Echelon International Electronic Espionage
Espionage: Individual privacy is a basic human right. This is about the intersection of Legal, Social and Ethical Issues that are at the heart of Information Technology.
Legality and espionage don't mix.
2016 In honor of the Patriot Act law’s 15th anniversary,
here are 15 things you might not know.
Whistleblowers often face espionage charges for divulging classified information. Petraeus never went to jail.
How a Gift from School children Let the Soviets Spy on the U.S. for 7 Years
Attention, ambassadors: inspect every present carefully. In the early 20th century, human espionage and eavesdropping was augmented by new technology like wiretaps and small, concealable listening and recording devices. In 1946, a group of Russian children from the Vladimir Lenin All-Union Pioneer Organisation (sort of a Soviet scouting group) presented a carved wooden replica of the Great Seal of the United States to Averell Harriman, the U.S. Ambassador to the Soviet Union. The Soviets had built a listening device—dubbed “The Thing” by the U.S. intelligence community—into the replica seal and had been eavesdropping on Harriman and his successors the whole time it was in the house.
1944 to 1951
TRUST NO ONE What it comes to is that the entire Western intelligence effort, which was pretty big, was what you might call minus advantage,” the C.I.A. officer Miles Copeland, Jr.—himself a close friend of Philby’s—said. “We’d have been better off doing nothing.”
It has long been known that AT&T has cooperated with the NSA on surveillance, but few details have emerged about the role of specific facilities in carrying out the top-secret programs. The Snowden documents provide new information about how NSA equipment has been integrated as part of AT&T’s network in New York City, revealing in unprecedented detail the methods and technology the agency uses to vacuum up communications from the company’s systems.
Construction began in 1969, and by 1974, the skyscraper was completed. Today, it can be found in the heart of lower Manhattan at 33 Thomas Street, a vast gray tower of concrete and granite that soars 550 feet into the New York skyline. The brutalist structure, still used by AT&T and, according to the New York Department of Finance, owned by the company, is like no other in the vicinity. Federal Communications Commission records confirm that 33 Thomas Street is the only location in New York City where AT&T has an FCC license for satellite earth stations.
33 Thomas Street NY, NY known as the “Long Lines Building has served as an NSA surveillance site, code-named TITANPOINTE. Inside 33 Thomas Street there is a major international “gateway switch,” according to a former AT&T engineer, which routes phone calls between the United States and countries across the world. A series of top-secret NSA memos suggest that the agency has tapped into these calls from a secure facility within the AT&T building. The Manhattan skyscraper appears to be a core location used for a controversial NSA surveillance program that has targeted the communications of the United Nations, the International Monetary Fund, the World Bank, and at least 38 countries, including close U.S. allies such as Germany, Japan, and France.
The 2013 guide states that a “partner” called LITHIUM, which is NSA’s code name for AT&T, supervises visits to the site. The 33 Thomas Street building is located almost next door to the FBI’s New York field office — about a block away — at Federal Plaza. Warnecke’s original plans stated that it would provide food, water, and recreation for 1,500 people. It would also store 250,000 gallons of fuel to power generators, which would enable it to become a “self-contained city” for two weeks in the event of an emergency power failure. The blueprints for the building show that it was to include three subterranean levels, including a cable vault, where telecommunications cables likely entered and exited the building from under Manhattan’s bustling streets.
2017 Shadow Brokers published catastrophic hacks that let intruders take over machines running Windows software. The vulnerabilities had been discovered and used by the NSA, but the Shadow Brokers (a group widely believed to be a front for the Russian government) stole the NSA files, and has been publishing them in a series of blog posts.
6 million insecure insurance dongles installed in the USA. You are driving your car with insecure dongles thanks to all the insurance companies. Hacker Says Attacks On 'Insecure' Progressive Insurance Dongle In 2 Million US Cars Could Spawn Road Carnage. Thuen says he's now proven those hypotheses; previous attacks via dongles either didn’t name the OBD2 devices or focused on another kind of technology, namely Zubie, which tracks the performance of vehicles for maintenance and safety purposes. The Snapshot technology, manufactured by Xirgo Technologies, was completely lacking in the security department. Dongles are insecure, posing a genuine risk to people’s lives. Also, there is the attack vector of Progressive backend infrastructure. If those systems are compromised, an attacker would have control over the devices that make it out to the field. “In simple terms, we have seen that cars can be hacked and we have seen that cell comms can be hacked.” NEVER plug these into your car!
New awesome documentary I SPY (With My Five Eyes) is out and can be watched for free here
You are being followed: The business of social media surveillance investigate how police across the country are monitoring, tracking, and archiving public social media posts. To plug into our work, follow this link to file a freedom of information request using MuckRock’s platform.
FILE A REQUEST
Unregulated Police Face Recognition In America [PDF]
This is a big deal. Never has the federal government built a biometric network *primarily* made up of law-abiding people. In Chicago, police quietly asked for $2 million for real-time face recognition. West Virginia bought a real-time system that automatically extracts faces from video. Baltimore police scanned protesters’ faces.The system they used? *Never been audited.* Pennsylvania has 3D face modeling software… but not for African American or Latino faces. Ie, 20% of the population. @NIST doesn’t regularly test for racial bias. As of the spring, neither did 2 major face recognition companies.
Will you come down to the station to stand in the line-up? Most people would probably answer “no.” This summer, the Government Accountability Office revealed that close to 64 million Americans do not have a say in the matter: 16 states let the FBI use face recognition technology to compare the faces of suspected criminals to their driver’s license and ID photos, creating a virtual line-up of their state residents. In this line-up, it’s not a human that points to the suspect—it’s an algorithm. But the FBI is only part of the story. Across the country, state and local police departments are building their own face recognition systems, many of them more advanced than the FBI’s. We know very little about these systems. We don’t know how they impact privacy and civil liberties. We don’t know how they address accuracy problems. And we don’t know how any of these systems—local, state, or federal—affect racial and ethnic minorities. One in two American adults is in a law enforcement face recognition network.
