×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

NSA Tracking Cellphone Locations Worldwide

timothy posted about a year ago | from the relax-citizens-we're-only-watching-you-closely dept.

Cellphones 256

tramp writes "The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable. Of course it is 'only metadata' and absolutely not invading privacy if you ask our 'beloved' NSA." Pretty soon, the argument about whether you have in any given facet of your life a "reasonable expectation of privacy" may take on a whole new meaning. Also at Slash BI.

Sorry! There are no comments related to the filter you selected.

bad BIOS saga continues - 12/13 (-1)

Anonymous Coward | about a year ago | (#45607429)

bad BIOS saga continues - 12/13
-
Scientist-developed malware prototype covertly jumps air gaps using inaudible sound
-
Malware communicates at a distance of 65 feet using built-in mics and speakers.

by Dan Goodin - Dec 2, 2013 7:29 pm UTC

http://arstechnica.com/author/dan-goodin [arstechnica.com]
https://twitter.com/dangoodin001 [twitter.com]

"Dan is the IT Security Editor at Ars Technica, which he joined in 2012 after working for The Register, the Associated Press, Bloomberg News, and other publications."

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/ [arstechnica.com]

-
Topology of a covert mesh network that connects air-gapped computers to the Internet:

http://cdn.arstechnica.net/wp-content/uploads/2013/12/acoustical-mesh-network.jpg [arstechnica.net]

http://www.jocm.us/index.php?m=content&c=index&a=show&catid=124&id=600 [www.jocm.us]
-

"Computer scientists have proposed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection.

The proof-of-concept software-or malicious trojans that adopt the same high-frequency communication methods-could prove especially adept in penetrating highly sensitive environments that routinely place an "air gap" between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals.

The researchers, from Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics[1], recently disclosed their findings in a paper published in the Journal of Communications[2]. It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps[3]. The new research neither confirms nor disproves Dragos Ruiu's claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today's malware."

[1] http://www.fkie.fraunhofer.de/en.html [fraunhofer.de]
[2] http://www.jocm.us/index.php?m=content&c=index&a=show&catid=124&id=600 [www.jocm.us]
[3] http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/ [arstechnica.com]

""In our article, we describe how the complete concept of air gaps can be considered obsolete as commonly available laptops can communicate over their internal speakers and microphones and even form a covert acoustical mesh network," one of the authors, Michael Hanspach, wrote in an e-mail. "Over this covert network, information can travel over multiple hops of infected nodes, connecting completely isolated computing systems and networks (e.g. the internet) to each other. We also propose some countermeasures against participation in a covert network."

The researchers developed several ways to use inaudible sounds to transmit data between two Lenovo T400 laptops using only their built-in microphones and speakers. The most effective technique relied on software originally developed to acoustically transmit data under water. Created by the Research Department for Underwater Acoustics and Geophysics in Germany, the so-called adaptive communication system (ACS) modem was able to transmit data between laptops as much as 19.7 meters (64.6 feet) apart. By chaining additional devices that pick up the signal and repeat it to other nearby devices, the mesh network can overcome much greater distances.

The ACS modem provided better reliability than other techniques that were also able to use only the laptops' speakers and microphones to communicate. Still, it came with one significant drawback-a transmission rate of about 20 bits per second, a tiny fraction of standard network connections. The paltry bandwidth forecloses the ability of transmitting video or any other kinds of data with large file sizes. The researchers said attackers could overcome that shortcoming by equipping the trojan with functions that transmit only certain types of data, such as login credentials captured from a keylogger or a memory dumper.

"This small bandwidth might actually be enough to transfer critical information (such as keystrokes)," Hanspach wrote. "You don't even have to think about all keystrokes. If you have a keylogger that is able to recognize authentication materials, it may only occasionally forward these detected passwords over the network, leading to a very stealthy state of the network. And you could forward any small-sized information such as private encryption keys or maybe malicious commands to an infected piece of construction."
Remember Flame?

The hurdles of implementing covert acoustical networking are high enough that few malware developers are likely to add it to their offerings anytime soon. Still, the requirements are modest when measured against the capabilities of Stuxnet, Flame, and other state-sponsored malware discovered in the past 18 months. And that means that engineers in military organizations, nuclear power plants, and other truly high-security environments should no longer assume that computers isolated from an Ethernet or Wi-Fi connection are off limits.

The research paper suggests several countermeasures that potential targets can adopt. One approach is simply switching off audio input and output devices, although few hardware designs available today make this most obvious countermeasure easy. A second approach is to employ audio filtering that blocks high-frequency ranges used to covertly transmit data. Devices running Linux can do this by using the advanced Linux Sound Architecture in combination with the Linux Audio Developer's Simple Plugin API. Similar approaches are probably available for Windows and Mac OS X computers as well. The researchers also proposed the use of an audio intrusion detection guard, a device that would "forward audio input and output signals to their destination and simultaneously store them inside the guard's internal state, where they are subject to further analyses."

* * *
Update
* * *

On Wednesday Hanspach issued the following statement:

        Fraunhofer FKIE is actively involved in information security research. Our mission is to strengthen security by the means of early detection and prevention of potential threats. The research on acoustical mesh networks in air was aimed at demonstrating the upcoming threat of covert communication technologies. Fraunhofer FKIE does not develop any malware or viruses and the presented proof-of-concept does not spread to other computing systems, but constitutes only a covert communication channel between hypothetical instantiations of a malware. The ultimate goal of the presented research project is to raise awareness for these kinds of attacks, and to deliver appropriate countermeasures to our customers.

Story updated to add "prototype" to the first sentence and headline and to change "developed" to "proposed," in the first sentence. The changes are intended to make clear the researchers have not created a piece of working malware."

