DragonI

Here’s How the FBI Investigation Into Russia and Trump Campaign Actually Started

‘The Kremlin talked about Trump like he was their boy, and their comments weren’t always flattering.’

observer.com

I know something about how that plays out in practice, since I worked for NSA both as a civilian analyst and as a military officer, and I was technical director of NSA’s biggest operational division. I also worked extensively in counterintelligence, including collaboration with the FBI in cases just like what unfolded, in secret, in 2016 around candidate Trump. Therefore, I speak of the intersection of SIGINT and counterintelligence from the vantage point of what my friend Tom Nichols might call an expert.

Let me put my cards on the table: The counterintelligence investigation of Donald Trump was kicked off by not one, not two, but multiple SIGINT reports which set off alarm bells inside our Intelligence Community. This has been publicly known, in a general way, for some time. A little over a year ago, the Guardian reported, based on multiple intelligence sources, that the lead was taken by Government Communications Headquarters (GCHQ – Britain’s NSA), which “first became aware in late 2015 of suspicious ‘interactions’ between figures connected to Trump and known or suspected Russian agents, a source close to UK intelligence said. This intelligence was passed to the U.S. as part of a routine exchange of information.”

NSA isn’t just the world’s most powerful intelligence agency, it’s the hub of the whole Western spy system. 

As the Guardian explained, in the first half of 2016, as Trump’s presidential bid gained unexpected steam, Australia, Germany, Estonia, and Poland all had SIGINT hits that indicated a troubling relationship between Trump and Moscow. So, too, did the French and the Dutch—the latter being an especially savvy SIGINT partner of NSA’s.

The NSA official stated that those above-top-secret reports left no doubt that the Russians were subverting our democracy in 2016—and that Team Trump was a witting participant in the Kremlin’s criminal conspiracy: 

UK And US Accuse Russia Of Hacking Home Routers In Global Cyberattacks

Russia implicated in another major cyberattack.

www.forbes.com|Thomas Fox-Brewster

The U.K. and U.S. blamed Russian hackers for a campaign aimed at taking control of routers inside government, critical infrastructure and internet service providers, but also within small and home offices. The warning came in a joint announcement from British intelligence, the National Security Council (NSC), the DHS and the FBI on Monday. In a media briefing ahead of the announcement, Rob Joyce, special assistant to the president and cybersecurity coordinator at the National Security Council, said there was "high confidence" Russia was behind the attacks. The hacks were being tracked by British intelligence from a year ago, said Ciaran Martin, director of U.K.'s National Cyber Security Centre, run out of intelligence agency GCHQ.

The joint technical alert said Russian state-sponsored hackers had attempted to breach network routers, switches, firewalls and network intrusion detection systems across the world. Those routers were compromised to carry out so-called "man-in-the-middle" attacks where data going between computers and internet servers is intercepted, the NCSC said. That was being done "to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations," according to a statement from the NCSC.

Fox News pulls Judge Napolitano over his Trump wiretap claims

Fox News senior judicial analyst Judge Andrew Napolitano is being kept off the air indefinitely amid the controversy over his unverified claims that British intelligence wiretapped Trump Tower at the behest of former President Obama.

www.latimes.com|Stephen Battaglio

Fox News did not respond to inquiries about Napolitano’s status Monday. Napolitano was conspicuously missing from the network’s coverage of the confirmation hearings on Supreme Court nominee Neil Gorsuch — an event in which he typically would have played a significant role. He has not been on the air since Thursday.

People familiar with the situation who could speak only on the condition of anonymity said Napolitano is not expected to be on Fox News Channel any time in the near future. Napolitano was not available for comment.

Harry Potter: GCHQ 'intervened over Half-Blood Prince leak' - BBC News

The UK's surveillance agency GCHQ intervened to help prevent the sixth Harry Potter instalment leaking on the internet, the book's publisher says.

www.bbc.com

Nigel Newton, the founder of Bloomsbury Publishing, was contacted by GCHQ, Britain’s spy agency, in 2005 amid fears that Harry Potter and the Half-Blood Prince, the sixth book in the series, may have been leaked on the internet ahead of its publication.

