Jump to content
IGNORED

whistleblowers: wikileaks, snowden i...


DarkAttraktor

Recommended Posts

Posted

Kako je razvalio...A BBC , pa jbga.Mada je meni najjace kad kursisti po nasim medijima sta god ih pitaju:Meni se dopada BBC nacin novinarstva...

Posted
Attacking Tor: how the NSA targets users' online anonymitySecret servers and a privileged position on the internet's backbone used to identify users and attack target computersBruce SchneierLaptop-in-dark-room-006.jpg

The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identified Tor users on the internet and then executes an attack against their Firefox web browser.The NSA refers to these capabilities as CNE, or computer network exploitation.The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the internet. This is done via the agency's partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney. The NSA creates "fingerprints" that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet.Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of internet traffic that it sees, looking for Tor connections.Last month, Brazilian TV news show Fantastico showed screenshots of an NSA tool that had the ability to identify Tor users by monitoring internet traffic.The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems.Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA. Exploiting the Tor browser bundleTor is a well-designed and robust anonymity tool, and successfully attacking it is difficult. The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers, and not the Tor application directly.This, too, is difficult. Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle.According to the training presentation provided by Snowden, EgotisticalGiraffe exploits a type confusion vulnerability in E4X, which is an XML extension for Javascript. This vulnerability exists in Firefox 11.0 – 16.0.2, as well as Firefox 10.0 ESR – the Firefox version used until recently in the Tor browser bundle. According to another document, the vulnerability exploited by EgotisticalGiraffe was inadvertently fixed when Mozilla removed the E4X library with the vulnerability, and when Tor added that Firefox version into the Tor browser bundle, but NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR. The Quantum systemTo trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.In the academic literature, these are called "man-in-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access".This same technique is used by the Chinese government to block its citizens from reading censored internet content, and has been hypothesized as a probable NSA attack technique. The FoxAcid systemAccording to various top-secret documents provided by Snowden, FoxAcid is the NSA codename for what the NSA calls an "exploit orchestrator," an internet-enabled system capable of attacking target computers in a variety of different ways. It is a Windows 2003 computer configured with custom software and a series of Perl scripts. These servers are run by the NSA's tailored access operations, or TAO, group. TAO is another subgroup of the systems intelligence directorate.The servers are on the public internet. They have normal-looking domain names, and can be visited by any browser from anywhere; ownership of those domains cannot be traced back to the NSA.However, if a browser tries to visit a FoxAcid server with a special URL, called a FoxAcid tag, the server attempts to infect that browser, and then the computer, in an effort to take control of it. The NSA can trick browsers into using that URL using a variety of methods, including the race-condition attack mentioned above and frame injection attacks.FoxAcid tags are designed to look innocuous, so that anyone who sees them would not be suspicious. An example of one such tag [LINK REMOVED] is given in another top-secret training presentation provided by Snowden.There is no currently registered domain name by that name; it is just an example for internal NSA training purposes.The training material states that merely trying to visit the homepage of a real FoxAcid server will not result in any attack, and that a specialized URL is required. This URL would be created by TAO for a specific NSA operation, and unique to that operation and target. This allows the FoxAcid server to know exactly who the target is when his computer contacts it.According to Snowden, FoxAcid is a general CNE system, used for many types of attacks other than the Tor attacks described here. It is designed to be modular, with flexibility that allows TAO to swap and replace exploits if they are discovered, and only run certain exploits against certain types of targets.The most valuable exploits are saved for the most important targets. Low-value exploits are run against technically sophisticated targets where the chance of detection is high. TAO maintains a library of exploits, each based on a different vulnerability in a system. Different exploits are authorized against different targets, depending on the value of the target, the target's technical sophistication, the value of the exploit, and other considerations.In the case of Tor users, FoxAcid might use EgotisticalGiraffe against their Firefox browsers.FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. One of the top-secret documents provided by Snowden demonstrates how FoxAcid can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process.According to a top-secret operational management procedures manual provided by Snowden, once a target is successfully exploited it is infected with one of several payloads. Two basic payloads mentioned in the manual, are designed to collect configuration and location information from the target computer so an analyst can determine how to further infect the computer.These decisions are made in part by the technical sophistication of the target and the security software installed on the target computer; called Personal Security Products or PSP, in the manual.FoxAcid payloads are updated regularly by TAO. For example, the manual refers to version 8.2.1.1 of one of them.FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. The operations manual states that a FoxAcid payload with the codename DireScallop can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process.The NSA also uses phishing attacks to induce users to click on FoxAcid tags.TAO additionally uses FoxAcid to exploit callbacks – which is the general term for a computer infected by some automatic means – calling back to the NSA for more instructions and possibly to upload data from the target computer.According to a top-secret operational management procedures manual, FoxAcid servers configured to receive callbacks are codenamed FrugalShot. After a callback, the FoxAcid server may run more exploits to ensure that the target computer remains compromised long term, as well as install "implants" designed to exfiltrate data.By 2008, the NSA was getting so much FoxAcid callback data that they needed to build a special system to manage it all.

