Interesting Links: June 22, 2015
Here are links to some interesting news articles that I came across today. They are about the actions (and true nature) of “national security agencies” of supposedly democratic western countries.
The spy unit responsible for some of the United Kingdom’s most controversial tactics of surveillance, online propaganda and deceit focuses extensively on traditional law enforcement and domestic activities — even though officials typically justify its activities by emphasizing foreign intelligence and counter-terrorism operations. Documents published today by The Intercept demonstrate how the Joint Threat Research Intelligence Group (JTRIG), a unit of the signals intelligence agency Government Communications Headquarters (GCHQ), is involved in efforts against political groups it considers “extremist,” Islamist activity in schools, the drug trade, online fraud, and financial scams. Though its existence was secret until last year, JTRIG quickly developed a distinctive profile in the public understanding, after documents from NSA whistleblower Edward Snowden revealed that the unit had engaged in “dirty tricks” like deploying sexual “honey traps” designed to discredit targets, launching denial-of-service attacks to shut down internet chat rooms, pushing veiled propaganda onto social networks, and generally warping discourse online.
While some of the unit’s activities are focused on the claimed areas, JTRIG also appears to be intimately involved in traditional law enforcement areas and UK-specific activity, as previously unpublished documents demonstrate. An August, 2009 JTRIG memo entitled “Operational Highlights” boasts of “GCHQ’s first serious crime effects operation” to shut down internet forums and to remove websites identifying police informants and members of a witness protection program. Another was “used to facilitate and execute online fraud.” The document also describes GCHQ advice provided “to assist the UK negotiating team on climate change.” Particularly revealing is a fascinating 42-page document from 2011 detailing JTRIG’s activities. It provides the most comprehensive and sweeping insight to date into the scope of this unit’s extreme methods. Entitled “Behavioral Science Support for JTRIG’s Effects and Online Humint [Human Intelligence] Operations,” it describes the types of targets on which the unit focuses, the psychological and behavioral research it commissions and exploits, and its future organizational aspirations. It is authored by a psychologist, Mandeep K. Dhami.
The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added. The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.”
British spies have received government permission to intensively study software programs for ways to infiltrate and take control of computers. The GCHQ spy agency was vulnerable to legal action for the hacking efforts, known as “reverse engineering,” since such activity could have violated copyright law. But GCHQ sought and obtained a legally questionable warrant from the Foreign Secretary in an attempt to immunize itself from legal liability. GCHQ’s reverse engineering targeted a wide range of popular software products for compromise, including online bulletin board systems, commercial encryption software and anti-virus programs. Reverse engineering “is essential in order to be able to exploit such software and prevent detection of our activities,” the electronic spy agency said in a warrant renewal application. But GCHQ’s hacking and evasion goals appear to have led it onto dubious legal ground and, at times, into outright non-compliance with its own procedures for staying within the bounds of the law. A top-secret document states that a GCHQ team lapsed in following the agency’s authorization protocol for some continuous period of time. Meanwhile, GCHQ obtained a warrant for reverse engineering under a section of British intelligence law that does not explicitly authorize — and had apparently never been used to authorize — the sort of copyright infringement GCHQ believed was necessary to conduct such activity.
One document describing the warrant, a 2008 warrant renewal application, identifies numerous commercially available products in which GCHQ identified vulnerabilities through reverse engineering. These include widely used encryption software such as Exlade’s CrypticDisk and Acer’s eDataSecurity. Exlade’s products are used by “thousands of companies and government agencies,” including tech giants IBM, Intel, GE, HP and Seagate, according to the company’s website. Also successfully targeted were popular web forum services vBulletin and Invision Power Board. VBulletin says its users include Sony Pictures, NASA, Electronic Arts and Zynga. Invision Power Services, the maker of Invision Power Board, said around the time of the warrant renewal application that its users included Yahoo, AMD and Sony. GCHQ also targeted CPanel, software used by large hosting companies like GoDaddy for configuring servers, and PostfixAdmin, used to manage Postfix, popular email server software.
What do you think? Comments?