"We fortunately had many allies," Mr Newton said. "GCHQ rang me up and said, 'We've detected an early copy of this book on the internet'. I got them to read a page to our editor and she said, 'No, that's a fake'. We also had judges and the police on our side.

It’s legal for GCHQ to break into computers and install spyware, tribunal rules

Investigatory Powers Tribunal also says "thematic warrants" to hack an entire city are fine.

arstechnica.co.uk

The Investigatory Powers Tribunal (IPT), the body that hears complaints about the UK's intelligence services, has ruled that it is legal for GCHQ to hack into systems, both in the UK and abroad, and to install spyware on them.

However, following the legal action by Privacy International and a group of seven ISPs, GCHQ for the first time has admitted that it "undertakes both 'persistent' and 'non-persistent' CNE [Computer Network Exploitation—hacking] operations, namely both where an ‘implant’ expires at the end of a user’s internet session and where it 'resides' on a computer for an extended period."

The admission that it breaks into systems and installs spyware is a minor victory for transparency, and represents a shift from the UK government's traditional "neither confirm nor deny" position. GCHQ has also revealed that in 2013 about 20 percent of its intelligence reports contained information derived from hacking.

As Privacy International noted in its press release on the decision, the main reason the IPT found in favour of GCHQ is that last year the UK government quietly rewrote the relevant laws to give GCHQ immunity from prosecution for carrying out this kind of illegal activity. In addition, it released a new Equipment Interference Code of Practice, which sets down what intelligence agencies are permitted to do when it comes to breaking into systems.

GCHQ can use 'thematic warrants', which means GCHQ can hack an entire class of property or persons, such as 'all phones in Birmingham'.

GCHQ’s data-mining techniques revealed in new Snowden leak

As far as metadata is concerned, handbook admits: "we pull everything we see."

arstechnica.co.uk

A "Data Mining Research Problem Book" marked "top secret strap 1" has been leaked that details some of the key techniques used by GCHQ to sift through the huge volumes of data it pulls continuously from the Internet.

Originally obtained by Edward Snowden, the 96-page e-book has been published by Boing Boing, along with a second short document entitled "What's the worst that can happen?". Boing Boing describes this as "a kind of checklist for spies who are seeking permission to infect their adversaries' computers or networks with malicious software."

The data mining handbook was written by researchers from the Heilbronn Institute for Mathematical Research in Bristol, a partnership between GCHQ and the University of Bristol. According to Boing Boing, "Staff spend half their time working on public research, the other half is given over to secret projects for the government."

The handbook provides valuable insights into some of the details of GCHQ's data mining work, at least as it was in September 2011, when the document was written. At that time, some of the "bearers"—Internet links—were producing 10 gigabits per second. As the handbook notes: "A 10G bearer produces a phenomenal amount of data: far too much to store, or even to process in any complicated way." As a result, "To make things manageable, the first step is to discard the vast majority of the packets we see."

...

"It is important to point out that tolerance for false positives is very low: if an analyst is presented with three leads to look at, one of which is probably of interest, then they might have the time to follow that up. If they get a list of three hundred, five of which are probably of interest, then that is not much use to them." This would seem to reinforce the argument for targeted, rather than mass surveillance, although the handbook is obviously concerned with the latter.

...

Most of the handbook is devoted to reviewing the rather abstruse mathematics that can be applied to extract useful information from the huge stores of metadata that GCHQ gathers. Nonetheless, along the way, it provides useful insights into some of the key GCHQ programmes that are almost impossible to obtain any other way.

"They want to own your phone instead of you,"

The former intelligence contractor told the BBC's Panorama that UK intelligence agency GCHQ had the power to hack into phones without their owners' knowledge.

Mr Snowden said GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in.

The UK government declined to comment.

