Shhh… FBI, DEA & US Army Bought Italian Spyware

Find out more from The Intercept article below:

Leaked Documents Show FBI, DEA and U.S. Army Buying Italian Spyware

By Cora Currier and Morgan Marquis-Boire @coracurrier@headhntr

The FBI, Drug Enforcement Administration and U.S. Army have all bought controversial software that allows users to take remote control of suspects’ computers, recording their calls, emails, keystrokes and even activating their cameras, according to internal documents hacked from the software’s Italian manufacturer.

The company, Hacking Team, has also been aggressively marketing the software to other U.S. law enforcement and intelligence agencies, demonstrating their products to district attorneys in New York, San Bernardino, California, and Maricopa, Arizona; and multi-agency task forces like the Metropolitan Bureau of Investigation in Florida and California’s Regional Enforcement Allied Computer Team. The company was also in conversation with various other agencies, including the CIA, the Pentagon’s Criminal Investigative Service, the New York Police Department, and Immigrations and Customs Enforcement.

The revelations come from hundreds of gigabytes of company information, including emails and financial records, which were released online Sunday night and analyzed by The Intercept. Milan-based Hacking Team is one of a handful of companies that sell off-the-shelf spyware for hundreds of thousands of euros — a price point accessible to smaller countries and large police forces. Hacking Team has drawn fire from human rights and privacy activists who contend that the company’s aggressive malware, known as Remote Control System, or RCS, is being sold to countries that deploy it against activists, political opponents and journalists.

Even in the U.S., where the software would presumably be used only with a judge’s approval, the tactic is still controversial. Just last month, Sen. Chuck Grassley, R-Iowa, wrote to the director of the FBI asking for “more specific information about the FBI’s current use of spyware,” in order for the Senate Judiciary Committee to evaluate “serious privacy concerns.”

The leaked emails show that the FBI has been using Hacking Team’s software since 2011, apparently for the secretive Remote Operations Unit. It’s long been reported that the FBI has deployed malware in investigations, but details on the agency’s efforts are thin, with the tactic only surfacing rarely in court cases — such as one instance last year when the FBI spoofed an Associated Press article to get a target to click on a link. The FBI reportedly develops its own malware and also buys pre-packaged products, but the relationship with Hacking Team has not been previously confirmed.

Hacking Team’s spokesperson, Eric Rabe, said in a statement that “we do not disclose the names or locations of our clients” and “we cannot comment on the validity of documents purportedly from our company.”

The director of the Metropolitan Bureau of Investigation in Florida told The Intercept that it “does not have plans to purchase any product from Hacking Team.” The Manhattan District Attorney’s office said, “It would be an overstatement to say that our office is planning to purchase this type of software. This company is one of several in the industry whom we’ve requested meetings with in order to keep pace with rapid technological advancements in the private sector.”

The CIA declined to comment, and ICE said it “does not discuss law enforcement tools and techniques.” (The Intercept will update this story if other agencies named in the documents respond to requests for comment.)

The leaked emails show that U.S. agencies worried about the legality and perception of Hacking Team’s tools.

Hacking Team refers to its U.S. clients by code names. The FBI unit is “Phoebe” (initially “f-client,” but one employee complained “it sounds like an antivirus),” the DEA is “Katie,” and the CIA, which appears to have sampled, but not bought Remote Control System, is “Marianne.”

In 2011, a representative of the DEA’s Office of Investigative Technology told Hacking Team that its budget request for Remote Control System had been denied because it was considered “too controversial,” according to an email. “We are working on the foreign angle,” the DEA said, according to Hacking Team’s U.S. account manager.

“I imagine Katie [DEA] is referring to the fact that they as the DEA could buy RCS for other countries (Colombia) where it’s less problematic to use it,” an employee replied in Italian.

The purchase did go through in 2012, and it appears to have been used mainly in conjunction with Colombian law enforcement. As one email explained, “Katie will be administrator of the system, while the locals will be collecting the data. They are saying if this works out, they will bring it to other countries around the world. Already they are speaking of El Salvador and Chile.”

Robotec, a company that manages Hacking Team’s sales to several Latin American countries, also mentions clients in Colombia using DEA funding.

Local police in the U.S. also had their worries. Florida law enforcement told Hacking Team this year that the software could create legal problems without the ability to have “‘minimization’ of the calls and messages — (ie. deleting portions which are not relevant to the search.)”

In 2013, San Bernardino’s district attorney wanted to go to a judge to obtain a warrant targeting a “known bad guy” even for a trial run of the software. “If the systems [sic] proves itself in this live trial, and the judge is convinced of both its value and proper protection of privacy, they would then move into the purchase phase,” one of Hacking Team’s U.S. business partners, from the security giant SS8, explained.

“One of the concerns of this segment is that the HT product is ‘too powerful,’” Fred D’Alessio, who sits on the board of SS8 and is identified on LinkedIn as a senior advisor to Hacking Team, wrote about local agencies. “They have also said, their biggest challenge is ‘getting the lawyers and the District Attorneys to agree on what they can do legally.”