-
RE: #badBIOS, badBIOS, bad BIOS
-

* * *
Some User Comments:
* * *

"What makes so many people here think that getting a computer first infected is such an impossible task?

Who is to To say computers don't come pre-configured with that ability in hardware, say the CPU? We know that the NSA has altered silicon in the "distant" past and if there is anything recent revelations have taught us then it is that things have only ever become technically more advanced and aggressive in the last ten years or so.

Remember: just because you're not paranoid doesn't mean they are not out to get you....Australia being happy to share medical records of its ordinary citizens being a prime example of that in today's press."

Amadeus71 Smack-Fu Master, in traininget Subscriptor

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/?comments=1&post=25785017#comment-25785017 [arstechnica.com]

-

"This was controversial at the time Dragos Ruiu brought it up. My guess was that it was possible, I'm glad to see someone actually put in the hard work to find out! Good job Fraunhofer."

MujokanArs Praetorian

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/?comments=1&post=25785087#comment-25785087 [arstechnica.com]

-

"Human hearing also gets worse at high frequencies before cutting out: http://en.wikipedia.org/wiki/Equal-loudness_contour [wikipedia.org]

Several years ago, I had a neighbor with an old-fangled CRT TV. I couldn't hear its 15.9kHz squeal from my apartment, but it did show up clearly in spectral graphs of recordings I made while it was on. It's not hard to imagine something using audio band frequencies at volumes low enough to escape audibility but still able to be picked up by nearby microphones."

LnxPrgr3 Smack-Fu Master, in training

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/?comments=1&post=25785217#comment-25785217 [arstechnica.com]

-

"The signal can be hidden in fully audible sounds, so that wouldn't help much. As other commenters have alluded, using spread-spectrum techniques, a signal can be hidden in a way that looks like just part of the ambient noise environment, at many different frequencies, perhaps both at the same time and in a time-varying distribution. For example, if there is a fan (perhaps a notebook fan) going in the environment, that can be measured, and information could be encoded in a slight deformation of that sound signature, in a way that no one would notice. Or if someone is speaking, tiny undetectable side-frequencies could be added in a way that sounds like part of their voice, but isn't really. Or if you use a random spread-spectrum approach, it could just sound like a slight bit of white noise in the background, a little hiss, that mingles with all the noise around you.

Be afraid. In cyberspace, all microphones can hear you scream."

AreWeThereYeti Ars Scholae Palatinaeet Subscriptor

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/?comments=1&post=25785535#comment-25785535 [arstechnica.com]
-

"If you're breaking your laptop open to put a capacitor across your speaker why not cut the wires or put a mechanical switch in instead?"

Wickwick Ars Scholae Palatinae

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/?comments=1&post=25786631#comment-25786631 [arstechnica.com]
-

"Personally I would physically disable every mic and speaker on these air-gapped computers, juts in case."

blacke Ars Praetorianet Subscriptor

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/?comments=1&post=25789071#comment-25789071 [arstechnica.com]
-

"I wonder if you couldn't just cut off a jack from some old headphones, and keep it plugged in as a countermeasure..."

zantoka Smack-Fu Master, in training

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/?comments=1&post=25791713#comment-25791713 [arstechnica.com]
-

"NorthGuy wrote:
My florescent light has been buzzing for weeks, do you think it's trying to hack my computer?"

Li-Fi

http://www.newscientist.com/article/mg21128225.400-will-lifi-be-the-new-wifi.html [newscientist.com]

Jimmy McNulty Smack-Fu Master, in training

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/?comments=1&post=25792319#comment-25792319 [arstechnica.com]
-

"are the sounds in their [mainstream] music transmitting data to invaded brains?"

DaHum Smack-Fu Master, in training

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/?comments=1&post=25799877#comment-25799877 [arstechnica.com]

-

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events.

-

* * *
Related Story:
* * *

Researchers create malware that communicates via silent sound, no network needed

"When security researcher Dragos Ruiu claimed malware dubbed "badBIOS"[1] allowed infected machines to communicate using sound waves alone-no network connection needed-people said he was crazy. New research from Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics suggests he's all too sane.

As outlined in the Journal of Communications (PDF)[2] and first spotted by ArsTechnica[3], the proof-of-concept malware prototype from Michael Hanspach and Michael Goetz can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks' built-in microphones and speakers. Freaky-deaky!

"The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached."

The most successful method was based on software developed for underwater communications. The laptops could communicate a full 65 feet apart from each other, and the researchers say the range could be extended by chaining devices together in an audio "mesh" network, similar to the way Wi-Fi repeaters work.

While the research doesn't prove Ruiu's badBIOS claims, it does show that the so-called "air gap" defense-that is, leaving computers with critical information disconnected from any networks-could still be vulnerable to dedicated attackers, if attackers are first able to infect the PC with audio mesh-enabled malware."

[1] http://www.pcworld.com/article/2060360/security-researcher-says-new-malware-can-affect-your-bios-be-transmitted-via-the-air.html [pcworld.com]
[2] http://www.jocm.us/uploadfile/2013/1125/20131125103803901.pdf [www.jocm.us]
[3] http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/ [arstechnica.com]

-

Sending data via sound

http://images.techhive.com/images/article/2013/12/air-gap-keystrokes-100154940-orig.png [techhive.com]

-

"Transmitting data via sound waves has one glaring drawback, however: It's slow. Terribly slow. Hanspach and Goetz's malware topped out at a sluggish 20 bits-per-second transfer rate, but that was still fast enough to transmit keystrokes, passwords, PGP encryption keys, and other small bursts of information.

"We use the keylogging software logkeys for our experiment," they wrote. "The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached, who is now able to read the current keyboard input of the infected victim from a distant place."

In another test, the researchers used sound waves to send keystroke information to a network-connected computer, which then sent the information to the "attacker" via email.

