backtop


Print

Consumer electronics goods are reportedly regularly diverted to secret workshops where they are modified

We already know that agents of the U.S. National Security Agency (NSA) spied on their ex-lovers (so-called "LOVEINT").  We've heard that the NSA put Americans' financial futures in jeopardy by paying for backdoors and sabotage of international encryption standards
 
We know that the NSA is spying on our relationships on Facebook Inc. (FB) and Google Inc.'s (GOOG) social networks.  We know that the NSA hunted for "terrorists" spying on users of World of Warcraft and other online games.
 
I. Don't be Mad; It's Just Big Brother Bugging You
 
And yet for all the incredible ways we've learned that the NSA is spending hundreds of billions of our dollars to "protect" us, it still manages to find new ways amaze.
 
Der Spiegel -- Germany's top newspaper -- has published a report based on analysis of NSA internal documents shared by leaker Edward Snowden, a former U.S. Central Intelligence Agency (CIA) analyst and NSA contractor.  The report casts light on new cybercrime-inspired techniques the NSA uses against U.S. citizens and foreigners.

NSA eagle
[Image Source: CNN]

Among the most shocking are reports that the NSA routinely intercepted consumer electronics shipments from "partners" like Amazon.com, Inc. (AMZN) (which coincidentally is vying for CIA contracts and lobbying for more spying behind closed doors) and installing James Bond-esque devices to spy on Americans.
 
One such program is dubbed "COTTONMOUTH" and involves the installation of a malicious USB "hardware implant".  Other programs reportedly involved the installation of malicious firmware or software (malware).  COTTONMOUTH was among the expansions of the spying program by President Barrack Obama (D), having been instituted in 2009.

Cottonmouth
The NSA named its sabotage program after a venemous snake that slithers unseen in southern swamps
 
The practice appears relatively common, as the NSA used it enough to have "secret workshops" (note the plural tense from the slides and memos -- indicating that it was common enough to have more than one) devoted primarily to the effort to sabotage Americans' electronic devices to spy on them.
 
Further, two entire units of the NSA are devoted to hardware sabotage.  The first is referred to as the "TAO" (Tailored Access Operations) unit.  Der Spiegel reports:

According to internal NSA documents viewed by Spiegel, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies… The documents reveal just how diversified the tools at TAO’s disposal have become — and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks.



A second unit -- the Advanced/Access Network Technology unit -- was tasked with developing a set of sabotage procedures for virtually any consumer hardware target.
 
While domestic interceptions can be relatively inexpensive, foreign interceptions can become very costly to the taxpayer.  The NSA reportedly flies some shipments to their destinations, coordinating flights with the CIA and U.S. Federal Bureau of Investigations, "This gets them to their destination at the right time and can help them to disappear again undetected after even as little as a half hour's work."
 
Such night flights may occur occasionally in the U.S. as well, when the sabotaged delivery is in danger of running late, or when there's concern the target might suspect the modifications.
 
II. General Searches Once Inspired Rebellion, But Today Evoke Apathy
 
Among the companies whose electronics devices the NSA can penetrate include numerous top domestic brands.  Among those mentioned were routers from Juniper Networks, Inc. (JNPR) and Cisco Systems, Inc. (CSCO), and Huawei Technologies Comp. (SHE:002502). 
 
Hard drives and external storage solutions by Western Digital Corp. (WDC), Seagate Technology PLC (STX) (and its Maxtor brand), and Samsung Electronics Comp., Ltd. (KSC:005930) were mentioned, as well as undisclosed products from Dell.

Huawei router
Huawei's routers are reportedly riddled with security holes -- some of which some analyst claim are deliberate back doors. [Image Source: The Hacker News]

Reportedly, the NSA gets authorization for redirections of citizens' goods to secret workshops via the mass warrants Foreign Intelligence Surveillance Court ("FISC") -- a secret court.  It is of course a crime for anyone involved with these programs to inform the public of the secret court's decisions.
 
The warrants granted by the FISC are bulk orders that allow the NSA to pursue actions as if all Americans are criminals until proven innocent, within certain confines.
 
Basically, those confines are that the NSA is only officially allowed to pursue investigations against citizens if it has evidence to believe they are involved with "terrorism" (although it is also clear that they regular violate that restriction and (typically "accidentally") monitor innocent non-terrorist Americans, anyway).
 
Americans have no direct route to proving their innocence, although companies can try to petition to knock out bulk requests, a difficult process.
 
Founding Fathers
The Founding Fathers rebellion from England a decade after the colonial nationalist power stepped up its mass warrants. [Image Source: USFCA.edu]

Such mass warrants were common in the colonial U.S. as British authorities tried to crack down on American colonies' political and economic freedoms.  A common misconception is that imperial England in the 1700s had no courts; much like America today it did in fact have courts and a legislature, and even offered limited versions of both to the U.S. government. 
 