Posted

realno, pre snowdena samo bi totalni cybergeek paranoiac mogo pretpostaviti da NSA ima specijalni sistem namenjen iskljucivo skladistenju podataka o korisnicima TOR mreze.

Posted

Da glenn je ovo stavio na svoj tw...Nema sta lincovanje.Ali toliko insistiranje na tome "otkrivate teroristima da ih pratimo" mislim da oni su debili....

Posted
Američki leakeri na međusobnom nazdravljanju u Moskvi:184056982.jpgEdward Snowden (third from right) receives the Sam Adams Associates for Integrity in Intelligence Award alongside UK WikiLeaks journalist Sarah Harrison (second from right), who took Snowden from Hong Kong to Moscow, and the US government whistleblowers who presented the award (left to right) Coleen Rowley (FBI), Thomas Drake (NSA), Jesselyn Raddack (Department of Justice) and Ray McGovern (CIA) on October 9, 2013 in Moscow.http://youtu.be/9yFDVjUDPxQ
Posted

Rusija jogekako, ko bi drugi mogao vise da ih zastiti od Rusije?

Posted
realno, pre snowdena samo bi totalni cybergeek paranoiac mogo pretpostaviti da NSA ima specijalni sistem namenjen iskljucivo skladistenju podataka o korisnicima TOR mreze.
Realno™, meni bi prvo palo na pamet da je to njihova "usluga".A nisam cybergeek.Možda paranoik. :D
  • 2 weeks later...
Posted

ovo je klasična špijunaža (stoga je OK, jel :)) ali otkriće dolazi iz snowdenovog paketa informacija pa neka stoji na ovoj temi:

Fresh Leak on US Spying: NSA Accessed Mexican President's EmailBy Jens Glüsing, Laura Poitras, Marcel Rosenbach and Holger Starkimage-558284-breitwandaufmacher-prhh.jpg DPAThe NSA has been systematically eavesdropping on the Mexican government for years. It hacked into the president's public email account and gained deep insight into policymaking and the political system. The news is likely to hurt ties between the US and Mexico.