- SECRET MANUALS SHOW THE SPYWARE SOLD TO DESPOTS AND COPS WORLDWIDE
- Police Story: Hacking Team’s Government Surveillance Malware
- DexGuard is our specialized optimizer and obfuscator for Android. Create apps that are faster, more compact, and more difficult to crack. DexGuard has you covered, automatically applying advanced application protection techniques. Regular updates make sure you stay ahead of hackers and pirates. http://www.saikoa.com/dexguard
The Stingray has been law enforcement's closely-guarded secret for more than 15 years. @theintercept We're releasing the manual.
@theintercept The full contents of the leak can be downloaded here : https://thepiratebay.org/torrent/15814582 … https://web.archive.org/web/20160912195320/https://thepiratebay.org/torrent/15814582
@csoghoian The gov has said publishing Stingray tech docs would permit dev of countermeasures. I guess they mean info like this https://archive.is/VUPtl
New leak from @theintercept includes first ever photo of top-of-the-line Harris Hailstorm, phone surveillance tech. https://archive.is/VUPtl
Meet The Cyber Mercenaries Selling Spyware to Governments
Some models of Inteno Internet routers are vulnerable to remote hack attacks, which can infiltrate the device and monitor all Internet traffic passing through it. F-Secure say they contacted Inteno about the flaw in some of their routers. Inteno later replied saying that software issues are handled by the "operators" that sell the equipment. "The operator that sells the CPE to end users or run their services over it should request software updates from Inteno," and Inteno spokesperson said at the time. "Inteno do not do end user sales on CPE, we only sell through operators so such software features are directed through operators requests."
2016 In scathing ruling, Federal Court says CSIS bulk data collection illegal Canada The Federal Court of Canada has faulted Canada’s domestic spy agency for unlawfully retaining data and for not being truthful with judges who authorize its intelligence programs. Separately, the court also revealed that the spy agency no longer needs warrants to collect Canadians’ tax records. All this has been exposed in a rare ruling about the growing scope of Canadian intelligence collection disclosed by the cou
A DIY Guide for those without the patience to wait for whistleblowers written by Phineas Fisher -- Video Interview -- Explains How He Did It how he broke into the company’s systems and laid bare its most closely guarded secrets - "And that's all it takes to take down a company and stop its abuses against human rights”
The Medusa system created by Endace, a little-known New Zealand company who sold it to GCHQ and is helping governments across the world harvest vast amounts of information on people’s private emails, online chats, social media conversations, and internet browsing histories. The company sold its surveillance gear to more than half a dozen other government agencies, including in the United States, Israel, Denmark, Australia, Canada, Spain, and India. ENDACE SAYS IT manufactures technology that allows its clients to “monitor, intercept and capture 100% of traffic on networks.” The Auckland-based company’s motto is “power to see all” and its logo is an eye. The company’s origins can be traced back to Waikato University in Hamilton, New Zealand in 1994.
Anguish: Invisible Programming Language and Invisible Data Theft and https://archive.is/tLNJ4 // http://blogs.perl.org/users/zoffix_znet/2016/05/anguish-invisible-programming-language-and-invisible-data-theft.html
You may be familiar with funky esoteric languages like or even Whitespace.
Those are fun and neat, but I've decided to dial up the crazy a notch and make a completely invisible programming language! I named it Anguishand, based on my quick googling, I may be a lone wolf at this depth of insanity. In this article, I'll describe the language, go over my implementation of its interpreter, and then talk about some security implications that come with invisible code.
All countries spy. All of them. Every single one. No exceptions. They always have spied, they always will spy.
Humans have been spying on each other since the caves. And demands for "data localization" in reality have virtually nothing to do with privacy, and virtually everything to do with countries wanting to be sure that they can always spy on their own citizens and other residents. They spy to the maximal extent of their technical and financial abilities.
The real reason you have countries demanding that the data of their citizens and other residents be stored in their own countries is to simplify access to that data by authorities in those countries, that is, for spying on their own people.
Having servers in-country doesn't increase privacy -- it merely provides easier physical access to those servers and their associated networking infrastructures for law enforcement and intelligence operations. True privacy protection isn't based on where data is located, but on the privacy policies and technologies of the firms maintaining that data, no matter where it physically resides. It's the EU/Russian politicos' worst data nightmare to have user data stored by companies like Google who won't just hand it over on any weak pretext, who are implementing ever stronger encryption systems, and who have incredibly strict rules and protections regarding access to user data -- It's not about privacy. It's exactly the opposite. It's all about spying on your own people. It's about censorship. It's about control.
L00F has participated in many anti-governmental and pro-crypto-anarchist attacks in the past against USA, Russia, Great Britain, Sweden and Japan. The group has been conducting clandestine operations against NASA for the past 7 year. They have uncovered multiple zero-day vulnerabilities in governmental infrastructure and SCADA systems that allowed them to bypass top security measures used by NASA and interconnected CIA/NSA hub. OpenPuff is a steganography toollkit which allows users to uncover data hidden into the image.
Philip Zimmermann’s own life is a lesson in what can happen to those who challenge the US’s ability to gather information. In 1984, he met the celebrity astronomer Carl Sagan, the actor Martin Sheen and the Pentagon Papers whistleblower Daniel Ellsberg – in a police jail. They had been arrested after breaking into the Nevada nuclear test site.
Today, his biggest worry is not software backdoors, but the petabytes (1m gigabytes) of information being hoarded by the likes of Google and Facebook. “If you collect all that data, it becomes an attractive nuisance. It’s kind of a siren calling out inviting someone to come and try to get it. Governments say that if private industry can have it, why can’t our intelligence agencies have it?”
Phil Zimmerman ~ Silent Circle’s move to Switzerland was prompted by the Lavabit affair which shut down Snowden's email. “Every dystopian society has excessive surveillance, but now we see even western democracies like the US and England moving that way,” he warns. “We have to roll this back. People who are not suspected of committing crimes should not have information collected and stored in a database. We don’t want to become like North Korea. We don't want to become like China. . . .]”