Hacking Team’s FBI contacts worried that the spread of Hacking Team software around the country could cause word to get out (as has happened with technology like Stingrays, the devices that police use to track cell phone location.) “If San Bernardino gets exposed, they might also expose Phoebe,” Hacking Team’s U.S. point man, Alex Velasco, wrote in September 2013.

The FBI’s use of Hacking Team’s software also informs the public debate about the growing use of encryption to protect Internet communications. FBI and other top U.S. law enforcement officials have been calling for a law that would provide for a “backdoor” into commercial encryption technologies — something privacy advocates and many cybersecurity researchers see as a undermining Internet security.

Hacking Team claims that its software offers a way around encryption, obviating the need for a backdoor. Vincenzetti regularly sends out articles about the encryption debate to his email list with a plug for Remote Control System. Last February, he wrote that law enforcement and security agencies could use “technologies to ACCESS THE DATA they need IN CLEARTEXT, BEFORE it gets encrypted by the device and sent to the network and AFTER it is received from the network and decrypted by the device itself. Actually THIS IS precisely WHAT WE DO.”

The Buyers

The push into the local district attorney market, for which the company considered San Bernardino a pilot, appears to have been facilitated by SS8, a massive California-based security company that markets to law enforcement agencies in the United States and abroad. (Rabe denied that SS8 is working with Hacking Team, despite emails between the companies.) The local market could be lucrative: a budget for the district attorney in New York that Hacking Team proposed in April totaled $760,000 in upfront license fees, and another $382,000 in services and maintenance.

“As with so many other surveillance technologies that were originally created for the military and intelligence community, they eventually trickle down to local law enforcement who start using them without seeking the approval of legislators — and, in many cases, keeping the courts in the dark too,” said Christopher Soghoian, principal technologist of the American Civil Liberties Union.

The DEA, FBI and Army bought Hacking Team’s software through a company called Cicom, which for several years served as a middleman for Hacking Team’s U.S. business. The DEA and Army contracts to buy Remote Control System through Cicom were first revealed by the advocacy group Privacy International this spring. Reporters noted that Cicom shared the same corporate address in the United States as Hacking Team, but when asked about the connection by Ars Technica, Hacking Team’s U.S. spokesperson Eric Rabe said, “I cannot confirm any relationship between the company Cicom and Hacking Team.”

Alex Velasco, Cicom’s general manager, has in fact been a consultant under contract to represent Hacking Team to clients in North America since 2012, company emails show. The relationship ended in March, after Hacking Team accused Velasco of scheming to market competing products, according to an internal investigation commissioned by Hacking Team. Velasco declined to comment to The Intercept on the allegations, because he is in legal proceedings with Hacking Team.

Hacking Team was also in talks in 2014 with the FBI’s National Domestic Communications Assistance Center, a secretive unit formed in 2012 and focused on interception technologies. Velasco claims in an email that the group came to them after Citizen Lab, a research group at the University of Toronto focused on Internet technology and human rights, published a highly critical report on Hacking Team’s global sales. “If anything good came out of the Citizen lab articles is that it brought them to contact us to see if it was true,” he wrote. “Thank you Citizen Lab!!”

It’s not clear from Hacking Team emails what Army component bought an RCS system in 2011, but it was based at Fort Meade and apparently sat unused for years. According to a 2013 email from Velasco, “they purchased a system right before they got their budget cut…They were never given permission to pull an internet line to their office to install the system. (ridiculous but true!)”

Hacking Team was in the midst of negotiations for a new FBI contract from Cicom after Velasco’s firing, but the agency decided to go with another vendor due to budget timing issues, according to an email from Phillipe Vinci, Hacking Team’s vice president for business development. Besides, the product was “seen as a ‘nice to have’ by FBI,” but “they confessed they were using it for low level types of investigations. For critical operations, they were using another platform,” wrote Vinci. He said the FBI wanted more ability to go after users of Tor, the anonymizing web browser; those users accounted for 60 percent of its targets.

But Hacking Team appeared determined to continue its conquest of the U.S. market.

“There will be a process to have ‘HT Usa Inc.’ accredited,” wrote operations manager Daniele Milan. He pledged to stay in touch with the FBI, marketing new features, and identifying problems “to resolve for them (in exchange for $$$).”

While Hacking Team’s emails reveal the company to be stringent about selling only to governments, the company officials appear to worry less about how its technology is used once it gets to those customers. Responding to concerns raised by the district attorney of New York in 2013, Hacking Team’s chief operating officer Giancarlo Russo wrote that “all the consideration regarding the ‘legal framework’ cannot be addressed by us.”

Instead, he was more concerned about local customers’ ability to use the product effectively. “If you buy a Ferrari… they can teach you how to drive. They cannot grant you will be the winner of the race,” he wrote to his colleagues in English. “If Beretta sell you a gun, the most peculiar and sophisticated one, they can teach how to use it. They can not grant you are going to shoot your target properly on the field.”

–– Sheelagh McNeill contributed research to this report.