Now for the good news: This advanced proof-of-concept prototype isn't likely to work its way into everyday malware anytime soon, especially since badware that communicates via normal Net means should be all that's needed to infect the PCs of most users. Nevertheless, it's ominous to see the last-line "air gap" defense fall prey to attack-especially in an age of state-sponsored malware run rampant."

#

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events.

##

EOT

Re:bad BIOS saga continues - 12/13 (-1)

docmordin (2654319) | about a year ago | (#45607491)

All that's missing is some mention of hosts files.

Re:bad BIOS saga continues - 12/13 (-1)

nospam007 (722110) | about a year ago | (#45607591)

"All that's missing is some mention of hosts files."

Don't forget the subluxations.

Re:bad BIOS saga continues - 12/13 (-1)

Anonymous Coward | about a year ago | (#45607657)

Please do not feed the trolls.

Re:bad BIOS saga continues - 12/13 (-1)

Anonymous Coward | about a year ago | (#45607691)

Please do not feed the trolls.

If only they wouldn't troll the feeds..

Re:bad BIOS saga continues - 12/13 (-1)

Anonymous Coward | about a year ago | (#45607563)

I see you're no longer mentally fixated on your HOSTS file, now if only they'd stop this spammy drivel... Don't forget to repeat this with ridiculous defensive comments spanning 10+ rants - no sense breaking tradition now? :D

Reasonable expectations (5, Insightful)

SecurityGuy (217807) | about a year ago | (#45607453)

Pretty soon, the argument about whether you have in any given facet of your life a "reasonable expectation of privacy" may take on a whole new meaning.

No, it absolutely will not. People need to get through their heads that just because your rights are violated, that doesn't mean expecting them not to be becomes unreasonable. If someone breaks into your house every day, it doesn't become "reasonable" for them to do so, or unreasonable for you to expect people to stay out of your house.

The logic espoused by the quoted idea is the same as saying if police were to start strip searching everyone without cause, it would be reasonable simply because it always happens.

Stop that.

Re:Reasonable expectations (4, Insightful)

Chris Mattern (191822) | about a year ago | (#45607527)

The logic espoused by the quoted idea is the same as saying if police were to start strip searching everyone without cause, it would be reasonable simply because it always happens.

Yes, it is. Gone through an airport lately?

Re:Reasonable expectations (4, Interesting)

Opportunist (166417) | about a year ago | (#45607811)

Yes. Oh, you mean in the US? No, are you nuts?

Take a wild guess why.

I used to make long and rather expensive vacations in the US. It was a great country to spend some fun time (and quite a few 1000 bucks) in. It's no longer the case, sadly.

Re:Reasonable expectations (3, Interesting)

ImOuttaHere (2996813) | about a year ago | (#45607857)

Er. No. Three letter agency spying on US citizens is illegal. Period. Ever read the 4th amendment to your constitution? Perhaps you should.

The logic espoused by the quoted idea is the same as saying if police were to start strip searching everyone without cause, it would be reasonable simply because it always happens.

Yes, it is. Gone through an airport lately?

That's EXACTLY how it works. (5, Insightful)

Anonymous Coward | about a year ago | (#45607553)

Precedent is a bigger component of the law than logic is.

Don't mistake the way you'd like things to work from the way they actually work.

Resigned much? (1)

Mister Liberty (769145) | about a year ago | (#45607837)

Between precedent and law stands PROTEST!

Re:That's EXACTLY how it works. (4, Insightful)

Anonymous Coward | about a year ago | (#45607881)

Neither mistake unilateral actions of the executive for actions taken with permission of the judiciary.

Precedent applies to the judiciary. They do not take the fact "we are already doing this" as a legal precedent.

And how do you think precedents get set, exactly? The judiciary takes a logical view and makes a logical decision. Precedent merely means not having to do that every single time afterwards.

Re:Reasonable expectations (0)

h4x0t (1245872) | about a year ago | (#45607565)

Mod parent up.

Re:Reasonable expectations (4, Insightful)

lagomorpha2 (1376475) | about a year ago | (#45607655)

Don't underestimate how readily willing humans are to adapt. There are places in the world where having your house broken into every day has nearly become the norm and people have decided to adapt to the new situation instead of fighting it.

If you want to fight something like this you have to do it before it becomes the accepted norm.

Re:Reasonable expectations (5, Informative)

NatasRevol (731260) | about a year ago | (#45607905)

Before you fight it, you have to know it's happening.

Without Snowden, no one outside of the NSA would know all this has been happening for a decade.

Which makes it all the more bizarre that people think Snowden is a traitor. He shone the light on all the illegality of the government.

^ mod up (0)

globaljustin (574257) | about a year ago | (#45607675)

Every time...every single time a story like this is posted we get a wave of this:

  "you idiots...fuck the government...privacy is dead"

Who are these people? Are they real people or bots? Why does the fact that governments spy mean we, the people who run this country, can't hold them accountable?

It's completely totally up to **US** to demand our government do its job & obey our rights

Re:^ mod up (-1)

Anonymous Coward | about a year ago | (#45607783)

It's completely totally up to **US** to demand our government do its job & obey our rights

What? You terrorist loving, Freedom Hating, pinko! We are under attack! They are doing this to stop the Muslims from attacking again! The Government IS doing it's job!

I feel so much safer since they started doing this. Why there hasn't been a foreign terrorist attack on our soil since 2001!

...

Listen to talk radio and watch Fox News sometime. We the People are morons.

Re:^ mod up (1)

Opportunist (166417) | about a year ago | (#45607831)

If you let the attacks change your way of life, if you're so afraid that you prefer protection over freedom, the terrorists win!

You don't want the terrorists to win, do you?

(Rhetoric works both ways!)

