We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
Trailrunner7 writes Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany's Der Spiegel. The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together. "Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source codes, we conclude the QWERTY malware developers and the Regin developers are the same or working together," wrote Kaspersky Lab researchers Costin Raiu and Igor Soumenkov today in a published report. (Here is the Spiegel article.)
90 comments | yesterday
An anonymous reader writes: The Electronic Frontier Foundation has published a detailed, global strategy for ridding ourselves of mass surveillance. They stress that this must be an international effort — while citizens of many countries can vote against politicians who support surveillance, there are also many countries where the citizens have to resort to other methods. The central part of the EFF's plan is: encryption, encryption, encryption. They say we need to build new secure communications tools, pressure existing tech companies to make their products secure against everyone, and get ordinary internet-goers to recognize that encryption is a fundamental part of communication in the surveillance age.
They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
260 comments | yesterday
An anonymous reader writes "The Register reports on a request from the US National Sheriffs' Association, which "wants Google to block its crowd-sourced traffic app Waze from being able to report the position of police officers, saying the information is putting officer's lives at risk." From the article: "'The police community needs to coordinate an effort to have the owner, Google, act like the responsible corporate citizen they have always been and remove this feature from the application even before any litigation or statutory action,' AP reports Sheriff Mike Brown, the chairman of the NSA's technology committee, told the association's winter conference in Washington....Brown called the app a 'police stalker,' and said being able to identify where officers were located could put them at personal risk. Jim Pasco, executive director of the Fraternal Order of Police, said his members had concerns as well. 'I can think of 100 ways that it could present an officer-safety issue,' Pasco said. 'There's no control over who uses it. So, if you're a criminal and you want to rob a bank, hypothetically, you use your Waze.'"
432 comments | yesterday
Mike Lape links to a NYTimes piece which says "The evidence gathered by the 'early warning radar' of software painstakingly hidden to monitor North Korea's activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts, who spoke on the condition of anonymity about the classified N.S.A. operation." From the linked article: For about a decade, the United States has implanted “beacons,” which can map a computer network, along with surveillance software and occasionally even destructive malware in the computer systems of foreign adversaries. The government spends billions of dollars on the technology, which was crucial to the American and Israeli attacks on Iran’s nuclear program, and documents previously disclosed by Edward J. Snowden, the former security agency contractor, demonstrated how widely they have been deployed against China. ... The extensive American penetration of the North Korean system also raises questions about why the United States was not able to alert Sony as the attacks took shape last fall, even though the North had warned, as early as June, that the release of the movie “The Interview,” a crude comedy about a C.I.A. plot to assassinate the North’s leader, would be “an act of war.”
181 comments | about two weeks ago
Advocatus Diaboli (1627651) writes According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money. Also check out — New Snowden documents show that the NSA and its allies are laughing at the rest of the world.
81 comments | about two weeks ago
A story at Ars Technica describes yet another Federal database of logged call details maintained by the Federal government which has now come to light, this one maintained by the Department of Justice rather than the NSA, and explains how it came to be discovered: [A] three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use "administrative subpoenas" to obtain business records and other "tangible things." The affidavit does not specify which countries records were included, but specifically does mention Iran. ... This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013. From elsewhere in the article: "It’s now clear that multiple government agencies have tracked the calls that Americans make to their parents and relatives, friends, and business associates overseas, all without any suspicion of wrongdoing," [said ACLU lawyer Patrick Toomey]. "The DEA program shows yet again how strained and untenable legal theories have been used to secretly justify the surveillance of millions of innocent Americans using laws that were never written for that purpose."
102 comments | about two weeks ago
According to an article at The Wall Street Journal, President Obama has sided with British Prime Minister David Cameron in saying that police and government agencies should not be blocked by encryption from viewing the content of cellphone or online communications, making the pro-spying arguments everyone has come to expect: “If we find evidence of a terrorist plot and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,” Obama said. He said he believes Silicon Valley companies also want to solve the problem. “They’re patriots.” ... The president on Friday argued there must be a technical way to keep information private, but ensure that police and spies can listen in when a court approves. The Clinton administration fought and lost a similar battle during the 1990s when it pushed for a “clipper chip” that would allow only the government to decrypt scrambled messages.
