Monday, March 20, 2017

What Surveillance?

Image result for Truman signs the NSA executive order

Our NSA (National Security Agency) does not have an open and transparent history. 

The NSA was created in secret in 1952 not by Congress, but by a pen stroke of Harry Truman, see photo above, in a 7-page document that remained classified for years.  Even its name was undisclosed.

Image result for Perry Fellwock

And it stayed hidden until finally, in 1971, NSA analyst Perry Fellwock blew the whistle on NSA and their secret program Echelon with its vast information gathering technology even back then.  This led to the Church Committee hearings and some legislation.  Obviously, it wasn’t enough…..Over the recent years, 6 additional patriotic whistleblowers have come forward at great sacrifice and risk to themselves.  These include Bill Binney, Edward Snowden, Russ Tice, Mark Kline, Thomas Tamm, and Thomas Drake.  Click the above link for more information on these men.
NSA TODAY
   Bigger: See Wired article from 2012.  Written by James Bamford, this is an article that spares no one’s feelings in laying out what the NSA is, and does.
Bigger and Nastier:  “The NSA is more interested in the so-called invisible web, also known as the deep web or deepnet – data beyond the reach of the public.  This includes password-protected data, US and foreign government communications, and noncommercial file-sharing between trusted peers.  ‘The deep web contains government reports, databases, and other sources of information of high value to DOD and the intelligence community according to a 2010 report.’”        
But don’t feel left out.  Oh No!  They already have every keystroke, every conversation, every search (Yes, even those), every credit card purchase, every check, every rewards card purchase, every toll gate, every bill, every-everything about you.  What do you think is filling up those monstrous computers? 
Image result for bruce schneier

The next two blue links are enlightening wakeup articles from Bruce Schneier.  Bruce is a go-to guy on internet security, and author of Data and Goliath, about collecting your data and controlling the world.  It was a best selling Amazon Book of the Year in 2015.

The Utah Data Center came online in 2014, at a cost of somewhere between one and one-half to two billion dollars for one million-plus square feet.  Details are not readily shared with the public. 100,000 square feet will be for data storage.  The remaining 900,000 square feet will be for administration and “technical support”

What, exactly, does that mean in spook-talk?  Data Mining?  More secret programs?  Mind Control with DOD’s DARPA (Defense Advanced Research Projects Agency)?
It is widely believed that a large emphasis at the Utah Data Center will be put on cracking encryption.  You know, breaking the private codes.   This will done in conjunction with their Oakridge, Tennessee facility which is developing the world’s fastest supercomputer.

Currently encryption done at 128 bits, and 192 bits, and most securely at 256 bits has them at bay.  But between the vast storage data in Utah and the lightning speed in Tennessee they think they may be able to crack them.  Would it be okay to pray for a large magnetic storm?

And they’re building another data center in Fort Meade, Maryland that will be two and one-half times bigger.  Just what are they going to do there?
Here Are A Handful of the Programs… 


Here Are A Handful of the Programs… 

ECHELON

Reportedly developed to monitor Russia and the Eastern Bloc, this one has been around since about 1966.  “ECHELON was part of an umbrella program codenamed FROSTING, which was established by the NSA in 1966 to collect and process data from communications satellites. FROSTING had two sub-programs:[25]
  • TRANSIENT: for intercepting Soviet satellite transmissions, and
  • ECHELON: for intercepting Intelsat satellite transmissions.”
This 1999 article brought more information to the fore.  Echelon’s focus is international intercepts.  Shrouded in secrecy, Echelon uses large golf-ball shaped facilities (called radomes short for radar-domes which protect delicate radar equipment from the climate) on earth, plus satellites, to listen in on, intercept, and copy any and all transmissions.  Echelon includes sites in England (RAF Menwith Hill), Australia, New Zealand, Japan, and others.  The satellites used are said to be stationary.

Several years back (+/- the year2000) there was an international flapdoodle as allegations flew that U.S. companies were getting insider information based on intercepted commercial bids, and using them to secure lucrative contracts.  This, while believed to be true, was of course denied.