The general warrants issued by English courts (a plot hatched in the mid-1700s by Charles Pratt, 1st Earl Camden a prominent UK justice at the time) were remarkably similar to the FISA warrants of today, sharing the same two crucial problems -- the assumption that everyone might be a criminal without evidence and a lack of accountability/oversight.  And the king, for all his powers, was arguably no more powerful that President Obama is today, in many regards.
 
Obama
The Obama administration is returning America to its imperialist English roots with his "total war" on terrorism and general warrants. [Image Source: Freaking News]

The difference is that in the old days mass searches were far less subtle.  And the American colonists were at one time much more opposed to such sacrifices of freedom.  In fact, according to historian William Cuddihy the "colonial epidemic of general searches" was a key reason why the Founding Fathers rebelled from Britain.
 
When they wrote the Constitution, they specifically forbid such "universal searches", only allowing individual warrants.  Today, though, as an increasingly powerful U.S. government slowly sets the Constitution aside, those safeguards no longer apply.  And yet the huddled masses in America appear relatively apathetic to the same kinds of intrusions that their ancestors labeled as tyranny.
 
The majority -- for now -- appears content to surrender their freedom for a small measure of safety.  Great American statesman Benjamin Franklin warned that this could happen, stating, "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."

Nokia hundred dollar bill
The Founding Fathers paid a price in blood to free America of "general searches" (i.e. mass warrants).  And they warned their ancestors that if they allowed such practices to reappear in the name of national security they would have neither freedom nor safety. [Image Source: U.S. Treasury]

The prediction proves fortuitous -- in recent Congressional testimony the NSA reduced its estimate of how many terrorist attacks it stopped with universal spying and sabotage from 54 to 2.  And in its testimony it made it clear that it’s not even clear that those cases were truly stopped by spying.
 
So basically Americans may be paying for these bizarre mass searches for basically no security -- which Benjamin Franklin would argue was an unfortunately deserved outcome.
 
III. With Secret Courts, Secret Warrants, Everyone's a Criminal
 
With bulk warrants in hand, all that is required to install malware on a target's machine is for an agent to fill out a form in an app or web portal, which generates a change request.  That request is passed up the chain to various agency inspectors (up to 20, according to some reports) who stamp (or rubber stamp?) it with their approval.
 
Such approval is time sensitive, so typically supervisors are unable to carefully scrutinize their underlings' requests carefully.
 
Newegg NSA
[Image Source: Jason Mick; original: Maximum PC]

Once approved, the service reportedly goes something like a warranty request with Amazon or Newegg might -- the machine gets redirected to the workshop, which has a digital document of the requested malware, firmware, or hardware modifications to perform.  The device is then shipped to the citizen who ordered it, with no hint that it was sabotaged.
 
Again, nowhere in this process is an individual warrant required.  The NSA contends such spying is always done "with warrant", but they almost always mean a bulk warrant.  In layman's terms such a bulk warrant is effectively no warrant at all, as it targets all Americans, or at least millions of them.  In essence the only thing needed to spy on your machine is an agent deciding to select it out of their rich stream of data on in-progress shipments, then obtain supervisor click-throughs.
 
Secret courts
 A lone American protests his nation's secret courts. [Image Source: Before Its News]

The German report describes the apps used by agents to initiate these effectively warrantless sabotage service orders as a "mail order spy catalog".  They give them many options that can quickly be used to target citizens or foreigners ordering U.S. products.
 
IV. NSA May be Paying Criminals to Target Americans
 
What happens if interception fails? Well that doesn't mean the citizen is safe from spying.
 
If the agency cannot intercept a shipment in time, it still has options.  As most PCs run on Windows, internal memos reveal that the NSA is intercepting Microsoft Corp.'s (MSFT) Windows Errors reports, which can reveal details of security holes on target machines.

 Microsoft error reports
The NSA vacuums up Microsoft Windows Error reports to infect citizens' computers with malware, remotely.

Der Spiegel elaborates:

A document viewed by Spiegel resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry — including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.

These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives — from computing centers to individual computers, from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.

This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets’ data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.

Many of these backdoor tools reportedly come from so-called "blackhat" sellers -- criminals of the internet.  So the NSA is shelling out reportedly up to a quarter million to buy tools from the private sector criminals to carry out its spying on Americans.  And when it can't buy a solution it appears it is willing to regularly pay even more money to develop a solution analogous to criminal tools currently available.
 