Shhh… WikiLeaks: NSA’s Been Bugging Top Brazilian Political and Financial Targets

To celebrate the US Independence Day on 4 July, WikiLeaks, together with The Intercept, released its latest disclosure “Bugging Brazil“, “a top secret US National Security Agency target list of 29 key Brazilian government phone numbers that were selected for intensive interception”.

“The US targeted not only those closest to the President, but waged an economic espionage campaign against Brazil, spying on those responsible for managing Brazil’s economy, including the head of its Central Bank. The US also extensively targetted Brazil’s diplomacy, targeting the phones of its Foreign Minister and its ambassadors to Germany, France, the EU, the US and Geneva as well as its military chiefs,” according to WikiLeaks.

“Our publication today shows the US has a long way to go to prove its dragnet surveillance on ‘friendly’ governments is over. The US has not just being targetting President Rouseff but the key figures she talks to every day. Even if US assurances of ceasing its targetting of President Rousseff could be trusted, which they cannot, it is fanciful to imagine that President Rousseff can run Brazil by talking to herself all day. If President Rousseff wants to see more US investment in Brazil on the back of her recent trip as she claims, how can she assure Brazilian companies that their US counterparts will not have an advantage provided by this surveillance, until she can really guarantee the spying has stopped – not just on her, but on all Brazilian issues,” said WikiLeaks Editor-in-Chief Julian Assange.

Check out the full list of NSA high priority targets for Brazil here.

Shhh… What Message is the US Sending to France with Bulk Data Collection to Resume Following WikiLeaks' Espionnage Élysée Expose?

As I have said previously, it’s all a farce and now becoming a circus… And consider the timing, what kind of message is this for France given the recent WikiLeaks’ Espionnage Élysée exposé of NSA spying on not only 3 French Presidents but also French companies?

See the New York Times article below.


Surveillance Court Rules That N.S.A. Can Resume Bulk Data Collection

By CHARLIE SAVAGEJUNE 30, 2015

WASHINGTON — The Foreign Intelligence Surveillance Court ruled late Monday that the National Security Agency may temporarily resume its once-secret program that systematically collects records of Americans’ domestic phone calls in bulk.

But the American Civil Liberties Union said Tuesday that it would ask the United States Court of Appeals for the Second Circuit, which had ruled that the surveillance program was illegal, to issue an injunction to halt the program, setting up a potential conflict between the two courts.

The program lapsed on June 1, when a law on which it was based, Section 215 of the USA Patriot Act, expired. Congress revived that provision on June 2 with a bill called the USA Freedom Act, which said the provision could not be used for bulk collection after six months.

The six-month period was intended to give intelligence agencies time to move to a new system in which the phone records — which include information like phone numbers and the duration of calls but not the contents of conversations — would stay in the hands of phone companies. Under those rules, the agency would still be able to gain access to the records to analyze links between callers and suspected terrorists.

But, complicating matters, in May the Court of Appeals for the Second Circuit, in New York, ruled in a lawsuit brought by the A.C.L.U. that Section 215 of the Patriot Act could not legitimately be interpreted as permitting bulk collection at all.

Congress did not include language in the Freedom Act contradicting the Second Circuit ruling or authorizing bulk collection even for the six-month transition. As a result, it was unclear whether the program had a lawful basis to resume in the interim.

After President Obama signed the Freedom Act on June 2, his administration applied to restart the program for six months. But a conservative and libertarian advocacy group, FreedomWorks, filed a motion in the surveillance court saying it had no legal authority to permit the program to resume, even for the interim period.

In a 26-page opinion made public on Tuesday, Judge Michael W. Mosman of the surveillance court rejected the challenge by FreedomWorks, which was represented by a former Virginia attorney general, Ken Cuccinelli, a Republican. And Judge Mosman said the Second Circuit was wrong, too.

“Second Circuit rulings are not binding” on the surveillance court, he wrote, “and this court respectfully disagrees with that court’s analysis, especially in view of the intervening enactment of the USA Freedom Act.”

When the Second Circuit issued its ruling that the program was illegal, it did not issue any injunction ordering the program halted, saying it would be prudent to see what Congress did as Section 215 neared its June 1 expiration. Jameel Jaffer, an A.C.L.U. lawyer, said on Tuesday that the group would now ask for one.

“Neither the statute nor the Constitution permits the government to subject millions of innocent people to this kind of intrusive surveillance,” Mr. Jaffer said. “We intend to ask the court to prohibit the surveillance and to order the N.S.A. to purge the records it’s already collected.”

Advertisement
Continue reading the main story

Advertisement
Continue reading the main story

The bulk phone records program traces back to October 2001, when the Bush administration secretly authorized the N.S.A. to collect records of Americans’ domestic phone calls in bulk as part of a broader set of post-Sept. 11 counterterrorism efforts.

The program began on the basis of presidential power alone. In 2006, the Bush administration persuaded the surveillance court to begin blessing it under of Section 215 of the Patriot Act, which says the government may collect records that are “relevant” to a national security investigation.

