NSA Routinely Monitors Americans’ Communications Without Warrants

On Sunday’s Face the Nation, Sen. Rand Paul was asked about President Trump’s accusation that President Obama ordered the NSA to wiretap his calls. The Kentucky senator expressed skepticism about the mechanics of Trump’s specific charge, saying: “I doubt that Trump was a target directly of any kind of eavesdropping.” But he then made a broader and more crucial point about how the U.S. government spies on Americans’ communications — a point that is deliberately obscured and concealed by U.S. government defenders.

Paul explained how the NSA routinely and deliberately spies on Americans’ communications — listens to their calls and reads their emails — without a judicial warrant of any kind:

The way it works is, the FISA court, through Section 702, wiretaps foreigners and then [NSA] listens to Americans. It is a backdoor search of Americans. And because they have so much data, they can tap — type Donald Trump into their vast resources of people they are tapping overseas, and they get all of his phone calls.

And so they did this to President Obama. They — 1,227 times eavesdrops on President Obama’s phone calls. Then they mask him. But here is the problem. And General Hayden said this the other day. He said even low-level employees can unmask the caller. That is probably what happened to Flynn.

They are not targeting Americans. They are targeting foreigners. But they are doing it purposefully to get to Americans.

Paul’s explanation is absolutely correct. That the NSA is empowered to spy on Americans’ communications without a warrant — in direct contravention of the core Fourth Amendment guarantee that “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause” — is the dirty little secret of the U.S. Surveillance State.

As I documented at the height of the controversy over the Snowden reporting, top government officials — including President Obama — constantly deceived (and still deceive) the public by falsely telling them that their communications cannot be monitored without a warrant. Responding to the furor created over the first set of Snowden reports about domestic spying, Obama sought to reassure Americans by telling Charlie Rose: “What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls … by law and by rule, and unless they … go to a court, and obtain a warrant, and seek probable cause.”

The right-wing chairman of the House Intelligence Committee at the time, GOP Rep. Mike Rogers, echoed Obama, telling CNN the NSA “is not listening to Americans’ phone calls. If it did, it is illegal. It is breaking the law.”

Those statements are categorically false. A key purpose of the new 2008 FISA law — which then-Senator Obama voted for during the 2008 general election after breaking his primary-race promise to filibuster it — was to legalize the once-controversial Bush/Cheney warrantless eavesdropping program, which the New York Times won a Pulitzer Prize for exposing in 2005. The crux of the Bush/Cheney controversy was that they ordered NSA to listen to Americans’ international telephone calls without warrants — which was illegal at the time — and the 2008 law purported to make that type of domestic warrantless spying legal.

Because warrantless spying on Americans is so anathema to how citizens are taught to think about their government — that’s what Obama was invoking when he falsely told Rose that it’s “the same way when we were growing up and we were watching movies, you want to go set up a wiretap, you got to go to a judge, show probable cause” — the U.S. government has long been desperate to hide from Americans the truth about NSA’s warrantless powers. U.S. officials and their media spokespeople reflexively mislead the U.S. public on this critical point.

It’s no surprise, then, that as soon as Rand Paul was done uttering the unpleasant, usually hidden truth about NSA’s domestic warrantless eavesdropping, the cavalcade of ex-intelligence-community officials who are now heavily embedded in American punditry rushed forward to attack him. One former NSA lawyer, who now writes for the IC’s most loyal online platform, Lawfare, expressed grave offense at what she claimed was Sen. Paul’s “false and irresponsible claim.”

The only thing here that’s “false and irresponsible” is Hennessey’s attempt to deceive the public about the domestic spying powers of her former employer. And many other people beyond Rand Paul have long made clear just how misleading Hennessey’s claim is.

