A recently released NSA document pinpoints China’s cyber attacks to nearly 700 intrusions into government and private industry networks:

China successfully used the attacks to steal massive amounts of proprietary and government data. The map indicates that the NSA is developing better “attribution” capabilities — the ability to trace the origins of the attacks back to China.

Another NSA document provided a diagram of various Chinese military and intelligence organizations involved in the cyberattacks.

The main unit was identified in a briefing slide as “Technical Department 3PLA,” formally known as the 3rd Department of the People’s Liberation Army General Staff Department, which is considered to be a counterpart to the NSA.

The slide indicates that the NSA has identified more than 19 3PLA cyberunits involved in U.S. attacks, the most among all Chinese government agencies. Nine other units are suspected of being part of 3PLA.

Additionally, the report identified six cyberespionage units under the Ministry of State Security, China’s civilian intelligence service, and another 22 MSS units suspected of involvement in U.S. cyberattacks.

Seven other cyberattacks were categorized by the NSA as unattributed but caused by China.

China is a formidable opponent and all the news about their intrusions makes the US government look clumsy. However, I suspect the US conducts similar operations against Chinese interests and either is much better at covering their tracks, or the Chinese government does not use the media in the same way the US does.

In less than eighteen months since Der Spiegel and Jacob Appelbaum published leaked pages of the National Security Agency’s ANT catalog used by their Tailored Access Operations (TAO) division, the NSA Playset project is now able to replicate many capabilities of TAO’s toolbox for the purpose of conducting research on how the same approaches might be used by other adversaries:

Many of the software components of the 50-page ANT catalog were things that had already been developed by security researchers. Some of the discovered capabilities appeared to stem from off-the-shelf hardware (or its equivalent) and software similar to existing tools; they were simply combined in a package suitable for spy work. But other pieces of hardware in the NSA’s catalog appeared to have no openly available equivalent—such as wireless bugs planted in computer cables or connectors. Some of those bugs were radio “retro-reflectors,” wiretaps that only broadcast data when hit by a directed radio signal. (It’s similar in concept to “The Thing”—the infamous bug Soviet spies planted inside the US Embassy in Moscow.)

“We had suspected that these capabilities existed,” Ossmann told Ars. “But there hadn’t been any open research done on them.” So just over a year ago, Ossmann and others kicked off the project to create “a series of dead simple, easy to use tools to enable the next generation of security researchers,” as the project’s Wiki page describes it. So far, they’ve been able to produce capabilities like those in the ANT catalog at a fraction of what the NSA spent to develop them.

“I wanted to talk about how we can build these tools—the same tools nation states use—in an open community, at least to serve as demo of threats people haven’t considered before,” Ossmann said at Black Hat. “I focused on the hardware tools in the catalog to get some ideas of how we can build these things. But I didn’t originally think I would go ahead and build any of them.”

After doing a talk with Dean Pierce (who Ossmann said originally coined the term “NSA Playset”) about the ANT catalog in July 2015 at Toorcamp, Ossmann’s thinking on the project evolved. Pierce and a number of other contributors soon signed on to make contributions to the NSA Playset, adding a few projects started before the Playset was conceived. In total, Ossmann and the other collaborators have now created 15 tools that, in theory, just about anyone could use.

Sounds like this might be a fun, rainy day project to play around with to see exactly how these tools operate.

Although one of its closest allies, Japan is not immune to being spied on by the United States. The Abe government’s posturing following Wikileaks recent release of documents stipulating the US is spying on Japan as “deeply regrettable” rings pretty hollow (emphasis added):

“We have strongly requested intelligence director Clapper confirm the facts,” Suga said, referring to James Clapper, National Intelligence director.

Claims that Washington spied on Japanese trade officials, among others, came just as delegates negotiating a vast free-trade agreement known as the Trans-Pacific Partnership failed to reach a final deal after several days of intense talks in Hawaii.