"The end of the Cold War has not brought to an end the Echelon eavesdropping system. This system has become a weapon of economic warfare."-- Rossiyskaya Gazeta (Russian state-funded daily paper)
One entire US spook base: Yours for $1m+
ECHELON's Sugar Grove Station goes under the hammer
Those readers with a few bucks to spare and who fancy owning an entire US base with a decidedly spooky history should proceed directly here for the opportunity to bid on Sugar Grove Station in West Virginia. The facility once served nearby antennas forming part of ECHELON, and although the antennas eavesdropping kit isn't included in the sale, for a bid in excess of $1m (way in excess, we reckon), you'll get a "wonderful fenced community" including 80 single-family homes, a 53-unit accommodation block, fire station, day care centre, gymnasium, community centre, swimming pool, baseball field, running track, and so on. Sugar Hill Station closed in 2015, with the loss or relocation of over 300 jobs. GSA Auctions reckons it might make "a corporate training center, a university or academic campus, a spa/clinic, movie studio, or mountain resort", but potential buyers should be aware that it lies in the National Radio Quiet Zone, so you'll have to keep the radio noise down a bit.
Spies like US London Telegraph 12/16 1997 Issue 936
"In the civil liberties committee we spend a great deal of time debating issues such as free movement, immigration and drugs. Technology always sits at the centre of these discussions. There are times in history when technology helps democratise, and times when it helps centralise. This is a time of centralisation. The justice and home affairs pillar of Europe has become more powerful without a corresponding strengthening of civil liberties."
In the days of the cold war, ECHELON's primary purpose was to keep an eye on the U.S.S.R. In the wake of the fall of the U.S.S.R.
ECHELON justifies it's continued multi-billion dollar expense with the claim that it is being used to fight "terrorism", the catch-all phrase used to justify any and all abuses of civil rights.
With the exposure of the APEC scandal, however, ECHELON's capabilities have come under renewed scrutiny and criticism by many nations. Although not directly implicated in the bugging of the Asia Pacific Economic Conference in Seattle, the use of so many U.S. Intelligence agencies to bug the conference for the purpose of providing commercial secrets to DNC donors raised the very real possability that ECHELON's all-hearing ears were prying corporate secrets loose for the advantage of the favored few.
Given that real terrorists and drug runners would always use illegal cryptographic methods anyway, the USA led attempt to ban strong crypto to the general populace seemed geared towards keeping corporate secrets readable to ECHELON, rather than any real attempt at crime prevention.
Assessing the Technologies of Political Control - was commissioned last year by the Civil Liberties Committee of the European Parliament. It contains details of a network of American-controlled intelligence stations on British soil and around the world, that "routinely and indiscriminately" monitor countless phone, fax and email messages. It states: "Within Europe all email telephone and fax communications are routinely intercepted by the United States National Security Agency transfering all target information from the European mainland via the strategic hub of London then by satellite to Fort Meade in Maryland via the crucial hub at Menwith Hill in the North York moors in the UK." The report confirms for the first time the existence of the secretive ECHELON system.
UK security agencies unlawfully collected data for 17 years, court rules Investigatory powers tribunal says secret collection of citizens’ personal data breached human rights law
British security agencies have secretly and unlawfully collected massive volumes of confidential personal data, including financial information, on citizens for more than a decade, top judges have ruled. The investigatory powers tribunal, which is the only court that hears complaints against MI5, MI6 and GCHQ, said the security services operated secret regimes to collect vast amounts of personal communications data, tracking individual phone and web use and large datasets of confidential personal information, without adequate safeguards or supervision for more than 10 years. The ruling said the regime governing the collection of bulk communications data (BCD) – the who, where, when and what of personal phone and web communications – failed to comply with article 8 protecting the right to privacy of the European convention of human rights (ECHR) between 1998, when it started, and 4 November 2015, when it was made public.
“The BPD regime failed to comply with the ECHR principles which we have above set out throughout the period prior to its avowal in March 2015. The BCD regime failed to comply with such principles in the period prior to its avowal in November 2015, and the institution of a more adequate system of supervision as at the same date,” the ruling concluded.
Let me translate James Clapper for you: "Democracy is more dangerous than Whistleblowing" - A German parliamentary committee is currently investigating allegations that the country's foreign intelligence agency, the BND, helped the US National Security Agency (NSA) spy on European companies and government officials.
2015 THANK YOU EDWARD SNOWDEN:
NSA Section 215 program revealed by whistleblower Edward Snowden June 2013. Beginning at 5pm ET on 1 June, for the first time since October 2001 the NSA will no longer collect en masse Americans’ phone records. Afederal appeals court on 7 May ruled the NSA bulk phone records collection illegal.
the bulk domestic phone records collection has never stopped a terrorist attack. Even though the administration has taken as a fallback position the line that the FBI surveillance powers under Section 215 are crucial for domestic counterterrorism, a Justice Department inspector general’s report issued on Thursday “did not identify any major case developments that resulted from use of the records obtained in response to Section 215 orders.”
Snowden: "Almost all surveillance taking place through XKEYSCORE-related systems is based on FAA702 or EO12333 -- both are warrantless authorities as the NSA uses them. Warrant-based FAA702 collection is normally via FBI, not NSA."
Domestic Aerial Surveillance Aircraft Master-List: Aviation database Flightradar24.com has the largest online aviation database. The data is updated in real-time. Search for a particular flight, aircraft, or airport to get in-depth information.
The Global Surveillance System 1996 @oldenboom Somebody's Listening - They've got it taped New Statesman: cover, pages 10-12, 12 August 1988. This is the earliest report on Echelon/P415The cover blows off! Even close allies do not like it when they are being spied on. Especially if the objective is not law enforcement but corporate shenanigans to make rich politicians just that much richer. So, the Civil Liberties Committee of the European Parliament looked into ECHELON, and officially confirmed it's existence and purpose.