Ted Lieu, the liberal congressman from California, has made it one of his priorities to stop the very power Hennessey and her IC colleagues pretend does not exist: warrantless spying on Americans. The 2008 FISA law that authorized it is set to expire this year, and this is what Lieu tweeted last week about his efforts to repeal that portion of it:

And in response to the IC attacks on Paul on Sunday, Lieu explained:

As Lieu says, the 2008 FISA law explicitly allows NSA — without a warrant — to listen to Americans’ calls or read their emails with foreign nationals as long as their “intent” is to target the foreigner, not the American. Hennessey’s defense is true only in the narrowest and emptiest theoretical sense: that the statute bars the practice of “reverse targeting,” where the real intent of targeting a foreign national is to monitor what Americans are saying. But the law was designed, and is now routinely used, for exactly that outcome.

How do we know that a key purpose of the 2008 law is to allow the NSA to purposely monitor Americans’ communications without a warrant? Because NSA and other national security officials said so explicitly. This is how Jameel Jaffer, then of the ACLU, put it in 2013:

On its face, the 2008 law gives the government authority to engage in surveillance directed at people outside the United States. In the course of conducting that surveillance, though, the government inevitably sweeps up the communications of many Americans. The government often says that this surveillance of Americans’ communications is “incidental,” which makes it sound like the NSA’s surveillance of Americans’ phone calls and emails is inadvertent and, even from the government’s perspective, regrettable.

But when Bush administration officials asked Congress for this new surveillance power, they said quite explicitly that Americans’ communications were the communications of most interest to them. See, for example, FISA for the 21st Century, Hearing Before the S. Comm. on the Judiciary, 109th Cong. (2006) (statement of Michael Hayden) (stating, in debate preceding passage of FAA’s predecessor statute, that certain communications “with one end in the United States” are the ones “that are most important to us”).

The principal purpose of the 2008 law was to make it possible for the government to collect Americans’ international communications — and to collect those communications without reference to whether any party to those communications was doing anything illegal. And a lot of the government’s advocacy is meant to obscure this fact, but it’s a crucial one: The government doesn’t need to “target” Americans in order to collect huge volumes of their communications.

During debate over that 2008 law, the White House repeatedly issued veto threats over proposed amendments from then-Sen. Russ Feingold and others to weaken NSA’s ability to use the law to monitor Americans’ communications without warrants — because enabling such warrantless eavesdropping powers was, as they themselves said, a prime objective of the new law.

When the ACLU’s Jaffer appeared in 2014 before the Privacy and Civil Liberties Oversight Board to argue that the 2008 FISA law was unconstitutional in terms of how it was written and how NSA exploits it, he made clear exactly how NSA conducts “backdoor” warrantless searches of Americans’ communications despite the bar on “reverse targeting”:

Those who actually work to protect Americans’ privacy rights and other civil liberties have been warning for years that NSA is able to purposely monitor Americans’ communications without warrants. Human Rights Watch has warned that “in reality the law allows the agency to capture potentially vast numbers of Americans’ communications with people overseas” and thus “currently underpins some of the most sweeping warrantless NSA surveillance programs that affect Americans and people across the globe.” And Marcy Wheeler, in response to Hennessey’s misleading claim on Sunday, correctly said: “I can point to court docs and congressional claims that entire point of 702 [of the 2008 FISA law] is to ID convos involving Americans.”

Elizabeth Goitein, the co-director of the Liberty and National Security Program at the Brennan Center for Justice, warned in the Boston Review that the ban on “reverse targeting” was a farce. In fact, “the program tolerates — and even contemplates — a massive amount of collection of Americans’ telephone calls, emails, and other electronic communications.” Thus, she explains, “it is likely that Americans’ communications comprise a significant portion of the 250 million internet transactions (and undisclosed number of telephone conversations) intercepted each year without a warrant or showing of probable cause.”

Even more alarming is the power NSA now has to search the immense amount of Americans’ communications data it routinely collects without a warrant. As Goitein explained: “The government may intentionally search for this information even though it would have been illegal, under section 702’s ‘reverse targeting’ prohibition, for the government to have such intent at the time of collection.”

In the wake of the controversy triggered by Trump’s accusations about Obama’s “tapping” his phones, Goitein wrote a new article explaining that there are numerous ways the government could have spied on the communications of Trump (or any American) without a warrant. She emphasized that “there have long been concerns, on both the right and left, that the legal constraints on foreign intelligence surveillance contain too many loopholes that can be exploited to access information about Americans without judicial oversight or evidence of wrongdoing.”

