Apple: We had no role in NSA's alleged iPhone hack
LONDON — Apple Inc. says it played no role in the National Security Agency's alleged efforts to hack the iPhone, explaining that it was unaware of a recently revealed program apparently aimed at turning the best-selling smartphone into an improvised listening device.The Cupertino, California-based, company said Tuesday it had never worked with the NSA to deliberately weaken its products, promising that it would "defend our customers from security attacks, regardless of who's behind them."
Apple's statement follows the disclosure by privacy advocate Jacob Appelbaum of a leaked document describing an NSA-designed "software implant" intended to turn an iPhone into a pocket-sized informer, secretly recording audio, stealing files, and harvesting contact information.
The revelation was one of series of disclosures which have rattled the NSA in the past six months.
******************************************************
Privacy advocate exposes NSA spy gear at gathering
By Raphael Satter THE ASSOCIATED PRESS
LONDON — A well-known privacy advocate has given the public an unusually explicit peek into the intelligence world's toolbox, pulling back the curtain on the National Security Agency's arsenal of high-tech spy gear.
Independent journalist and security expert Jacob Appelbaum on Monday told a hacker conference in Germany that the NSA could turn iPhones into eavesdropping tools and use radar wave devices to harvest electronic information from computers, even if they weren't online.
Appelbaum told hundreds of computer experts gathered at Hamburg's Chaos Communications Conference that his revelations about the NSA's capabilities ''are even worse than your worst nightmares.''
''What I am going to show you today is wrist-slittingly depressing,'' he said.
Even though in the past six months there have been an unprecedented level of public scrutiny of the NSA and its methods, Appelbaum's claims — supported by what appeared to be internal NSA slideshows — still caused a stir.
One of the slides described how the NSA can plant malicious software onto Apple Inc.'s iPhone, giving American intelligence agents the ability to turn the popular smartphone into a pocket-sized spy.
Another slide showcased a futuristic-sounding device described as a ''portable continuous wave generator,'' a remote-controlled device which — when paired with tiny electronic implants — can bounce invisible waves of energy off keyboards and monitors to see what is being typed, even if the target device isn't connected to the Internet.
A third slide showcased a piece of equipment called NIGHTSTAND, which can tamper with wireless Internet connections from up to 8 miles away.
An NSA spokeswoman, Vanee Vines, said she wasn't aware of Appelbaum's presentation, but that in general she would not comment on ''alleged foreign intelligence activities.''
******************************************************
ACLU sues government over international calls
The Associated Press
NEW YORK — A civil liberties group sued the U.S. government Monday, saying various agencies have failed to provide adequate documents related to what it calls the sweeping monitoring of Americans' international communications.
The American Civil Liberties Union said in the lawsuit in federal court in Manhattan that its Freedom of Information Act requests since May had been largely ignored by the National Security Agency, the Central Intelligence Agency, the Department of Defense, the Department of Justice and the Department of State. It sought a court order to force the government to turn over information about the rules governing how it monitors the international calls and the emails of Americans.
The ACLU said it wants to learn what protections are given to Americans whose communications are monitored and whether they are legally sufficient. The lawsuit said legal standards and limitations are sought rather than operational details.
A government spokeswoman said there was no immediate comment.
In a blog, ACLU staff attorney Alex Abdo said revelations over the last year have increased the public's understanding about how the government conducts surveillance when it sweeps up Americans' international communication when it takes place on U.S. soil. But he said there was little known about an executive order which allows U.S. agencies to monitor Americans' communication in other countries.
According to the lawsuit, the executive order signed in December 1981 and modified numerous times since allows surveillance that is not overseen by the Foreign Intelligence Surveillance Court. It said that while it was known that the order permits the government to target foreigners abroad for surveillance, recent revelations have confirmed that the government interprets the authority to permit sweeping monitoring of Americans' international communications.