Re:^ mod up (4, Insightful)

NatasRevol (731260) | about a year ago | (#45607909)

With all this 'fear', the terrorists have already won. Rhetoric or not.

Re:^ mod up (1)

SuperTechnoNerd (964528) | about a year ago | (#45608023)

It's completely totally up to **US** to demand our government do its job & obey our rights

Please tell us your plan to demand thees things so I can follow along.. Since you have it all figured out..

Re:^ mod up (1)

msauve (701917) | about a year ago | (#45608175)

Time for Steve Earle to update the lyrics:

I used to listen to the radio
And I don't guess they're listenin' to me no more
They talk too much but that's okay
I don't understand a single word they say
Piss and moan about the immigrants
But don't say nothin' about the president
A democracy don't work that way
I can say anything I wanna say

So fuck the FCC
Fuck the FBI
Fuck the CIA
Livin' in the motherfuckin' USA

People tell me that I'm paranoid
And I admit I'm gettin' pretty nervous, boy
It just gets tougher everyday
To sit around and watch it while it slips away
Been called a traitor and a patriot
Call me anything you want to but
Just don't forget your history
Dirty Lenny died so we could all be free

So fuck the FCC
Fuck the FBI
Fuck the CIA
Livin' in the motherfuckin' USA

Re:Reasonable expectations (1)

gsslay (807818) | about a year ago | (#45607757)

Privacy as a right is not an absolute unchanging concept because "privacy" is not an absolute concept. It changes.

Someone's idea of privacy in Victorian London 1880 may not to be regarded as either a right, or even reasonable, in Atlanta in 2013. Whether it's a change for the better or worse is a matter of opinion, of course.

There is nothing to suggest that the concept of "privacy" won't continue to change in the future, while still remaining what people think of as a right. Obviously your example is extreme and unlikely, but if it becomes common place for others to enter your property, then your expectation of privacy there may become questionable.

Re:Reasonable expectations (3, Interesting)

ImOuttaHere (2996813) | about a year ago | (#45607797)

Exactly!!! Well illustrated points.

Standards of "reasonable-ness" in the US and UK are completely screwed up. More importantly, claiming illegal actions "reasonable" does not make them any less unlawful, now does it?

Pretty soon, the argument about whether you have in any given facet of your life a "reasonable expectation of privacy" may take on a whole new meaning.

No, it absolutely will not. People need to get through their heads that just because your rights are violated, that doesn't mean expecting them not to be becomes unreasonable. If someone breaks into your house every day, it doesn't become "reasonable" for them to do so, or unreasonable for you to expect people to stay out of your house.

The logic espoused by the quoted idea is the same as saying if police were to start strip searching everyone without cause, it would be reasonable simply because it always happens.

Stop that.

Re:Reasonable expectations (1)

alex67500 (1609333) | about a year ago | (#45607939)

Top-posting, on Slashdot? What are the bouncers doing?!?

Re:Reasonable expectations (3, Interesting)

Anubis IV (1279820) | about a year ago | (#45607893)

I agree with you, of course.

But at the same time, I get what they mean too, and I think it's the result of some poorly chosen words on the part of judges decades ago. They never should have referred to it as an "expectation", since our expectations are shaped by the world around us, regardless of the legality of what is taking place in it. As such, if we're aware of widespread surveillance that is taking place, then technically we should have no reasonable expectation of privacy, even though we may have reason to believe that it should exist.

What we need is a different word. Something that refers to an expectation that is only shaped by things occurring as they are supposed to. I suppose we have "wishful thinking", but I was hoping for something that sounded a bit better than that.

Re:Reasonable expectations (0)

Anonymous Coward | about a year ago | (#45607949)

The problem is that a lot of fearful people believe that allowing your right to privacy is violating their right to safety, and Congress loves these folks.

Re:Reasonable expectations (2)

TheCarp (96830) | about a year ago | (#45607971)

> No, it absolutely will not. People need to get through their heads that just because your rights are
> violated, that doesn't mean expecting them not to be becomes unreasonable

The problem is it already has become that. Expectation of privacy is a "god of the gaps" problem. You have it, except where there is some reason you don't....and those reasons keep expanding. Most, taken individually are small: But even a large container can be filled and then buried in the smallest grains of sand.

The thing is, this is already where we are. This is not a real change, it already happened right under everyone's nose. The very moment it was decided that third party data had no privacy protection, the door was wide open; we lost. In fact, as soon as the idea of a "reasonable expectation" came about we lost because "reasonable" is very vague; and allows for an expanding definition....as soon as you have no reason left to expect privacy, you no longer have a right to it. You may as well erase privacy from the dictionary at that point.

Its not hopeless, maybe people will come to realize the problem here. Maybe people will see the wisdom that is actually in some court decisions. Read the supreme court decision on this very issue in relation to thermal imaging of homes without a warrant: They got it right and got it right for all the right reasons. They even recognized that a technology which is not granular enough to give away specific private details is not garauntee that it never will be; and that even the heat signatures of a house could give away private activity (like when you take a shower, or when you go to bed)

However, I don't expect it. People are too easily distracted; and real solutions would have to involve stopping the data from being collected as it is, all the way back to the towers. Because even having the phone company gather it, means it is gathered, and they can always share it without telling anyone.

Privacy respect needs to go all the way back to the endpoints.... maybe it will happen but I am skeptical in the near term.

Fuck You, USA (4, Insightful)

Anonymous Coward | about a year ago | (#45607459)

What else is there to say.

Re:Fuck You, USA (0)

SJHillman (1966756) | about a year ago | (#45607521)

What makes you so sure the USA is the only country doing this? Maybe we're just the worst at hiding it...

Re:Fuck You, USA (1)

Sockatume (732728) | about a year ago | (#45607551)

"The UK and Iran do it too" isn't exactly putting a positive spin on things.

