Thread: Privacy Alert! Big Brother is watching and listening, UPDATED

Sick of NSA Snooping? Glenn Beck’s Latest Announcement Could Be the Best Thing You’ve Heard All Week

Sep. 12, 2013 10:43am Erica Ritz

On his radio program Thursday, Glenn Beck announced an exciting new feature coming soon to annual TheBlaze TV Plus subscribers — a private 1791.com email address.
Beck said he believes the Bill of Rights, which was ratified in 1791, is “the secret” to what makes this country great, and among those rights is a right to privacy — something Americans are seeing less and less of, it seems, amid the NSA domestic surveillance scandal.“So I’m introducing today a new service for you,” Beck said. “It’s a private 1791.com address of your very own. Your name @1791.com as your email address.”



“We’re a company that will guarantee that you will never, ever, ever have your emails scanned,” he said. “We will never share the list…you’ll never see an advertisement that you’re like, ‘Wait a minute…Hold it, how do you know that I’ve been looking for that car?’”
“We’re not going to do any of that,” Beck said. “And it will be free to you, if you’re [an annual Blaze TV Plus] subscriber.”


Beck encouraged listeners to sign up for TheBlaze newsletter, FireWire, to be the first to know when the email service is up and running.“We’re not surrendering any lists, any emails, anything, without a warrant, and we will never scan your emails, period. Because we happen to believe in that little document produced in 1791.”


http://www.theblaze.com/stories/2013...mail-service/#

Gov’t standards agency “strongly” discourages use of NSA-influenced algorithm

NIST: "we are not deliberately... working to undermine or weaken encryption."

by Jeff Larson and Justin Elliott, ProPublica.org Sept 13 2013, 3:55pm EST

• Government
• Internet regulation
• Privacy

35

The NIST building in Boulder, Colorado.
Quinn Norton/Wired
Following revelations about the National Security Agency's (NSA) covert influence on computer security standards, the National Institute of Standards and Technology, or NIST, announced earlier this week it is revisiting some of its encryption standards. But in a little-noticed footnote, NIST went a step further, saying it is "strongly" recommending against even using one of the standards.
The institute sets standards for everything from the time to weights to computer security that are used by the government and widely adopted by industry.
As ProPublica, The New York Times, and The Guardian reported last week, documents provided by Edward Snowden suggest that the NSA has heavily influenced the standard, which has been used around the world. In its statement Tuesday, the NIST acknowledged that the NSA participates in creating cryptography standards "because of its recognized expertise" and because the NIST is required by law to consult with the spy agency. "We are not deliberately, knowingly, working to undermine or weaken encryption," NIST chief Patrick Gallagher said at a public conference Tuesday.
Various versions of Microsoft Windows, including those used in tablets and smartphones, contain implementations of the standard, though the NSA-influenced portion isn't enabled by default. Developers creating applications for the platform must choose to enable it.
The New York Times noted earlier this week that documents provided by Snowden show the spy agency played a crucial role in writing the standard that the NIST is now cautioning against using, which was first published in 2006. The NIST standard describes what is known as an "elliptic curve-based deterministic random bit generator." This bit of computer code is one way to produce random numbers that are the cornerstone of encryption technology used on the Internet. If the numbers generated are not random but in fact predictable, the encryption can be more easily cracked.
The Times reported that the Snowden documents suggest the NSA was involved in creating the number generator. Researchers say the evidence of NSA influence raises questions about whether any of the standards developed by the NIST can be trusted. "NIST's decisions used to be opaque and frustrating," said Matthew Green, a professor at Johns Hopkins University. "Now they're opaque and potentially malicious. Which is too bad because NIST performs such a useful service."
Cryptographers have long suspected the standard in question was faulty. Seven years ago, a pair of researchers in the Netherlands authored a paper that said the random number generator was insecure and that attacks against it could "be run on an ordinary PC." A year after that, in 2007, two Microsoft engineers flagged the standard as potentially containing a backdoor.
Following the criticism, the standard was revised in 2007 to include an optional workaround. The NSA has long been involved in encryption matters at the standards institute. "NIST follows NSA's lead in developing certain cryptographic standards," a 1993 Government Accountability Office report noted. A 2002 law mandates that the NIST set information security standards and lists the NSA merely as one of several other agencies that must be consulted.
Asked how often standards are reopened, NIST spokesperson Gail Porter said, "It's not frequent, but it does happen." She added that it would be "difficult to give you an exact number of times." Asked whether Microsoft would continue to use the encryption standard in some of its software, a spokesperson said the company "is evaluating NIST's recent recommendations and as always, will take the appropriate action to protect our customers." The NSA declined to comment.
This story originally appeared on ProPublica.

Newly created fed agency aims to monitor 80 percent of credit card transactions


By Richard Pollock
Published September 13, 2013



AP


Consumer Financial Protection Bureau officials are seeking to monitor four out of every five U.S. consumer credit card transactions this year -- up to 42 billion transactions -- through a controversial data-mining program, according to documents obtained by the Washington Examiner.
In addition, CFPB officials hope to monitor up to 95 percent of all mortgage transactions, according to the documents.
A CFPB strategic planning document for fiscal years 2013-17 describes the “markets monitoring” program through which officials aim to monitor 80 percent of all credit card transactions in 2013.
The U.S. Census Bureau reports that 1.16 billion consumer credit cards were in use in 2012 for an estimated 52.6 billion transactions. If CFPB officials reach their stated "performance goal," they would collect data on 42 billion transactions made with 933 million credit cards used by American consumers.