CARNIVORE

This was an earlier FBI e-mail wiretap system that could be set up by the FBI, in conjunction with your ISP (Internet Service Provider), and operated remotely.   It was newer technology in the year 2000, unregulated (if you just forget the Fourth Amendment), and extremely prone to overreach without oversight.
Carnivore was eventually renamed DCS1000 but that didn’t improve its murky reputation nor lessen the FBI’s secrecy surrounding the eavesdropping which many believed expanded to intercepting and copying all e-mails.  Are we singing Kumbaya yet?

SNIFFER

This isn’t a program but rather a means of creating surveillance.  Routers direct internet traffic noting destinations of the “packets” that go through the router.  “Packets” are parts of transmissions that have been reduced into smaller parts to make transmissions flow more efficiently.
A sniffer is an intercept monitor that can copy either limited, specific targets, or copy any and every thing that passes by.

HEARTBLEED

This was created through a flaw discovered in an  update to the the SSL program.  SSL stands for Secure Sockets Layer.  SSL has been supplanted by TLS, Transport Layer Security.  However, SSL is still widely used.
The SSL is used for security in roughly 2/3 of  “secure” Net transactions (think credit card purchases on secured sites). This Heartbleed bug allowed the NSA easier access to our passwords and personal information.  The NSA claims it did not know of the Heartbleed bug until 2014.  Sources say the NSA knew at least two years earlier.  You think?

TRAPWIRE

TrapWire is a shadowy overreaching program originated by a corporation known as Abraxos, in Virginia.  Abraxos is filled with ex-CIA, ex-Intelligence Community spooks.  Its purpose is to film people and study patterns of behavior, pre-assign likely guilt, and call it terror assessment.  Talk about guilty until proven innocent!
In 2005 an Abraxos officer stated that TrapWire could “collect information about people and vehicles that is more accurate than facial recognition, draw patterns, and do threat assessments of areas that may be under observation from terrorists.”  TrapWire was exposed in 2012 when a researcher went through a series of hacked e-mails from a company known as Stratfor, aka “Shadow CIA”.
It was revealed at that time that literally millions of cameras – public, red light, traffic,  bridge, commercial, casino, U.S. and international — were digitally recording people, encrypting the data, and sending it to places unknown for storage using face recognition to note “persons of interest” in “Suspicious Activity Surveillance”.

TEMPEST

This is a program used by the government to reconstruct information data streams by capturing electromagnetic radiation from computers, printers, handheld devices and converting these radiations into their original transmissions.  Unbelievable.  Just unbelievable.

PRISM

Created under George W Bush, PRISM is a secretive tool that co-opts the biggest internet service providers.  These include Google, Microsoft, Apple, Yahoo, Skype (now owned by Microsoft), Facebook, PalTalk, AOL, and YouTube.  It is believed information can be gleaned from the user equipment via back doors; from the internet backbone; or from the corporate cloud database.  This may include general data and/or verbatim copies.
Prism slides released by Edward Snowden.  How we learned of PRISM.

XKEYSTROKE

This is a very developed query program.  You can search, or query, using MAC or Microsoft Office or pdf or phone number or e-mail address or type of document or extensions, and more.  This classified link is from 2008 – “The Unofficial XKS User Guide”.

TEMPORA

This is a British program shared with NSA that collects – for later sorting – internet information carried on fiber optic cables.  It went operational in 2011.  The cable companies are aware.  I believe all the major cables are now tapped.  This matters because much of the international cable traffic flows through the US.

SPECIAL SOURCE OPERATIONS (of the NSA)

This is the division of NSA that collects data from telephone and cable sources.  These commercial companies have been coerced (?) into being willing partners with NSA.  It is loudly rumored that these companies – your carriers – are well paid for their cooperation.  (Are you surprised?)

Back in the day that worked just fine; they cooperated and no one was the wiser.  Then in 2013 Edward Snowden happened and the big Verizon-NSA link became front page news. Well, it’s still going on and all the major companies are in on it.