Spycraft - MI6 Secret Agents work with MI5 [the UK’s domestic Security Service] and GCHQ [the secret listening station at Cheltenham]. True-life men and women who work inside those sandstone and emerald-coloured MI6 headquarters at Vauxhall Cross on the banks of the Thames London are not “secret agents”. They are intelligence officers. The people overseas who they persuade to spy for them are the actual agents. An agent-runner is at the sharp end of intelligence-gathering trying to recruit people to do difficult and dangerous things, sometimes betraying the very organisations they have worked with for years. “The intelligence cycle” works like this: the political leaders in Whitehall decide there is a requirement to find out something secret. The Chief is still known as “C” and is the only person allowed to sign papers in green ink. The gadgets and innovations department depicted in Bond as “Q” branch really does exist. There is no 00 licensed to Kill. We are not like Bond, we don’t have officers that seek to fulfil their missions at any cost. Our officers operate within the law
Exposing the Global Surveillance System 1st February 1997 Originally published in: Covert Action Quarterly
The ECHELON Affair The European Parliament and the Global Interception System Study
The Global Surveillance System 1998
The New Space Invaders Spies In The Sky Peter Goodspeed National Post Saturday, February 19, 2000
4/8/15 U.S. secretly tracked billions of calls for decades.
The data collection began in 1992 during the administration of President George H.W. Bush, nine years before his son, President George W. Bush, authorized the NSA to gather its own logs of Americans' phone calls in 2001. It was approved by top Justice Department officials in four presidential administrations and detailed in occasional briefings to members of Congress but otherwise had little independent oversight, according to officials involved with running it.
The U.S. government started keeping secret records of Americans' international telephone calls nearly a decade before the Sept. 11 terrorist attacks, harvesting billions of calls in a program that provided a blueprint for the far broader National Security Agency surveillance that followed.
For more than two decades, the Justice Department and the Drug Enforcement Administration amassed logs of virtually all telephone calls from the USA to as many as 116 countries linked to drug trafficking, current and former officials involved with the operation said. The targeted countries changed over time but included Canada, Mexico and most of Central and South America.
Federal investigators used the call records to track drug cartels' distribution networks in the USA, allowing agents to detect previously unknown trafficking rings and money handlers. They also used the records to help rule out foreign ties to the bombing in 1995 of a federal building in Oklahoma City and to identify U.S. suspects in a wide range of other investigations.
The Justice Department revealed in January that the DEA had collected data about calls to "designated foreign countries." But the history and vast scale of that operation have not been disclosed until now.
The now-discontinued operation, carried out by the DEA's intelligence arm, was the government's first known effort to gather data on Americans in bulk, sweeping up records of telephone calls made by millions of U.S. citizens regardless of whether they were suspected of a crime. It was a model for the massive phone surveillance system the NSA launched to identify terrorists after the Sept. 11 attacks. That dragnet drew sharp criticism that the government had intruded too deeply into Americans' privacy after former NSA contractor Edward Snowden leaked it to the news media two years ago.
Here are the top secret documents from the CIA's campaign to defeat Apple security 2015
RISK ASSESSMENT / SECURITY & HACKTIVISM
Blank check + 0 oversight = corruption
Researchers from Moscow-based Kaspersky Lab a Russian Company have uncovered more evidence tying the US National Security Agency to a nearly omnipotent group of hackers who operated undetected for at least 14 years. Equation Group was hands down the world's most advanced hacking operation ever to come to light.
Timestamps show the employees worked a 7 to 4 workday, which would then put them in the UTC-4 or UTC-5 time zones. That would equate to EST/EDT in the US.
How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last "Equation Group" ran the most advanced hacking operation ever uncovered. 2/16/15
Smoking gun further ties NSA to omnipotent “Equation Group” hackers What are the chances unrelated state-sponsored projects were both named "BACKSNARF"? 3/11/15
The strongest new tie to the NSA was the string "BACKSNARF_AB25" discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed "EquationDrug." "BACKSNARF," according to page 19 of this undated NSA presentation, PDF was the name of a project tied to the NSA's Tailored Access Operations.
Inside the EquationDrug Espionage Platform EquationDrug is one of the main espionage platforms used by the Equation Group, a highly sophisticated threat actor that has been engaged in multiple CNE (computer network exploitation) operations dating back to 2001, and perhaps as early as 1996. It's important to note that EquationDrug is not just a Trojan, but a full espionage platform, which includes a framework for conducting cyberespionage activities by deploying specific modules on the machines of selected victims.
Why you should care?
Even if you don't believe absolute power corrupts absolutely, some people like being able to believe that there's a minimum baseline of security that can be done to "make sure" that a given computer isn't currently maliciously controlled. Many people would like to think that wiping a hard drive and installing Windows fresh would kill all bugs. It wouldn't kill these. They get into the hard drive firmware and persist across factory refreshes, running before the OS even loads and hijacking the boot process directly. This is serious stuff, and those of us responsible for deployed hardware should know this is possible and attempt to defend against it. I believe, personally, that this is far more capability than should be in anyone's hands, even the government. Don't wipe your hard drive, destroy it.
NSA Director Mike Rogers should put everyone at ease.
"In short, I think I will take my chances and trust the three branches of government involved in the Verizon request to look out for my interest."
To borrow a line from Richard Feynman, what is the source of this
fantastic faith in the machinery? There are already a large number of people with some level of access
to this data. There will be more -- always more. Does anyone really think
that among all those myriad people, the number who might ever do something
unscrupulous with that data...is zero? And will STAY zero?
If you do, then let me introduce you to a fascinating statistic, courtesy of:
Espionage by the Numbers: A Statistical Overview http://www.wrc.noaa.gov/wrso/security_guide/numbers.htm
That analysis is "based on the 150 cases of U.S. citizens who committed espionage against the United States since the beginning of the Cold War in the late 1940s." And one of the things it says is:
"Fifteen percent of the spies held a Top Secret SCI clearance at the time they began committing espionage. Top Secret clearances were held by 35%, Secret by 21%, and Confidential by 3%. Twenty-six percent held no clearance at all. Those with no clearance include accomplices, witting spouses, those who provided classified information obtained during a previous job when they did have a clearance, and those who provided sensitive but unclassified information. Information is available for 141 cases."
Therefore, about 3/4 of the people who've committed espionage against
the US over the past 65-ish years held a security clearance.