This is what Rand Paul meant when he said on Sunday that “because [NSA analysts] have so much data, they can tap — type Donald Trump into their vast resources of people they are tapping overseas, and they get all of his phone calls.” And while — as I’ve argued previously — any leaks that reveal lying by officials are criminal yet justified even if they come from the CIA or NSA, Paul is also correct that these domestic warrantless eavesdropping powers vest the Deep State — or, if you naïvely prefer, our noble civil servants — with menacing powers against even the highest elected officials.

The warrantless gathering and searching of vast amounts of communications data essentially becomes a dossier that can be used even against domestic opponents. This is what Snowden meant in his much-maligned but absolutely true statement in his first interview with us back in 2013 that “I, sitting at my desk, could wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.” As Paul put it on Face the Nation: “It is very dangerous, because they are revealing that now to the public.” That’s a serious concern no matter how happy one might be to see Donald Trump damaged or how much one now adores the intelligence agencies.

Congress has now begun debating whether to allow these provisions of the 2008 law to expire at the end of the year, whether to meaningfully reform them, or whether to let them be renewed again. The post-9/11 history has been that once even “temporary” measures (such as the Patriot Act) are enacted, they become permanent fixtures of our political landscape.

Perhaps the growing recognition that nobody is immune from such abusive powers will finally reverse that tide. Those eager to preserve these domestic surveillance powers in their maximalist state rely on the same tactic that has worked so well for them for 15 years now: rank disinformation.

If nothing else, this debate ought to finally obliterate that pleasing though utterly false myth that the U.S. government does not and cannot spy on Americans’ communications without warrants. It does so constantly, easily, deliberately, and by design.

— source theintercept.com by Glenn Greenwald

The FBI Is Building a National Watchlist That Gives Companies Real-Time Updates on Employees

The FBI’s Rap Back program is quietly transforming the way employers conduct background checks. While routine background checks provide employers with a one-time “snapshot” of their employee’s past criminal history, employers enrolled in federal and state Rap Back programs receive ongoing, real-time notifications and updates about their employees’ run-ins with law enforcement, including arrests at protests and charges that do not end up in convictions. (“Rap” is an acronym for Record of Arrest and Prosecution; “Back” is short for background.) Testifying before Congress about the program in 2015, FBI Director James Comey explained some limits of regular background checks: “People are clean when they first go in, then they get in trouble five years down the road [and] never tell the daycare about this.”

A majority of states already have their own databases that they use for background checks and have accessed in-state Rap Back programs since at least 2007; states and agencies now partnering with the federal government will be entering their data into the FBI’s Next Generation Identification database. The NGI database, widely considered to be the world’s largest biometric database, allows federal and state agencies to search more than 70 million civil fingerprints submitted for background checks alongside over 50 million prints submitted for criminal purposes. In July 2015, Utah became the first state to join the federal Rap Back program. Last April, aviation workers at Dallas-Ft. Worth Airport and Boston Logan International Airport began participating in a federal Rap Back pilot program for aviation employees. Two weeks ago, Texas submitted its first request to the federal criminal Rap Back system.

Rap Back has been advertised by the FBI as an effort to target individuals in “positions of trust,” such as those who work with children, the elderly, and the disabled. According to a Rap Back spokesperson, however, there are no formal limits as to “which populations of individuals can be enrolled in the Rap Back Service.” Civil liberties advocates fear that under Trump’s administration the program will grow with serious consequences for employee privacy, accuracy of records, and fair employment practices.

Indefinite Retention

In typical federal background checks, the FBI expunges or returns the fingerprints it collects. But for the Rap Back system, the FBI retains the prints it collects on behalf of companies and agencies so that it can notify employers about their employee’s future encounters with law enforcement. The FBI has the license to retain all submitted fingerprints indefinitely — even after notice of death. Employers are even offered the option to purchase lifetime subscriptions to the program for the cost of $13 per person. The decision to participate in Rap Back is at employers’ discretion. Employees have no choice in the matter.

