NSA project working towards encryption-breaking quantum computer, reveals Snowden doc

According to documents leaked by Edward Snowden, the NSA dreams of a quantum computer that can break nearly every type of encryption -- one it is working towards (in part, at least) via a program called Penetrating Hard Targets, a $79.7 million project. The NSA isn't the only entity working on making a quantum computer reality, and such technologies would have widespread benefits beyond the cryptographically-oriented industry and various spy games.

Whether the NSA has advanced beyond similar efforts underway at the civilian level is unknown, but the Washington Post is reporting such efforts on the government's part are no farther ahead in terms of progress. A large amount of the work is reportedly taking place via classified contracts with a College Park laboratory, but not much is known beyond that.

If such a technology is developed, all forms of public key encryption could be broken. The documents seem to state the NSA is performing a lot of its research in Faraday cages, something said to be necessary to keep the "delicate" experiments up and running. No immediate breakthroughs seem likely, however, and MIT associate professor Scott Aaronson took that a step further, saying: "It seems improbable that the NSA could be that far ahead of the open world without anybody knowing it."

Experts who spoke to the Washington Post expressed doubt that any such computer could be developed in the next five years, but that isn't stopping the NSA from trying. The security agency, according to the document, is concerned that quantum computing could have future implications on both the ability to spy on the communications of foreign entities, but also to protect its own communications from other agencies beyond the US.






SOURCE: Washington Post

[Continue reading...]

NSA seizes full control of targeted iPhones via DROPOUTJEEP malware

The NSA developed in 2008 a software program for iPhones that can selectively and stealthily deliver data from iPhones to the NSA. The program is called DROPOUTJEEP. News of the malware is the latest to come out of the ongoing Snowden document media bonanza.

DROPOUTJEEP can read and retrieve SMS messages, contact lists, voice messages, and the iPhone's location via GPS and cell phone towers. It can also remotely activate the microphone and the camera.

In short, DROPOUTJEEP can gain full covert "command and control" over any iPhone on which it is installed.

The method of installation is not entirely clear, but logic dictates DROPOUTJEEP has to be installed either remotely or with hands on. In light of last weekend's Der Spiegel Snowden document analysis showing the NSA has infiltrated a wide range of proprietary hardware throughout the tech industry, the latter is a distinct possibility. That is to say, some iPhones currently in use in the wild may have physically passed through the NSA before arriving, bugged, in users' hands.

The NSA document describing DROPOUTJEEP seems to imply exactly that:

    "The initial release of DROPOUTJEEP will focus on installing the implant via close access methods."

How many iPhones have DROPOUTJEEP installed? And how many iPads? There's no way of knowing that at this point. It could be considered alarmist to imply a pervasive NSA influence on the iOS ecosystem. Equally alarmist -- and unfair -- might be to imply that Apple knowingly cooperated with the NSA on DROPOUTJEEP.

But questions are being raised, as in the case of Jacob Applebaum's comments today at a Chaos Communication Project event. Among them: "Either [the NSA] have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves."

In either case, iOS owners won't find much comfort in this little revelation. But neither will anyone who owns almost any kind of device from any manufacturer. The NSA is now everywhere.







SOURCE: Forbes

[Continue reading...]

NSA catalog lets agents deliver cloned hardware to targets

A new examination of the seemingly bottomless well of Snowden documents describes an internal NSA catalog of dead ringers for consumer hardware that the NSA can deploy on unsuspecting targets' systems. For example, when a target orders a new hard drive, router, monitor cable, or USB plug online, the NSA can intercept the order and send a bugged clone, which the target would then install by his own volition. The catalog includes hardware by Seagate, Samsung, Cisco, Huawei, Dell and many others.

Western Digital and Maxtor are two other hardware providers named in the monitoring device catalog. It also includes back door access to firewalls by Juniper Networks, as well as ready-made hacks for the BIOS firmware that runs when a personal computer starts up.

The catalog was produced by the Advanced/Access Network Technology (ANT) division of the NSA hacker unit Tailored Access Operations (TAO).

Der Spiegel reported that the NSA can intercept automated personal computer communications like Windows crash reports to ferret out vulnerabilities in users' systems. It does this via a so-called "shadow Internet" that runs alongside the regular Internet. SlashGear has previously reported on the NSA's "quantum insert" technique of serving copies of popular sites like LinkedIn to target users by dint of beating the legitimate websites to the server punch.

In other words, any of your electronics and favorite websites could actually be NSA-created resources should the spy agency deem you an asset.

On the industrial side, the catalog lets agents acquire and physically install bugged base stations that stand in for proprietary mobile network equipment. The NSA can use the stations to collect mobile communications data from personal devices in range.

Finally, the Der Spiegel analysis delved into how the NSA and its partners in private telecommunications companies have tapped major intercontinental data cables to conduct mass data surveillance. For example, the agency in early 2013 mapped the "SEA-ME-WE-4" undersea cable that connects Europe, North Africa and Asia.




SOURCE: Der Spiegel

[Continue reading...]

NSA phone surveillance ruled legal by NY judge [UPDATE]

In a ruling on federal phone-tracking this week a U.S. District Judge based in New York has ruled that the NSA’s actions thus far have been legal. Judge William Pauley sent a ruling on Friday, the 27th of December, saying the NSA program “represents the government’s counter-punch” in efforts to eliminate al-Qaida network efforts. This ruling dismisses a lawsuit brought on by the American Civil Liberties Union.

 

At this time the ACLU has not sent out comment on the matter, but we’ll expect that they’ll have something to say imminently. The ACLU brought case to a New York court earlier this year after NSA documents were leaked by Edward Snowden. The ACLU suggested that the programs outlined in these documents far exceeded the congressional authority of the Patriot Act, authorized after September 11th, 2001 and reauthorized in the years 2005 and 2010.

Judge Pauley’s ruling this week suggests that the government’s efforts have “adapted to confront a new enemy: a terror network capable of orchestrating attacks across the world.” According to SFGate, Judge Pauley suggested that the data-collection programs outlined by Snowden’s documents were part of this new adaptation.

At this time it would appear that Judge Pauley’s dismissal of the lawsuit brought on by the ACLU will require the group to seek higher court if they wish to continue. Have a peek at the timeline below to gain greater insight into the ever-expanding world of the NSA’s programs as revealed over the preceding set of months in 2013.

UPDATE: You can now read the full ruling in PDF form courtesy of the ACLU.

[Continue reading...]