Re:Fuck You, USA (4, Insightful)

Opportunist (166417) | about a year ago | (#45607921)

That's how erosion of freedom works. At first, you pride yourself with being "free" while looking down at others who are not. Then you're happy that you're "free-er" than the other one. And in the end, all that's left is being happy that they're even worse off.

Re:Fuck You, USA (1)

NatasRevol (731260) | about a year ago | (#45607937)

Every country is doing it to some degree or another. Right or wrong.

It's just that it's explicitly illegal for the NSA to be doing it in the US.

Ironically, if this was the FBI instead of the NSA, it'd all be legal.

Re:Fuck You, USA (0)

Anonymous Coward | about a year ago | (#45607643)

The United States of America are the only country which has managed to convince almost every other country in the world to allow US operations in those countries. Besides, if any other country does this, fuck them too, but this is about the US of fucking A behaving like they own the world, so FUCK YOU.

Re:Fuck You, USA (1)

gmuslera (3436) | about a year ago | (#45607697)

So if there are more thieves is ok for you to steal?

Re:Fuck You, USA (5, Interesting)

Opportunist (166417) | about a year ago | (#45607993)

Actually, yes, that's how the human mind works. If you let someone get away with it, more will follow suit.

I remember an experiment where a "No littering" sign was put up on a corner where people used to dump their trash. They cleaned up the place and put up the sign, and then they observed what happened. A few people came up with their bulky waste, saw the sign, saw that it was clean and turned around with their waste. Nobody dumped their trash.

Then they placed a few items of "waste" underneath the sign and continued to observe. Again, people came by with trash and they had no qualms dumping their trash right underneath the "no littering" sign, simply because they were not the first to break the law. Someone else already did, so it's ok.

Don't let any government get away with it. If one of them does it, it's ok for the others to follow.

Re:Fuck You, USA (0)

Anonymous Coward | about a year ago | (#45607707)

Do those other countries proclaim themselves to be a "beacon of freedom" [cnn.com] ?

Re:Fuck You, USA (1)

alex67500 (1609333) | about a year ago | (#45607951)

They're the only ones who got exposed until now, but it's quite obvious most countries with proper Intelligence services will be doing the same... Fuck you, World! ;-)

Re:Fuck You, USA (1)

Anonymous Coward | about a year ago | (#45607531)

Nothing, really. The operations of NSA must come to an end to stop this madness.

Re:Fuck You, USA (3, Interesting)

digitalchinky (650880) | about a year ago | (#45607745)

What else is there to say? I would start by telling your telecommunications carrier to encrypt every single SS7 link they own. Different keys on every channel, in every trunk, everywhere, all of them. That one act would be utterly blinding. This 'meta data' problem could be solved easily and permanently, there is just no incentive to do so when your arms are tied or there is money to be made.

Re:Fuck You, USA (1)

SuperTechnoNerd (964528) | about a year ago | (#45607995)

I would start by telling your telecommunications carrier to encrypt every single SS7 link they own.

They are a part of the cabal - haven't you been paying attention?

What incentive does you carrier have to help you and not them? They carry a bigger stick.

Re:Fuck You, USA (1)

Opportunist (166417) | about a year ago | (#45608011)

You act as if they're not part of the deal...

Re:Fuck You, USA (1)

ImOuttaHere (2996813) | about a year ago | (#45607819)

Thank you. That's exactly it, isn't it?

What else is there to say.

Re:Fuck You, USA (1)

AmiMoJo (196126) | about a year ago | (#45607863)

How about "you are under arrest, you have the right to remain silent but anything you do say can be used against you in a court of law", or whatever the local equivalent is.

Individual countries should at least put out arrest warrants for NSA employees so that they can't travel there. Any EU country that does it can make it an EU wide warrant. It may not result in any arrests but at least there would be some repercussions for the US.

No surprise (1)

Anonymous Coward | about a year ago | (#45607485)

Anyone surprised by this? I imagined they were doing that anyway

Re:No surprise (4, Interesting)

nospam007 (722110) | about a year ago | (#45607653)

"Anyone surprised by this? I imagined they were doing that anyway"

No. They said in the past, that they would log the metadata of citizens doing foreign calls.

They just didn't mention that they also log all the metadata of "all foreign countries", because per definition all they are doing are 'foreign calls'.

Re:No surprise (4, Insightful)

gstoddart (321705) | about a year ago | (#45607761)

They just didn't mention that they also log all the metadata of "all foreign countries", because per definition all they are doing are 'foreign calls'.

And if any foreign government was doing this to America it would be deemed an act of war.

So at some point, you more or less have to expect the rest of the world to start yelling really loudly to their leaders that they're not willing to put up with this any more.

I would like to think some countries will grow some balls and start saying "you know that navy base, you have to leave now".

If this was Russia or China, America would be indignant. Since it's America, Americans treats it like it's their right. The rest of us don't agree and have no desire to be beholden to your security interests. Because we don't see that your rights supersede ours.

Re:No surprise (1)

mrchaotica (681592) | about a year ago | (#45608215)

No. They said in the past, that they would log the metadata of citizens doing foreign calls. They just didn't mention that they also log all the metadata of "all foreign countries", because per definition all they are doing are 'foreign calls'.

This expands beyond that in another way, too: according to TFA, they're not just getting a location reading when a call is actually made ("call metadata"), but monitoring the location the entire time the phone is turned on and connected to the network.

The possibility of this is not new, of course, but this is the first time (that I've heard of, at least) that it has been confirmed.

Re:No surprise (1)

GameboyRMH (1153867) | about a year ago | (#45607751)

I'm surprised at the way they were doing it. I'd think they'd have a backdoor into the telco to do this, but apparently this location info normally gets sent out of the country and they just had to intercept it? WTF?