The National Security Agency (NSA) has a division for particularly difficult missions. Called "Tailored Access Operations" (TAO), this department devises special methods for special targets.That category includes surveillance of neighboring Mexico, and in May 2010, the division reported its mission accomplished. A report classified as "top secret" said: "TAO successfully exploited a key mail server in the Mexican Presidencia domain within the Mexican Presidential network to gain first-ever access to President Felipe Calderon's public email account."According to the NSA, this email domain was also used by cabinet members, and contained "diplomatic, economic and leadership communications which continue to provide insight into Mexico's political system and internal stability." The president's office, the NSA reported, was now "a lucrative source."This operation, dubbed "Flatliquid," is described in a document leaked by whistleblower Edward Snowden, which SPIEGEL has now had the opportunity to analyze. The case is likely to cause further strain on relations between Mexico and the United States, which have been tense since Brazilian television network TV Globo revealed in September that the NSA monitored then-presidential candidate Enrique Peña Nieto and others around him in the summer of 2012. Peña Nieto, now Mexico's president, summoned the US ambassador in the wake of that news, but confined his reaction to demanding an investigation into the matter.Now, though, the revelation that the NSA has systematically infiltrated an entire computer network is likely to trigger deeper controversy, especially since the NSA's snooping took place during the term of Peña Nieto's predecessor Felipe Calderón, a leader who worked more closely with Washington than any other Mexican president before him.Brazil Also TargetedReports of US surveillance operations have caused outrage in Latin America in recent months. Brazilian President Dilma Rousseff cancelled a planned trip to Washington five weeks ago and condemned the NSA's espionage in a blistering speech to the United Nations General Assembly.The US surveillance of politicians in Mexico and Brazil is not a one-off. Internal documents show these countries' leaders represent important monitoring targets for the NSA, with both Mexico and Brazil ranking among the nations high on an April 2013 list that enumerates the US' surveillance priorities. That list, classified as "secret," was authorized by the White House and "presidentially approved," according to internal NSA documents.The list ranks strategic objectives for all US intelligence services using a scale from "1" for high priority to "5" for low priority. In the case of Mexico, the US is interested primarily in the drug trade (priority level 1) and the country's leadership (level 3). Other areas flagged for surveillance include Mexico's economic stability, military capabilities, human rights and international trade relations (all ranked at level 3), as well as counterespionage (level 4). It's much the same with Brazil -- ascertaining the intentions of that country's leadership ranks among the stated espionage targets. Brazil's nuclear program is high on the list as well.When Brazilian President Rousseff took office in early 2011, one of her goals was to improve relations with Washington, which had cooled under her predecessor, the popular former labor leader Luiz Inácio Lula da Silva. Lula focused primarily on establishing closer ties with China, India and African nations, and even invited Iran's then-President Mahmoud Ahmadinejad to Brazil, in a snub to the US. President Barack Obama postponed a planned visit to the capital, Brasília, as a result.Rousseff, however, has distanced herself from Iran. And the first foreign minister to serve under her, Antonio Patriota, who recently resigned, was seen as friendly toward the US, maintaining good ties with his counterpart Hillary Clinton. Obama made a state visit to Brazil two years ago and Rousseff had planned to reciprocate with a visit to Washington this October.Then came the revelation that US authorities didn't stop short of spying on the president herself. According to one internal NSA presentation, the agency investigated "the communication methods and associated selectors of Brazilian President Dilma Rouseff and her key advisers." It also said it found potential "high-value targets" among her inner circle.Economic Motives?Rousseff believes Washington's reasons for employing such unfriendly methods are partly economic, an accusation that the NSA and its director, General Keith Alexander, have denied. Yet according to the leaked NSA documents, the US also monitored email and telephone communications at Petrobras, the oil corporation in which the Brazilian government holds a majority stake. Brazil possesses enormous offshore oil reserves.Just how intensively the US spies on its neighbors can be seen in another, previously unknown operation in Mexico, dubbed "Whitetamale" by the NSA. In August 2009, according to internal documents, the agency gained access to the emails of various high-ranking officials in Mexico's Public Security Secretariat that combats the drug trade and human trafficking. This hacking operation allowed the NSA not only to obtain information on several drug cartels, but also to gain access to "diplomatic talking-points." In the space of a single year, according to the internal documents, this operation produced 260 classified reports that allowed US politicians to conduct successful talks on political issues and to plan international investments.The tone of the document that lists the NSA's "tremendous success" in monitoring Mexican targets shows how aggressively the US intelligence agency monitors its southern neighbor. "These TAO accesses into several Mexican government agencies are just the beginning -- we intend to go much further against this important target," the document reads. It goes on to state