“This type of infrastructure always tends to undergo mission creep,” explained Jay Stanley of the American Civil Liberties Union, referring to how agencies often find secondary uses for data beyond its original function.

There are no laws preventing the FBI from using the data it collects for other purposes, said Jeramie Scott, an attorney with the Electronic Privacy Information Center. A massive trove of digital fingerprints collected by the FBI, he noted, could be used to open up devices like smart phones without the owner’s consent. In addition, Scott pointed out that the FBI often collects a photo of Rap Back participants’ faces. “Although the FBI has stated that they do not use these photos in facial recognition searches,” he said, “there is no legal barrier from the bureau changing this policy.” The agency is no stranger to mission creep. As documents obtained by EPIC show, the FBI’s use of facial recognition searches is increasing and the NGI database continues to expand.

In January, EPIC obtained two years of monthly statistics for the NGI system under the Freedom of Information Act. The summary sheets show that the database’s expansion has been fueled by submissions of non-criminal identifiers, such as the prints submitted for background checks. Fact sheets from January 2015 through August 2016 show the database growing at a much higher rate from its collection of data from civil settings than from criminal justice purposes. During that period, civil submission rates constituted nearly 70 percent of new submissions. “Through the Rap Back program the FBI is collecting biographical and biometric data on potentially millions of civilians for purposes not associated with criminal justice,” Scott said.

At least two dozen separate state laws already include provisions for various kinds of individuals to be entered into the Rap Back Service. Slideshows obtained by EPIC through a FOIA request reveal that the FBI planned as early as 2013 for the Rap Back program to be introduced into various employment-related legislation across states. In a slide identifying “legislating hurdles,” the FBI listed the need to identify state legislators to “champion” the program and to “attach needed language to other legislation already on calendar.” The program’s greatest victory in this respect is a little-known provision of the Affordable Care Act, which awards grants for states to develop the means to implement Rap Back for long-term home health care providers as well as other “direct patient access” employees. According to an explainer provided by the Centers for Medicare & Medicaid Services, it is possible that Congress may require states to enroll in Rap Back in order to receive federal funding for health care programs.

In June, Hawaii became the first state to put gun owners into its Rap Back system, which will notify law enforcement whenever a gun owner is arrested for a crime in any state. Jay Stanley, of the ACLU, said that such a real-time database for monitoring might seem like a good idea in theory — until the same logic is applied to all kinds of other groups in practice. In Utah, for instance, anytime an immigrant with a driver’s license generates any sort of criminal record, the state’s Rap Back program will notify Immigration and Customs Enforcement, possibly triggering deportation proceedings.

What the program counts as “triggering events” differs depending on how subscribers configure their systems. In Missouri, where public school teachers are entered into the program, a police captain told a local paper that scanning fingerprints triggers the release of closed records, including charges that are not prosecuted and judicial decisions that result in dismissals or not guilty findings.

Such a broad mandate could “provide employers with an unprecedented window into employees’ lives,” according to Jennifer Lynch, a lawyer at the Electronic Frontier Foundation. In domestic violence cases reported to the police, for instance, both the abuser and victim can be arrested. “Depending on workplace discrimination laws,” Lynch said, “this could allow employers to use a minor criminal infraction as a reason to demote or fire an employee.”

Lynch said it’s possible that employees could be fired for an arrest where they were exercising their First Amendment rights: filming public officials, attending protests, blocking streets. “It’s unclear if an employer that takes action based on the arrest would know the arrest is tied to First Amendment protected activity.”
Faulty Records

Outdated and incorrect criminal history information already leads to workers losing their jobs. Labor and privacy advocates fear that the national Rap Back program, which draws on a massive NGI database and depends on data sharing between several agencies, will only make these errors worse.

FBI and state databases are not known for their accuracy. As the National Employment Law Project reported in 2013, as many as 50 percent of the FBI’s arrest records fail to include information on the final disposition of a case — that is, whether a person was convicted, acquitted, or if charges against them were dropped. Because many people who are arrested are never charged or convicted, a high percentage of the FBI’s records incorrectly indicate a subject’s involvement with a crime.