The US and Japan are the two biggest economies in the 12-nation negotiations, but they have sparred over key issues including auto sector access and opening up Japan’s protected agricultural markets.

‘Intimate knowledge’

WikiLeaks said the US intercepts showed “intimate knowledge of internal Japanese deliberations” on trade issues, nuclear policy, and Japan’s diplomatic relations with the US.

“The reports demonstrate the depth of US surveillance of the Japanese government, indicating that intelligence was gathered and processed from numerous Japanese government ministries and offices,” it said.

Shinzo Abe, Japan’s prime minister, did not appear to be a direct target of phone tapping but senior politicians were.

Yoichi Miyazawa, Japan’s trade minister; Haruhiko Kuroda, Bank of Japan governor; and officials of Mitsubishi company were in the sights of US intelligence, WikiLeaks said.

This is the type of spying I would expect every world government to conduct. The usefulness of this type of data gives negotiating advantages for the countries with good intelligence, so this really should come as no surprise. If a large economic power like Japan has not engaged in this behavior then I will be very surprised.

NBC News is running an interesting slide they lifted from an NSA briefing developed by their Threat Operations Center (NTOC) in February 2014. The slide is a secret NSA map showing loads of successful Chinese intrusions into U.S. based networks (emphasis added):

The map uses red dots to mark more than 600 corporate, private or government “Victims of Chinese Cyber Espionage” that were attacked over a five-year period, with clusters in America’s industrial centers. The entire Northeast Corridor from Washington to Boston is blanketed in red, as is California’s Silicon Valley, with other concentrations in Dallas, Miami, Chicago, Seattle, L.A. and Detroit. The highest number of attacks was in California, which had almost 50.

Each dot represents a successful Chinese attempt to steal corporate and military secrets and data about America’s critical infrastructure, particularly the electrical power and telecommunications and internet backbone. And the prizes that China pilfered during its “intrusions” included everything from specifications for hybrid cars to formulas for pharmaceutical products to details about U.S. military and civilian air traffic control systems, according to intelligence sources.

The map was part of an NSA briefing prepared by the NSA Threat Operations Center (NTOC) in February 2014, an intelligence source told NBC News. The briefing highlighted China’s interest in Google and defense contractors like Lockheed Martin, and in air traffic control systems. It catalogued the documents and data Chinese government hackers have “exfiltrated” — stolen — from U.S. corporate, government and military networks, and also listed the number and origin of China’s “exploitations and attacks.”

In a move that comes as no surprise to anyone who has been following this story since it broke about two years ago, the White House has said it does not intend to support a pardon for Edward Snowden (emphasis added):

On Tuesday, White House officials finally responded publicly to a long-running petition to pardon Snowden for his theft of classified documents from the NSA. The answer was an unequivocal “No”, and the administration’s homeland security and counterterrorism advisor said Snowden’s actions have threatened the security of the United States. The White House’s response said that while there is a legitimate need for intelligence reform, Snowden went about it the wrong way.

“Instead of constructively addressing these issues, Mr. Snowden’s dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it,” Lisa Monaco, homeland security and counterterrorism adviser to President Obama, wrote in a response to the petition.

“If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and — importantly — accept the consequences of his actions. He should come home to the United States, and be judged by a jury of his peers — not hide behind the cover of an authoritarian regime. Right now, he’s running away from the consequences of his actions.”

I love how the White House claims Snowden would even be given an opportunity to engage in any constructive act of protest in the United States. He has already accepted the consequences of his actions by living abroad, unable to return home, and essentially acting as the martyr for this cause. What exactly would the White House have him do? It’s not like if he were to go on trial he could even bring up these reasons as part of his defense, as that is expressly forbidden in a trial for treason.

The NSA has publicly disclosed it will finally cease using bulk US telephone metadata in November in compliance with the recently passed USA Freedom Act:

The office of the Director of National Intelligence said in a statement that the bulk telephony data — the subject of leaks by former intelligence contractor Edward Snowden which shocked many in the US and abroad — would be destroyed “as soon as possible” to comply with a law passed by Congress in early June.