"How the government conducts this surveillance, and whether it appropriately accommodates the constitutional rights of American citizens and residents whose communications are intercepted in the course of that surveillance, are matters of great public significance and concern," the lawsuit said.
Abdo said the lawsuit brought by the ACLU and the Media Freedom and Information Access Clinic at Yale Law School was filed after it was learned that the surveillance overseas is being conducted on Americans without any real oversight.
"We now know too well that unchecked surveillance authority can lead to dangerous overreach," he said.
The lawsuit cited news reports that NSA is collecting nearly 5 billion records per day on the locations of cell phones and hundreds of millions of contact lists or address books from personal email and instant messaging accounts.
The American Civil Liberties Union said in the lawsuit in federal court in Manhattan that its Freedom of Information Act requests since May had been largely ignored by the National Security Agency, the Central Intelligence Agency, the Department of Defense, the Department of Justice and the Department of State. It sought a court order to force the government to turn over information about the rules governing how it monitors the international calls and the emails of Americans.
The ACLU said it wants to learn what protections are given to Americans whose communications are monitored and whether they are legally sufficient. The lawsuit said legal standards and limitations are sought rather than operational details.
A government spokeswoman said there was no immediate comment.
In a blog, ACLU staff attorney Alex Abdo said revelations over the last year have increased the public's understanding about how the government conducts surveillance when it sweeps up Americans' international communication when it takes place on U.S. soil. But he said there was little known about an executive order which allows U.S. agencies to monitor Americans' communication in other countries.
According to the lawsuit, the executive order signed in December 1981 and modified numerous times since allows surveillance that is not overseen by the Foreign Intelligence Surveillance Court. It said that while it was known that the order permits the government to target foreigners abroad for surveillance, recent revelations have confirmed that the government interprets the authority to permit sweeping monitoring of Americans' international communications.
"How the government conducts this surveillance, and whether it appropriately accommodates the constitutional rights of American citizens and residents whose communications are intercepted in the course of that surveillance, are matters of great public significance and concern," the lawsuit said.
Abdo said the lawsuit brought by the ACLU and the Media Freedom and Information Access Clinic at Yale Law School was filed after it was learned that the surveillance overseas is being conducted on Americans without any real oversight.
"We now know too well that unchecked surveillance authority can lead to dangerous overreach," he said.
The lawsuit cited news reports that NSA is collecting nearly 5 billion records per day on the locations of cell phones and hundreds of millions of contact lists or address books from personal email and instant messaging accounts.
*****************************************************
EMC division RSA under fire after NSA allegations
THE BOSTON GLOBE
Cybersecurity experts and privacy advocates are continuing to press Bedford cybersecurity company RSA to reveal more details about its relationship with the National Security Agency's spying program, with some critics calling for a boycott of the company's upcoming annual convention.
A Dec. 20 Reuters article suggested that RSA, a division of the data storage giant EMC Corp. of Hopkinton, received $10 million from the NSA to modify one of its cybersecurity products, Bsafe, in a way that would allow the spy agency to get around computer safeguards and access sensitive data. Critics contend RSA has failed to clarify what its specific business dealings were with the NSA.
"I would want to see a clear statement from EMC about what software they're using, and what algorithms they're using,'' said Matthew Green, assistant research professor of computer science at Johns Hopkins University, referring to the compromised computer formula and other security products.
RSA and EMC each declined to comment Friday.
The product in question, Bsafe, is a widely used software tool designed to prevent hackers from breaking into software applications and stealing data. It gives users a choice of several formulas that generate random numbers needed to encrypt data. Moreover, the RSA encryption software is used throughout EMC's products, raising the possibility that data stored on EMC systems might be vulnerable.
The Reuters story said RSA installed a computer algorithm selected by the NSA into Bsafe, and made it the default number generator, so that it would more likely be used by customers. That could give the NSA the means to break into applications protected by the RSA product.
Earlier this year, leaks by former government contractor Edward Snowden revealed that the NSA had designed such an encryption formula and made it available to the cybersecurity industry.