The bar is set much lower for misuse of this data: one need not commit treason to abuse it. Say, for example, if there was a particular state attorney general who was in the process of making life uncomfortable for the extremely rich and powerful; surely there must be some items which could be used to generate a scandal and force him out of office before he could make too much trouble. ---rsk
7/14/14 GCHQ has tools to manipulate online information, leaked documents show Documents leaked by Edward Snowden reveal programs to track targets, spread information and manipulate online debates. Surveillance
Richard Matthew Stallman (born March 16, 1953), often known by his initials, rms, is a software freedom activist and computer programmer. He campaigns for software to be distributed in a manner such that its users receive the freedoms to use, study, distribute and modify that software.
ED SNOWDEN TAUGHT ME TO SMUGGLE SECRETS PAST INCREDIBLE DANGER. NOW I TEACH YOU.
As a former Article III judge, I can tell you that your faith in the FISA Court is dramatically misplaced. ~ U.S. District Judge Nancy Gertner
2016 The Government’s Addiction to ‘Secret Law’
In the realm of national security, where Congress tends to tread lightly, other sources of law predominate — and a new study by the Brennan Center shows that they are frequently withheld from the public. Intelligence agencies routinely issue rules and regulations without publishing them in the Federal Register, exploiting what are intended to be narrow exceptions to the publication requirement. Most presidential directives addressing national security policy are not made public. Documents released by the State Department in litigation reveal that 42 percent of binding agreements between the United States and other countries are unpublished. Secret law persists even in areas where we thought the secrecy had ended.
The Government’s Addiction to ‘Secret Law’ 42 percent of binding agreements between the U.S. and other countries are secret.
3/12/14 How the NSA Plans to Infect ‘Millions’ of Computers with Malware The NSA has set the internet on fire.
Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.
3/11/14 Surveillance companies pushing zero-day exploits
Private surveillance companies selling some of the most intrusive surveillance systems available today are in the business of purchasing security vulnerabilities of widely-used software, and bundling it together with their own intrusion products to provide their customers unprecedented access to a target’s computer and phone.
SEE BIG DATA
Does Google Have an Ethical Obligation Not to Spy?
Most companies have no process for aligning their business practices with their values and principles.
June 15, 2013 NSA admits listening to U.S. phone calls without warrants.
National Security Agency discloses in secret Capitol Hill briefing that thousands of analysts can listen to domestic phone calls. That authorization appears to extend to e-mail and text messages too. Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed "simply based on an analyst deciding that." If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he learned. "I was rather startled," said Nadler, an attorney and congressman who serves on the House Judiciary committee. Not only does this disclosure shed more light on how the NSA's formidable eavesdropping apparatus works domestically, it also suggests the Justice Department has secretly interpreted federal surveillance law to permit thousands of low-ranking analysts to eavesdrop on phone calls. Because the same legal standards that apply to phone calls also apply to e-mail messages, text messages, and instant messages, Nadler's disclosure indicates the NSA analysts could also access the contents of Internet communications without going before a court and seeking approval.
Computer Crime and Intellectual Property Section (CCIPS)
École de Guerre Économique, known in English circles as the School of Economic Warfare, where students are equipped with a unique and controversial set of skills that school founders insist are required to successfully lead modern corporations on the battlefield of capitalism, 24 hours a day, seven days a week. The School of Economic Warfare was founded in 1997 by retired French army general Jean Pichot-Duclos and his partner, business intelligence specialist Christian Harbulot. Duclos and Harbulot were concerned with the growing acceptance in Europe of the notion that businesses can successfully compete on the world stage simply by offering a competitive product at a competitive price. Seeing the global marketplace as an ongoing battle with no agreed-upon rules of engagement, they set out to transfer military know-how to the corporate world. France is an aggressive collector of industrial intelligence since the mid-1700s, when the British naively invited French operatives to inspect their mines, smelters and foundries. The British Board of Longitude even foolishly let French operatives examine John Harrison's revolutionary marine clocks. Do not underestimate the risks associated with always playing fair. “All is fair in love, war and business” isn't the school's official motto, but it fits the bill, insists faculty member Jean-François Bianchi, a specialist in information engineering who teaches courses on the theory and strategy of influence and counter-influence.
Echelon: The Secret Power 2002
Échelon - Le Pouvoir Secret [documentaire complet]
Attackers gain access by exploiting a SQL injection flaw in one of its Internet-facing Web servers. A SQL injection flaw can allow a hacker to enter commands into a web-based form and get the backend database to respond. Once inside the company, the hackers accessed a virtual machine used to digitally sign code for the company that is a security measure that verifies the company's code is legitimate.
Willy Shih, who has testified before Congress about business dealings between the U.S. and China, takes a historical view of intellectual property theft.
In the 1870s, American textile companies would send employees to work in British factories. They would take notes on textile equipment and bring back the information. The Russians and East Germans stole U.S. computer and chip designs during the Cold War. “And similar things have been true of Korean companies and Japanese companies,” said Shih. “I would argue that it’s a normal development pattern.”
China Corporate Espionage
“It’s the greatest transfer of wealth in history,” General Keith Alexander, director of the National Security Agency
Chinese businesses have proven very good at copying Western goods and methods. This even appears to be true of espionage itself. China didn’t invent intellectual property theft; it’s just doing it on an unprecedented scale.
The U.S., along with Japan and the European Union, have filed a formal complaint to the World Trade Organization over China’s unfair trading practices. The complaint includes the hoarding of rare earths, the metals required for the manufacture of other green energy technologies such as batteries for hybrid vehicles.
McGahn likes to tell people that almost all of history’s wars started because political leaders misunderstood their adversaries. McGahn interviewed 400 people, handpicking the ones he thought he could trust. McGahn thought he’d planned for every contingency to keep AMSC safe. He also believed the company could find a way to have both partners benefit. He was wrong.
Beijing-based Sinovel had complete access to AMSC’s proprietary source code. In short, Sinovel didn’t really need AMSC anymore. In March 2011, Sinovel stopped AMSC’s shipments, had stopped making purchases. McGahn was well aware of the dangers of working with Chinese companies, which have become notorious for cutting out their partners after squeezing them for technology through transfer agreements and other means. AMSC has filed four complaints against Sinovel in Chinese courts where Sinovel has a steep home-field advantage seeking $1.2 billion in damages. If Sinovel trys to export turbines with the stolen code, AMSC said it can file lawsuits in those markets as well.