The statement said that during the 180-day transition period required under the USA Freedom Act, “analytic access to that historical metadata… will cease on November 29, 2015.”

But it added that “for data integrity purposes,” NSA will allow technical personnel to continue to have access to the metadata for an additional three months.

Additionally, the statement said NSA must preserve bulk telephony metadata collection “until civil litigation regarding the program is resolved, or the relevant courts relieve NSA of such obligations.”

The data kept for litigation “will not be used or accessed for any other purpose, and, as soon as possible, NSA will destroy the Section 215 bulk telephony metadata upon expiration of its litigation preservation obligations.”

Surely there are other authorities the NSA will leverage so they can continue to access either this metadata or other forms of collected data. This is definitely not the end of NSA bulk phone record collection.

Who knew the NSA has a summer camp where kids get an opportunity to hone their hacking skills?

Instead of late night camp fires, some campers spent hours with their faces lit by laptops as they tried to fix lines of computer code to catch up on the day’s lessons.

Welcome to summer camp, NSA-style.

The spy agency was once so ultra-secret that old hands in national security still call them by the nickname No Such Agency.

Now, the National Security Agency is taking on a more public role trying to boost U.S. cybersecurity defenses.

The GenCyber camp at Dakota State University, one of 43 camps the agency sponsors around the country in conjunction with the National Science Foundation, is one small part of that effort.

New conservative legal challenge to NSA phone data program

In a summer dominated by news of major cyber breaches at the Office of Personnel Management, the NSA is hoping to spot the next generation of white hat hackers and computer security whizzes.

The hope for the camps, NSA officials say, is to attract the interest of young people at a key point in their lives to consider pursuing cybersecurity careers. Young white hat hackers are prized by the NSA and private industry. If they don’t end up working for the NSA or other U.S. government agencies, perhaps they’ll work for big companies to help secure networks from criminals and foreign spies.

It seems maybe ex-Attorney General Eric Holder may be having a change of heart and suddenly believes the Obama Justice Department could strike a deal with Edward Snowden to allow him to return to the United States:

In an interview with Yahoo News, Holder said “we are in a different place as a result of the Snowden disclosures” and that “his actions spurred a necessary debate” that prompted President Obama and Congress to change policies on the bulk collection of phone records of American citizens.

Asked if that meant the Justice Department might now be open to a plea bargain that allows Snowden to return from his self-imposed exile in Moscow, Holder replied: “I certainly think there could be a basis for a resolution that everybody could ultimately be satisfied with. I think the possibility exists.”

“The former attorney general’s recognition that Snowden’s actions led to meaningful changes is welcome,” said Wizner. “This is significant … I don’t think we’ve seen this kind of respect from anybody at a Cabinet level before.”

Holder declined to discuss what the outlines of a possible deal might consist of, saying that as the former attorney general, it would not be “appropriate” for him to discuss it.

It’s also not clear whether Holder’s comments signal a shift in Obama administration attitudes that could result in a resolution of the charges against Snowden. Melanie Newman, chief spokeswoman for Attorney General Loretta Lynch, Holder’s successor, immediately shot down the idea that the Justice Department was softening its stance on Snowden.

“This is an ongoing case so I am not going to get into specific details but I can say our position regarding bringing Edward Snowden back to the United States to face charges has not changed,” she said in an email.

This is a welcome change of heart. I wonder if Obama feels the same way?

This should come as no surprise to anyone who has been following the entire Snowden saga since day one; it seems US intelligence is attacking the freedom of the press after it was caught spying on the German magazine SPIEGEL (emphasis added):

If it is true that a foreign intelligence agency spied on journalists as they conducted their reporting in Germany and then informed the Chancellery about it, then these actions would place a huge question mark over the notion of a free press in this country. Germany’s highest court ruled in 2007 that press freedom is a “constituent part of a free and democratic order.” The court held that reporting can no longer be considered free if it entails a risk that journalists will be spied on during their reporting and that the federal government will be informed of the people they speak to.

“Freedom of the press also offers protection from the intrusion of the state in the confidentiality of the editorial process as well as the relationship of confidentiality between the media and its informants,” the court wrote in its ruling. Freedom of the press also provides special protection to the “the secrecy of sources of information and the relationship of confidentiality between the press, including broadcasters, and the source.”

Criminalizing Journalism

But Karlsruhe isn’t Washington. And freedom of the press is not a value that gives American intelligence agencies pause. On the contrary, the Obama administration has gained a reputation for adamantly pursuing uncomfortable journalistic sources. It hasn’t even shied away from targeting American media giants.

In spring 2013, it became known that the US Department of Justice mandated the monitoring of 100 telephone numbers belonging to the news agency Associated Press. Based on the connections that had been tapped, AP was able to determine that the government likely was interested in determining the identity of an important informant. The source had revealed to AP reporters details of a CIA operation pertaining to an alleged plot to blow up a commercial jet.

The head of AP wasn’t the only one who found the mass surveillance of his employees to be an “unconstitutional act.” Even Republican Senators like John Boehner sharply criticized the government, pointing to press freedoms guaranteed by the Bill of Rights. “The First Amendment is first for a reason,” he said.

But the Justice Department is unimpressed by such formulations. New York Times reporter James Risen, a two-time Pulitzer Prize winner, was threatened with imprisonment for contempt of court in an effort to get him to turn over his sources — which he categorically refused to do for seven years. Ultimately, public pressure became too intense, leading Obama’s long-time Attorney General Eric Holder to announce last October that Risen would not be forced to testify.

Like I said, unsurprising, however this goes completely against American values. We need to get out of the “because terrorists!” mindset from 9/11. More surveillance has not led to a safer country.

The Intercept on the scary thought about how XKeyScore is NSA’s Google for the world’s private communication. First, in case you have forgotten what XKeyScore is since it was actually first revealed by The Guardian in July 2013 (emphasis added):

The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.

These servers store “full-take data” at the collection sites — meaning that they captured all of the traffic collected — and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. “It is a fully distributed processing and query system that runs on machines around the world,” an NSA briefing on XKEYSCORE says. “At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage.”

So what types of data, specifically, is XKeyScore capable of collecting? Here is the answer:

XKEYSCORE also collects and processes Internet traffic from Americans, though NSA analysts are taught to avoid querying the system in ways that might result in spying on U.S. data. Experts and privacy activists, however, have long doubted that such exclusions are effective in preventing large amounts of American data from being swept up. One document The Intercept is publishing today suggests that FISA warrants have authorized “full-take” collection of traffic from at least some U.S. web forums.

The system is not limited to collecting web traffic. The 2013 document, “VoIP Configuration and Forwarding Read Me,” details how to forward VoIP data from XKEYSCORE into NUCLEON, NSA’s repository for voice intercepts, facsimile, video and “pre-released transcription.” At the time, it supported more than 8,000 users globally and was made up of 75 servers absorbing 700,000 voice, fax, video and tag files per day.

The reach and potency of XKEYSCORE as a surveillance instrument is astonishing. The Guardian report noted that NSA itself refers to the program as its “widest reaching” system. In February of this year, The Intercept reported that NSA and GCHQ hacked into the internal network of Gemalto, the world’s largest provider of cell phone SIM cards, in order to steal millions of encryption keys used to protect the privacy of cell phone communication. XKEYSCORE played a vital role in the spies’ hacking by providing government hackers access to the email accounts of Gemalto employees.

Numerous key NSA partners, including Canada, New Zealand and the U.K., have access to the mass surveillance databases of XKEYSCORE. In March, the New Zealand Herald, in partnership with The Intercept, revealed that the New Zealand government used XKEYSCORE to spy on candidates for the position of World Trade Organization director general and also members of the Solomon Islands government.