The program was declassified in June 2013 after its existence was disclosed by the former intelligence contractor Edward J. Snowden.

It remains unclear whether the Second Circuit still considers the surveillance program to be illegal during this six-month transition period. The basis for its ruling in May was that Congress had never intended for Section 215 to authorize bulk collection.

In his ruling, Judge Mosman said that because Congress knew how the surveillance court was interpreting Section 215 when it passed the Freedom Act, lawmakers implicitly authorized bulk collection to resume for the transition period.

“Congress could have prohibited bulk data collection” effective immediately, he wrote. “Instead, after lengthy public debate, and with crystal-clear knowledge of the fact of ongoing bulk collection of call detail records,” it chose to allow a 180-day transitional period during which such collection could continue, he wrote.

The surveillance court is subject to review by its own appeals panel, the Foreign Intelligence Surveillance Court of Review. Both the Second Circuit and the surveillance review court are in turn subject to the Supreme Court, which resolves conflicts between appeals courts.

Wyn Hornbuckle, a Justice Department spokesman, said in a written statement that the Obama administration agreed with Judge Mosman.

Since the program was made public, plaintiffs have filed several lawsuits before regular courts, which hear arguments from each side before issuing rulings, unlike the surveillance court’s usual practice, which is to hear only from the government. Judge Mosman’s disagreement with the Second Circuit is the second time that the surveillance court has rejected a contrary ruling about the program by a judge in the regular court system.

In a lawsuit challenging the program that was brought by the conservative legal advocate Larry Klayman, Judge Richard J. Leon of Federal District Court in the District of Columbia ruled in December 2013 that the program most likely violated the Fourth Amendment, which prohibits unreasonable searches and seizures.

But in March 2014, Judge Rosemary M. Collyer, a Federal District Court judge who also sits on the secret surveillance court, rejected Judge Leon’s reasoning and permitted the program to keep going. The Obama administration has appealed Judge Leon’s decision to the Court of Appeals for the District of Columbia.

The Freedom Act also contains a provision saying that whenever the surveillance court addresses a novel and significant legal issue, it must either appoint an outside “friend of the court” who can offer arguments contrary to what the government is saying, or explain why appointing one is not appropriate.

The first test of that reform came last month when another judge on the court, F. Dennis Saylor IV, addressed a separate issue raised by the passage of the Freedom Act. Judge Saylor acknowledged that it was novel and significant, but declined to appoint an outside advocate, saying the answer to the legal question was “sufficiently clear” to him without hearing from one.

A version of this article appears in print on July 1, 2015, on page A19 of the New York edition with the headline: Surveillance Court Rules That N.S.A. Can Resume Bulk Data Collection.

Shhh… Snowden Supports Apple’s Public Stance On Privacy

Edward Snowden Supports Apple’s Public Stance On Privacy

by Josh Constine (@joshconstine)

Edward Snowden says we should support Apple’s newly emphasized commitment to privacy rather than a business model driven by personal data collection, whether or not Tim Cook is being genuine. Snowden spoke over video conference during the Challenge.rs conference in Barcelona today.

I asked Snowden his thoughts on Cook’s recent acceptance speech for an Electronic Privacy Information Center award, saying:

CEO Tim Cook recently took a stand on privacy and Apple’s business, saying “some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.”

Do you think Cook’s perspective genuine and honest, and how do you think it will play out long-term with regards to it hurting or helping Apple’s business, or whether Apple will keep this promise to privacy?

Snowden responded:

I think in the current situation, it doesn’t matter if he’s being honest or dishonest. What really matters is that he’s obviously got a commercial incentive to differentiate himself from competitors like Google. But if he does that, if he directs Apple’s business model to be different, to say “we’re not in the business of collecting and selling information. We’re in the business of creating and selling devices that are superior”, then that’s a good thing for privacy. That’s a good thing for customers.

And we should support vendors who are willing to innovate. Who are willing to take positions like that, and go “You know, just because it’s popular to collect everybody’s information and resell it..to advertisers and whatever, it’s going to serve our reputation, it’s going to serve our relationship with our customers, and it’s going to serve society better. If instead we just align ourselves with our customers and what they really want, if we can outcompete people on the value of our products without needing to subsidize that by information that we’ve basically stolen from our customers, that’s absolutely something that should be supported. And regardless of whether it’s honest or dishonest, for the moment, now, that’s something we should support, that’s something we should incentivize, and it’s actually something we should emulate.

And if that position comes to be reversed in the future, I think that should be a much bigger hammer that comes against Apple because then that’s a betrayal of trust, that’s a betrayal of a promise to its customers. But I would like to think that based on the leadership that Tim Cook has shown on this position so far, he’s spoken very passionately about private issues, that we’re going to see that continue and he’ll keep those promises.

It’s reasonable to wonder how much of Cook’s chest-beating on privacy is philosophy and how much is marketing. Since the iCloud celebrity photo hack last year, we’ve written about how Apple needs to be more transparent about security and privacy. Snowden seems to agree it could benefit the company as well as society.

