NSA Surveillance

- Prasidh

Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders.

1

Motivation: GAG order eased ( Feb 3rd )

Microsoft, Facebook, LinkedIn, Google and Yahoo join Apple in revealing more on NSA requests.

Gag order restricting freedom of press eased.

Tech companies have started to show increased transparency about their reporting to National Security Letters (NSL) and sharing of customer data in their respective transparency reports.

Latest Update: FB CEO Mark Zuckerberg criticizes US government surveillance.

A quick peek into the Global government requests report of Facebook.

Facebook: While governments have an important responsibility to keep people safe, it is possible to do so while also being transparent

2

A few things to ponder about

You should know who has your personal data, what data they have, and how it is used.

You should be able to prevent information collected about you for one purpose from

being used for others.

You should be able to correct inaccurate information about you.

Your data should be secure.

..while it's illegal to use Brad Pitt's image to sell a watch without his permission, Facebook is

free to use your name to sell one to your friends.”

The NSA and Israel wrote Stuxnet together.

3

(Global government Requests Reports from Facebook)

Steps in NSA surveillance

Hack into computer networks and tap into large fiber optic cables.

Installed specialized malware known as “implants” on devices in order to perform Computer Network

Exploitation (CNE).

The attack tools used for these implants are developed by a specialized NSA team called Tailored Access

Operations.

They are designed to compromise routers, switches, firewalls to monitor entire networks and siphon out

data.

NSA has even posed as a fake FB server and infected computer’s to hack into files from a hard drive.

Send spam emails with malware which covertly record audio from a computer’s microphone.

NSA is capable of launching cyber attacks by corrupting and disrupting file downloads or denying access

to websites.

If you want total security, go to prison. There you're fed, clothed, given medical care and so on. The only thing lacking... is freedom.

8

Embassy Espionage: The NSA's Secret Spy

Hub in Berlin

US intelligence agencies have used American Embassy in Berlin as a listening station.

Cellphones monitored by a unit known as the "Special Collection Service" (SCS).

listening devices with which they can intercept virtually every popular method of communication:

cellular signals, wireless networks and satellite communication.

‘Nothing is perfect’-Tim Berners Lee on 25 years of the web

9

NSA’s malware infection plan

SIGINT - For intercepting electronic communications of foreign computer networks ( But how to scale ? )

Turbine – An “intelligent command and control capability” that enables “industrial-scale exploitation.”

Computer Network Exploitation ( CNE ) – Mines intelligence from computers and networks.

Computer Network Attack ( CNA ) – Seeks to disrupt, damage and destroy them.

(Intelligent command and control to automate implants)10

Overview of technical details

11

Circumventing encryption

12

NSA hacking tools

13

Advanced hacking techniques

Instead of using these implants, use “Man in the middle” and “Man in the side” attacks to

covertly force a user’s internet browser to route to NSA computer servers.

“QUANTUMHAND” is the codename of the NSA project in which the agency disguises itself

as a fake facebook server.

Man in the side attack: http://vimeo.com/88822483 (A short video on how NSA posed as

Facebook)

14

References

“Tech Crunch article- Microsoft, Facebook, LinkedIn, Google and Yahoo Join Apple in revealing more on NSA

requests”,http://techcrunch.com/2014/02/03/microsoft-facebook-linkedin-google-and-yahoo-join-apple-in-revealing-more-on-nsa-

requests/?source=gravity

“Security Analyst Summit 2014-Justice department eases gag order on FISA, National Security letter

reporting”, http://threatpost.com/justice-dept-eases-gag-order-on-fisa-national-security-letter-reporting/103903

“Apple-Update on national security and law enforcement orders”, “Jan 27,

2014”, http://images.apple.com/pr/pdf/140127upd_nat_sec_and_law_enf_orders.pdf

“Microsoft on the issues-Providing additional customer transparency on US Government requests for customer

data”,http://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/02/03/providing-additional-transparency-on-us-government-

requests-for-customer-data.aspx

“Obama orders NSA reforms, but metadata collection to continue”, http://threatpost.com/obama-orders-nsa-reforms-but-metadata-

collection-to-continue/103700

"NSA spying on Americans", https://www.eff.org/nsa-spying

"How the NSA's domestic spying program work", https://www.eff.org/nsa-spying/how-it-works

"Wikipedia article on deep packet inspection", https://en.wikipedia.org/wiki/Deep_packet_inspection

Only the insecure strive for security

15

Thank you

“People won’t use technology they don’t trust. Governments

have put this trust at risk, and governments need to help

restore it.”

—Brad Smith, General Counsel and Executive Vice President,

Legal and Corporate Affairs, Microsoft

16