Wat wou Snowden ons diets maken?

[zonbron]

Wat wou Snowden ons vertellen?

Schenkt de media teveel aandacht aan 'Snowden in transit, Snowden in Rusland...' terwijl het einde van het internet zoals we dat kennen zich aankondigt?

Dat laatste is wat Snowden ons wou laten weten.


Guardian - Edward Snowden's not the story. The fate of the internet is
28 juli 2013 - The press has lost the plot over the Snowden revelations. The fact is that the net is finished as a global network and that US firms' cloud services cannot be trusted.

Repeat after me: Edward Snowden is not the story. The story is what he has revealed about the hidden wiring of our networked world. This insight seems to have escaped most of the world's mainstream media, for reasons that escape me but would not have surprised Evelyn Waugh, whose contempt for journalists was one of his few endearing characteristics. The obvious explanations are: incorrigible ignorance; the imperative to personalise stories; or gullibility in swallowing US government spin, which brands Snowden as a spy rather than a whistleblower.

In a way, it doesn't matter why the media lost the scent. What matters is that they did. So as a public service, let us summarise what Snowden has achieved thus far.

...

That's all at nation-state level. But the Snowden revelations also have implications for you and me.

They tell us, for example, that no US-based internet company can be trusted to protect our privacy or data. The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system. Nothing, but nothing, that is stored in their "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA. That means that if you're thinking of outsourcing your troublesome IT operations to, say, Google or Microsoft, then think again.

And if you think that that sounds like the paranoid fantasising of a newspaper columnist, then consider what Neelie Kroes, vice-president of the European Commission, had to say on the matter recently. "If businesses or governments think they might be spied on," she said, "they will have less reason to trust the cloud, and it will be cloud providers who ultimately miss out. Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door – it doesn't matter – any smart person doesn't want the information shared at all. Customers will act rationally and providers will miss out on a great opportunity."

Spot on. So when your chief information officer proposes to use the Amazon or Google cloud as a data-store for your company's confidential documents, tell him where to file the proposal. In the shredder.

[plakker]

Dat heb ik ook al 50 keer gedacht!
Waar blijft de rest van de info??
Grootse schandalen, spionage op grote schaal.
VS heeft op illegale wijze info gewonnen in de EU-gebouwen.

Niets, niets, niets... Blijkbaar is het belangrijker waar hij slaapt.

[zonbron]

Google ingenieur wint een NSA onderscheiding, maar beschouwt het elektronische totaalspionageprogramma van de NSA en de NSA zelf als niet verenigbaar met een vrije samenleving.

Light Blue Touchpaper - NSA Award for Best Scientific Cybersecurity Paper
19 juli 2013

NSA Award for Best Scientific Cybersecurity Paper

July 19th, 2013 at 18:21 UTC by Joseph Bonneau

Yesterday I received the NSA award for the Best Scientific Cybersecurity Paper of 2012 for my IEEE Oakland paper “The science of guessing.” I’m honored to have been recognised by the distinguished academic panel assembled by the NSA. I’d like to again thank Henry Watts, Elizabeth Zwicky, and everybody else at Yahoo! who helped me with this research while I interned there, as well as Richard Clayton and Ross Anderson for their support and supervision throughout.

On a personal note, I’d be remiss not to mention my conflicted feelings about winning the award given what we know about the NSA’s widespread collection of private communications and what remains unknown about oversight over the agency’s operations. Like many in the community of cryptographers and security engineers, I’m sad that we haven’t better informed the public about the inherent dangers and questionable utility of mass surveillance. And like many American citizens I’m ashamed we’ve let our politicians sneak the country down this path.

In accepting the award I don’t condone the NSA’s surveillance. Simply put, I don’t think a free society is compatible with an organisation like the NSA in its current form. Yet I’m glad I got the rare opportunity to visit with the NSA and I’m grateful for my hosts’ genuine hospitality. A large group of engineers turned up to hear my presentation, asked sharp questions, understood and cared about the privacy implications of studying password data. It affirmed my feeling that America’s core problems are in Washington and not in Fort Meade.