“Often this is because states fail to update their own records, and the FBI does not proactively verify the accuracy of information coming from the states,” Lynch explained. “This has a much greater impact on communities of color because all criminal history systems include a disproportionate number of African-Americans, Latinos, and immigrants.” An estimated 1.8 million workers a year are subject to FBI background checks, according to the National Employment Law Project.

An FBI spokesperson from the Rap Back program said that the program “works diligently with all agencies to maintain accurate Identity History Records” and that if discrepancies exist, teams are in place to assist subscribers and individuals.

Jay Stanley, of the ACLU, views the Rap Back program as part of a larger trend toward the monitoring and policing of everyday life. “The whole purpose of program,” he said, “is for people to be fired.”

— source theintercept.com by Ava Kofman

Intel x86s hide another CPU that can take over your machine

Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they’ll expose all affected systems to nearly unkillable, undetectable rootkit attacks. I’ve made it my mission to open up this system and make free, open replacements, before it’s too late.

The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that’s physically located inside the chipset. It is an extra general purpose computer running a firmware blob that is sold as a management system for big enterprise deployments.

When you purchase your system with a mainboard and Intel x86 CPU, you are also buying this hardware add-on: an extra computer that controls the main CPU. This extra computer runs completely out-of-band with the main x86 CPU meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend).

On some chipsets, the firmware running on the ME implements a system called Intel’s Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU.

The purpose of AMT is to provide a way to manage computers remotely (this is similar to an older system called “Intelligent Platform Management Interface” or IPMI, but more powerful). To achieve this task, the ME is capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system.

While AMT can be a great value-add, it has several troubling disadvantages. ME is classified by security researchers as “Ring -3”. Rings of security can be defined as layers of security that affect particular parts of a system, with a smaller ring number corresponding to an area closer to the hardware. For example, Ring 3 threats are defined as security threats that manifest in “userspace” mode. Ring 0 threats occur in “kernel” level, Ring -1 threats occur in a “hypervisor” level, one level lower than the kernel, while Ring -2 threats occur in a special CPU mode called “SMM” mode. SMM stands for System-Management-Mode, a special mode that Intel CPUs can be put into that runs a separately defined chunk of code. If attackers can modify the SMM code and trigger the mode, they can get arbitrary execution of code on a CPU.

Although the ME firmware is cryptographically protected with RSA 2048, researchers have been able to exploit weaknesses in the ME firmware and take partial control of the ME on early models. This makes ME a huge security loophole, and it has been called a very powerful rootkit mechanism. Once a system is compromised by a rootkit, attackers can gain administration access and undetectably attack the computer.

On systems newer than the Core2 series, the ME cannot be disabled. Intel systems that are designed to have ME but lack ME firmware (or whose ME firmware is corrupted) will refuse to boot, or will shut-down shortly after booting.

There is no way for the x86 firmware or operating system to disable ME permanently. Intel keeps most details about ME absolutely secret. There is absolutely no way for the main CPU to tell if the ME on a system has been compromised, and no way to “heal” a compromised ME. There is also no way to know if malicious entities have been able to compromise ME and infect systems.

A large portion of ME’s security model is “security through obscurity”, a practice that many researchers view as the worst type of security. If ME’s secrets are compromised (and they will eventually be compromised by either researchers or malicious entities), then the entire ME security model will crumble, exposing every recent Intel system to the worst rootkits imaginable.

Around 2013, we figured out some of the nitty-gritty details regarding how the ME firmware was packaged up into a blob. The ME firmware is verified by a secret boot ROM embedded in the chipset that first checks that the SHA256 checksum of the public key matches the one from the factory, and then verifies the RSA signature of the firmware payload by recalculating it and comparing to the stored signature. This means that there is no obvious way to bypass the signature checking, since the checking is done by code stored in a ROM buried in silicon, even though we have the public key and signature. However, there still might be an exploitable bug in the ROM bootloader.