Apple’s steps in that direction through press releases and public appearances by Cook have been positively received. They resonate especially well with the public in contrast to other tech giants like Google and Facebook that are aggressively collecting private personal data, and the widespread security breaches of big brands.

Yet while people frequently say privacy is important to them, their unwillingness to stray from products that rely on mining their data seems to suggest otherwise. We’re just at the start of the age of personalized computing, and those that embrace it may get an advantage in the market.

Apple is experimenting with ways to personalize with privacy in mind. Its new Proactive update to Siri scans your email to remind you about events, but only does this on your device rather than copying your data to its servers for processing. To keep up while remaining true to its ideals, Apple will need more creative solutions like this to deliver convenience without being creepy.

Shhh… Hackers Target Database of Chinese with Ties to US Government

Check out the NYT article below.

Hackers May Have Obtained Names of Chinese With Ties to U.S. Government

By DAVID E. SANGER and JULIE HIRSCHFELD DAVISJUNE 10, 2015

WASHINGTON — Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.

Federal employees who handle national security information are required to list some or all of their foreign contacts, depending on the agency, to receive high-level clearances. Investigators say that the hackers obtained many of the lists, and they are trying to determine how many of those thousands of names were compromised.

In classified briefings to members of Congress in recent days, intelligence officials have described what appears to be a systematic Chinese effort to build databases that explain the inner workings of the United States government. The information includes friends and relatives, around the world, of diplomats, of White House officials and of officials from government agencies, like nuclear experts and trade negotiators.

“They are pumping this through their databases just as the N.S.A. pumps telephone data through their databases,” said James Lewis, a cyberexpert at the Center for Strategic and International Studies. “It gives the Chinese the ability to exploit who is listed as a foreign contact. And if you are a Chinese person who didn’t report your contacts or relationships with an American, you may have a problem.”

Officials have conceded in the briefings that most of the compromised data was not encrypted, though they have argued that the attacks were so sophisticated and well hidden that encryption might have done little good.

The first attack, which began at the end of 2013 and was disclosed in the middle of last year, was aimed at the databases used by investigators who conduct security reviews. The investigators worked for a contracting firm on behalf of the Office of Personnel Management, and the firm was fired in August.

The broader attack on the personnel office’s main databases followed in December. That attack, announced last week, involved the records of more than four million current and former federal employees, most of whom have no security clearances.

White House and personnel office officials have provided few details about the latest breach. But the Department of Homeland Security has been telling outside experts and members of Congress that it regards the detection of the attack as a success, because it made use of new “signatures” of foreign hackers, based on characteristics of computer code, to find the attack.

In a statement, the personnel office said Wednesday that “it was because of these new enhancements to our IT systems that O.P.M. was able to identify these intrusions.” But the detection happened in April, five months after the attack began.

The list of relatives and “close or continuous contacts” is a standard part of the forms and interviews required of American officials every five years for top-secret and other high-level clearances, and government officials consider the lists to be especially delicate.

In 2010, when The New York Times was preparing to publish articles based on 250,000 secret State Department cables obtained by WikiLeaks, the newspaper complied with a request by the department to redact the names of any Chinese citizens who were described in the cables as providing information to American Embassy officials. Officials cited fear of retaliation by the Chinese authorities.

Officials say they do not know how much of the compromised data was exposed to the Chinese hackers. While State Department employees, especially new ones, are required to list all their foreign friends, diplomats have so many foreign contacts that they are not expected to list them all.

But other government officials are frequently asked to do so, especially in interviews with investigators. The notes from those interviews, conducted by a spinoff of the personnel office called the United States Investigative Service, were obtained by hackers in the earlier episode last year.

Intelligence agencies use a different system, so the contacts of operatives like those in the C.I.A. were not in the databases.

But the standard form that anyone with a national security job fills out includes information about spouses, divorces and even distant foreign relatives, as well as the names of current or past foreign girlfriends and boyfriends, bankruptcies, debts and other financial information. And it appears that the hackers reached, and presumably downloaded, images of those forms.

“I can’t say whether this was more damaging than WikiLeaks; it’s different in nature,” said Representative Adam B. Schiff, a California Democrat who is a member of the House Intelligence Committee, which was briefed by intelligence officials, the Department of Homeland Security and the personnel office on Tuesday. Mr. Schiff, who declined to speak about the specifics of the briefing, added, “But it is certainly one of the most damaging losses I can think of.”

Investigators were surprised to find that the personnel office, which had already been so heavily criticized for lax security that its inspector general wanted parts of the system shut down, did not encrypt any of the most sensitive data.

The damage was not limited to information about China, though that presumably would have been of most interest to the hackers. They are likely to be particularly interested in the contacts of Energy Department officials who work on nuclear weapons or nuclear intelligence, Commerce Department or trade officials working on delicate issues like the negotiations over the Trans-Pacific Partnership, and, of course, White House officials.

In a conference call with reporters on Wednesday, Senator Angus King, an independent from Maine on both the Intelligence Committee and the Armed Services Committee, called for the United States to retaliate for these kinds of losses. “Nation-states need to know that if they attack us this way, something bad is going to happen to their cyberinfrastructure,” he said.