The Reuters article is the first account suggesting that RSA was paid to be complicit in using the NSA algorithm. The story quoted some in the industry who questioned whether RSA was duped into using the encryption tool by the NSA.
This past weekend, RSA acknowledged it had worked with the NSA on a computer code for its security products, as far back as 2004 — well before anyone had an inkling of the widespread snooping the agency would conduct.
But RSA said, ''We have never entered into any contract or engaged in any project with the intention of weakening'' its security products or introduced vulnerabilities that others could exploit.
Earlier in 2013, RSA did acknowledge that the security formula in Bsafe was flawed, and suggested clients stop using the default number generator.
The company's statement, however, has failed to mollify many critics, who complained the company did not address some of the allegations in the Reuters story.
Now, just eight weeks before the company hosts its annual conference, one of the computer security industry's most prestigious events, RSA is facing a growing backlash, from cyber professionals and privacy advocates alike.
Two prominent speakers have withdrawn from the conference, and talk of a boycott of the RSA Conference is spreading on social media.
"There are going to be economic consequences, especially outside the United States. The boycott of the RSA Conference is just the tip of the iceberg,'' said Nicco Mele, a technology and policy expert at the Harvard Kennedy School.
Indeed, one of the first cybersecurity experts to withdraw from the conference was Mikko Hypponen, a well-known privacy specialist and chief research officer at the Finnish company F-Secure. Soon thereafter, Josh Thomas, an executive with Atredis Partners in Houston, also canceled his talk at the RSA Conference.
"I feel absolutely no need to go to that conference and speak, and by my actions and my words to further the RSA brand,'' said Thomas, who worked for more than a decade developing artificial intelligence software for the Army and cryptographic software for the Pentagon.
Previously RSA earned a reputation for fighting the government's efforts to weaken encryption tools. In the 1990s, under Jim Bidzos, former chief executive, it helped quash an NSA program to get telecommunications companies to adopt a chip that would make government eavesdropping easier.
Now its credibility is being called into question.
"What can RSA say? You caught us here, but we haven't done it anywhere else? You can trust us?'' said Bruce Schneier, author of multiple books on data security and privacy.
More broadly, said Schneier, the NSA spying scandal is taking a toll on the American technology industry.
For instance, he said, Cisco Systems Inc. said last month that customers in emerging markets are buying less of its equipment out of concern about built-in back doors that could let US spies access their data.
A bid by AT&T Inc. to buy the British cellphone company Vodafone Group PLC has faced pushback from European regulators worried about NSA infiltration of American telecommunications.
''This is the poison of what NSA has done,'' said Schneier. ''They've destroyed trust on the Internet.''
Meanwhile, some smaller security companies that offer similar products to the RSA Bsafe tool kit may stand to benefit. One such firm is Security Innovation Inc. of Wilmington, which offers its own security algorithm to keep applications safe.
As a result of the Snowden leaks ''you are seeing everyone rethinking and reevaluating the relationships they have,'' said Ed Adams, chief executive of Security Innovation. ''It's an opportunity for smaller security companies.''
Adams said that RSA has reached out to Security Innovation about potentially working with his company. That could be a way for RSA to add additional security formulas to its technology.
Adams did not provide details on what that partnership would involve.
While he would also like to see RSA respond to critics with more information, Adams doesn't fault RSA in this case. It's often impossible to know the motivations and intentions of the NSA when performing contract work for that and other government agencies.
''This is the yin and yang that you always have to manage when you are trying to do business with the government,'' said Adams, whose company worked extensively with government spy agencies until it spun off that business unit in 2005 and sold it to Raytheon Co. in 2008. ''You are always caught between two different missions.''
A Dec. 20 Reuters article suggested that RSA, a division of the data storage giant EMC Corp. of Hopkinton, received $10 million from the NSA to modify one of its cybersecurity products, Bsafe, in a way that would allow the spy agency to get around computer safeguards and access sensitive data. Critics contend RSA has failed to clarify what its specific business dealings were with the NSA.