We also discovered that the critical parts of the ME firmware are stored in a non-standard compressed format, which gets decompressed by a special hardware decompressor. My initial attempts to brute-force the decompression scheme failed miserably. Another group had better success and they have now completed a working decompression routine for all versions of ME up to but not including version 11. Kudos to them!

Our goal is to implement a completely libre software replacement for ME. When the implementation of such a security-critical component is available for scrutiny, it will be peer-reviewed and audited by persons around the world. This generally results in stronger security.

Our goal isn’t to replace Intel’s ME, but to provide a minimal libre alternative firmware for users who choose to use it. Unfortunately, since the firmware is protected by RSA 2048, we currently have no way to execute our own code on the ME hardware because it fails validation. We have no way to move forward, even if we wanted to.

This is scary. Most digital handcuffs are so easy to break that it’s not an issue how to break it, more so an issue of the penalty one might face for actually breaking it. In this case, it is impossible to break unless you have a way to factorize semi-primes with approximately 600 decimal digits in a reasonable time. (At the time of writing this article, pretty much impossible in one human lifetime for anyone with the biggest supercomputer).

So in conclusion, Intel has so far stopped anyone from tinkering with ME firmware in practice, and there is no way to trust the code running on your ME because it’s proprietary. So we are back to the days of the Sony Playstation, but for general purpose computers based on Intel x86. Matters only get worse now that Intel has squeezed a whole system into a chip, SoCs. We have no physical separation between the components that we can trust and the untrusted ME components, so we can’t even cut them off the mainboard anymore.

Below is a highly simplified diagram describing how some of the older ME hardware fits into a system:

Personally, I would like if my ME only did the most basic task it was designed for, set up the bus clocks, and then shut off. This way, it would never be able to talk out of the network card with some of my personal data. I refer to the ME as the Damagement Engine, since it is a hardware add-on that damages your security.

— source boingboing.net by Damien Zammit

WikiLeaks Dump Shows CIA Could Turn Smart TVs into Listening Devices

It’s difficult to buy a new TV that doesn’t come with a suite of (generally mediocre) “smart” software, giving your home theater some of the functions typically found in phones and tablets. But bringing these extra features into your living room means bringing a microphone, too — a fact the CIA is exploiting, according to a new trove of documents released today by WikiLeaks.

According to documents inside the cache, a CIA program named “Weeping Angel” provided the agency’s hackers with access to Samsung Smart TVs, allowing a television’s built-in voice control microphone to be remotely enabled while keeping the appearance that the TV itself was switched off, called “Fake-Off mode.” Although the display would be switched off, and LED indicator lights would be suppressed, the hardware inside the television would continue to operate, unbeknownst to the owner. The method, co-developed with British intelligence, required implanting a given TV with malware—it’s unclear if this attack could be executed remotely, but the documentation includes reference to in-person infection via a tainted USB drive. Once the malware was inside the TV, it could relay recorded audio data to a third party (presumably a server controlled by the CIA) through the included network connection.

WikiLeaks said its cache included more than 8,000 documents originating from within the CIA and came via a source, who the group did not identify, who was concerned that the agency’s “hacking capabilities exceed its mandated powers,” and who wanted to “initiate a public debate” about the proliferation of cyberweapons. WikiLeaks said the documents also showed extensive hacking of smartphones, including Apple’s iPhones; a large library of allegedly serious computer attacks that were not reported to tech companies like Apple, Google, and Microsoft; malware from hacker groups and other nation-states, including, WikiLeaks said, Russia, that could be used to hide the agency’s involvement in cyberattacks; and the growth of a substantial hacking division within the CIA, known as the Center for Cyber Intelligence, bringing the agency further into the sort of cyberwarfare traditionally practiced by its rival the National Security Agency.

The smart TV breach is just the latest example of a security problem emerging from the so-called “Internet of Things,” the increasingly large catalog of consumer products that include (or require) an internet connection for contrived “smart” functionality. Last year, the Guardian reported that Director of National Intelligence James Clapper told the Senate that breaching smart devices was a priority for American spies: “In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

Security and cryptography researcher Kenneth White told The Intercept that smart TVs are “historically a pretty easy target” and “a pretty great attack platform,” given that TVs are typically located in a living room or bedroom.” White added that “there is zero chance the [CIA has] only targeted Samsung. It’s just too easy to mod other embedded OSes” found in the smart TVs sold by every other manufacturer.