Mr Snowden talked about GCHQ's "Smurf Suite", a collection of secret intercept capabilities individually named after the little blue imps of Belgian cartoon fame.

"Dreamy Smurf is the power management tool which means turning your phone on and off without you knowing," he said.

"Nosey Smurf is the 'hot mic' tool. For example if it's in your pocket, [GCHQ] can turn the microphone on and listen to everything that's going on around you - even if your phone is switched off because they've got the other tools for turning it on.

"Tracker Smurf is a geo-location tool which allows [GCHQ] to follow you with a greater precision than you would get from the typical triangulation of cellphone towers."

...

Once GCHQ had gained access to a user's handset, Mr Snowden said the agency would be able to see "who you call, what you've texted, the things you've browsed, the list of your contacts, the places you've been, the wireless networks that your phone is associated with.

"And they can do much more. They can photograph you".

Mr Snowden also explained that the SMS message sent by the agency to gain access to the phone would pass unnoticed by the handset's owner.

"It's called an 'exploit'," he said. "That's a specially crafted message that's texted to your number like any other text message but when it arrives at your phone it's hidden from you. It doesn't display. You paid for it [the phone] but whoever controls the software owns the phone."

...

Describing the relationship between GCHQ and its US counterpart, he said: "GCHQ is to all intents and purposes a subsidiary of the NSA.”

"They [the NSA] provide technology, they provide tasking and direction as to what they [GCHQ] should go after."

The NSA is understood to have a similar programme to the Smurf Suite used by GCHQ on which it is reported to have spent $1bn in response to terrorists' increasing use of smartphones.

UK Government Admits Intelligence Services Allowed To Break Into Any System, Anywhere, For Any Reason | Techdirt

www.techdirt.com

Recently, Techdirt noted that the FBI may soon have permission to break into computers anywhere on the planet. It will come as no surprise to learn that the US's partner in crime, the UK, granted similar powers to its own intelligence services some time back. What's more unexpected is that it has now publicly said as much, as Privacy International explains:

The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justifed to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.

That important admission was made in what the UK government calls its "Open Response" to court cases started last year against GCHQ. Here's what it reveals, according to Privacy International:

Buried deep within the document, Government lawyers claim that while the intelligence services require authorisation to hack into the computer and mobile phones of "intelligence targets", GCHQ is equally permitted to break into computers anywhere in the world even if they are not connected to a crime or a threat to national security.

Moreover:

The intelligence services assert the right to exploit communications networks in covert manoeuvres that severely undermine the security of the entire internet. The deployment of such powers is confirmed by recent news stories detailing how GCHQ hacked into Belgacom using the malware Regin, and targeted Gemalto, the world's largest maker of SIM cards used in countries around the world.

What's important about this revelation is not just the information itself -- many people had assumed this was the case -- but the fact that once more, bringing court cases against the UK's GCHQ has ferreted out numerous details that were previously secret. This shows the value of the strategy, and suggests it should be used again where possible.

What we need right now is a clear message to the people of this country. This message must be read in every newspaper, heard on every radio, seen on every television... I want *everyone* to *remember*, why they *need* us!

Technology should be used to create social mobility – not to spy on citizens

www.theguardian.com

NSA and GCHQ mass surveillance is more about disrupting political opposition than catching terrorists

The Stasi employed one snitch for every 50 or 60 people it watched. We can't be sure of the size of the entire Five Eyes global surveillance workforce, but there are only about 1.4 million Americans with Top Secret clearance, and many of them don't work at or for the NSA, which means that the number is smaller than that (the other Five Eyes states have much smaller workforces than the US). This million-ish person workforce keeps six or seven billion people under surveillance -- a ratio approaching 1:10,000. What's more, the US has only ("only"!) quadrupled its surveillance budget since the end of the Cold War: tooling up to give the spies their toys wasn't all that expensive, compared to the number of lives that gear lets them pry into.

IT has been responsible for a 2-3 order of magnitude productivity gain in surveillance efficiency. The Stasi used an army to surveil a nation; the NSA uses a battalion to surveil a planet.