COMMIES AT HEART !! (0)

Anonymous Coward | about a year ago | (#45607487)

Fear the unknown !! ... a date which will live in infamy !!

At some point... (0)

Anonymous Coward | about a year ago | (#45607503)

...the only recourse will be using the Second Amendment to protect the Fourth.

This is getting out of hand.

Re:At some point... (0)

Anonymous Coward | about a year ago | (#45607705)

PSA:

The parent poster has been identified and noted for overnight surprise roundup.

your friendly NSA rep

Re:At some point... (0)

Anonymous Coward | about a year ago | (#45607777)

The FBI has been notified of this NSA impersonator. Prepare for prison.
 
--Your Local Obaaaaaaaahma Supporter

Blame the Victims (4, Insightful)

Anonymous Coward | about a year ago | (#45607511)

I'm not saying its ok, but what did people think was going to happen when they started carrying around devices that store and report their physical position every few minutes. Somebody is getting that data. If its not the NSA, then its a phone company or an advertising company or police officers or etc...

Re:Blame the Victims (3, Informative)

iamwahoo2 (594922) | about a year ago | (#45607617)

Except you could have sued the phone company if Congress had not passed a retro-active law that stripped citizens of their rights to do so.

Re:Blame the Victims (0)

fustakrakich (1673220) | about a year ago | (#45607727)

Well, the citizens didn't complain much, and they reelected most of that congress, and a president that lied when he promised to do something to correct it, so what's the problem? The numbers indicate a high approval of all this.

Re:Blame the Victims (4, Insightful)

gstoddart (321705) | about a year ago | (#45607877)

The numbers indicate a high approval of all this.

Or a lack of understanding. Or a lack of options in who else to vote for. Or a stunning indifference that as long as you feel safe you don't care about everyone else. Or a sense of entitlement. Or extreme hypocrisy about freedom.

Re:Blame the Victims (0)

Anonymous Coward | about a year ago | (#45608069)

I'm not saying its ok, but what did people think was going to happen when they started carrying around devices that store and report their physical position every few minutes. Somebody is getting that data. If its not the NSA, then its a phone company or an advertising company or police officers or etc...

I would still like more for it to be the phone company than some National Spying Agency.

Love this quote (4, Interesting)

93 Escort Wagon (326346) | about a year ago | (#45607543)

Robert Litt, general counsel for the Office of the Director of National Intelligence, which oversees the NSA, said “there is no element of the intelligence community that under any authority is intentionally collecting bulk cellphone location information about cellphones in the United States.”

The dude is quite the contortionist... the statement basically tells us absolutely nothing.

On second thought - it tells us everything.

Re:Love this quote (5, Insightful)

SJHillman (1966756) | about a year ago | (#45607609)

Possible meanings of that quote:
1 - We're collecting it unintentionally
2 - We're collecting it without authority
3 - We're not doing it in bulk, each one is individually collected
4 - We're not doing it in the US, only everywhere else
5 - We're collecting information, just not location information
6 - We're using subcontractors that are not part of the "intelligence community"
7 - We're considering the entity doing it something other than an "element"
8 - We're collecting it from devices other than cellphones
9 - We're collecting location information about people, not about cellphones
10 - I am the very model of a modern major-general.

Re:Love this quote (1)

Kjella (173770) | about a year ago | (#45607741)

6 - We're using subcontractors that are not part of the "intelligence community"

Or as a variation:
11. We're collecting data on everybody except in the US, which we swap with the UK for data they can't collect. This close cooperation with foreign agencies is of course not counted. The only thing you can be sure of from the NSA leaks is that even if your own country doesn't spy on you, all other countries sure do with USA at the head of the class.

Re:Love this quote (0)

Anonymous Coward | about a year ago | (#45607771)

11 - Nobody has authority over us. (I think that one is far more likely.)

Re:Love this quote (1)

Anonymous Coward | about a year ago | (#45607817)

11 - Technically, we're collecting data on which cell tower the phones are connected to, not geographical coordinates per se. We just convert to location after the fact.

"Phone A12345 is currently near tower B98765" isn't technically location data. Not until you join that up with the table that tells you cell tower B98765 is at 55.728N 42.729W

Re:Love this quote (4, Insightful)

Dr Caleb (121505) | about a year ago | (#45607873)

If you consider the recent stories that a A woman was denied entry to the US [slashdot.org] based on confidential medical records that the US shouldn't have had; and recent revelations that '5-Eye' countries give information on their citizens to other 5-Eye countries [theguardian.com] to get around local privacy laws:

You could infer

11 - The NSA didn't have to collect the data at all because Telecom companies gave them the data "freely".

Re:Love this quote (1)

x_t0ken_407 (2716535) | about a year ago | (#45607879)

So many different possibilities...I mean it's like he purposely left his statement open-ended so as to not specifically deny and guarantee that the shit isn't happening ...oh, wait.

Re:Love this quote (1)

AmiMoJo (196126) | about a year ago | (#45607895)

5 - We're collecting information, just not location information

My bet would be this. They collect signal strength and association data from cell towers. It is then simple to transform that to a location, but the transform happens on their sever so they didn't "collect" it.

Re:Love this quote (1)

Desler (1608317) | about a year ago | (#45607711)

Exactly. It is basically saying they are collecting the information just not in the US. That way they can skirt those pesky things like laws.

Re:Love this quote (1)

x_t0ken_407 (2716535) | about a year ago | (#45607843)

...it tells us everything.