This new WikiLeaks dump contains no apparent information about who exactly was targeted by Weeping Angel, or when. It’s also unclear how many models of Samsung TVs were vulnerable to Weeping Angel — the CIA documents published by WikiLeaks only mention one model, the F8000 (albeit a very popular and well-reviewed model: Engadget described it as “the best smart TV system you’ll find anywhere.”) After privacy concerns about Samsung’s TV voice recognition feature spread in 2015, the company released an FAQ meant to soothe worried consumers. Addressing the question of “How do I know it’s listening or not?,” Samsung assured users that “If the TV’s voice recognition feature is turned on for a command, an icon of a microphone will appear on the screen,” but “if no icon appears on the screen, the voice recognition feature is off.”

This assurance about displayed icons is of course worth nothing if the CIA has hijacked the TV. What Samsung seems to have taken for granted was that the company, and its customers, could fully control the operation of its televisions. As the CIA’s Fake-Off exploit shows, the company’s assurances to consumers that a TV’s voice recognition controls would operate in a transparent manner do not hold true once spies and (potentially other hackers) get involved.

Samsung did not immediately return a request for comment. A CIA spokesperson replied “We do not comment on the authenticity or content of purported intelligence documents.”

— source theintercept.com by Sam Biddle

CIA Has an “Impressive List” of Ways to Hack Into Your Smartphone, WikiLeaks Files Indicate

A concerted effort by the CIA produced a library of software attacks to crack into Android smartphones and Apple iPhones, including some that could take full control of the devices, according to documents in a trove of files released by WikiLeaks Tuesday.

The attacks allow for varying levels of access — many powerful enough to allow the attacker to remotely take over the “kernel,” the heart of the operating system that controls the operation of the phone, or at least to have so-called “root” access, meaning extensive control over files and software processes on a device. These types of techniques would give access to information like geolocation, communications, contacts, and more. They would most likely be useful for targeted hacking, rather than mass surveillance. Indeed, one document describes a process by which a specific unit within the CIA “develops software exploits and implants for high priority target cellphones for intelligence collection.”

The WikiLeaks documents also include detailed charts concerning specific attacks the CIA can apparently perform on different types of cellphones and operating systems, including recent versions of iOS and Android — in addition to attacks the CIA has borrowed from other, public sources of malware. Some of the exploits, in addition to those purportedly developed by the CIA, were discovered and released by cybersecurity companies, hacker groups, and independent researchers, and purchased, downloaded, or otherwise acquired by the CIA, in some cases through other members of the intelligence community, including the FBI, NSA, and the NSA’s British counterpart GCHQ , the documents indicate.

One borrowed attack, Shamoon, is a notorious computer virus capable of stealing data and then completely destroying hardware. Persistence, a tool found by the CIA, allows the agency control over the device whenever it boots up again. Another acquired attack, SwampMonkey, allows CIA to get root privileges on undisclosed Android devices.

“This is a very impressive list,” tweeted former GCHQ analyst Matt Tait, noting that at least some of the attacks appeared to still be viable.

Matt Green, cryptographer at Johns Hopkins University, agreed the leak was “impressive,” but concluded there weren’t many “technically surprising” hacks. This lack of originality may have stemmed from a desire on the part of the agency to avoid detection, judging from one document contained in the trove, in which apparent CIA personnel discuss an NSA hacking toolkit known as Equation Group and its public exposure. It was also previously known that the CIA was targeting smartphones; drawing on top-secret documents, The Intercept in 2015 reported on an agency campaign to crack into the iPhone and other Apple products.