Outright theft of intellectual property involves China’s intelligence agencies as attacks spread from hits on large technology companies to the hacking of startups and even law firms.
"The government can basically put their hands in and take whatever they want,” said Michael Wessel, who sits on the U.S.- China Economic and Security Review Commission that reports to Congress. “We need to take more actions and protect our intellectual property."
An AMSC power converter had been swapped out and replaced with a nearly identical one made by Guotong. It was running on a version of AMSC’s control system software obtained the year before by Sinovel and decrypted by its engineers. One e-mail shoed the engineer sent AMSC’s source code to his Sinovel counterpart. Karabasevic plead guilty, got 1 year in jail and two years probation for distribution of trade secrets. 
Attackers have already infiltrated your organization
Assuming the attacker is already inside, or soon will be, is a gradual but significant mindset shift under way in the security industry, which has been built on a defensive strategy of firewalls, antivirus, and other tools. There's now a growing sense of fatalism: it's no longer if or when you get hacked, but assume you've already been hacked and focus on minimizing the damage. The new appliance demonstrated at RSA was an example of approaching security from the view of being resigned that the bad guys are getting in, even with your defenses in place, security experts say.
Central Intelligence Agency: FOIA Electronic Reading Room
This site provides "an overview of access to CIA information, including electronic access to previously released documents." Features specific documents such as a report on Iraq's weapons of mass destruction (WMD), and special collections such as "the 'Family Jewels,' [which] consists of ... responses from CIA employees to a 1973 directive ... asking them to report activities they thought might be inconsistent with the Agency's charter."
QUOTE FROM COVERT ACTION QUARTERLY
EXPOSING THE GLOBAL SURVEILLANCE SYSTEM by Nicky Hager
IN THE LATE 1980's, IN A DECISION IT PROBABLY REGRETS, THE US PROMPTED NEW ZEALAND TO JOIN A NEW AND HIGHLY SECRET GLOBAL INTELLIGENCE SYSTEM. HAGER'S INVESTIGATION INTO IT AND HIS DISCOVERY OF THE ECHELON DICTIONARY HAS REVEALED ONE OF THE WORLD'S BIGGEST, MOST CLOSELY HELD INTELLIGENCE PROJECTS. THE SYSTEM ALLOWS SPY AGENCIES TO MONITOR MOST OF THE WORLD'S TELEPHONE, E-MAIL, AND TELEX COMMUNICATIONS.
The Economic Espionage Act 1996
(Il Mondo 20/27 Mar 98) Le Canard Enchaine 22 Apr 98) (World Press Review July 1998)
Perhaps the most powerful intelligence gathering organization in the world. Reports suggest that this network is being used to spy on private citizens everywhere, including on the Internet. This site is designed to encourage public discussion of this potential threat to civil liberties, and to urge the governments of the world to protect our rights.
- The History, Structure and Function of the global surveillance system known as Echelon.
- Social, ethical, moral and legal impacts of Computing and Information Technology.
- The new space invaders Spies in the sky 2000
- European Parliament Resolution on Echelon adopted 5.9.01
 Available from the European Parliament web The report is part of a series of four in a series on the "Development of surveillance technology and risk of abuse of economic information" The report contains a detailed technical account of how different types of communications are intercepted
 "An appraisal of technologies of political control", report for the European Parliament Scientific and Technological Options office (STOA) by Dr Steve Wright, Omega Foundation, Manchester, UK, January 1998.
 The arrangements are sometimes called "TEXTA Authority". TEXTA stands for "Technical Extracts of Traffic Analysis" and is in effect a voluminous listing of every communications source identified by each agency. It is catalogued and sorted by countries, users, networks, types of communications system and other features.
 Called IRSIG
 TCP/IP, or Transmission Control Protocol/Internet Protocol.
 "SCI", also known as Special Intelligence, is secret intelligence for which codeword clearance is required. Special regulations also apply to offices in which SCI is examined. They must be physically secure and electromagnetically shielded. These offices are known as SCIFs (SCI Facilities).
 The US intelligence intranet is described in "Top Secret Intranet: How U.S. Intelligence Built Intelink -- the world's largest, most secure network", by Frederick Martin (Prentice Hall, 1999)
 The National Security Agency and Fourth Amendment Rights, Hearings before the Select Committee to Study Government Operations with Respect to Intelligence Activitities, US Senate, Washington, 1976.
 By the Paracel Corporation, as the FDF "Textfinder". It claims to be the "fastest, most adaptive information filetering system in the world".
 Oratory is described in "Spyworld", by Mike Frost and Michel Gratton, Doubleday Canada, 1994. It was used to select messages intercepted at clandestine embassy interception sites.
 Address to the Symposium on "National Security and National Competitiveness : Open Source Solutions" by Vice Admiral William Studeman, Deputy Director of Central Intelligence and former director of NSA, 1 December 1992, McLean, Virginia.
 Secret Power, by Nicky Hager. Craig Potton Publishing, New Zealand, 1996.
 New Statesman (UK), 12 August 1988. At the time, Ms Newsham was a confidential source of information and was not identified in the article. In February 2000, living in retirement and facing a serious illness, Ms Newsham, said that she could be identified as the original source of information on Echelon. She also appeared on a CBS television programme about Echelon, Sixty Minutes (shown on 27 February 2000).
 An independent organisation that, among other functions. catalogues US government documents obtained under Freedom of Information legislation.
 Naval Security Group Command Regulation C5450.48A; see note 23.
 "Desperately Seeking Signals", Jeff Richelson, Bulletin of the Atomic Scientists, March-April 2000.
 A million megabytes, or 10 12 bytes.