that the divisions responsible for this surveillance are "poised for future successes."While these operations were overseen from the NSA's branch in San Antonio, Texas, secret listening stations in the US Embassies in Mexico City and Brasília also played a key role. The program, known as the "Special Collection Service," is conducted in cooperation with the CIA. The teams have at their disposal a wide array of methods and high-tech equipment that allow them to intercept all forms of electronic communication. The NSA conducts its surveillance of telephone conversations and text messages transmitted through Mexico's cell phone network under the internal code name "Eveningeasel." In Brasília, the agency also operates one of its most important operational bases for monitoring satellite communications.This summer, the NSA took its activities to new heights as elections took place in Mexico. Despite having access to the presidential computer network, the US knew little about Enrique Peña Nieto, designated successor to Felipe Calderón.Spying on Peña NietoIn his campaign appearances, Peña Nieto would make his way to the podium through a sea of supporters, ascending to the stage like a rock star. He is married to an actress, and also had the support of several influential elder statesmen within his party, the PRI. He promised to reform the party and fight pervasive corruption in the country. But those familiar with the PRI, which is itself regarded by many as corrupt, saw this pledge as little more than a maneuver made for show.First and foremost, though, Peña Nieto promised voters he would change Mexico's strategy in the war on drugs, announcing he would withdraw the military from the fight against the drug cartels as soon as possible and invest more money in social programs instead. Yet at the same time, he assured Washington there would be no U-turn in Mexico's strategy regarding the cartels. So what were Peña Nieto's true thoughts at the time? What were his advisers telling him?The NSA's intelligence agents in Texas must have been asking themselves such questions when they authorized an unusual type of operation known as structural surveillance. For two weeks in the early summer of 2012, the NSA unit responsible for monitoring the Mexican government analyzed data that included the cell phone communications of Peña Nieto and "nine of his close associates," as an internal presentation from June 2012 shows. Analysts used software to connect this data into a network, shown in a graphic that resembles a swarm of bees. The software then filtered out Peña Nieto's most relevant contacts and entered them into a databank called "DishFire." From then on, these individuals' cell phones were singled out for surveillance.According to the internal documents, this led to the agency intercepting 85,489 text messages, some sent by Peña Nieto himself and some by his associates. This technology "might find a needle in a haystack," the analysts noted, adding that it could do so "in a repeatable and efficient way."It seems, though, that the NSA's agents are no longer quite as comfortable expressing such pride in their work. Asked for a comment by SPIEGEL, the agency replied: "We are not going to comment publicly on every specific alleged intelligence activity, and as a matter of policy we have made clear that the United States gathers foreign intelligence of the type gathered by all nations. As the President said in his speech at the UN General Assembly, we've begun to review the way that we gather intelligence, so that we properly balance the legitimate security concerns of our citizens and allies with the privacy concerns that all people share."Meanwhile, the NSA's spying has already caused considerable political damage in the case of Brazil, seriously denting the mutual trust between Rousseff and Obama. Brazil now plans to introduce a law that will force companies such as Google and Facebook to store their data inside Brazil's borders, rather than on servers in the US, making these international companies subject to Brazilian data privacy laws. The Brazilian government is also developing a new encryption system to protect its own data against hacking.So far, Mexico has reacted more moderately -- although the fact that the NSA infiltrated even the presidential computer network wasn't known until now. Commenting after TV Globo first revealed the NSA's surveillance of text messages, Peña Nieto stated that Obama had promised him to investigate the accusations and to punish those responsible, if it was found that misdeeds had taken place.In response to an inquiry from SPIEGEL concerning the latest revelations, Mexico's Foreign Ministry replied with an email condemning any form of espionage on Mexican citizens, saying such surveillance violates international law. "That is all the government has to say on the matter," stated a spokesperson for Peña Nieto.Presumably, that email could be read at the NSA's Texas location at the same time.

Posted

Čeka se analiza™ podobnih medija koja će nam objasniti kako je razotkrivanje ove nečuvene svinjarije dalo vetar u krila teroristima.

Posted

Mislim da je komentar nepotreban... osim da dodam, Miss Universe je u Moskvi za par nedelja. Kao i da je "The MISS UNIVERSE®, MISS USA® and MISS TEEN USA® Pageants are a Donald J. Trump and NBC Universal joint venture."Capture.png

Posted
Nju Delhi -- Indijski premijer Manmohan Sing ne poseduje mobilni telefon ni lični i-mejl nalog, tako da vlada u Nju Delhiju "nema razloga da strahuje" od prisluškivanja.Na pitanje novinara da li je 81-godišnji Sing zabrinut zbog mogućnosti da bi i on mogao da bude meta prisluškivanja, njegov portparol je izjavio: "Premijer ne koristi mobilni telefon i nema i-mejl nalog. Njegova kancelarija koristi i-mejl, ali on nema lični i-mejl. Nemamo informacija o prisluškivanju, kao ni razloga za zabrinutost."
:ziga:
Posted
Snowden Snowball keeps on rollin'... :lolol:
×
×
  • Create New...