In addition to the CIA’s efforts, an FBI hacking division, the Remote Operations Unit, has also been working to discover exploits in iPhones, one of the WikiLeaks documents, the iOS hacking chart, indicates. Last February, while investigating the perpetrator of a mass shooting in San Bernardino, the FBI attempted argued in court that Apple was obligated to give the FBI access to its phones by producing a weakened version of the device’s operating system. If the WikiLeaks documents are authentic, it would appear FBI and other elements of the intelligence community are already deeply involved in discovering their own way into iPhones. The compromise of the documents also calls into question government assurances in the San Bernardino case that any exploit developed by Apple to allow the FBI access to the killer’s phone would never be exposed to criminals or nation states.

The CIA and FBI hacking revelations originate with a trove of more than 8,000 documents released by WikiLeaks, which said the files originated from a CIA network and date from 2013 to 2016. The CIA declined to comment on the documents, which also disclose techniques the CIA allegedly developed to turn so-called smart televisions into listening devices. Apple did not respond to a request for comment, and Google declined to comment, though indicated it was actively investigating the revelations.

It’s unclear who might have given WikiLeaks access to the documents; a summary of the material hosted on the site implies it came from a whistleblower who “wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.” But the leaker could also be an outsider, including one employed by a foreign power.

“This could be as much about Russia as CIA or WikiLeaks,” tweeted Jason Healey, Senior Research Scholar at Columbia University’s School for International and Public Affairs “A continuation of teardown of U.S. government.”

German iOS security researcher Stefan Esser, according to a chart in the file database, developed an iOS exploit named “Ironic,” which gives access to the operating system kernel — though the hack “died” when iPhones were updated to iOS8, the chart appears to indicate. Esser, in an email to The Intercept, said he is not one to comb through classified documents or comment on them — but noted CIA had apparently “used public research of mine about a vulnerability that Apple required four attempts at fixing” in iOS. Esser’s bug was already public when CIA included it in its database. He also noted that a training slide he presented during a security conference in 2015 was also included in the dump.

WikiLeaks discussed, without referring to any specific document, access levels CIA has to encrypted applications, including popular Open Whisper Systems’ application Signal — though the documents do not indicate CIA has broken the app’s end-to-end encryption. Rather, it suggests the CIA can “bypass” the encryption by hacking into the phone itself, then reading everything on it, including data stored within any app — including messages from Telegram, WhatsApp, and other secure messaging apps. If a phone itself is compromised, there’s little to be done to prevent an attacker from accessing what’s on it.

Some of the attacks are what are known as “zero days” — exploitation paths hackers can use that vendors are completely unaware of, giving the vendors no time — zero days — to fix their products. WikiLeaks said the documents indicate the CIA has violated commitments made by the Obama administration to disclose serious software vulnerabilities to vendors to improve the security of their products. The administration developed a system called the Vulnerabilities Equities Process to allow various government entities to help determine when it’s better for national security to disclose unpatched vulnerabilities and when it’s better to take advantage of them to hunt targets.

At least some civil liberties advocates agree with the WikiLeaks assessment. “Access Now condemns the stockpiling of vulnerabilities, calls for limits on government hacking and protections for human rights, and urges immediate reforms to the Vulnerabilities Equities Process,” Nathan White, senior legislative manager for digital rights group Access Now, wrote in response to the new leak in a press release.

— source theintercept.com by Jenna McLaughlin

Spying on Students

School children are being spied on by tech companies through devices and software used in classrooms that often collect and store kids’ names, birth dates, browsing histories, location data, and much more—often without adequate privacy protections or the awareness and consent of parents, according to a new report from Electronic Frontier Foundation (EFF).

EFF’s “Spying on Students: School-Issued Devices and Student Privacy” shows that state and federal law, as well as industry self-regulation, has failed to keep up with a growing educational technology industry.

https://www.eff.org/wp/school-issued-devices-and-student-privacy

— source eff.org

Hackers release files indicating NSA monitored global bank transfers

Hackers released documents and files on Friday that cybersecurity experts said indicated the U.S. National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks. The documents and files were released by a group calling themselves The Shadow Brokers. Some of the records bear NSA seals. Also published were many NSA programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.

— source reuters.com

Oh Thats one of the reason Modi puppet is pushing for digital money in india.