But Mr. King said he could not say if the attacks on the personnel office were state-sponsored, adding, “I have to be careful; I can’t confirm the identity of the entity behind the attack.” The Obama administration has not formally named China, but there has been no effort to hide the attribution in the classified hearings.

The scope of the breach is remarkable, experts say, because the personnel office apparently learned little from earlier government data breaches like the WikiLeaks case and the surveillance revelations by Edward J. Snowden, both of which involved unencrypted data.

President Obama has said he regards the threat of cyberintrusions as a persistent challenge in a world in which both state and nonstate actors “are sending everything they’ve got at trying to breach these systems.”

The problem “is going to accelerate, and that means that we have to be as nimble, as aggressive and as well resourced as those who are trying to break into these systems,” he said at a news conference this week.

The White House has stopped short of blaming Katherine Archuleta, the director of the personnel office, for the breach, emphasizing that securing government computer systems is a challenging task.

Correction: June 10, 2015

An earlier version of a photo caption with this article misstated the name of the federal office building where employees handle national security information are required to list their foreign contacts. It is the Office of Personnel Management building, not Office of Personal Management.

Matt Apuzzo contributed reporting.

Shhh… Latest Cyberattacks on US Government a Hoax – To Restore NSA Surveillance?

You may have read and heard about the latest cyberattacks on the US government (see video above) over the weekend? Reckon you can’t help wondering how coincidental this “incident” was, judging by the following Guardian article. Nice strategy, Congress??

Shhh… FBI Operate Surveillance Planes – With Fictitious Names and Video & Cellphone Technologies

Now the question is: how long has this been going on and is this a “Plan B” in the aftermath of the recent NSA Surveillance stand-down?

Find out more from the Guardian.

Shhh… What About Snowden Now with NSA Surveillance on Hold?

(Above) Photo credit: http://glenngreenwald.net/

Check out the following Guardian article:

Charges against Edward Snowden stand, despite telephone surveillance ban

The former NSA contractor revealed the banned surveillance programme, but an Obama administration spokesman says they will not review his charges

The White House refused to reconsider its legal pursuit of Edward Snowden on Monday, while it sought to take credit for outlawing the bulk telephone surveillance programme he revealed.

Obama administration spokesman Josh Earnest rejected the argument that the imminent passage of legislation banning the practice meant it was time to take a fresh look at the charges against the former National Security Agency contractor.

“The fact is that Mr Snowden committed very serious crimes, and the US government and the Department of Justice believe that he should face them,” Earnest told the Guardian at the daily White House press briefing.

“That’s why we believe that Mr Snowden should return to the United States, where he will face due process and have the opportunity to make that case in a court of law.”

Earnest refused to comment on whether Snowden could be allowed to employ a whistleblower defence if he choose to return voluntarily, something his supporters have argued is impossible under current Espionage Act charges.

“Obviously this is something that the Department of Justice would handle if they are having [those conversations],” said Earnest. “The thing I would put out is that there exists mechanisms for whistleblowers to raise concerns about sensitive national security programmes.”

“Releasing details of sensitive national security programmes on the internet for everyone, including our adversaries to see, is inconsistent with those protocols that are established for protecting whistleblowers,” he added.

But the White House placed itself firmly on the side of NSA reform, when asked if the president was “taking ownership” of the USA Freedom Act, which is expected to pass Congress later this week.

“To the extent that we’re talking about the president’s legacy, I would suspect [it] would be a logical conclusion from some historians that the president ended some of these programmes,” replied Earnest.

“This is consistent with the reforms that the president advocated a year and a half ago. And these are reforms that required the president and his team to expend significant amounts of political capital to achieve over the objection of Republicans.”

The administration also avoided four separate opportunities to warn that the temporary loss of separate Patriot Act surveillance provisions that expired alongside bulk collection on Sunday night had put the safety of Americans at risk, as some have claimed.

“All I can do is I can illustrate to you very clearly that there are tools that had previously been available to our national security professionals that are not available today because the Senate didn’t do their job,” said Earnest.

“As a result, there are programmes and tools that our national security professionals themselves say are important to their work that are not available to them right now, as we speak.”

Asked four times by reporters whether that meant Americans were markedly less safe as a result of the standoff in the Senate, the White House spokesman repeatedly said it was up to these national security staff, not him, to say.

Shhh… USA Freedom Act Fails Again – Senators Reject Bill to Scrap NSA Bulk Collection

And check out the following Guardian article below:

USA Freedom Act fails as senators reject bill to scrap NSA bulk collection

Ben Jacobs and Sabrina Siddiqui in Washington and Spencer Ackerman in New York
Saturday 23 May 2015 05.46 BST

Bill fails for the second time after vote in the small hours of Saturday morning, but Rand Paul thwarts Republican leaders’ attempts to extend Patriot Act

For the second time in less than a year, US senators rejected a bill to abolish the National Security Agency’s bulk collection of American phone records.