562 comments | about two weeks ago
HughPickens.com writes: It's common knowledge the NSA collects plenty of data on suspected terrorists as well as ordinary citizens, but the agency also has algorithms in place to filter out information that doesn't need to be collected or stored for further analysis, such as spam emails. Now Alice Truong reports that during operations in Afghanistan after 9/11, the U.S. was able to analyze laptops formerly owned by Taliban members. According to NSA officer Michael Wertheimer, they discovered an email written in English found on the computers contained a purposely spammy subject line: "CONSOLIDATE YOUR DEBT."
According to Wertheimer, the email was sent to and from nondescript addresses that were later confirmed to belong to combatants. "It is surely the case that the sender and receiver attempted to avoid allied collection of this operational message by triggering presumed "spam" filters (PDF)." From a surveillance perspective, Wertheimer writes that this highlights the importance of filtering algorithms. Implementing them makes parsing huge amounts of data easier, but it also presents opportunities for someone with a secret to figure out what type of information is being tossed out and exploit the loophole.
110 comments | about two weeks ago
An anonymous reader writes: British prime minister David Cameron is currently visiting Washington to discuss the future of cyber-security in Britain and North America. The leaders have announced that their respective intelligence agencies will mount ongoing cyber-attack "war games" starting this summer in an effort to strengthen the West's tarnished reputation following the Sony hacking scandal. Somewhat relatedly, a recently-leaked Edward Snowden document show the NSA giving dire warnings in 2009 of the threat posed by the lack of encrypted communications on the internet.
77 comments | about two weeks ago
Jason Koebler writes Later this month, the Washington DC Public Library will teach residents how to use Tor as part of a 10 day series designed to shed light on government surveillance, transparency, and personal privacy. The series is called "Orwellian America," and it's quite subversive, considering that it's being held by a publicly funded entity mere minutes from a Congress and administration that allowed the NSA's surveillance programs to spin wildly out of control.
81 comments | about two weeks ago
Trailrunner7 writes In a new article in an academic math journal, the NSA's director of research says that the agency's decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a "regrettable" choice. Michael Wertheimer, the director of researcher at the National Security Agency, wrote in a short piece in Notices, a publication of the American Mathematical Society, that even during the standards development process for Dual EC many years ago, members of the working group focused on the algorithm raised concerns that it could have a backdoor in it. The algorithm was developed in part by the NSA and cryptographers were suspect of it from the beginning. "With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable," Wertheimer wrote in a piece in Notices' February issue.
106 comments | about two weeks ago
itwbennett writes The FBI's access to email and other data collected from overseas targets in the NSA's Prism program has been growing since 2008, according to a 2012 U.S. Department of Justice inspector general's report declassified last Friday by the DOJ in response to a Freedom of Information Act request by the New York Times. Here are some of the milestones mentioned in the report: In 2008, the FBI began reviewing email accounts targeted by the NSA through the Prism program. In October 2009, the FBI requested that information collected under the Prism program be 'dual routed' to both the NSA and the FBI so that the FBI 'could retain this data for analysis and dissemination in intelligence reports.' And in April 2012, the FBI began nominating email addresses and phone numbers that the NSA should target in it surveillance program, according to the document.
52 comments | about two weeks ago
jones_supa writes: As you may have heard, the NSA has had some success in cracking Secure Shell (SSH) connections. To respond to these risks, a guide written by Stribika tries to help you make your shell as robust as possible. The two main concepts are to make the crypto harder and make stealing keys impossible. So prepare a cup of coffee and read the tutorial carefully to see what could be improved in your configuration. Stribika gives also some extra security tips: don't install what you don't need (as any code line can introduce a bug), use the kind of open source code that has actually been reviewed, keep your software up to date, and use exploit mitigation technologies.
148 comments | about three weeks ago
An anonymous reader writes: We've all been wondering how the U.S. Judicial branch will deal with the NSA's bulk metadata surveillance. Getting a case to the Supreme Court isn't a quick process, so we haven't seen much movement yet. But later this year, several cases have the potential to force a Supreme Court ruling on the NSA, whether they like it or not. Ars summarizes the five likeliest cases, and provides estimates on their timelines. For example, Klayman v. Obama was one of the first lawsuits filed after the Snowden leaks were published. The first judge to hear it actually ordered the government to halt the metadata program and destroy all data, but stayed his own order pending appeal. The case is now awaiting a decision from the District of Columbia Circuit Court of Appeals, and several other high-profile lawsuits are awaiting its outcome. The decision in Klayman will have a domino effect on NSA-related court battles across the country.