Our focus must remain on winning the public debate around surveillance and developing privacy-enhancing technology. <sub>But I hope that this award program, established to increase engagement with academic researchers, can be a small but positive step.

Entry filed under: Academic papers, Authentication, Awards</sub>

Lees ook :


Tikkun Daily - Google Engineer Wins NSA Award, Then Says NSA Should Be “Abolished”

Animal New York - NSA Award-Winner Wants NSA “Abolished”
25 juli 2013 - I’d rather have it abolished than persist in its current form. I think there’s a question about whether it’s possible to reform the NSA into something that’s more reasonable. I don’t really do politics for my day job. I don’t feel like I follow the situation as closely as a lot of people who are writing about what kinds of reforms are needed, or how things might need to change. But my feeling based on what I’ve read is that I don’t want to live in a country with an organization like the NSA is right now.

[zonbron]

Snowden staat duidelijk niet alleen.

[zonbron]

Citaat:

Oorspronkelijk geplaatst door plakker

Dat heb ik ook al 50 keer gedacht!
Waar blijft de rest van de info??
Grootse schandalen, spionage op grote schaal.
VS heeft op illegale wijze info gewonnen in de EU-gebouwen.

Niets, niets, niets... Blijkbaar is het belangrijker waar hij slaapt.

2!

[Johnny Blaze]

Maat, de codenaam prism zegt al genoeg. Denk in de richting van beamsplitters. Alle verkeer is fiberoptic. Plaats beamsplitters op genoeg strategische plaatsen en ge kunt het volledige internetverkeer onderscheppen zonder dat iemand het ooit door heeft.

[zonbron]

Citaat:

Oorspronkelijk geplaatst door Johnny Blaze

Maat, de codenaam prism zegt al genoeg. Denk in de richting van beamsplitters. Alle verkeer is fiberoptic. Plaats beamsplitters op genoeg strategische plaatsen en ge kunt het volledige internetverkeer onderscheppen zonder dat iemand het ooit door heeft.

Inderdaad.

[zonbron]

Volgende woensdag :

Guardian - NSA surveillance critics to testify before Congress
26 juli 2013 - Democratic congressman Alan Grayson says hearing will help stop 'constant misleading information' from intelligence chiefs. Congress will hear testimony from critics of the National Security Agency's surveillance practices for the first time since the whistleblower Edward Snowden's explosive leaks were made public.
Democratic congressman Alan Grayson, who is leading a bipartisan group of congressman organising the hearing, told the Guardian it would serve to counter the "constant misleading information" from the intelligence community. The hearing, which will take place on Wednesday, comes amid evidence of a growing congressional rebellion NSA data collection methods.

[zonbron]

Citaat:

Oorspronkelijk geplaatst door Johnny Blaze

Maat, de codenaam prism zegt al genoeg. Denk in de richting van beamsplitters. Alle verkeer is fiberoptic. Plaats beamsplitters op genoeg strategische plaatsen en ge kunt het volledige internetverkeer onderscheppen zonder dat iemand het ooit door heeft.

Drie verschillende prisms?

Spiegel.de - Three Different Prisms? Parliament Seeks Clarity in NSA Scandal
26 juli 2013 - A Thursday meeting in German parliament was supposed to shed light on NSA surveillance activities in Germany. It only added to the mystery. A US response to a Berlin inquiry claims that there are actually three unrelated Prism programs. The meeting lasted for three hours, partially the result of the complex nature of the material being addressed. The oppressive heat hanging over Berlin this week didn't help. "Mr. Prism is an important witness," Hans-Christian Ströbele said into the microphone, adding that he would love to ask "Mr. Prism" a few questions.

[zonbron]

Video - Every Call You Make (Music Video - Edward Snowden)

[zonbron]

Backdoor in 'onveilige' SIM-kaarten.

Daily Mail - Half a billion SIM cards could be bugged or have information stolen from them because of 'serious security flaws'
22 juli 2013 - Cryptographer finds SIM card hack that could affect millions of people.
The flaw lets hackers send hidden text messages that can infect handsets.
It could be used to steal money, record calls or access banking apps.