"I would want to see a clear statement from EMC about what software they're using, and what algorithms they're using,'' said Matthew Green, assistant research professor of computer science at Johns Hopkins University, referring to the compromised computer formula and other security products.
RSA and EMC each declined to comment Friday.
The product in question, Bsafe, is a widely used software tool designed to prevent hackers from breaking into software applications and stealing data. It gives users a choice of several formulas that generate random numbers needed to encrypt data. Moreover, the RSA encryption software is used throughout EMC's products, raising the possibility that data stored on EMC systems might be vulnerable.
The Reuters story said RSA installed a computer algorithm selected by the NSA into Bsafe, and made it the default number generator, so that it would more likely be used by customers. That could give the NSA the means to break into applications protected by the RSA product.
Earlier this year, leaks by former government contractor Edward Snowden revealed that the NSA had designed such an encryption formula and made it available to the cybersecurity industry.
The Reuters article is the first account suggesting that RSA was paid to be complicit in using the NSA algorithm. The story quoted some in the industry who questioned whether RSA was duped into using the encryption tool by the NSA.
This past weekend, RSA acknowledged it had worked with the NSA on a computer code for its security products, as far back as 2004 — well before anyone had an inkling of the widespread snooping the agency would conduct.
But RSA said, ''We have never entered into any contract or engaged in any project with the intention of weakening'' its security products or introduced vulnerabilities that others could exploit.
Earlier in 2013, RSA did acknowledge that the security formula in Bsafe was flawed, and suggested clients stop using the default number generator.
The company's statement, however, has failed to mollify many critics, who complained the company did not address some of the allegations in the Reuters story.
Now, just eight weeks before the company hosts its annual conference, one of the computer security industry's most prestigious events, RSA is facing a growing backlash, from cyber professionals and privacy advocates alike.
Two prominent speakers have withdrawn from the conference, and talk of a boycott of the RSA Conference is spreading on social media.
"There are going to be economic consequences, especially outside the United States. The boycott of the RSA Conference is just the tip of the iceberg,'' said Nicco Mele, a technology and policy expert at the Harvard Kennedy School.
Indeed, one of the first cybersecurity experts to withdraw from the conference was Mikko Hypponen, a well-known privacy specialist and chief research officer at the Finnish company F-Secure. Soon thereafter, Josh Thomas, an executive with Atredis Partners in Houston, also canceled his talk at the RSA Conference.
"I feel absolutely no need to go to that conference and speak, and by my actions and my words to further the RSA brand,'' said Thomas, who worked for more than a decade developing artificial intelligence software for the Army and cryptographic software for the Pentagon.
Previously RSA earned a reputation for fighting the government's efforts to weaken encryption tools. In the 1990s, under Jim Bidzos, former chief executive, it helped quash an NSA program to get telecommunications companies to adopt a chip that would make government eavesdropping easier.
Now its credibility is being called into question.
"What can RSA say? You caught us here, but we haven't done it anywhere else? You can trust us?'' said Bruce Schneier, author of multiple books on data security and privacy.
More broadly, said Schneier, the NSA spying scandal is taking a toll on the American technology industry.
For instance, he said, Cisco Systems Inc. said last month that customers in emerging markets are buying less of its equipment out of concern about built-in back doors that could let US spies access their data.
A bid by AT&T Inc. to buy the British cellphone company Vodafone Group PLC has faced pushback from European regulators worried about NSA infiltration of American telecommunications.
''This is the poison of what NSA has done,'' said Schneier. ''They've destroyed trust on the Internet.''
Meanwhile, some smaller security companies that offer similar products to the RSA Bsafe tool kit may stand to benefit. One such firm is Security Innovation Inc. of Wilmington, which offers its own security algorithm to keep applications safe.
As a result of the Snowden leaks ''you are seeing everyone rethinking and reevaluating the relationships they have,'' said Ed Adams, chief executive of Security Innovation. ''It's an opportunity for smaller security companies.''
Adams said that RSA has reached out to Security Innovation about potentially working with his company. That could be a way for RSA to add additional security formulas to its technology.
Adams did not provide details on what that partnership would involve.
While he would also like to see RSA respond to critics with more information, Adams doesn't fault RSA in this case. It's often impossible to know the motivations and intentions of the NSA when performing contract work for that and other government agencies.
''This is the yin and yang that you always have to manage when you are trying to do business with the government,'' said Adams, whose company worked extensively with government spy agencies until it spun off that business unit in 2005 and sold it to Raytheon Co. in 2008. ''You are always caught between two different missions.''
Vote Mitchell for Selectman.
ReplyDeleteRemember the past to ensure a better future.
The nuclear option should NEVER be used.
What was that I said about conspiracy theorists?
ReplyDeleteYa know what comes to mind when I read this blog? "The Children of Harvest Home", or was it just "Harvest Home" with Betty Davis. I think there is a lot of ToadHouse (Patrick Swayze, Ben Gazzara) in this also. I fear Anne Gobe just scratched the surface.
Before people start praying to the Edward Snowden god you ought to really understand how treasonous he was and how many ethics violations and laws he broke and criminal activity he engaged in. He took a course in Systems Administration, hacked into the professor's account and got a copy of the answer sheet to the certification exam that he subsequently took. It's been alleged: He worked his way up the ladder until he could get a job with a contractor firm behind the NSA firewall, so he could hack into them from the inside. He stole people's identity to gain access to what they had access to. Where was the first place he fled to? China. Where was the second place? Russia. But don't take my word for it, I could be just as fast and loose with the facts as he's been. The truth is out there. I encourage people to read the facts. Conspiracies are the enemy of facts. Or, put differently, facts are the enemy of conspiracies.
And what's with the hyperbole of nuclear option? Are you talking about collapsing the economy, allowing a 51% majority rule, shutting down the government?
In all sincerity, what I suggest for the folks in Templeton...a whole new BOS, with people with degrees in Municipal Planning, Public Policy, Public Administration. Maybe that is the nuclear option, fire the entire BOS and start over. And if you do that, require them to sign an ethics contract where violation is jail time.
And for those that are old enough to remember Joe McCarthy, he got people checking under their beds at night too. On all this NSA stuff, do not believe what you read and only half of what you see. I am amazed and amused by how people seem to brussle at the NSA collecting nothing more than AT&T, Verizon, Sprint, et al, collect every month as they have since there have been phones yet share all their personal facts, family photos, most embarrassing truths on Face Book. Did you know FB routinely uses facial recognition software to identify the people in every photo you publish? Nobody actually believes Face Book is a charity do you?
DeleteBefore you come down too hard on the government, which is really what this is all about, ask yourself how long it would have taken to identify the perps of last year's Marathon bombing, and how is it in very short order they realized one of the brothers was directly engaged in several seemingly unrelated murders and that there were conspirators in Florida. And who would you fire if you found out they couldn't identify who those people were because it was illegal to do so?
time for balding templeton conspiricy links methinks.
DeleteGee whiz Walt,
ReplyDeleteAll of the articles posted above come from the "conspiracy spewing" whacko reporting of the Associated Press and the The Boston Globe.
Thought it was interesting that all of these articles from the main stream press were printed on the same day - New Year's Eve.
Thought It would be interesting to see what the reaction was to these articles.
So thank you for your comments.
Vote Mitchell for Selectman
Remember the past to ensure a better future
The nuclear option (603 CMR 41.05) should NEVER be used.