114 comments | about three weeks ago
An anonymous reader writes We've talked quite a bit about National Security Letters (NSLs) and how the FBI/DOJ regularly abused them to get just about any information the government wanted with no oversight. As a form of an administrative subpoena -- with a built in gag-order -- NSLs are a great tool for the government to abuse the 4th Amendment. Recipients can't talk about them, and no court has to review/approve them. Yet they certainly look scary to most recipients who don't dare fight an NSL. That's part of the reason why at least one court found them unconstitutional. At the same time, we've also been talking plenty about Section 215 of the PATRIOT Act, which allows the DOJ/FBI (often working for the NSA) to go to the FISA Court and get rubberstamped court orders demanding certain 'business records.' As Ed Snowden revealed, these records requests can be as broad as basically 'all details on all calls.' But, since the FISA Court reviewed it, people insist it's legal. And, of course, the FISA Court has the reputation as a rubberstamp for a reason — it almost never turns down a request. However, in the rare instances where it does, apparently, the DOJ doesn't really care, knowing that it can just issue an NSL instead and get the same information. At least that appears to be what the DOJ quietly admitted to doing in a now declassified Inspector General's report from 2008."
119 comments | about a month ago
An anonymous reader writes On Christmas Eve, as the National Security Agency was releasing a report on NSA employees' abuses of surveillance technology, Google was telling WikiLeaks about another sort of surveillance. According to a statement by WikiLeaks on Twitter, Google informed the organization on December 24 that the Gmail mailboxes and account metadata of a WikiLeaks employee had been turned over to law enforcement under a U.S. federal warrant.
53 comments | about a month ago
An anonymous reader sends this quote from Ars Technica: The National Security Agency's Office of Target Pursuit (OTP) maintains a team of engineers dedicated to cracking the encrypted traffic of virtual private networks (VPNs) and has developed tools that could potentially uncloak the traffic in the majority of VPNs used to secure traffic passing over the Internet today, according to documents published this week by the German news magazine Der Speigel. A slide deck from a presentation by a member of OTP's VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs—including tools with names drawn from Star Trek and other bits of popular culture.
234 comments | about a month ago
It's been a long time since Slashdot has awarded the Beanies -- nearly 15 years, in fact. But there's no time like the present, especially since tomorrow edges on the new year, and in early 2015 we'd like to offer a Beanie once again, to recognize and honor your favorite person, people (or project; keep reading) of the past year. Rather than a fine-grained list of categories like in 2000, though, this time around we're keeping it simple: we can always complicate things later, if warranted. So, please nominate below whoever you think most deserves kudos for the last twelve months. Is it ...
Read on below to see how you can take part, and then nominate your favorite in the comments below.
299 comments | about a month ago
rossgneumann writes NSA documents obtained by Edward Snowden and reported on by Der Spiegel on Sunday reveal that the agency communicates internally with Jabber, an open source messaging service used by hackers and activists trying to skirt the NSA's internet surveillance dragnet. A document outlining the NSA's Scarletfever program—a "message driven cryptologic exploitation service" designed as part of the larger Longhaul initiative, a program that collects data and finds ways to break its encryption—contains a curious point buried near the end: "Jabber Chat Room: TBD."
81 comments | about a month ago
Der Spiegel has published today an excellent summary of what some of Edward Snowden's revelations show about the difficulty (or, generally, ease) with which the NSA and collaborating intelligence services can track, decrypt, and correlate different means of online communication. An interesting slice: The NSA and its allies routinely intercept [HTTPS] connections -- by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to "detect the presence of at least 100 password based encryption applications" in each instance some 20,000 times a month. For its part, Britain's GCHQ collects information about encryption using the TLS and SSL protocols -- the protocols https connections are encrypted with -- in a database called "FLYING PIG." The British spies produce weekly "trends reports" to catalog which services use the most SSL connections and save details about those connections. Sites like Facebook, Twitter, Hotmail, Yahoo and Apple's iCloud service top the charts, and the number of catalogued SSL connections for one week is in the many billions -- for the top 40 sites alone. ... The NSA also has a program with which it claims it can sometimes decrypt the Secure Shell protocol (SSH). This is typically used by systems administrators to log into employees' computers remotely, largely for use in the infrastructure of businesses, core Internet routers and other similarly important systems. The NSA combines the data collected in this manner with other information to leverage access to important systems of interest.
278 comments | about a month ago