It then can initiate remote attacks against machines, which are loaded with malware, via traditional means such as infected websites, phishing, or direct attacks.  This strategy leans heavily on tactics the NSA learned from criminals in the U.S. and abroad.
 
V. Why Does Germany Care? Oh Yeah, That's Why...
 
In case you're wondering why the German press is so concerned about this, Germany has been in an uproar ever since it was revealed that President Obama authorized spying on Germany's Prime Minister Angela Merkel and other top German officials.  While publicly acting like these German officials were dear allies, his NSA was secretly stealing their secrets.

Chancellor MerkelChancellor Merkel is surprised by a Pirate Party drone guest. [Image Source: TorrentFreak]

On top of that, the NSA is reportedly daily spying on tens of millions of German citizens.  Strangely Germany appears one of Europe's most target nations.  NSA maps show that Germany was targeted with more spying that Afghanistan, home of the Taliban.  Germany and the U.S. were spied on at similar rates to Saudi Arabia; a nation the U.S. both considers an ally and a key funder of terrorism.
 
On a daily basis the U.S., on average, grabs data on roughly 20 million phone calls in Germany, grabbing as many as 60 million calls on some days.  That's not quite the rate at which the U.S. spies on its own citizens calls -- 99 percent -- but it's pretty impressive given that Germany only has 80 million citizens.  The NSA also reportedly gathers information on 10 million internet data connections in Germany daily, on average.

Boundless Informant
Boundless Informant maps show the NSA isn't just spying on terrorsm-affiliated states.
[Image Source: Guardian]

Steffen Seibert, spokesperson for Germany's Chancellor Angela Merkel, issued a stiff warning when these allegations emerged earlier this year, stating, "If it is confirmed that diplomatic representations of the European Union and individual European countries have been spied upon, we will clearly say that bugging friends is unacceptable.  We are no longer in the Cold War.  Mutual trust is necessary in order to come to [trade agreements]."
 
And Germany's Justice Minister Sabine Leutheusser-Schnarrenberger -- a trusted advisor of the German Chancellor -- remarked earlier this year, "If the media reports are accurate, then this recalls the methods used by enemies during the Cold War.  It is beyond comprehension that our friends in the United States see Europeans as enemies."
 
This uproar has led some serious social-searching amongst Obama administration supporters -- although the U.S. public may not be happy with the changes some have suggested.  For example Sen. Dianne Goldman Berman Feinstein (D-Calif.) suggests that spying on ally leaders like Chancellor Merkel or the Pope should be illegal, but spying on Americans should be strengthened and funded.
 
VI. NSA Becomes the Shadow Villain That Congress Long Accused Citizen Hackers, the Chinese of Being
 
In retrospect it seems pretty ironic as Congress last year accused Chinese OEMs like Huawei and ZTE of possibly leaving holes in their hardware and software to spy on Americans.  As recently as earlier this year, a former CIA director was blasting Huawei for helping Chinese "spy" on Americans.
 
Instead, it appears that Huawei and others were (likely inadvertently) helping the U.S. government spy on Americans.  Perhaps intelligence analysts' concern about Chinese spying stemmed from its first hand knowledge of just how many holes in these OEMs' firmware and software there were.  After all, it was reportedly routinely exploiting these holes to spy on Americans without warrant.
 China cell phone
The true enemy lay at home, not in China, after all. [Image Source: Chinadangvu]

For all the hot air the NSA and other agencies were never able to provide Congress of any hard evidence that Chinese spying on Americans occurred in the wild.  Indeed, a White House report based on the NSA analysis and other sources ruled that such spying had not occurred.
 
The NSA should know.  It was carrying out precisely such spying.
 
NSA spying
The law tasks the NSA from spying on foreigners, but forbids it to spy on U.S. citizens.  Sen. Feinstein is fighting to flip that equation. [Image Source: Nation of Change]

Thus, after several years of the legislative and executive branches whining and whimpering in international circuits about China "spying" on Americans and their allies, it turns out that whatever spying China was doing was likely grossly eclipsed by the spying the U.S. federal government was doing on its own people and its allies.
 
Adding to this appearance of some sort of darker intent is how the U.S. government regularly released reports over the last half decade about how "incompetent" it was when it came to cybersecurity.  In retrospect these reports appear to be devious social engineering.  The reality was that the intelligence community appears to be one of the most advanced hacker rings in the world, with skills and funding surpassing even the most sophisticated private-sector hacking rings, and even the elite hacking units of allies and rivals like Israel and China.
 
The U.S. was the cyberwolf, clothing itself in a garb of lies to look the meek sheep.
 