The NSA and its allies stole the keys to your phone's security

www.theverge.com

A new report by The Intercept details a stunning heist made by US and UK spies that has given intelligence agencies the ability to break through the privacy of smartphone communications. The report claims that the NSA and GCHQ successfully hacked the network of Gemalto, a major manufacturer of SIM cards, and obtained the secret keys that unlock phone data. In short, it's a massive security breach that means your phone could be vulnerable to the whims of the world's most powerful spy agencies.

We still don't know how many people may be affected, but it's safe to say that the number could be significant; all four major US carriers are customers of Gemalto, and The Intercept reports that the company produces around 2 billion SIM cards each year. We have asked the big carriers — AT&T, Verizon, T-Mobile, and Sprint — to comment on the story. Gemalto told The Intercept that it was completely unaware of the security breach until now.

The breach is disastrous for mobile security, which has historically already been on shaky ground. "Gaining access to a database of keys is pretty much game over for cellular encryption," cryptography specialist Matthew Green told The Intercept.

Operation Socialist: How GCHQ Spies Hacked Belgium’s Largest Telco

firstlook.org

The British government infected Belgacom with among the most advanced malware ever seen.

...

The Snowden documents show that GCHQ wanted to gain access to Belgacom so that it could spy on phones used by surveillance targets travelling in Europe. But the agency also had an ulterior motive. Once it had hacked into Belgacom’s systems, GCHQ planned to break into data links connecting Belgacom and its international partners, monitoring communications transmitted between Europe and the rest of the world. A map in the GCHQ documents, named “Belgacom_connections,” highlights the company’s reach across Europe, the Middle East, and North Africa, illustrating why British spies deemed it of such high value.

...

Before GCHQ launched its attack on Belgacom’s systems, the spy agency conducted in-depth reconnaissance, using its powerful surveillance systems to covertly map out the company’s network and identify key employees “in areas related to maintenance and security.”

The Digital Arms Race: NSA Preps America for Future Battle - SPIEGEL ONLINE

www.spiegel.de

The NSA's mass surveillance is just the beginning. Documents from Edward Snowden show that the intelligence agency is arming America for future digital wars -- a struggle for control of the Internet that is already well underway.

During the 20th century, scientists developed so-called ABC weapons -- atomic, biological and chemical. It took decades before their deployment could be regulated and, at least partly, outlawed. New digital weapons have now been developed for the war on the Internet. But there are almost no international conventions or supervisory authorities for these D weapons, and the only law that applies is the survival of the fittest.

Canadian media theorist Marshall McLuhan foresaw these developments decades ago. In 1970, he wrote, "World War III is a guerrilla information war with no division between military and civilian participation." That's precisely the reality that spies are preparing for today.

The new documents shed some new light on other revelations as well. Although an attack called Quantuminsert has been widely reported by SPIEGEL and others, documentation shows that in reality it has a low success rate and it has likely been replaced by more reliable attacks such as Quantumdirk, which injects malicious content into chat services provided by websites such as Facebook and Yahoo. And computers infected with Straitbizarre can be turned into disposable and non-attributable "shooter" nodes. These nodes can then receive messages from the NSA's Quantum network, which is used for "command and control for very large scale active exploitation and attack." The secret agents were also able to breach mobile phones by exploiting a vulnerability in the Safari browser in order to obtain sensitive data and remotely implant malicious code.

The men and women working for the Remote Operations Center (ROC), which uses the codename S321, at the agency's headquarters in Fort Meade, Maryland, work on one of the NSA's most crucial teams, the unit responsible for covert operations. S321 employees are located on the third floor of one of the main buildings on the NSA's campus. In one report from the Snowden archive, an NSA man reminisces about how, when they got started, the ROC people were "just a bunch of hackers." Initially, people worked "in a more ad hoc manner," the report states. Nowadays, however, procedures are "more systematic". Even before NSA management massively expanded the ROC group during the summer of 2005, the department's motto was, "Your data is our data, your equipment is our equipment."