Exactly. Which people who don't think outside the box will see "everything" as "we have nothing to worry about, they only go after terrorists and the ends justify the means". Meanwhile, there is no "official" "authority" that this guy can allude to publicly, most likely because intricate details of exactly what they're collecting and prevention of abuse of the system is "classified", so how would we ever really know? Fuck we wouldn't know shit at all if Snowden didn't have the balls to do what he did. I'd say trust me that this is only the tip of the iceberg with the shit the NSA, etc. has going on, but hey I tend to research and think critically about things, something that is frowned upon and discouraged by tptb.

Re:Love this quote (1)

gmuslera (3436) | about a year ago | (#45607855)

Don't matter what they say If they can lie even to the congress [slate.com] with no consequences.

Metadata (4, Insightful)

Rotten (8785) | about a year ago | (#45607567)

Depends on how you define metadata. Nowadays the line between privacy, metadata and your last name, habits, shopping, etc seems to be a single "SELECT" line involving one or two tables.

The information is obviously a valuable law enforcement tool. Just like phone records, like wiretapping (under a judge auth.).
At least my perception, way before snowden and all the latest leaks, was that this was actually happening. This is just a confirmation.

Would be great if, as in wiretapping, this would be supervised by justice, and used only in criminal investigations. Sound naive ...i know

Re:Metadata (1)

RabidReindeer (2625839) | about a year ago | (#45607651)

Depends on how you define metadata. Nowadays the line between privacy, metadata and your last name, habits, shopping, etc seems to be a single "SELECT" line involving one or two tables.

The information is obviously a valuable law enforcement tool. Just like phone records, like wiretapping (under a judge auth.).
At least my perception, way before snowden and all the latest leaks, was that this was actually happening. This is just a confirmation.

Would be great if, as in wiretapping, this would be supervised by justice, and used only in criminal investigations. Sound naive ...i know

That's probably a pretty good definition of what separates data from metadata. A single JOIN clause.

Re:Metadata (5, Insightful)

Impy the Impiuos Imp (442658) | about a year ago | (#45607679)

(Warrantless) Metadata: That info with which the King of England would have rounded up the Founding Fathers, and thus they would have considered it part of search and sezure protections.

This "it's just metadata" is a fraud.

Re:Metadata (0)

Anonymous Coward | about a year ago | (#45608085)

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

No one has seized anything, nor searched any persons, houses, papers nor effects.

Information wants to be free. That cuts both ways. Slashdot can't claim "privacy" over its own metadata with one hand and pirate movies with the other. It can't claim 8 bytes of location data is property ("persons, houses, papers and effects") while claiming 15GB movies are not property. And it doesn't get to do special pleading on account of "privacy" either. The 4th amendment makes no mention of privacy whatsoever.

Re:Metadata (0)

Anonymous Coward | about a year ago | (#45608041)

That's the problem. This stuff isn't "metadata", it's just plain old data. They're trying to say "but it's not content!" And they're right. They don't collect call content, they collect call data. Not "metadata". Just data.

Their terminology is wrong.
Their motives are wrong.
Their actions are wrong.
They are wrong.

And when something is wrong, what do we do? We fix it. Someone needs to "fix" the NSA. Testicularly. (That's a word now.)

ob:iyndaw,ygnth post! (0)

Anonymous Coward | about a year ago | (#45607577)

epitaph for Democracy:

If you're not doing anything wrong, you've got nothing to hide.

Re:ob:iyndaw,ygnth post! (0)

Anonymous Coward | about a year ago | (#45608213)

Exactly. That's like saying "if you don't mess with anything, you are free to break into my house".

You get what you pay for.... (0)

Anonymous Coward | about a year ago | (#45607601)

Everyone who ever wanted their government to "solve XXXX" has gotten what they wanted: a powerful government.

Of course, a powerful government is an out-of-control government, but we can't expect those who want the government to hold their pee-pee to THINK of that.

NSA Delenda Est (5, Interesting)

Phoenix666 (184391) | about a year ago | (#45607621)

I like the idea the folks in Utah had to cut off the water supply from the NSA facility so they're unable to cool their hardware and it melts. An across-the-board move to shun them and their conspirators in Washington would send the clear message that they had better change course and obey the law before the American people compel them through more drastic measures.

Re:NSA Delenda Est (0)

Anonymous Coward | about a year ago | (#45607687)

Worst case, their hardware hits a temperature threshold and alerts them, they "render" whichever no-good terrist was involved in cutting off the water and go on as normal, possibly shutting down some hardware as a temporary measure to prevent damage.

NSA spin (4, Insightful)

Anonymous Coward | about a year ago | (#45607631)

Interesting spin

"One senior collection manager, speaking on the condition of anonymity but with permission from the NSA, said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones. Additionally, data are often collected from the tens of millions of Americans who travel abroad with their cellphones every year."

You are supposed to infer from that, that only Americans who travel abroad with their cellphones are the ones tracked. When it's not, it's Americans at home too, the tower ids are in the metadata he's already admitted they collect.

“there is no element of the intelligence community that under any authority is intentionally collecting bulk cellphone location information about cellphones in the United States.”

Police Officer : "Did you murder that woman?"
Knife carrying suspect, caught as scene of crime, covered in victims blood: "I had no authority to intentionally kill that woman"

Our Founding Fathers would be mortified (1)

WillAdams (45638) | about a year ago | (#45607659)

Re:Our Founding Fathers would be mortified (1)

Desler (1608317) | about a year ago | (#45607737)

Really [wikipedia.org] ? Last time I checked John Adams was a "founding father". Sure, James Madison was opposed but you can't make any such blanket statements about what the "founding fathers" would think because they were actually quite a diverse group of people. They were not some hive mind.

Mother Fuckers (0)

Anonymous Coward | about a year ago | (#45607669)

Rather, it collects locations in bulk because its most powerful analytic tools — known collectively as CO-TRAVELER — allow it to look for unknown associates of known intelligence targets by tracking people whose movements intersect.