These newly published documents demonstrate that collected communications not only include emails, chats and web-browsing traffic, but also pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, Skype sessions and more.

Yes, your cyber sex video chats with nude girls from all over the globe are captured by the NSA, watched, likely laughed at, and then indefinitely stored on their servers to be used against you at a later date.

This is, by far, the scariest of any of the NSA programs brought to light to-date. The capabilities of this system outlined in the article, and the lack of any technically-oriented security controls, is really what is more terrifying than anything.

That an NSA analyst can jump on XKeyScore and type in any type of search term and be provided with results, regardless of whether the search violated US laws and statutes, is confounding.

Reuters on the news the gasp NSA spied on several German ministers in addition to German Chancellor Angela Merkel:

Revelations by former NSA contractor Edward Snowden about wide-ranging U.S. spying have caused outrage in close ally Germany where privacy is an especially sensitive issue after the extensive surveillance by Communist East Germany’s Stasi secret police and by the Gestapo in the Nazi era.

The spying scandal was compounded by allegations that the German BND foreign intelligence agency helped the NSA and tracked other European targets on behalf of the NSA.
In the latest development, the German newspaper Sueddeutsche Zeitung and broadcasting network ARD reported, based on Wikileaks documents, that the NSA targeted 69 telephone numbers in the German government administration.

Among the officials being targeted were Economy Minister and Vice Chancellor Sigmar Gabriel as well as several of his deputy ministers, the reports said. British intelligence agencies were also involved in some of the operations, they said.

There is absolutely nothing surprising about here. The NSA is paid to spy on foreign government, and I believe any average, sane American citizen would applaud this type of activity.

The line was crossed once the NSA started spying in bulk on American citizens. However, like in spy movies, agents of any foreign government are completely understandable targets.

The Washington Post on how the Foreign Intelligence Surveillance Court approved NSA to resume bulk telephone metadata collection for the next 180 days as authorized in the recently enacted USA Freedom Act:

The Foreign Intelligence Surveillance Court on Monday ruled that the NSA could resume gathering millions of Americans’ phone metadata — call times, dates and durations — to scan for links to foreign terrorists.

But the resumption is good for only 180 days — or until Nov. 29, in compliance with the USA Freedom Act. That law, which President Obama signed June 2 after a contentious congressional debate, will end the government’s bulk collection of metadata. It provided, however, for a transition period to allow the NSA time to set up an alternative system in which the data is stored by the phone companies.

After the law took effect, the government immediately applied to the surveillance court to restart its collection. Because Congress passed the bill a day after the underlying statute authorizing the NSA program had expired, there was a question as to whether lawmakers had authorized the government’s temporary harvesting of phone records.

“In passing the USA Freedom Act, Congress clearly intended to end bulk data collection of business records and other tangible things,” Judge Michael W. Mosman wrote in his opinion. “But what it took away with one hand, it gave back — for a limited time — with the other. . . . It chose to allow a 180-day transitional period during which such [bulk] collection could continue.”

As intrusive as the metadata collection may be, this decision is no surprise. Anyone watching this play out should have known the court of appeals would allow this to continue.

The Intercept on the hypocrites in France, complaining about NSA spying, have passed a new intrusive surveillance law of their own:

On Wednesday, France woke up to find that the National Security Agency had been snooping on the phones of its last three presidents.

Top secret documents provided by Wikileaks to two media outlets, Mediapart and Libération, showed that the NSA had access to confidential conversations of France’s highest ranking officials, including the country’s current president, François Hollande; the prime minister in 2012, Jean-Marc Ayrault; and former presidents Nicolas Sarkozy and Jacques Chirac.

Yet also today, the lower house of France’s legislature, the National Assembly, passed a sweeping surveillance law. The law provides a new framework for the country’s intelligence agencies to expand their surveillance activities. Opponents of the law were quick to mock the government for vigorously protesting being surveilled by one of the country’s closest allies while passing a law that gives its own intelligence services vast powers with what its opponents regard as little oversight. But for those who support the new law, the new revelations of NSA spying showed the urgent need to update the tools available to France’s spies.