I think Templeton is the poster child for why it MUST be used. It is very clear Templeton can not manage itself, much less the education of it's youth. I totally get why you think it must never be used, it codifies Templeton can not govern itself or educate its youth. The fact there are so many who vociferously blame the school for the predicament Templeton is in means the system failed them too. It is not the school's fault, it is not the principal's fault, it is not the superintendent's fault. It is the town's fault. The reason I frequently mention the grandmother who so adoringly praised her 13 year old granddaughter for being pregnant typifies one of the many issues with Templeton. I posted that here so that other, more rationale, readers could look upon it with equal horror that we did. And if there isn't a collective outrage then yes, one gets what one pays for, and the next image I have is that of Harvest Home. Sorry folks, what worked in the 1800's no longer works, except 13 year old girl's plumbing, apparently.
ReplyDeleteWinchendon school dept was taken over by the state some years back. Winchendon home prices are higher for the same thing as Templeton's home, ditto for Gardner, ditto for Winchester. And for the people that fondly remember that ramshackled school next to the welfare office that poses as the police dept and say, it was good enough for me, it's good enough for my great grandchild. NO, the roof didn't leak then. It didn't have mold growing throughout then. That there is even a debate about it is shocking. No...scary.
I am not saying people don't have good intentions. The issue isn't that it is what exactly are their intentions?
1) to hold back the tide of progress....nope the dam is going to burst anyway.
2) keep those damn outsiders outside...ok, you get one point for that.
3) be a community people WANT to live in to increase the tax base. Sadly you've failed at that.
4) have the best darn senior center money can buy? OK, maybe 2 points although I've never seen the Sr Center. Isn't that the place with the toxic waste?
the list goes on.
So who is to blame and who should be 'fired', 'punished' 'called-out on it'? Um, I am down to the BOS.
Yes, there are some teachers (a few) there that should be summarily fired. By the same token, there are town employees regardless of part time status that should also be summarily fired.
And the whole NSA pile on....OMG that is so laughable.
NSA, fluoride in the water, um, GMOs? Really, and the band played on.
So blame the BOS is a solution?
ReplyDeleteThink again.
Everything you state is a societal issue that was put in play many years ago.
Divide and conquer. Keep the locals fighting amongst each other and no has time to look at the bigger issues.
Thanks for your input. You need to step up and run for office and show us how's it's done.
The solution is just that easy. Step up and help.
Happy New Year!
Hey Walt, I consider myself a pretty rational thinker and I have some differing opinions on the school issue. It is my understanding that people felt the school committee showed zero effort to engage in any kind of discussion of compromise during a difficult financial time in our community and that is why they are upset. They do not blame the school for the financial problems. Many people fully understand that there are state and federal mandates that have to be funded by law and are expensive. But, the school committee has to entertain showing some cooperation with the town to stretch the limited funds that can legally be raised in order to settle on a budget that is realistic. They could have offered to cut out travel expenses for the superintendent or other misc. funds in the school budget. But no conversation ever occurred. Also, keep in mind that the sitting BOS was not the same BOS that dealt with the 2013 budget last spring. Only Ms. Farrell was the same. And I believe she did raise many concerns over financial issues. And she continues to do so. No one can fault her for that. I've worked in the for-profit education industry and have seen first hand the lobbying of politicians to institute educational mandates and it wasn't for the betterment of education or "for the children". It was to line to pockets of the education companies selling common core products and teacher evaluation packages. Oh, and all the professional development courses that teachers are required to take in order to implement the mandates. Ms. Farrell is correct that these issues in Templeton are federal and state issues that are having to be dealt with at the local level. If you haven't heard of the organization called ALEC, look them up. Its their mission to privatize education, healthcare, and other social services for reasons of greed. And their plan is to do it at the local and state level where people can be bought and bribed and fooled more easily. I applaud and thank Pauly's Blog and Ms. Farrell for trying to present articles on these subjects in an effort to educate everyone on the issues so they can make better informed votes and engage in the budgetary processes in a more productive way. I appreciate hearing your viewpoint and hope you will appreciate hearing mine as well.
ReplyDelete