Wolf in sheeps clothing
Feigning weakness, the NSA was a waiting wolf in sheep's clothing. [Image Source: Dharmma Musings]

After witnessing these lies and the truth of the American government's apparently predatory behavior against its allies and its own people, it's going to be pretty hard for ally states to believe anything the U.S. says on cybersecurity from here on out -- the trust has been fatally betrayed.
 
VII. Looking Everywhere Where Cybercriminals Aren't
 
The motivation for such spying at best seems illogical and at worst could allude to dark intent, given that the services and targets the U.S. spied upon seemed to have little to do with terrorism.  As Bloomberg recently noted, Google only indexes an estimated 4 percent of the internet.

Team America
True terrorists tend to avoid American services like Gmail. [Image Source: DVD Active]

The top American news agency notes:

In a January 2012 report titled “Jihadism on the Web: A Breeding Ground for Jihad in the Modern Age,” the Dutch General Intelligence and Security Service drew a convincing picture of an Islamist Web underground centered around “core forums.” These websites are part of the Deep Web, or Undernet, the multitude of online resources not indexed by commonly used search engines.

In other words our allies' intelligence agencies have made it clear that real terrorist chatter was not common in services like Facebook, Gmail, or World of Warcraft -- services popular in rich, civilized nations like the U.S. and its European allies.  So why is the NSA looking there?
 
Instead true terrorist communication reportedly occurs primarily through unindexed forums that Google and others do not even recognize or index -- the so-called "deep web".  That part of the internet the NSA mostly ignores, raising serious questions of what exactly it is truly trying to accomplish.
 
Deep webThe deep web is where most terrorist chatter occurs. [Image Source: OpenText]

Why is it reportedly ignoring the parts of the internet where its targets lie?  Why is spending hundreds of billions on data collection that does virtually nothing to stop terrorists just some sort of foolish wastefulness?
 
Note, that in virtually every case of hacking by foreign powers or private sector criminals, the end goal was gaining financial secrets of some form to turn into profit.  The NSA claims its cybercrime campaign's goal is to fight terrorism, yet its programs are not designed to fight terrorism.  They are designed for financial secrets theft.
 

Corporate espionage
Is the government using its collected information for economic malfeasance?  It's clearly not using it to catch terrorists very often. [Image Source: Google Images]

But these are important questions to ask, given the economic secrets that lie in the NSA's dataset, just waiting to be exploited for profit.  Secret, furtive abuse may sound unlikely, but we've already seen far too many uncomfortable unlikelihoods long dismissed as paranoid be proven factual, when it comes to the NSA's Orwellian campaign.  As A Scanner Darkly author Phillip K. Dick wrote, "Strange how paranoia can link up with reality now and then."
 
VIII. Cybercrime is Unethical, Except When the NSA is Doing It
 
Regardless of the motivations it's appearing that the U.S. is practicing a double standard, allowing its intelligence officials to behave in a manner it deems it criminal for its citizens to behave in.
 
When citizens use these techniques to spy on Americans, they typically end up in facing prison time -- and many would argue justifiably so.  Such actions would likely be deemed crimes under the ambiguous Computer Fraud and Abuse Act of 1986 (18 USC § 1030) statute.
 Cybercrime
Cybercrime or law enforcement? It depends on if your bosses rule the nation.
[Image Source: TechieNews]

When the government resorts to criminal tactics to (supposedly) offer some small modicum of security it certainly appear dangerously contrary to the protections promised by and spirit of the U.S. Constitution.  But given the supreme powers allocated to the NSA and its backing secret courts by Congress, chances are that at least some in Congress and the courts will deem such tactics are "legal" in the U.S. as it enters its post-Constitution era.
 
When you're the NSA -- an organization that admits to "accidentally" violating the law thousands of times a year -- you are the law, so you face no real fear of charges.  The public just has to bend over and deal with it, or so the NSA calculates.
 
FBI spying with malware
The NSA, DEA, and FBI cyberstalk millions of Americans using cybercriminal tactics.
[Image Source: WSJ]

The U.S. federal government is still struggling to offer a working website for the controversial healthcare program it conscripted Americans, via creatively interpreting that the Constitution allowed the federal government to engage in any desirable market manipulation under the commerce clause.  And yet, it seems to be having no difficulty cyberstalking millions of Americans and sabotaging their devices with and without warrant. 
 
It seems pretty clear where the priorities of most elected officials in the U.S. federal government lie.

Mel Gibson Patriot
Americans have a history of resisting mass warrants. [Image Source: Columbia Pictures]

For now the status quo is a slow erosion of lady liberty.  But America's own history suggests the people may eventually awaken and fight back either with their votes or otherwise.

Sources: Der Spiegel [1], [2]





“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads













botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki