Tag Archives: GCHQ

NSA’s Optic Nerve Could Make You Go Blind

GCHQ, the British version of the NSA created a program around 2008 that hacked into Yahoo’s network and captured stills of video chats being conducted by Yahoo users.  So as not to overload GCHQ’s servers, the software only stored one image per video session every 5 minutes.  Still, in a 6 month period, they captured images from 1.8 million Yahoo user’s accounts.

The plan was to use the data to test image recognition software so that they could find images of people LIKE the person they were looking for.

Yahoo said that they were not cooperating in this program.

GCHQ that they had no way to filter out the images of UK or US citizens – they just stored that data along with all the other images.

But there was a problem that they had not counted on.

Lots of people use chat sessions to share “undesirable body parts” to the person on the other end – in other words, nude selfies.

What’s more, they had no way to filter these images out and did not try to.

Which, apparently, was perfectly fine with GCHQ analysts.  Rumor has it that there was significant “sharing” of these undesirable images.  Apparently, while GCHQ brass thought the images to be undesirable, the GCHQ staff found them quite desirable.  The brass told the staff that sharing undesirable pictures could result in discipline.  It is not clear if anyone was ever disciplined for that.

The program started in 2008 and through 2010 collected images without regard to whether they had any intelligence value.  In Snowden documents, it was revealed that the program was still active in 2012.  Whether this program or a similar one still exists is unknown, so maybe you should keep your clothes on while video chatting.

When the Guardian asked the NSA about the program, they had no comment.

In addition, unlike the NSA’s requirement to minimize the capture of data (or undesirable body parts) of U.S. citizens, GCHQ has no such restriction regarding U.K. citizens.  The NSA said that they did not ask GCHQ to collect data that the NSA could not legally collect themselves.  It did not say if they accepted those images if they were made available.

The NSA also did not say if they had any similar programs – of course, I would not expect them to answer that question.

Yahoo was not the only target;  apparently video from Microsoft Xbox game consoles was also targeted.

Likely none of these activities is illegal, but people may want to reconsider, if they care, what body parts, desirable or not, they expose on webcam sessions going forward.

Information for this post came from The Guardian.



Snooping On You Is OK; On Me, Not So Much

Apparently some British Members of Parliament (MPs) are not terribly happy today.  It came to light by way of some more leaked documents from Edward Snowden that GCHQ – the British equivalent of the CIA – has been reading the emails of Members of Parliament for years.

Given that Parliament is in the middle of debating a bill that is affectionately called the Snooper’s Charter (by those who don’t like it) that gives GCHQ even more power to snoop, it appears a bit disingenuous to complain about GCHQ snooping.

The best I can tell, they think it is OK to snoop on everyone else, just not them.

Here is the back story.

The UK government migrated to Office 365 in 2014, which means that all those documents and emails are stored in Microsoft data centers – in Ireland and the Netherlands.  Since they are no longer INSIDE Britain, GCHQ legally can suck up all that data on those underseas fibers leaving Britain and check out things.  The sender, recipient and subject is considered metadata, which has an even lower bar for snooping, so at least that data can be hoovered up.

According to ComputerWeekly, over 60% of the emails are routed internationally and EVERY ONE of those contained evidence of passing through computers connected to GCHQ.  If there really is evidence of GCHQ hoovering, those folks need to go back to spy school.  When NSA does that, there is no evidence left behind.

In addition, the emails are scanned for malware and spam by MessageLabs, which looks inside all the emails, so there is another place to get all the content.

GCHQ has, according to the Snowden documents, a program called Haruspex which allows them to scan emails on the basis of national security – exactly what the Snooper’s Charter aims to make even more invasive.

The NSA also reads those emails, too, based on ‘obligations’ it forces on Microsoft.

The Parliament’s IT dude, Rob Greig, told the IBTimes that “All Parliamentary emails are private and are strongly encrypted end-to-end whilst they are in our infrastructure”  I guess Rob needs to pay more attention to the news.  SSL, which is what he is calling encryption, was broken by the agencies years ago.

Some British MPs thought the “Wilson Doctrine”, an antique policy from the 1960s to stop people from listening in to MPs’ phone calls still applies.  They should also be reading the news.  Last year, the Investigatory Powers Tribunal said that the Wilson Doctrine was not “absolute”, meaning the spies were fine to ignore it.  In fact, they went so far as to say that it was never absolute.  So there!

Apparently, the Home Office, which has been pushing to get the Snoopers’ Charter passed through Parliament, has been getting some flack and is about to offer some amendments to the bill while defending the need for it.

In light of this revelation, they may need to make some more concessions – stay tuned.

Things get much more personal when it is my ox that gets gored.

Of course, all of this snooping is done without the approval of or even informing of Parliament – which makes them even more upset.  Maybe they now understand how the rest of the country feels.

Personally, I just call it karma.  And, as we know, karma can be a B**ch.

Stay tuned to see where this ends up.

Information for this post came from the IB Times.


GCHQ Pulls Kill Switch On Smart Meter Rollout

GCHQ is The British version of the CIA.  Usually, they are out chasing bad guys in foreign countries.  This week they are protecting British citizens.  With all of the news of intelligence agencies eavesdropping on citizens, it is nice to hear a story where they are decidedly, doing the right thing.

This all started with a plan to roll out smart meters to manage electricity and gas to every building in England.

This amounted to 53 million meters.

These smart meters don’t just read the amount of electric or gas that you use, they can shut off your utilities completely and do other things as well.

Imagine, if a hacker – or unfriendly government – were to gain control of all of these meters and shut down power to every building in the country, what would happen.  What if, they not only did that, but overwrote the firmware in the  meters so that the utilities could no longer control those meters to turn the electric back on and had to replace all 53 million meters.  This is not far fetched.  This is basically what happened in Ukraine last December when the Russian government decided to mess with Ukraine’s infrastructure.

Well, how could that happen?  It appears that the utilities and meter manufacturers, according to sources, understand a lot more about how to make a meter than how to write software.  In reality, this is not a big surprise.

So what did they do?  They created a system where all 53 million meters were protected with the same encryption key.

If that one key was compromised – say by reverse engineering a meter – the attacker might then be able to control every other meter in the country.

What could possibly go wrong.

In this case, GCHQ,which apparently does not have a vested interest in reading your electric meter, but the kibosh on the whole thing.  Good for them!

The program to replace all the meters is already forecast to cost about $18 billion.  Customers are supposed to save about $39 a year, but they will have to buy a $45 device to read their usage.

Depending on how bad the software that these “metal bashers”, as the meter companies are called not so fondly, is, how much more rewriting the software, both for the meters and at the utilities will cost.  The software will need to manage 50 million encryption keys instead of just one key, which could be simple or could be very complex.

In this case, hopefully, no one is going to complain about the spy agency watching because if the utilities had their way, it would only be a matter of when, not if, Britain went dark.

As I always say – security or convenience.  Pick one.


British Surveillance No Different Than U.S.

While the U.S. has Snowden, The Brits have Privacy International.  As part of a lawsuit, Privacy International obtained formerly secret files regarding the extent of British surveillance.

The data the Brits are hoovering up includes private medical records, correspondence with your doctor or lawyer, financial data and other information.

And the government admits that the majority of the data collected is about people who are not suspected of a crime or a threat to national security.

It seems that the British rules regarding data collection are looser than the NSA’s rules.

The documents say that the data includes sensitive information like political and religious affiliation, sexual preferences and legally privileged information.

It even includes data on people who are dead – and therefore unlikely to be much of a threat to British security.

The documents do say that employees should not search for information on themselves or friends – unless their friends are suspects.  Public figures are also off limits.

One program called KARMA POLICE, the documents say, aims to create a web browsing profile of every person visible on the Internet.

To me, this seems more invasive than or at least equal to, what the NSA is doing.

So while the EU is complaining that the U.S. negotiated Privacy Shield doesn’t reign in the NSA enough, maybe they ought to look at home first.

Just my two cents.

Information for this post came from The Intercept.

GCHQ Outed – Collecting Just As Much Data As The NSA

As I said last night in the article about the European Court of Justice, every national intelligence agency that has the ability to do so is vacuuming data from the Internet.

The Intercept wrote a very detailed article analyzing some new documents from the Edward Snowden document dump.  The article links to the original documents for those who are interested in even more details.

The goal of this particular program was simple:  Record the website browsing habits of “every visible user on the Internet”.  Pretty simple.  A lot of data.

The program, called Karma Police, was launched by GCHQ, the British equivalent of the NSA, about 7 years ago, quietly.

The documents reveal a series of interrelated programs.  One profiles your browsing habits.  Another analyzes instant messages, emails, Skype usage, text messages, cell phone locations and social media use.  Still other programs track “suspicious” Google searches and another the usage of Google Maps.

Just like the formerly secret NSA programs, the British programs do away with the need for court orders or warrants.

According to the documents, in 2010 GCHQ was logging about 30 billion records a day.  By 2012 they were up to 50 billion records a day with plans to upgrade it to 100 billion records a day.  The claim was that this would be the biggest government surveillance system in the world.

One use, for example, was to collect intelligence about what Internet radio stations people were listening to.  Suspicious listening habits call for more surveillance.  The web browsing habits could be examined.  For one lucky soul who was targeted, they discovered that, in addition to a suspicious radio station, the person also visited Facebook, Yahoo, You Tube, the porn site Redtube, Blogspot and other web sites.

The code name Karma Police likely comes from the British band  Radiohead’s song of the same name.  The lyrics “This is what you’ll get, when you mess with us” is repeated throughout the song.

Like similar NSA programs, the raw data is fed into a holding pen, in this case called The Black Hole.  Between 2007 and 2009, it collected 1.1 trillion events or about 10 billion a day.  Given other numbers in the documents, that volume is likely many times that big now.

Given the volume of data, analysis tools are needed.  One tool, called MUTANT BROTH, was used to sift through all of the cookies captured to correlate data to a particular user.  They can use the cookies to figure out what you do at what time of day.

You may remember that the Dutch SIM card maker Gemalto was hacked (that was revealed last year).  These documents indicate that GCHQ was behind that attack and it now makes sense.  At the time, Gemalto said that the hackers only got 2G (second generation) cellphone SIM card crypto keys, not the 3G or 4G SIMs used in the US and Britain.  Why would the hackers want that?  Because it is likely that middle eastern countries are still running 2G cell networks.  Make sense?  They used the data from Karma Police to target Gemalto employees and then hack their computers to hack the encryption keys they wanted.  While Gemalto denied it, it may be that there was not enough isolation between the administrative network and the network where the encryption keys were stored.

In addition to these programs, there are many other programs, each of which has a special function – analyze emails, analyze search engine queries, look at Google Map queries and other things.

Because of Britain’s location on the planet, many fiber optic cables between the U.S. and the rest of the world flow through Britain, making them a rich opportunity for tapping.  In 2010, GCHQ said there were 1,600 cables passing through Britain and they could tap most of them.  One would assume that capability has increased since then.

Like with the NSA, the rules say that GCHQ is not supposed read the content of citizen’s data they snare, but that does not include metadata of citizens.  This loophole of sifting through the metadata of British citizens also allows for the same action for citizens of the Five Eyes (US, Britain, Canada, Australia and New Zealand).

Because of the volume of data, like with the NSA, GCHQ stores the metadata for between 30 and 180 days and communications for 3 to 30 days, unless they want to keep it longer.

In one document it says that, compared to oversight rules in the U.S., the U.K. has “a light oversight regime”.

One challenge for all of the intelligence agencies is encryption.  While most encryption may not be bullet proof, it is likely bullet resistant and until the encryption is cracked you may not know whether the content is about what to bring home from the store or who the next terrorist target is.

It will be interesting to see if the Brits make a big deal over this.

Information for this post came from The Intercept.

NSA, GCHQ Hack Anti Virus Software Vendors

A newly published article in The Intercept says that the NSA and GCHQ hacked anti virus vendor’s software and networks in order to “neutralize the threat” posed by that software.  Based on newly released Edward Snowden documents, GCHQ obtained a warrant in 2008-2009 to  have legal permission to monitor web traffic, hack email and reverse engineer the software in order to find weaknesses (see article).

The NSA examined emails to anti virus vendors to find new malware and vulnerabilities.

One would assume that these agencies want to use these newly discovered vulnerabilities before they are patched.

According to the warrant request, GCHQ considered Kaspersky’s software an obstruction to its hacking operation and need to reverse engineer it to find ways to neutralize the problem.  They said that they needed to exploit Kaspersky’s software in order to prevent the detection of our activities.

The NSA discovered, back in 2008, according to the leaked documents, that Kaspersky’s software transmitted sensitive information back to the company’s servers.  Apparently, Kaspersky encodes information in the header of the request, like you often see on the command line in your browser, and that information allowed NSA to get information like serial numbers, the service plan paid for and configuration.  Sending this information in the header is often done, but is a bad security practice unless it is encrypted, which it typically is not.  The Intercept tested Kaspersky software last month and found that it did transmit some information back to Kaspersky’s servers unencrypted.  They, of all people, should know better.

Again according the released documents, NSA and GCHQ have targeted 25 or more non-American and non-British anti virus vendors. Missing from the list are McAfee and Sophos.  Whether the NSA and GCHQ did not think those were legitimate targets because they were not foreign companies (McAfee is a U.S. company, Sophos is British) or whether they were targeted under different authority is not clear.

Gene Kaspersky, in particular, has been a thorn in the side of the intelligence agencies over the years.  Just this month he revealed the attack, suspected to be from Israel, of the hotels hosting the Iran nuclear talks.

Not suprisingly, NSA and GCHQ declined to comment for the article.

From the NSA’s viewpoint, anti malware vendor’s are a threat to them – from uncovering the agency’s own malware to alerting about holes in software which the NSA and GCHQ would prefer to keep to themselves.

When U.S. Cyber Command was set up and placed until the control of the NSA, privacy advocates said that it was impossible for the NSA to serve two masters – protect U.S. citizens and hack foreign ones.  If they found a vulnerability, do they tell the vendor so that they can fix it and foreign hackers and intelligence agencies can’t use it against U.S. citizens and companies or do they keep it to themselves to use against their targets?  Historically, the NSA has been accused of not revealing bugs.

In fact, as recently as last year, the President confirmed the authority that the NSA has to not reveal security holes if they are useful for national security purposes (see article).   This should not come as a big surprise to anyone and foreign intelligence services are likely doing the same thing.  I am sure that, in some cases, the agencies trade vulnerabilities like the rest of trade MP3 files.

What this means to you and me is that we should not count on the government – ours or anyone else’s – to protect us from cyber threats – especially in those cases where the threat is counter to their own interests.