“SSO also cooperates with private telecommunication providers under the following four programs, which are collectively referred to as
– BLARNEY (collection under FISA authority, since 1978)
– FAIRVIEW (cooperation with AT&T, since 1985)
– STORMBREW (cooperation with Verizon, since 2001)
– OAKSTAR (cooperation with 7 other telecoms, since 2004)”

“The government does not need to know more about what we are doing. We need to know more about what the government is doing. We need to turn the cameras on the police and on the government, not the other way around.” Ron Paul  June 14, 2013



Computer keyboards, laptop emanations, cell phone monitoring activation, SIM card readers, tracking voiceprints, cell phone monitoring.  And new ways everyday!  But, HEY, what's to worry!
AMAZON
This is a company, not a protocol......  And yes, I do mean that Amazon.  Their TV Fire Sticks and their Echo products all record your conversations, but I don't know whose cloud these are stored on  Maybe they're shared – could be a profit-making tool for Amazon.
Your kindle reading is also recorded including anything you highlight.  Same goes for monitoring what movies you stream.  Alexa?  ALEXA!!  She's voice activated, you know.  And she has one big, bounteous memory!  (Isn't this great?)
APPLE
Leading the pack is Siri.  Click on her name to find out what makes her work.  Want to get some more warm and fuzzy feelings?  Her basic structure was formulated over at DARPA.  Whoopee!  [DoD's Defense Advanced Research Project Agency]
CELL PHONES
Okay we've already said all of this is recorded.  And it is: your calls, your texts, your alarms, your web browsing...  ALL of it is recorded.  Forever.  To be data mined at any time.
And just when you think it could not get any worse -- it has.  Now law enforcement at all levels has the STINGRAY (which they are not supposed to talk about).  This is the IMSI-catcher device (also known as cell site simulator, triggerfish, wolfpack, gossamer, and swampbox) that tricks your cell phone into thinking that the Stingray is a cell tower.  And when your phone automatically connects to it, well, then the officers can monitor you directly, in real time, without a warrant.   (Really!?)
This device is reportedly able to BLOCK communications, also.  They could have quite a heyday play day with that, huh?
The government – or your friendly carrier – can activate your phone's microphone (whether the phone is on or off) This turns it into a roving bug that records voices anywhere near the phone.   
Your phone needs to be on but even if you disable the GPS function, it can be activated remotely without telling you so.  They can track you.  Of course they can also triangulate your position by measuring the intensity of your connections to nearby cell towers.
The solution to microphones and GPS is simple.  REMOVE THE BATTERY.  Oh, but I know – you might miss Aunt Julia's wedding pictures!  And how would you open the garage door...?
It gets down to, which price do you want to pay?  Convenience?  Or Security?  (And there isn't much of that left, is there?)
Note:
“They” say they don't have Hillary Clinton's e-mails?  “They” say they can't identify the black-masked, black-attired Soros protesters?  “They” say there's nothing they can do to combat the anti-trump protesters and the college rioters?  “They” say Trump had Russian interchanges during the campaign?  “They” say Trump wasn't bugged at Trump Towers?
Hell, Trump’s bugged everywhere he goes!  And all of us, too!  THEY HAVE ALL OF THIS INFORMATION.  IT'S WHAT THEY DO!   And we're paying for it!
And while we're on this topic, don't ever forget their expertise in voice simulation.  If you hear a quote that doesn't sound  right, verify that it was actually spoken by the person it is attributed to.  (What a shame to need conversations like these...)
SAMSUNG,  AND SMART APPLIANCES
Samsung's Smart TVs are voice activated...  They listen to everything you say...   They record everything you say...  How many other voice activated thingies do you own?  They are always on, you know,  just listening for your voice..
Your SMART appliances are government spying devices sure as you can say “Fourth Amendment”.  And don't forget those dangerous (on several levels) SMART meters courtesy of your power company.  SMART appliances talk to SMART meters but you already know that, yes?
And SMART meters talk to other SMART meters.  They convey user information.  And at some not too distant time the government will begin talking back to the SMART meters about what is allowed to be turned on in your place, what isn't, and when.  
(It is called C-O-N-T-R-O-L.  SMART, huh?)
And just coming online is the “Internet of Things”.  Everything on the internet is captured, copied, stored.
Your SMART phone can do almost anything anymore:  Start the coffee, open the garage door, monitor the nursery, set the alarm – all shared in real time with the government.  This is all done through the internet.  It is ALL copied and stored indefinitely.
CARS
There's that pesky little black box in many cars that records such things as speed, braking, destination routes, mileage.  Your GPS records your locations.  Automatic toll and parking tags record dates and times, and often photos.  Cameras take pictures of your license plate.  And your voice activated Amazon Alexa-for-Androids in your car? Need you ask?
This link takes you to a retail site where YOU can buy all sorts of fancy toys to monitor, spy, surveil, whomever and/or whatever you want.  So – not only do you have your overreaching Fourth-Amendment-be-damned government going bonkers, but you can do it yourself !!
OR
You may find that your spouse, your kids, your boss, your best friend, your worst enemy, or anybody-anybody beat you to it and is tracking you, your location, your phone calls and texts, your GPS – all in real time.  Warm and cozy, huh?  (Santa might not be the only one checking it twice.)

