim that they are recording and storing (but not reviewing) IP addresses that access certain enumerated sites.
The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.
--Joan Robinson

Baron von Schtinkenbutt

Quote from: CountDeMoney on July 04, 2014, 08:12:00 AM
That's what makes the whole "NSA-is-spying-on-you" thing so utterly and hilariously hypocritical;  people freak out over the concept that the NSA stockpiles your personal data in the remote chance that they may need it in a court of law, but they have absolutely no idea how much more more interested the private sector is in you, your data, what you're doing online and how much more active they are in trying to get it done.

People freak out about the concept that the NSA stockpiles your personal information so they can use it for illegal or extralegal purposes, such as blackmail, intimidation, and suppression of dissent.  Intelligence agencies already do this with foreign intelligence targets, which is one reason most SCI clearances require a polygraph[1].  Many of these same people are also freaking out about Facebook, Google, and all other corporate efforts to gather personal data on people.  I know many people actively agitating about the NSA that have also been taking steps to actively reduce the amount of information they put out to corporate entities.

[1] The polygraph is mostly about what you will willingly share, and what you won't.  Among other things, it determines where you are vulnerable to pressure.  The agency wants to know your weaknesses in case a FIS tries to exploit you.