[Boduo]

Citaat:

Oorspronkelijk geplaatst door zonbron

Inderdaad.

Niettegenstaande deze zéér interessante informatie denk ik dat het zo gemakkelijk niet zal gaan.

[Johnny Blaze]

Xkeyscore, zoek het op, ik heb geen zin meer om het nog eens uit te leggen op dit kutforum maar we worden weer droog in onze kont genaaid. Een nieuwe revelatie waar we u al zo lang voor zijn aan't waarschuwen zijn, mja, wa baat kaars en bril als...

[zonbron]

Citaat:

Oorspronkelijk geplaatst door Johnny Blaze

Xkeyscore, zoek het op, ik heb geen zin meer om het nog eens uit te leggen op dit kutforum maar we worden weer droog in onze kont genaaid. Een nieuwe revelatie waar we u al zo lang voor zijn aan't waarschuwen zijn, mja, wa baat kaars en bril als...

Jaja,

Citaat:

Oorspronkelijk geplaatst door zonbron

Drie verschillende prisms?

Spiegel.de - Three Different Prisms? Parliament Seeks Clarity in NSA Scandal
26 juli 2013 - A Thursday meeting in German parliament was supposed to shed light on NSA surveillance activities in Germany. It only added to the mystery. A US response to a Berlin inquiry claims that there are actually three unrelated Prism programs. The meeting lasted for three hours, partially the result of the complex nature of the material being addressed. The oppressive heat hanging over Berlin this week didn't help. "Mr. Prism is an important witness," Hans-Christian Ströbele said into the microphone, adding that he would love to ask "Mr. Prism" a few questions.

Uit voorvernoemd artikel genomen :

An Analytical Tool

So too were the heads of Germany's domestic and foreign intelligence agencies, there to provide more information about the programs they use. According to those present at the closed-door meeting, the officials presented several different types of software that are already in use or are planned, spending extensive time discussing the program XKeyscore, the comprehensive surveillance software written about by SPIEGEL this week.

Gerhard Schindler, head of Germany's Bundesnachrichtendienst (BND), said that his foreign intelligence agency had used the program since 2007. But it was not, he said, according to meeting participants, used to collect data. Rather, he insisted, it was an analytical tool. He also stated that his agency's use of XKeyscore in no way represented a violation of German law. Hans-Georg Maassen, head of the Federal Office for the Protection of the Constitution, Germany's domestic intelligence agency, said that his agency had been using a test version of XKeyscore since 2012.

The acknowledgement marks a significant step forward in the German debate over US surveillance techniques. Even as the German populace has been extremely unnerved by revelations that the NSA monitors some 500 million data communications each month, Merkel's government has done little to answer questions regarding the extent to which Berlin cooperates with Washington on surveillance activities. This week's article in SPIEGEL also cited an NSA document indicating that the German was "modifying its interpretation of (privacy laws) to afford the BND more flexibility in sharing protected information with foreign partners."

Schindler on Thursday appeared to be taking such accusations seriously. He issued an official statement in which he denied trying to weaken German data protection laws. He did, however, confirm that his agency feels that some paragraphs of the "G-10" law relating to passing on data should be softened. That, Schindler said, is something that he also told his US counterparts.

En...?


Blablabla... bla... bla...

[zonbron]

Citaat:

Oorspronkelijk geplaatst door zonbron

Men kan de toch belangrijke data waarop het NSA beslag neemt best beschouwen als de creatie van uiterst betekenisvolle extra/nieuwe lagen van informatie die bovenop de andere reeds bestaande informatielagen kunnen gelegd worden om alzo naar bepaalde kruisreferenties van keuze te zoeken (dit beperkt zich alvast niet tot Uw winkelkarretje). Men zal niet enkel naar kruisrefenties binnen Uw 'profiel' of data zoeken, maar ook naar eventuele overeenkomsten met de profielen van andere gebruikers op zoek gaan. Zo wordt het bvb. ook mogelijk om U ondanks alles toch te identificeren indien U vanaf een andere ip met een andere identiteit actief bent of U simpelweg classificeren bij groepen van verschillende soortgelijke profielen van IT-gebruikers om alzo zaken te weten te komen welke U zelfs nooit prijsgegeven hebt en ja, zelfs met grote nauwkeurigheid Uw toekomstig handelen en gedrag te voorspellen.