By a vote of 57-42, the USA Freedom Act failed on Friday to reach the 60-vote threshold needed to advance in the Senate after hours of procedural manoeuvering lasted into the small hours Saturday morning.

The result left the Senate due to reconvene on May 31, just hours before a wellspring of broad NSA and FBI domestic spying powers will expire at midnight.

Architects of the USA Freedom Act had hoped that the expiration at the end of May of the Patriot Act authorities, known as Section 215, provided them sufficient leverage to undo the defeat of 2014 and push their bill over the line.

The bill was a compromise to limit the scope of government surveillance. It traded the end of NSA bulk surveillance for the retention through 2019 of Section 215, which permits the collection of “business records” outside normal warrant and subpoena channels – as well as a massive amount of US communications metadata, according to a justice department report.

Although the bill passed the House of Representatives by a massive 338-88 margin last week, it was unable to overcome concerns from Republicans about the process of letting telecom companies take responsibility about the collection data from the NSA.

Republican leadership was hoping for a short-term extension of the Patriot Act which would push debate into early June, once the Senate returns from its Memorial Day recess.

This was considered far more likely than a two-month extension of the legislation, which was considered a forlorn hope and failed by a 45-54 vote shortly after the USA Freedom Act failed to reach cloture on Saturday morning.

Nevada Republican Dean Heller, a co-sponsor of the bill, told reporters early on Friday: “We’re losing the ‘politics of going home’ argument with our conference.”

He added that proponents of a short term extension were able to argue that supporting the bill meant staying on Capitol Hill all week. “So how do you win that argument?” Heller said.

The answer was by making senators stay regardless of how they voted as Kentucky Republican Rand Paul, a virulent opponent of NSA surveillance, torpedoed any attempt to kick the can down the road.

On Saturday morning, after both cloture votes failed, Senate majority leader Mitch McConnell asked for unanimous consent to extend the Patriot Act for a week. Paul objected. Objections were then heard from Paul, as well as from Oregon Democrat Ron Wyden and New Mexico Democrat Martin Heinrich on four-day, two-day and one-day extensions. Eventually McConnell gave up and announced that the Senate would adjourn until 31 May, the day before the key provisions of the Patriot Act expire.

The failure of the USA Freedom Act leaves the Senate in an impasse.

Republican whip John Cornyn, a strident supporter of extending the Patriot Act, divided the Senate into three groups on Friday.

As he put it, there are those who want a “straight extension, those who like USA Freedom and those who like nothing”.

Those who want a straight extension of the Patriot Act are in a distinct minority and supporters of the USA Freedom Act still cannot muster the necessary super majority to advance the bill. The result means those who are more than happy to simply let Section 215 expire on May 31 are in the driver’s seat.

When reporters asked Paul on Saturday morning whether he was concerned about the provisions of the Patriot Act expiring at the end of the month, the Kentucky Republican seemed unworried “We were liking the constitution for about 200 years and I think we could rely on the constitution.”

There still is some room for compromise. Arizona Republican John McCain, when asked if the USA Freedom Act was better than a lapse, said: “There are some programs that are affected by ‘Freedom USA’ that I would be very concerned about shutting down.” He added “but obviously anything is better than shutting down the whole operation.”

McCain also noted that “you can argue whether we should be doing the mega data thing but you can’t argue that it’s a good idea to shut down the whole thing.”

However, that shouldn’t be seen as any sort of endorsement of the NSA reform bill by hawks in Senate GOP caucus. Representative Tom Massie, a Kentucky Republican who came to the Senate floor to witness the vote Saturday morning, told reporters he was surprised at how strongly many of his fellow Republicans felt about the compromise reform bill. “They really don’t like the Freedom Act,” he said.

In the meantime, barring a breakthrough in the coming days, “the whole operation may be shutdown regardless” as the May 31 deadline looms closer.

Mitch McConnell may still be majority leader but for now, it’s Rand Paul’s Senate.

Shhh… US Congress on Track to End NSA's Bulk Phone Collection Program?

The House overwhelmingly approved Wednesday legislation to end the NSA’s bulk collection of phone records. Are you counting on it? I’m not as it’s highly likely secret “alternatives” have already been paved to have the NSA continue business as usual…

Shhh… Spy Game: The Thais, the Israelis & the Wiretapping Devices

Perhaps the Thai army (see story below) felt insulted being left out of the spy game…?

ThaiArmy


Army interrupts Israeli demonstration of wiretapping devices to Special Branch Bureau

May 8, 2015 12:24 pm

BANGKOK: A group of soldiers today raided the meeting room of the Special Branch Bureau and detained nine Israeli technicians and staff while they were demonstrating electronic wire tapping devices to special branch police.

But after the interruption of the planned demonstration by soldiers from the Second Calvary Division of the First Army Region, Royal Thai Police commissioner Pol Gen Somyot Phumphanmuang came out to defend the demonstration saying it was merely a misunderstanding caused by misinformation.

The commissioner said the Royal Thai Police and the Special Branch Bureau have been allocated budget from the government to procure wiretapping devices for use.

