     |
| |
When Belgian prosecutors suggested that Belgacom was the target of foreign espionage, many blamed the NSA -- it has a history of snooping on other countries, after all. Those accusations may have been off the mark, however. Der Spiegel has revealed documents leaked by Edward Snowden which hint that the UK's Government Communications Headquarters (GCHQ) was responsible. The intelligence agency reportedly tricked key Belgacom staff into visiting a malware-loaded website that hijacked their PCs. GCHQ could then spy on smartphones, map the network and investigate secure VPN connections. Neither Belgacom nor Belgium has responded to this latest Snowden leak, but we wouldn't be surprised if the apparent evidence speeds up their investigation.
Filed under: Cellphones, Wireless, Internet
Via: Ars Technica
Source: Der Spiegel (translated)
As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of "Sigint (signals intelligence) enabling" in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program.
The agencies' efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked "vast amounts" of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of "exploitable" information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA's "problem" are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.
Filed under: Internet
Source: New York TImes, Guardian, ProPublica
PRISM isn't just for US agencies -- last month it was revealed that the UK's Government Communication Headquarters (GCHQ) has been using the program to collect emails, photos and video content from an assortment of internet providers. Now, a German newspaper claims to know what companies collaborated with the security agency. According to The Gaurdian, Süddeutsche identified Verizon, Vodafone, Global Crossing, Level 3, BT, Interoute and Viatel as firms that participated in Tempora, a program that gave the GCHQ widespread access to the undersea fiber optic cables. The operation was all quite hush-hush, with documents referring to participating outfits by obscure code names: "Dacron" for Verizon, for instance, and "Little" for Level 3.
Parliament has already dismissed the agency's snooping as legal, but documents seen by The Guardian suggest that some telecoms may have illegally given the GCHQ access to other companies' cables without permission. Naturally, the firms involved were quick to dismiss foul play, with representatives from Verizon, Interoute and Vodaphone each assuring The Guardian that it was merely complying with UK law. True enough, probably, but we can't help but wonder if the operators weren't coaxed into cooperation with the promise of cool code-names.
Filed under: Internet
Via: TechCrunch
Source: The Guardian