Please learn more here.
Please learn more here.
The NSA used ‘man in the middle’ hack attacks to impersonate Google and fool web users, leaks have revealed. The technique circumvents encryption by redirecting users to a copycat site which relays all the data entered to NSA data banks.
Brazilian television network Globo News released a report based on classified data divulged by former CIA worker Edward Snowden on Sunday. The report itself blew the whistle on US government spying on Brazilian oil giant Petrobras, but hidden in amongst the data was information the NSA had impersonated Google to get its hands on user data.
Globo TV showed slides from a 2012 NSA presentation explaining how the organization intercepts data and re-routes it to NSA central. One of the convert techniques the NSA uses to do this is a ‘man in the middle’ (MITM) hack attack.
This particular method of intercepting internet communications is quite common among expert hackers as it avoids having to break through encryption. Essentially, NSA operatives log into a router used by an internet service provider and divert ‘target traffic’ to a copycat MITM site, whereupon all the data entered is relayed to the NSA. The data released by Edward Snowden and reported on by Globo News suggests the NSA carried out these attacks disguised as Google.
When the news broke about the NSA gathering information through internet browsers, tech giants such as Google and Yahoo denied complicity, maintaining they only handover data if a formal request is issued by the government.
"As for recent reports that the US government has found ways to circumvent our security systems, we have no evidence of any such thing ever occurring. We provide our user data to governments only in accordance with the law," said Google spokesperson Jay Nancarrow to news site Mother Jones.
Google, along with Microsoft, Facebook and Yahoo, has filed a lawsuit against the Foreign Intelligence Surveillance Court (FISA) to allow them to make public all the data requests made by the NSA.
“Given the important public policy issues at stake, we have also asked the court to hold its hearing in open rather than behind closed doors. It's time for more transparency," Google’s director of law enforcement and information security, Richard Salgado, and the director of public policy and government affairs, Pablo Chavez, wrote in a blog post on Monday.
The tech giants implicated in NSA’s global spying program have denied criticism that they could have done more to resist NSA spying. Marissa Mayer, CEO of Yahoo, claimed that speaking out about the NSA’s activities would have amounted to ‘treason’ at a press conference in San Francisco on Wednesday.
In Yahoo’s defense, she argued that the company had been very skeptical of the NSA’s requests to disclose user data and had resisted whenever possible. Mayer concluded that it was more realistic to work within the system,” rather than fight against it.
by Chris Delazco
It’s tiring, isn’t it? Doing everything online, I mean. Everyday you log into services tailor-made for shopping, searching, sharing, watching, chatting, curating, reading, bragging — that’s a lot of places to keep your personal information, and no one could blame you if you wanted to try to pare down on those extraneous connections. Hell, I’d like nothing better myself sometimes.
A U.K.-based duo consisting of developer Robb Lewis and designer Ed Poole seem to understand that desire awfully well, and they teamed up to create what may be a truly indispensable resource. It’s called Justdelete.me, and as the name sort of implies, it’s a directory of links to pages where you can lay waste to your myriad online accounts.
It’s a deceptively simple resource. You’re greeted with a sizable grid that points you to a slew of popular web services that you probably use. More specifically, those links point you straight at the pages where you can deactivate all those pesky accounts… or at least where you can try. Thankfully, Lewis has done the due diligence to figure out which services can be disconnected from painlessly and which ones require you to (ugh) actually communicate with someone to get the job done.
A disconcerting number of sites and services fall into that latter category. Of the ones that Lewis has added, 10 won’t let you kill your account without first talking to a customer service rep, and 4 (Netflix, Steam, Starbucks, and WordPress) don’t seem to let you delete your accounts at all.
When NSA recruiters went to the University of Wisconsin earlier this week to pitch language students on working for the agency, they got more than they bargained for.
The informed students turned the question-and-answer session into a hearing. On trial were the NSA's lies, their legality, and how they define "adversary".
The students recorded audio of the exchange on an iPhone proving that the language-analyst NSA recruiters were left tongue-tied.
"I'm surprised that for language analysts you're incredibly imprecise with your language," grad student Madiha Tahir charged when they failed to define what constitutes an adversary.
"What you're selling us is untrue" she added. "We also know that the NSA took down brochures and fact sheets after the Snowden revelations because those fact sheets had severe inaccuracies and untruths in them -- so how are we supposed to believe what you're saying?"
Another student directly challenged the NSA's morality for using the "globe as their playground" and then partying at the office with co-workers. She then challenges them to become whistleblowers because the truth will ultimately prevail.
"Given the fact that we have been lied to as Americans, given the fact that fact sheets have been pulled down because they clearly had untruths in them, given the fact that Clapper and Alexander lied to Congress...Is being a good liar a qualification to be in the NSA?" Tahir asks.
These young students forced the NSA recruiters to claim, in a seemingly desperate defense, that they were not actually there "representing the NSA as an agency."
Clearly the people have questions that aren't being addressed by their representatives, and a much larger debate is needed. However, it'd be much more productive if these kids get to question the NSA leadership instead of our blackmailed politicians.
Listen to the whole exchange below:
Please read more here.
Please read more here.