He said an Israeli supplier has approached the Royal Thai Police and scheduled today to demonstrate its devices.

However he said as the Army has learned of the Israeli approach, it then asked the firm to explain whether these electronic devices have been granted import permission legitimately or not.

He said the soldiers then invited the Israeli technicians and staff to their office for clarification and to display import documents.

He said the Israeli firm has insisted all its devices have been imported for demonstration legally.

Pol Gen Somyot said an Army colonel had phoned him saying he suspected some devices might be illegally smuggled into the country and sought his permission to interrupt the demonstration.

The commissioner recalled he immediately rang the First Army Region commander and the commander of the Second Calvary Division and also explained to the Israeli technicians of the Army’s request and the firm agreed to cooperate.

Pol Gen Somyot added it happened because of misunderstanding and he would ask the firm to return again for demonstration.

Shhh… NSA Rats Exposed – The "Facebook-NSA Queen" & Mysterious Death of Dave Goldberg

Some thoughts for the weekend… listen especially to the first six and a half minutes of this clip below about the conspiracy theories surrounding the recent mysterious death of Dave Goldberg, the husband of Facebook Chief Operating Officer Sheryl Sandberg – the “Facebook-NSA Queen”.

Shhh… NSA Have More Data Than They Can Handle

Are you wondering why this “problem” (data overload – see article below) did not happen earlier…?

NSA is so overwhelmed with data, it’s no longer effective, says whistleblower

Summary:One of the agency’s first whistleblowers says the NSA is taking in too much data for it to handle, which can have disastrous — if not deadly — consequences.

By Zack Whittaker for Zero Day | April 30, 2015 — 14:29 GMT (22:29 GMT+08:00)

NEW YORK — A former National Security Agency official turned whistleblower has spent almost a decade and a half in civilian life. And he says he’s still “pissed” by what he’s seen leak in the past two years.

In a lunch meeting hosted by Contrast Security founder Jeff Williams on Wednesday, William Binney, a former NSA official who spent more than three decades at the agency, said the US government’s mass surveillance programs have become so engorged with data that they are no longer effective, losing vital intelligence in the fray.

That, he said, can — and has — led to terrorist attacks succeeding.

Binney said that an analyst today can run one simple query across the NSA’s various databases, only to become immediately overloaded with information. With about four billion people — around two-thirds of the world’s population — under the NSA and partner agencies’ watchful eyes, according to his estimates, there is too much data being collected.

“That’s why they couldn’t stop the Boston bombing, or the Paris shootings, because the data was all there,” said Binney. Because the agency isn’t carefully and methodically setting its tools up for smart data collection, that leaves analysts to search for a needle in a haystack.

“The data was all there… the NSA is great at going back over it forensically for years to see what they were doing before that,” he said. “But that doesn’t stop it.”

Binney called this a “bulk data failure” — in that the NSA programs, leaked by Edward Snowden, are collecting too much for the agency to process. He said the problem runs deeper across law enforcement and other federal agencies, like the FBI, the CIA, and the Drug Enforcement Administration (DEA), which all have access to NSA intelligence.

Binney left the NSA a month after the September 11 attacks in New York City in 2001, days after controversial counter-terrorism legislation was enacted — the Patriot Act — in the wake of the attacks. Binney stands jaded by his experience leaving the shadowy eavesdropping agency, but impassioned for the job he once had. He left after a program he helped develop was scrapped three weeks prior to September 11, replaced by a system he said was more expensive and more intrusive. Snowden said he was inspired by Binney’s case, which in part inspired him to leak thousands of classified documents to journalists.

Since then, the NSA has ramped up its intelligence gathering mission to indiscriminately “collect it all.”

Binney said the NSA is today not as interested in phone records — such as who calls whom, when, and for how long. Although the Obama administration calls the program a “critical national security tool,” the agency is increasingly looking at the content of communications, as the Snowden disclosures have shown.

Binney said he estimated that a “maximum” of 72 companies were participating in the bulk records collection program — including Verizon, but said it was a drop in the ocean. He also called PRISM, the clandestine surveillance program that grabs data from nine named Silicon Valley giants, including Apple, Google, Facebook, and Microsoft, just a “minor part” of the data collection process.

“The Upstream program is where the vast bulk of the information was being collected,” said Binney, talking about how the NSA tapped undersea fiber optic cables. With help from its British counterparts at GCHQ, the NSA is able to “buffer” more than 21 petabytes a day.

Binney said the “collect it all” mantra now may be the norm, but it’s expensive and ineffective.

“If you have to collect everything, there’s an ever increasing need for more and more budget,” he said. “That means you can build your empire.”

They say you never leave the intelligence community. Once you’re a spy, you’re always a spy — it’s a job for life, with few exceptions. One of those is blowing the whistle, which he did. Since then, he has spent his retirement lobbying for change and reform in industry and in Congress.

“They’re taking away half of the constitution in secret,” said Binney. “If they want to change the constitution, there’s a way to do that — and it’s in the constitution.”

An NSA spokesperson did not immediately comment.