Date post: | 04-Jul-2015 |
Category: |
Education |
Upload: | prasidh-srikanth |
View: | 60 times |
Download: | 0 times |
NSA Surveillance
- Prasidh
Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders.
1
Motivation: GAG order eased ( Feb 3rd )
Microsoft, Facebook, LinkedIn, Google and Yahoo join Apple in revealing more on NSA requests.
Gag order restricting freedom of press eased.
Tech companies have started to show increased transparency about their reporting to National Security Letters (NSL) and sharing of customer data in their respective transparency reports.
Latest Update: FB CEO Mark Zuckerberg criticizes US government surveillance.
A quick peek into the Global government requests report of Facebook.
Facebook: While governments have an important responsibility to keep people safe, it is possible to do so while also being transparent
2
A few things to ponder about
You should know who has your personal data, what data they have, and how it is used.
You should be able to prevent information collected about you for one purpose from
being used for others.
You should be able to correct inaccurate information about you.
Your data should be secure.
..while it's illegal to use Brad Pitt's image to sell a watch without his permission, Facebook is
free to use your name to sell one to your friends.”
The NSA and Israel wrote Stuxnet together.
3
(Global government Requests Reports from Facebook)
Steps in NSA surveillance
Hack into computer networks and tap into large fiber optic cables.
Installed specialized malware known as “implants” on devices in order to perform Computer Network
Exploitation (CNE).
The attack tools used for these implants are developed by a specialized NSA team called Tailored Access
Operations.
They are designed to compromise routers, switches, firewalls to monitor entire networks and siphon out
data.
NSA has even posed as a fake FB server and infected computer’s to hack into files from a hard drive.
Send spam emails with malware which covertly record audio from a computer’s microphone.
NSA is capable of launching cyber attacks by corrupting and disrupting file downloads or denying access
to websites.
If you want total security, go to prison. There you're fed, clothed, given medical care and so on. The only thing lacking... is freedom.
8
Embassy Espionage: The NSA's Secret Spy
Hub in Berlin
US intelligence agencies have used American Embassy in Berlin as a listening station.
Cellphones monitored by a unit known as the "Special Collection Service" (SCS).
listening devices with which they can intercept virtually every popular method of communication:
cellular signals, wireless networks and satellite communication.
‘Nothing is perfect’-Tim Berners Lee on 25 years of the web
9
NSA’s malware infection plan
SIGINT - For intercepting electronic communications of foreign computer networks ( But how to scale ? )
Turbine – An “intelligent command and control capability” that enables “industrial-scale exploitation.”
Computer Network Exploitation ( CNE ) – Mines intelligence from computers and networks.
Computer Network Attack ( CNA ) – Seeks to disrupt, damage and destroy them.
(Intelligent command and control to automate implants)10
Overview of technical details
11
Circumventing encryption
12
NSA hacking tools
13
Advanced hacking techniques
Instead of using these implants, use “Man in the middle” and “Man in the side” attacks to
covertly force a user’s internet browser to route to NSA computer servers.
“QUANTUMHAND” is the codename of the NSA project in which the agency disguises itself
as a fake facebook server.
Man in the side attack: http://vimeo.com/88822483 (A short video on how NSA posed as
Facebook)
14
References
“Tech Crunch article- Microsoft, Facebook, LinkedIn, Google and Yahoo Join Apple in revealing more on NSA
requests”,http://techcrunch.com/2014/02/03/microsoft-facebook-linkedin-google-and-yahoo-join-apple-in-revealing-more-on-nsa-
requests/?source=gravity
“Security Analyst Summit 2014-Justice department eases gag order on FISA, National Security letter
reporting”, http://threatpost.com/justice-dept-eases-gag-order-on-fisa-national-security-letter-reporting/103903
“Apple-Update on national security and law enforcement orders”, “Jan 27,
2014”, http://images.apple.com/pr/pdf/140127upd_nat_sec_and_law_enf_orders.pdf
“Microsoft on the issues-Providing additional customer transparency on US Government requests for customer
data”,http://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/02/03/providing-additional-transparency-on-us-government-
requests-for-customer-data.aspx
“Obama orders NSA reforms, but metadata collection to continue”, http://threatpost.com/obama-orders-nsa-reforms-but-metadata-
collection-to-continue/103700
"NSA spying on Americans", https://www.eff.org/nsa-spying
"How the NSA's domestic spying program work", https://www.eff.org/nsa-spying/how-it-works
"Wikipedia article on deep packet inspection", https://en.wikipedia.org/wiki/Deep_packet_inspection
Only the insecure strive for security
15
Thank you
“People won’t use technology they don’t trust. Governments
have put this trust at risk, and governments need to help
restore it.”
—Brad Smith, General Counsel and Executive Vice President,
Legal and Corporate Affairs, Microsoft
16