Dragnet.

So, if you are visiting a country and want to go to church and unknowingly that church is a Right Wing AntiAmerican White supremacist group, you'd be put on the watch list. Or Muslim and go to a mosque near your hotel that has radical elements.

An intelligence lawyer, speaking with his agency’s permission, said location data are obtained by methods “tuned to be looking outside the United States,” a formulation he repeated three times. When U.S. cellphone data are collected, he said, the data are not covered by the Fourth Amendment, which protects Americans against unreasonable searches and seizures.

Jesus Fucking Christ. So Americans, as soon as your step outside of the country, the NSA says that your rights no longer exist.

Like encryption and anonymity tools online, which are used by dissidents, journalists and terrorists alike, security-minded behavior — using disposable cellphones and switching them on only long enough to make brief calls — marks a user for special scrutiny.

Got that TOR users?!

the real fear (1)

fluffythedestroyer (2586259) | about a year ago | (#45607717)

We have the technology, power, ressources to track anyone and anything anywhere in the world...including USA and other countries and we can be more powerfull and more advanced than we are right now. I'm not afraid of that...contrairy, I adapt to it and that's not the problem. I'm more afraid of the person or people behind that power. We're talking about the people in the military and the current government. It's not a surprise or secret that lots of those stories are about corruption.

Take the analogy of a gun. The gun remains a gun and can be a tool of authority and defence and power to peace... put that in the wrong hands and you have yourself a mass murderer and a completely different story

Dear citizens of USA (0)

Anonymous Coward | about a year ago | (#45607719)

Why are you letting this to continue? :(

Re:Dear citizens of USA (4, Insightful)

GameboyRMH (1153867) | about a year ago | (#45607789)

Because Dancing with the Stars is on and it's that nasty Obamacare that's the real threat to freedom!!!

Re:Dear citizens of USA (0)

Anonymous Coward | about a year ago | (#45607977)

Because Dancing with the Stars is on and it's that nasty Obamacare that's the real threat to freedom!!!

Now THAT'S one ironic post given how Obama is blatantly ignoring the law with respect to Obamacare, and you seem be willing to let him get away with it.

What's a bigger threat to freedom than a gigantic government run by an imperial President who ignores laws? And again, you seem willing to allow it to happen.

Re:Dear citizens of USA (0)

Anonymous Coward | about a year ago | (#45608087)

Correction: at the moment, Obamacare is only a threat to Democrats seeking reelection next year. Them and people who get cancelled Dec 31st from their current plan. Unless those folks are some of the lucky few (or will be by 12/23), they will be starting the new year without insurance.

tell me again why you are defending Obamacare? I am interesting in subscribing to your newsletter....

Re:Dear citizens of USA (0)

Anonymous Coward | about a year ago | (#45607791)

Why are you letting this to continue? :(

1. We have an out-of-control President who blatantly ignores laws (won't deport illegal aliens, extends and ignores statutory Obamacare deadlines) and uses government agencies to harass political opponents (IRS...).

2. We have a press corps and way too many idiots (many, many Slashtards, for example...) who give Obama a complete pass on his imperial power grabs.

Re:Dear citizens of USA (1)

Opportunist (166417) | about a year ago | (#45608065)

Don't worry, next time they're gonna vote for the other branch of The Party and everything will be better.

This system isn't about tracking you. (0)

Anonymous Coward | about a year ago | (#45607729)

It's about finding CI operatives following our HUMINT guys in the field. That doesn't mean the way they're doing it is okay, just that the purpose has been misrepresented in every article I've seen.

Democratic USA (0)

Anonymous Coward | about a year ago | (#45607753)

Outside of Democratic USA, NSA tracks you!

The problem with losing privacy (0)

Anonymous Coward | about a year ago | (#45607759)

When a crime or attack of some sort happen there will always be someone who hits a few suspicousness markers, even if they had nothing to do with it. So all this data allows the NSA to always arrest someone.

Most people won't be able to resist a serious interrogation and could very well confess to the crime, while the terrorist will resist torture claiming innocence. I'm not saying they will confess to being a terrorist, instead the NSA will claim a bomb was set off at barren terrain and claim they suspect you of experimenting without intending to harm. "Just confess to this little thing so we know there's no terrorism brewing". And the NSA labels you a terrorist because the bomb caused people to die, I'm not saying it happened, but anything that can go wrong will, at some point, go wrong.

I don't want to be that person spending the rest of their life on Guantanamo Bay because the NSA wants to make the people feel safe.

Instead of spending money to do real detective work they take the shortcut of making everyone a suspect, only innocent if they feel like proving it.

They are watching us. (0)

Anonymous Coward | about a year ago | (#45607781)

They also put computer chips in every keyboard so they know what we are typing. Be careful. ;)

Kind of like the thing from "The Dark Knight" (1)

harvestsun (2948641) | about a year ago | (#45607823)

I guess they forgot the part where Batman has it destroyed it because it poses a danger to society and goes against everything he believes in.

Reasonable expectations (0)

Anonymous Coward | about a year ago | (#45607849)

So given their track record, I have no right to reasonably expect any branch of our government to give a fuck, right?

Tracking (0)

Anonymous Coward | about a year ago | (#45608003)

Looks like it may be time to break out the Faraday cages.

But it's okay if the carriers track us? (2)

Overzeetop (214511) | about a year ago | (#45608051)

Just checking - the carriers are all tracking our movements as well, and using the data for profit.

I understand the outrage over the NSA doing it, I'm just checking to see if we're all fine with the corporations doing the same thing for profit as part of our wonder free-market society.

STOP USING CELL PHONES... (0)

Anonymous Coward | about a year ago | (#45608107)

Simple solutions - stop using cell phones and start using tablets that are wifi only and then use them only on hotspots.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?