De mogelijkheden (combinaties van lagen/kruisreferenties/groepen van profielen) zijn in feite oneindig en beperken zich alvast niet tot het in mijn vorige post gegeven voorbeeld (de financiële sector), moge dat duidelijk zijn.

Stelt U zich bvb. maar eens even voor naar welke kruisreferenties het NSA of andere instellingen welke over diezelfde data kunnen beschikken zouden kunnen zoeken als ze tevens beschikken over :

- bezochte websites + de frekwentie van het bezoek
- communicatie allerhande bvb. inhoud chat (tekst/gesprek/audio/doorverwijzingen/foto's)
- zoekgedrag google ea.
- prive en andere e-mail
- de activiteiten gegenereerd vanaf een bepaalde ip
- sociale media zoals bvb. smoelboek
- data waarover Uw service provider beschikt
- interesses
etc.


Mijn inziens een zorgwekkende ontwikkeling wegens het onduidelijke wettelijke kader inzake de datagaring en het overduidelijk niet respecteren van deze toch wel gelimiteerde bepalingen. Het wordt nog onrustwekkender indien de wetgever, zoals we met voldoende zekerheid kunnen veronderstellen, de resulterende geactualiseerde wetgeving terzake in het voordeel van deze dataverzamelaars, de analysten van deze data, de data-service providers, de grote bedrijven en uiteindelijk de overheid zelf zal opstellen. In een maatschappijsysteem waar het corporatisme de norm is, is het namelijk moeilijk een andere uitkomst te veronderstellen.

Kortom, hier is het laatste woord nog lang niet over gezegd.

Kruisreferenties in metadata tables? Maar natuurlijk!

Blijkbaar is Xkeyscore helemaal niet zo onschuldig zoals sommigen in Duitsland beweren.



New Yorker - Presenting XKeyscore: What the N.S.A. Is Still Hiding
31 juli 2013

[zonbron]

Citaat:

Oorspronkelijk geplaatst door zonbron

Kruisreferenties in metadata tables? Maar natuurlijk! Kruisreferenties worden aangewend om zogenaamde "strong selectors" terug te vinden. De analysten van de data doen wat ze willen, ze hebben van niemand toestemming nodig om wat dan ook op te zoeken, wat dat ook...

Blijkbaar is Xkeyscore helemaal niet zo onschuldig zoals sommigen in Duitsland beweren.




New Yorker - Presenting XKeyscore: What the N.S.A. Is Still Hiding
31 juli 2013

“Select a Foreigness Factor,” the text on a National Security Agency training slide for a system called XKeyscore, made public by the Guardian, in a piece by Glenn Greenwald, tells its analysts. An arrow points to a drop-down menu with choices like “Foreign govt indicates that the person is located outside the U.S.” and “The person is a user of storage media seized outside the U.S.” Foreignness matters because the N.S.A. is not supposed to spy on Americans. The one selected for the sample search might be the easiest: “In direct contact w/tgt overseas, no info to show proposed tgt in U.S.” In other words, We found a link between you and someone abroad we’re interested in, and you haven’t shown us that you’re American—so let’s take a look.

A look at what? XKeyscore, according to an N.S.A. presentation that the Guardian posted (thirty-two slides, from 2008) can let an analyst see “nearly everything a typical user does on the internet.” That includes, the presentation claims, the contents of documents and chats, as well as information about what one reads and cares about and, perhaps, believes. XKeyscore can determine your location by doing reverse searches. Did you write a document mentioning a certain name? Did you search for a term on the BBC’s site, or look at a town on Google Earth? XKeyscore can deliver up your e-mail address—an example of what it calls a “strong selector.” “How do I find a cell of terrorists that has no connection to known strong-selectors?” A slide asks.