Not to be outdone, your government has a purchasing catalog, too!  It's classified and it's called the NSA ANT catalog.  It runs 50 pages.  You see, the National Security Agency (NSA) has a division called Tailored Access Operations (TAO) (tasked with hacking computers) that can order cyber snooping materials from the AdvancedNetwork Technology Division.
A NIST facility in Colorado.

Republicans on the House Science Committee forwarded legislation that would vastly increase the operational responsibilities of the government’s cybersecurity standards agency and task that body with auditing other federal agencies’ cyber protections.
The NIST Cybersecurity Framework, Assessment and Auditing Act passed the committee, 19-14, over the objection of most Democrats who argued the bill was outside the expertise of the National Institute of Standards and Technology, which views its role as advisory and does not customarily conduct audits.
The bill would direct NIST to complete an initial assessment of federal agencies’ cyber preparedness within six months and a full audit of their cyber protections within two years with priority given to the most at-risk agencies.
The bill would also direct the White House’s Office of Science and Technology Policy to produce annual reports on the adoption of NIST’s 2014 Cybersecurity Framework, both in government and in the private sector, and direct NIST to create more extensive adoption measurements.
Those requirements jibe with some elements of a draft cybersecurity executive order that would mandate that agencies adopt the NIST framework. It would conflict, however, with NIST’s general policy that the framework should be an advisory document for agencies and companies rather than a strict set of rules.  
The NIST mandate is included in the most recent leaked draft of President Donald Trump’s executive order, which has not been formally introduced.
Committee Chairman Lamar Smith, R-Texas, acknowledged the bill would vastly expand NIST’s responsibilities during a conversation with reporters after the markup but said that expansion is necessary to ensure agencies’ cyber protections.
“There’s a temptation, I realize, with a lot of government agencies not to want additional responsibility,” he said. “In this case, they are the most qualified, they have the expertise and, in the end, I think that they will want to help prevent cyberattacks.”
The committee’s ranking member Rep. Eddie Bernice Johnson, D-Texas, however, argued the bill would transfer to NIST responsibilities that should belong to the Office of Management and Budget and the Homeland Security Department, which is primarily responsible for civilian government’s operational cybersecurity.
“NIST is not an auditing agency,” she said in an opening statement. “They have no such history, experience or capacity.”
Smith has spoken to possible Senate sponsors and to Republican leadership about the bill, he told reporters, but could not predict when it might reach the House floor or be introduced in the upper chamber.
He predicted the bill would “enjoy widespread member and public support” and “help stop cybersecurity attacks.”
Johnson also criticized the bill for not providing additional funding for the audits, noting that Federal Information Security Management Act audits can cost in the millions of dollars. She called the bill a “massive underfunded mandate levied on an agency that is already overtasked.”

FISMA audits are currently the major annual cyber reviews agencies’ undergo and are conducted by agency inspectors general. 

No comments:

Post a Comment