Read more on WashingtonExaminer.com

NSA disguised itself as Google to spy, say reports

If a recently leaked document is any indication, the US National Security Agency -- or its UK counterpart -- appears to have put on a Google suit to gather intelligence.
by Edward Moyer
September 12, 2013 2:19 PM PDT
The flag of the NSA.

Here's one of the latest tidbits on the NSA surveillance scandal (which seems to be generating nearly as many blog items as there are phone numbers in the spy agency's data banks).
Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently impersonated Google on at least one occasion to gather data on people. (Mother Jones subsequently pointed out Techdirt's point-out.)
Brazilian site Fantastico obtained and published a document leaked by Edward Snowden, which diagrams how a "man in the middle attack" involving Google was apparently carried out.

A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.


The article by Brazil's Fantastico mentions a hitherto unknown GCHQ spy program called "Flying Pig." This prompted a Twitter quip from Electronic Frontier Foundation attorney Kurt Opsahl: "PRISM, Flying Pig. Someone in the surveillance state has a thing for Pink Floyd album covers."
(Credit: Pig: Musiclipse.com; prism: Harvest, Capitol.)

The technique is particularly sly because the hackers then use the password to log in to the real banking site and then serve as a "man in the middle," receiving requests from the banking customer, passing them on to the bank site, and then returning requested info to the customer -- all the while collecting data for themselves, with neither the customer nor the bank realizing what's happening. Such attacks can be used against e-mail providers too.

It's not clear if the supposed attack in the Fantastico document was handled by the NSA or by its UK counterpart, the Government Communications Headquarters (GCHQ). The article by the Brazilian news agency says, "In this case, data is rerouted to the NSA central, and then relayed to its destination, without either end noticing."

"There have been rumors of the NSA and others using those kinds of MITM attacks," Mike Masnick writes on Techdirt, "but to have it confirmed that they're doing them against the likes of Google... is a big deal -- and something I would imagine does not make [Google] particularly happy."

Google provided a short statement to Mother Jones reporter Josh Harkinson in response to his questions on the matter: "As for recent reports that the US government has found ways to circumvent our security systems, we have no evidence of any such thing ever occurring. We provide our user data to governments only in accordance with the law." (The company is also trying to win the right to provide more transparency regarding government requests for data on Google users.)

CNET got a "no comment" from the NSA in response to our request for more information.
As TechDirt suggests, an MITM attack on the part of the NSA or GCHQ would hardly be a complete shock. The New York Times reported last week that the NSA has sidestepped common Net encryption methods in a number of ways, including hacking into the servers of private companies to steal encryption keys, collaborating with tech companies to build in back doors, and covertly introducing weaknesses into encryption standards.

It wouldn't be much of a stretch to obtain a fake security certificate to foil the Secure Sockets Layer (SSL) cryptographic protocol that's designed to verify the authenticity of Web sites and ensure secure Net communications.

Indeed, such attacks have been aimed at Google before, including in 2011, when a hacker broke into the systems of DigiNotar -- a Dutch company that issued Web security certificates -- and created more than 500 SSL certificates used to authenticate Web sites.

In any case, the purported NSA/GCHG impersonation of Google inspired a rather clever graphic by Mother Jones, one that might even impress the rather clever Doodlers at Google:

http://news.cnet.com/8301-13578_3-57...y-say-reports/

Originally Posted by April

Sick of NSA Snooping? Glenn Beck’s Latest Announcement Could Be the Best Thing You’ve Heard All Week

Sep. 12, 2013 10:43am Erica Ritz

On his radio program Thursday, Glenn Beck announced an exciting new feature coming soon to annual TheBlaze TV Plus subscribers — a private 1791.com email address.
Beck said he believes the Bill of Rights, which was ratified in 1791, is “the secret” to what makes this country great, and among those rights is a right to privacy — something Americans are seeing less and less of, it seems, amid the NSA domestic surveillance scandal.“So I’m introducing today a new service for you,” Beck said. “It’s a private 1791.com address of your very own. Your name @1791.com as your email address.”



“We’re a company that will guarantee that you will never, ever, ever have your emails scanned,” he said. “We will never share the list…you’ll never see an advertisement that you’re like, ‘Wait a minute…Hold it, how do you know that I’ve been looking for that car?’”
“We’re not going to do any of that,” Beck said. “And it will be free to you, if you’re [an annual Blaze TV Plus] subscriber.”


Beck encouraged listeners to sign up for TheBlaze newsletter, FireWire, to be the first to know when the email service is up and running.“We’re not surrendering any lists, any emails, anything, without a warrant, and we will never scan your emails, period. Because we happen to believe in that little document produced in 1791.”


http://www.theblaze.com/stories/2013...mail-service/#

Good video!! Thanks!!

You're welcome!

Project Bullrun – classification guide to the NSA's decryption program

Guide for NSA employees and contractors on Bullrun outlines its goals – and reveals that the agency has capabilities against widely-used online protocols such as HTTPS
GO HERE:

http://www.theguardian.com/world/int...fication-guide

Sigint – how the NSA collaborates with technology companies

Interactive Document shows how 'signals intelligence', or Sigint, 'actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs'

NSA: classification guide for cryptanalysis

Interactive Guide reveals that NSA 'obtains cryptographic details of commercial cryptographic information security systems through industry relationships'