Answer: Look for anomalous events
E.g. Someone whose language is out of place for the region they are in
Someone who is using encryption
Someone searching the web for suspicious stuff

“Someone whose language is out of place for the region they are in.” That is a telling mark for a nation of immigrants, one that supposedly values that heritage. As for “suspicious stuff,” does that include reading articles expressing doubts about the honesty of what we’ve been told about the N.S.A.? The analysts don’t seem to have to ask anyone before doing these searches: they just say, via another menu, that they’ve got a reason.

...


The XKeyscore presentation shows how empty those words are. The N.S.A., it appears, doesn’t just turn to its metadata library to see who’s been calling a terrorist; it uses it in a coördinated way as one of the magnets to draw people’s identities from the Web and gather information about them. Have you done things that both count as anomalous (without showing that you’re American first) and ever entered your phone number on a shopping site? Were you buying books there? And now there’s your e-mail, and log-in. The slides in the presentation (for example, one with the header “Plug-ins extract and index metadata into tables”) suggest that, in combination with the contents of the N.S.A.’s other databases, telephone information can be a powerful route to almost anything. We now have a partial view of many programs, and no view at all on the many FISA court opinions interpreting the law, which it has kept secret. XKeyscore seems to draw on the N.S.A.’s other databases and its sweeps of Internet traffic.

...

Kruisreferenties in metadata tables? Maar natuurlijk! Kruisreferenties worden aangewend om mbv. zogenaamde "strong selectors" persoonlijke informatie terug te vinden te zoals bvb. Uw e-mail adres. De analysten van de data doen wat ze willen, ze hebben van niemand toestemming nodig om wat dan ook op te zoeken, wat dat ook...


Dat lijkt me toch duidelijk. Net zoals verwacht.

Verder, @Blaze, U kan natuurlijk ook Uw postings C/P-en.

[zonbron]

Sinds 2008 of reeds langer in gebruik : Xkeyscore

PCWorld - The Guardian: NSA’s XKeyscore program has nearly limitless access to all Internet activity
1 augustus 2013 - The Guardian has detailed new revelations from NSA-leaker Edward Snowden about a program known as XKeyscore that has been described as the agency’s “widest-ranging” tool for online data collection.

<sub>For example, with little more than an email address, the agency would be able to search “every email address seen in a session by both username and domain,” “every phone number seen in a session (eg address book entries or signature block)”, and “the webmail and chat activity to include username, buddy list, machine specific cookies etc.”

The PowerPoint documents also reveal that agents would have the ability to search through any individual’s email as long as they had an address. This would include “searches within bodies of emails, webpages and documents,” including “To, From, CC, BCC lines” and even the “Contact Us” pages on websites.

This adds validity to Snowden’s often disregarded claim that “I, sitting at my desk could wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.”

...

Far beyond email
XKeyscorewww.guardian.co.ukA simple search field for finding Facebook communicaitons.

Beyond email, the technology would give the NSA the ability to rummage through social media activity. For example, authorities would have the ability to monitor Facebook chats by simply searching a Facebook user name and a date range into a simple search screen.</sub>

Wat weet Snowden nog te vertellen?

Ondertussen lijken meerdere populaire internetsites/services eerder op een grootse trojan dan wat anders.

[zonbron]

RT.com - NSA's XKeyscore gives one-click real-time access to almost any internet activity
31 juli 2013 - New revelations about NSA surveillance systems show that it was enough to fill in a short ‘justification’ form before gaining access to any of billions of emails, online chats, or site visit histories through a vast aggregation program called XKeyscore. The structure of XKeyscore, leaked by the UK’s Guardian newspaper, is sourced from a classified internal presentation from 2008 and a more recent Unofficial User Guide, presumably obtained by Edward Snowden when he was a contractor for the National Security Agency in the past year.

[zonbron]

XKeyscore, de one-click internettrojan van de big biz en de overheid.

Opnieuw hartelijk dank Snowden.

[zonbron]

ZerorHedge - NSA Spying Directly Harms Internet Companies, Silicon Valley, California … And the Entire U.S. Economy
31 juli 2013