The agents sit in front of their monitors, working in shifts around the clock. Just how close the NSA has already gotten to its aim of "global network dominance" is illustrated particularly well by the work of department S31177, codenamed Transgression.

In 2009, an NSA unit took notice of a data breach affecting workers at the US Department of Defense. The department traced an IP address in Asia that functioned as the command center for the attack. By the end of their detective work, the Americans succeeded not only in tracing the attack's point of origin to China, but also in tapping intelligence information from other Chinese attacks -- including data that had been stolen from the United Nations. Afterwards, NSA workers in Fort Meade continued to read over their shoulders as the Chinese secretly collected further internal UN data. "NSA is able to tap into Chinese SIGINT collection," a report on the success in 2011 stated. SIGINT is short for signals intelligence.

The practice of letting other intelligence services do the dirty work and then tapping their results is so successful that the NSA even has a name for it: "Fourth Party Collection." And all countries that aren't part of the Five Eye alliance are considered potential targets for use of this "non-traditional" technique -- even Germany.

The NSA is also able to transform its defenses into an attack of its own. The method is described as "reverse engineer, repurpose software" and involves botnets, sometimes comprising millions of computers belonging to normal users onto which software has been covertly installed. They can thus be controlled remotely as part of a "zombie army" to paralyze companies or to extort them. If the infected hosts appear to be within the United States, the relevant information will be forwarded to the FBI Office of Victim Assistance. However, a host infected with an exploitable bot could be hijacked through a Quantumbot attack and redirected to the NSA. This program is identified in NSA documents as Defiantwarrior and it is said to provide advantages such as "pervasive network analysis vantage points" and "throw-away non-attributable CNA (eds: computer network attack) nodes". This system leaves people's computers vulnerable and covertly uses them for network operations that might be traced back to an innocent victim. Instead of providing protection to private Internet users, Quantumbot uses them as human shields in order to disguise its own attacks.

NSA agents aren't concerned about being caught. That's partly because they work for such a powerful agency, but also because they don't leave behind any evidence that would hold up in court. And if there is no evidence of wrongdoing, there can be no legal penalty, no parliamentary control of intelligence agencies and no international agreement. Thus far, very little is known about the risks and side-effects inherent in these new D weapons and there is almost no government regulation.

New Snowden documents show how the GCHQ tracked iPhone users

www.theverge.com

Snowden documents published today by Der Spiegel give new insight into the British GCHQ's efforts to track targets through their iPhones. Previous leaks have revealed specific NSA exploits used to compromise the famously malware-resistant iPhone software controls, but the new documents show that even when the device itself hasn't been compromised, any data on the phone can be pulled when the phone syncs with a compromised computer. Other techniques allow GCHQ researchers to surveil targets by following a device's UDID across different services.

The report is dated to November of 2010, before Apple began deprecating the UDID system, but the documents show how useful the system was for surveillance while it was still operational. By watching for the target's UDID number, the GCHQ could follow the same device as it synced with a compromised machine, browsed the web (exposing it to the agency's Safari exploit), or sent data to a broader tracking system like AdMob. In each case, the device's UDID would be exposed, allowing researchers to identify the person using it. Previous leaks have shown the NSA using similar tactics, compromising ad cookie networks as a way of tracking users across the web, effectively coopting any user-identification method as a surveillance tool. Luckily for iPhone users, Apple has already recognized the potential dangers of UDID and moved towards more privacy-friendly methods.

Spy cable revealed: how telecoms firm worked with GCHQ

www.channel4.com

Cable and Wireless even went as far as providing traffic from a rival foreign communications company, handing information sent by millions of internet users worldwide over to spies.

The firm, which was bought by Vodafone in July 2012, was part of a programme called Mastering the Internet, under which British spies used private companies to help them gather and store swathes of internet traffic; a quarter of which passes through the UK. Top secret documents leaked by the whistleblower Edward Snowden and seen by Channel 4 News show that GCHQ developed what it called "partnerships" with private companies under codenames. Cable and Wireless was called Gerontic.