Of course, the fact that the NSA is listening to the conversations of French presidents is not that surprising to anyone who has been paying attention to the revelations in the past two years of NSA spying, nor is the idea that France might do the same to its allies. In 2013, the German newsmagazineDer Spiegel revealed that the U.S. government had targeted the cellphone of German Prime Minister Angela Merkel—so why not Hollande’s phone, too?

The response from the French government today was firm but predictable. Senior intelligence officials will travel to the U.S. to meet their counterparts in Washington, while the U.S. ambassador in Paris was summoned to the Elysee Palace. A similar scenario played out in 2013, when Le Monde published Snowden documents that revealed some of the extent of American surveillance in France. Prime Minister Manuel Valls said today that he wants a “code of conduct” to guide the relationship between France and the U.S. on intelligence activities—but the government demanded the exact same thing almost two years ago.

Never try to make any sense of politics.

The National Journal on how the secretive FISA court skipped involving privacy advocates in its first decision since the USA Freedom Act was signed into law:

Saylor reasoned that in decisions where the “outcome is sufficiently clear” and that reasonable jurists would agree, the appointment of privacy panel is not required by the Freedom Act. “This is such an instance,” Saylor concluded.

But some privacy advocates were rankled by the Court’s reasoning, and suggested Saylor was too relaxed in his discussion regarding when privacy experts should be called on to weigh in on a decision.

“Propriety in the spirit of the USA Freedom Act is when the decision at hand were to have an impact on the rights of individuals, not necessarily when the Court conjectures that a decision is self-evident,” said Amie Stepanovich, U.S. policy manager at Access, an international digital-rights organization. “It is the job of the amicus to raise issues that may not be readily apparent on first blush, meaning that what first may appear to be a clear-cut decision actually raises underlying questions. The Court must respect the presumption of the statute in favor of appointing the amicus.”

No surprises here.

Wired on US Department of Homeland Security Assistant Secretary for Policy Stewart Baker discussing cyber surveillance myths and his obvious contempt for the loss of Patriot Act Section 215 authorities thanks to the Snowden disclosures:

In the Snowden case, those were PowerPoint presentations of some things that had been reported—

Oh kiss my ass, that’s not true. At some abstract level you know the NSA has some capabilities. You don’t know which rumors are true or false. You don’t know whether the people who are saying them are accurate. There’s a lot of stuff in the ether. It doesn’t come down to you as an individual making a decision on how to communicate. But when you see the details and exactly how the NSA is exploiting your communications, which is true of some of the Snowden stories, they actually told ISIS what we were doing to intercept ISIS communications—that’s a very different thing. At that point, if you continue to do that, you should be shot. That is very different than having heard maybe there was some capabilities and seeing that you have been compromised.

Did Snowden’s revelations and raising national consciousness about surveillance end up being a good thing for America?


Why not?

It was a scam from the start. Greenwald, Poitras, Snowden, and Bart Gellman did exactly what people like them have been accusing the intelligence community of doing for 40 years. They used the classification to tell a partial story in the hopes of shaping the debate, and they succeeded.

They released that order saying the government is scarfing up metadata about all your calls and they withheld, for roughly two weeks, the [documentation] which they all had which showed all the limitations on that access. Why? Because they didn’t want a debate on the limitations—they wanted to leave the impression that everybody’s phone calls are looked at by NSA and they have succeeded in leaving that impression because of their manipulation of the classified information. That’s a shame.

Never expect the intelligence community to ever admit the disclosures were a valuable tool for American citizens. As far as the IC is concerned, once they are given legal authority to conduct surveillance, they believe that authority should last indefinitely and unencumbered.

In short, the US IC believes they should be able to do whatever they want, to whoever they want, for however long they want, no questions asked.