THE MONDAY REVIEW 1/2 June 15, 1998 - Issue #7
As the dominant political force on the world scene, the US is the natural assumed villain in various international paranoid fantasies involving conspiracies, cabals, plots, and financial manipulations. But there are occasions when it is not easy to distinguish such fantasies from reality, and this is of consequence, since often the perception of American insidious activity by the populations of countries can become a significant element in international affairs. The "centrist" Italian newsmagazine *Il Mondo* recently published an apparent expose of a supposed nefarious alliance called UKUSA, whose members are the five English-speaking countries, US, Britain, Canada, Australia, and New Zealand, the purpose of the alliance ostensibly to conduct electronic espionage through a network known as "Echelon", the network using "highly sophisticated spy satellites, interception bases on the ground, and super-computers capable of analyzing vast quantities of intercepted messages, phone conversations, faxes, and electronic mail messages." The author, Claudio Gatti, writes: "The target of this satellite-cum- electronic Big Brother is the entire world's telecommunications."
Evidently, earlier this year, a department of the European Parliament's General Research Directorate released a report detailing these activities of UKUSA. According to this report, "the Echelon system is directed primarily against civilian objectives: governments, organizations, and companies from practically every country in the world." The UKUSA signal intelligence security agreement originated in 1948 in connection with the Cold War against the Soviet Union, and this current accusation is that this agreement is now being used as the basis for industrial espionage by the five English-speaking nations involved. Certainly, there is never much that is clear to outsiders concerning state espionage, but it is probably true that given that the five named countries have the technical capability to monitor most international electronic information traffic, it is probably also true that the burden of making any sensible use of the traffic monitored is overwhelming -- supercomputers or no supercomputers. Intelligence agencies know this; ordinary people confronted with conspiracy theories usually do not know it. Commenting on this supposed Anglo intelligence conspiracy that has now been widely reported in the European press, Louis-Marie Horeau of the French satirical weekly *Le Canard Enchaine* says: "Until a computer understands that the balance of the world can be threatened by the proximity of the words 'Bill', 'fly', and 'Paula', it should be possible to chat in peace for a while."
5/11/99 Echelon: Interception Capabilities 2000
The IC2000 report on communications interception and ECHELON was approved as a working document by the Science and Technology Options Assessment Panel of the European Parliament (STOA) at their meeting in Strasbourg on 6 May 1999.
Key findings of the IC2000 report:
- Comprehensive systems exist to access, intercept and process every important modern form of communications, with few exceptions (section 2, technical annexe);
- The report provides original new documentary and other evidence about the ECHELON system and its role in the interception of communication satellites (section 3). In excess of 120 satellite based systems are currently in simultaneous operation collecting intelligence (section 2). Submarines are routinely used to access and intercept undersea communications systems.
- There is wide-ranging evidence indicating that major governments are routinely utilising communications intelligence to provide commercial advantage to companies and trade.
- Although "word spotting" search systems to automatically select telephone calls of intelligence interest are not thought to be effective, speaker recognition systems in effect, "voiceprints" have been developed and are deployed to recognise the speech of targeted individuals making international telephone calls;
- Recent diplomatic initiatives by the United States government seeking European agreement to the "key escrow" system of cryptography masked intelligence collection requirements, forming part of a long-term program which has undermined and continues to undermine the communications privacy European companies and citizens;
- Interception for legally authorised domestic interception and interception for clandestine intelligence purposes must be sharply distinguished. A clear boundary between law enforcement and "national security" interception activity is essential to the protection of human rights and fundamental freedoms.
- Providing the measures called for in the 1998 Parliamentary resolution on "Transatlantic relations/ECHELON measures may be facilitated by developing an in-depth understanding of present and future Comint capabilities. Protective measures may best be focused on defeating hostile Comint activity by denying access or, where this is impractical or impossible, preventing processing of message content and associated traffic information by general use of cryptography.
- In relation to the manner in which Internet browsers and other software is deliberately weakened for use by other than US citizens, consideration could be given to a countermeasure whereby, if systems with disabled cryptographic systems are sold outside the United States, they should be required to conform to an "open standard" such that third parties and other nations may provide additional applications which restore the level of security to at least that enjoyed by domestic US customers.
- It should be possible to define and enforce a shared interest in implementing measures to defeat future external Sigint activities directed against European states, citizens and commercial activities.
Tuesday 16 December 1997 Issue 936
Spies like US
A European Commission report warns that the United States has developed an extensive network spying on European citizens and we should all be worried. Simon Davies reports Cooking up a charter for snooping A GLOBAL electronic spy network that can eavesdrop on every telephone, email and telex communication around the world will be officially acknowledged for the first time in a European Commission report to be delivered this week. The report - Assessing the Technologies of Political Control - was commissioned last year by the Civil Liberties Committee of the European Parliament. It contains details of a network of American-controlled intelligence stations on British soil and around the world, that "routinely and indiscriminately" monitor countless phone, fax and email messages. It states: "Within Europe all email telephone and fax communications are routinely intercepted by the United States National Security Agency transfering all target information from the European mainland via the strategic hub of London then by satellite to Fort Meade in Maryland via the crucial hub at Menwith Hill in the North York moors in the UK." The report confirms for the first time the existence of the secretive ECHELON system. Until now, evidence of such astounding technology has been patchy and anecdotal. But the report - to be discussed on Thursday by the committee of the office of Science and Technology Assessment in Luxembourg - confirms that the citizens of Britain and other European states are subject to an intensity of surveillance far in excess of that imagined by most parliaments. Its findings are certain to excite the concern of MEPs. "The ECHELON system forms part of the UKUSA system (Cooking up a charter for snooping) but unlike many of the electronic spy systems developed during the Cold War, ECHELON is designed primarily for non-military targets: governments, organizations and businesses in virtually every country. "The ECHELON system works by indiscriminately intercepting very large quantities of communications and then siphoning out what is valuable using artificial intelligence aids like MEMEX to find key words". According to the report, ECHELON uses a number of national dictionaries containing key words of interest to each country. For more than a decade, former agents of US, British, Canadian and New Zealand national security agencies have claimed that the monitoring of electronic communications has become endemic throughout the world. Rumours have circulated that new technologies have been developed which have the capability to search most of the world's telex, fax and email networks for "key words". Phone calls, they claim, can be automatically analysed for key words.