Under the moniker, the company carried out tests on equipment used to carry out the surveillance, it came up with suggestions on how the spies could go about tapping its network, and even had a GCHQ employee working full-time within the company.

And a 2011 document reveals that Cable and Wireless went further. The company rented space on a cable owned by Indian telecoms company Reliance Communications that stretched from Asia across the Middle East and landed in Porthcurno in Cornwall. Reliance's transatlantic cable lands in Sennen Cove six miles to the north. And the two cables come together at nearby Skewjack Farm. Documents show that in 2011, this allowed Britain's spies to access all traffic from Reliance's main cable and send it to the GCHQ base up the coast in Bude.

...

The documents show an increasingly close relationship between the spy agency and Cable and Wireless, which has been operating submarine cables from the UK for more than a century. From 2008 until at least 2010, Cable and Wireless held regular meetings with GCHQ and was paid tens of millions of pounds to establish surveillance on web traffic as it flowed through its networks. At one point, the Mastering the Internet programme was costing £1m per month.

...

Channel 4 News has been unable to establish whether Reliance Communications was served with a warrant to authorise this and the company has not responded to our calls. Either way, from having no access to the cable at all, GCHQ planned to take in a trillion gigabytes of data per second.

ISPs take legal action against GCHQ

www.bbc.com

Seven internet service providers have filed a legal complaint against the UK's intelligence agency GCHQ.

ISPs from the US, UK, Netherlands and South Korea have joined forced with campaigners Privacy International to take the agency to task over alleged attacks on network infrastructure.

...

The ISPs involved in the action are UK-based GreenNet, Riseup (US), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (South Korea), May First/People Link (US) and the Chaos Computer Club (Germany).

Cedric Knight, of ISP GreenNet, added: "Snowden's revelations have exposed GCHQ's view that independent operators like GreenNet are legitimate targets for internet surveillance, so we could be unknowingly used to collect data on our users. We say this is unlawful and utterly unacceptable in a democracy."

GCHQ maintains that all its work is conducted "in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate".

Yahoo webcam images from millions of users intercepted by GCHQ

www.theguardian.com

• Session 1 - best porn videos
• Session 2 - most embarrassing world leader moments
• Session 3 - lying with a straight face 301

• Optic Nerve program collected Yahoo webcam images in bulk  • 1.8m users targeted by UK agency in six-month period alone  • Yahoo: 'A whole new level of violation of our users' privacy'  • Material included large quantity of sexually explicit images

NSA uses Google cookies to pinpoint targets for hacking

www.washingtonpost.com

According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or "cookies" that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don't contain personal information, such as someone's name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person's browser.

In addition to tracking Web visits, this cookie allows NSA to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. The slides say the cookies are used to "enable remote exploitation," although the specific attacks used by the NSA against targets are not addressed in these documents.

...

Google assigns a unique PREF cookie anytime someone's browser makes a connection to any of the company's Web properties or services. This can occur when consumers directly use Google services such as Search or Maps, or when they visit Web sites that contain embedded "widgets" for the company's social media platform Google Plus. That cookie contains a code that allows Google to uniquely track users to "personalize ads" and measure how they use other Google products.

Given the widespread use of Google services and widgets, most Web users are likely to have a Google PREF cookie even if they've never visited a Google property directly.

That PREF cookie is specifically mentioned in an internal NSA slide, which reference the NSA using GooglePREFID, their shorthand for the unique numeric identifier contained within Google's PREF cookie. Special Source Operations (SSO) is an NSA division that works with private companies to scoop up data as it flows over the Internet's backbone and from technology companies' own systems. The slide indicates that SSO was sharing information containing "logins, cookies, and GooglePREFID" with another NSA division called Tailored Access Operations, which engages in offensive hacking operations. SSO also shares the information with the British intelligence agency GCHQ.