Former signals intelligence operatives have claimed that spy bases controlled by America have the ability to search nearly all data communications for key words. They claim that ECHELON automatically analyses most email messaging for "precursor" data which assists intelligence agencies to determine targets. According to former Canadian Security Establishment agent Mike Frost, a voice recognition system called Oratory has been used for some years to intercept diplomatic calls. The driving force behind the report is Glyn Ford, Labour MEP for Greater Manchester East. He believes that the report is crucial to the future of civil liberties in Europe. "In the civil liberties committee we spend a great deal of time debating issues such as free movement, immigration and drugs. Technology always sits at the centre of these discussions. There are times in history when technology helps democratise, and times when it helps centralise. This is a time of centralisation. The justice and home affairs pillar of Europe has become more powerful without a corresponding strengthening of civil liberties." The report recommends a variety of measures for dealing with the increasing power of the technologies of surveillance being used at Menwith Hill and other centres. It bluntly advises: "The European Parliament should reject proposals from the United States for making private messages via the global communications network (Internet) accessible to US intelligence agencies." The report also urges a fundamental review of the involvement of the American NSA (National Security Agency) in Europe, suggesting that their activities be either scaled down, or become more open and accountable. Such concerns have been privately expressed by governments and MEPs since the Cold War, but surveillance has continued to expand. US intelligence activity in Britain has enjoyed a steady growth throughout the past two decades. The principal motivation for this rush of development is the US interest in commercial espionage. In the Fifties, during the development of the "special relationship" between America and Britain, one US institution was singled out for special attention. The NSA, the world's biggest and most powerful signals intelligence organisation, received approval to set up a network of spy stations throughout Britain. Their role was to provide military, diplomatic and economic intelligence by intercepting communications from throughout the Northern Hemisphere. The NSA is one of the shadowiest of the US intelligence agencies. Until a few years ago, it existence was a secret and its charter and any mention of its duties are still classified. However, it does have a Web site (www.nsa.gov:8080) in which it describes itself as being responsible for the signals intelligence and communications security activities of the US government. One of its bases, Menwith Hill, was to become the biggest spy station in the world. Its ears - known as radomes - are capable of listening in to vast chunks of the communications spectrum throughout Europe and the old Soviet Union. In its first decade the base sucked data from cables and microwave links running through a nearby Post Office tower, but the communications revolutions of the Seventies and Eighties gave the base a capability that even its architects could scarcely have been able to imagine. With the creation of Intelsat and digital telecommunications, Menwith and other stations developed the capability to eavesdrop on an extensive scale on fax, telex and voice messages. Then, with the development of the Internet, electronic mail and electronic commerce, the listening posts were able to increase their monitoring capability to eavesdrop on an unprecedented spectrum of personal and business communications. This activity has been all but ignored by the UK Parliament. When Labour MPs raised questions about the activities of the NSA, the Government invoked secrecy rules. It has been the same for 40 years. Glyn Ford hopes that his report may be the first step in a long road to more openness. "Some democratically elected body should surely have a right to know at some level. At the moment that's nowhere".
Richard Thieme Interviews Former CIA Analyst David McMichael[Source 2006]
David MacMichael is a former CIA Analyst, US Marine and historian. He was a senior estimates officer with special responsibility for Western Hemisphere Affairs at the CIA's National Intelligence Council from 1981 to 1983. He resigned from the CIA rather than falsify reports for political reasons and testified at the World Court on the illegalities of Iran-Contra. MacMichael started The Association of National Security Alumni, an organization to expose and curtail covert actions, and is a steering committee member of Veteran Intelligence Professionals for Sanity (VIPS). He and Richard Thieme, an author and speaker, recently met at an Intelligence Ethics Conference that gathered nearly two hundred professionals from a broad spectrum of perspectives to discuss the impact of a career in intelligence on the moral and ethical life of the intelligence professional.
Google's plans to run targeted advertising with the mail that you see through its new Gmail service represents a potential break for government agencies that want to use autobots to monitor the contents of electronic communications travelling across networks. Even though the configuration of the Gmail service minimises the intrusion into privacy, it represents a disturbing conceptual paradigm - the idea that computer analysis of communications is not a search. This is a dangerous legal precedent which both law enforcement and intelligence agencies will undoubtedly seize upon and extend, to the detriment of our privacy. The Gmail advertising concept is simple. When you log into the Gmail to retrieve and view your email, the service automatically scans the contents of the email and displays a relevant ad on the screen for you to see. Although it has been said that neither Google nor the advertiser "knows" the text or essence of the email
18. cgi-bin/nb18/0055 Mark Rasch: Google's Gmail - spook heaven?
both the ads themselves and the text of the messages into which they were inserted be relevant, and therefore discoverable? I can't imagine why not. If a computer programmed by people learns the contents of a communication, and takes action based on what it learns, it invades privacy. But perhaps the most ominous thing about the proposed Gmail service is the often-heard argument that it poses no privacy risk because only computers are scanning the email. I would argue that it makes no difference to our privacy whether the contents of communications are read by people or by computers programmed by people. My ISP offers spam filtering, spyware blocking and other filtering of email (with my consent) based at least partially on the content of these messages. Similarly, I can consent to automated searches of my mail to translate it into another language or do
19. cgi-bin/nb18/0055 Mark Rasch: Google's Gmail - spook heaven?
Don't Be Echelon
20. cgi-bin/nb18/0055 Mark Rasch: Google's Gmail - spook heaven?
But imagine if the government were to put an Echelon-style content filter on routers and ISPs, where it examines billions of communications and "flags" only a small fraction (based upon, say, indicia of terrorist activity). Even if the filters are perfect and point the finger only completely guilty people, this activity still invades the privacy rights of the billions of innocent individuals whose communications pass the filter. Simply put, if a computer programmed by people learns the contents of a communication, and takes action based on what it learns, it invades privacy. Google may also argue that its computers do not learn the contents of the message while in transmission but only contemporaneously with the recipient, making wiretap law inapplicable. That argument, while technically accurate, is somewhat fallacious.
1961 Students for a Democratic Society Port Huron Statement