Snowden leak suggests UK was spying on Belgian telecom

Snowden leaks suggest UK was spying on Belgian telecom, not NSA

When Belgian prosecutors suggested that Belgacom was the target of foreign espionage, many blamed the NSA -- it has a history of snooping on other countries, after all. Those accusations may have been off the mark, however. Der Spiegel has revealed documents leaked by Edward Snowden which hint that the UK's Government Communications Headquarters (GCHQ) was responsible. The intelligence agency reportedly tricked key Belgacom staff into visiting a malware-loaded website that hijacked their PCs. GCHQ could then spy on smartphones, map the network and investigate secure VPN connections. Neither Belgacom nor Belgium has responded to this latest Snowden leak, but we wouldn't be surprised if the apparent evidence speeds up their investigation.

Filed under: , ,

Comments

Via: Ars Technica

Source: Der Spiegel (translated)

American and British spy agencies can thwart internet security and encryption

American and British spy agencies can thwart internet security and encryption

As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of "Sigint (signals intelligence) enabling" in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program.

The agencies' efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked "vast amounts" of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of "exploitable" information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA's "problem" are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.

Filed under:

Comments

Source: New York TImes, Guardian, ProPublica

Report: Verizon, Vodafone and BT gave UK government unlimited access to undersea network cables

PRISM isn't just for US agencies -- last month it was revealed that the UK's Government Communication Headquarters (GCHQ) has been using the program to collect emails, photos and video content from an assortment of internet providers. Now, a German newspaper claims to know what companies collaborated with the security agency. According to The Gaurdian, Süddeutsche identified Verizon, Vodafone, Global Crossing, Level 3, BT, Interoute and Viatel as firms that participated in Tempora, a program that gave the GCHQ widespread access to the undersea fiber optic cables. The operation was all quite hush-hush, with documents referring to participating outfits by obscure code names: "Dacron" for Verizon, for instance, and "Little" for Level 3.

Parliament has already dismissed the agency's snooping as legal, but documents seen by The Guardian suggest that some telecoms may have illegally given the GCHQ access to other companies' cables without permission. Naturally, the firms involved were quick to dismiss foul play, with representatives from Verizon, Interoute and Vodaphone each assuring The Guardian that it was merely complying with UK law. True enough, probably, but we can't help but wonder if the operators weren't coaxed into cooperation with the promise of cool code-names.

Filed under:

Comments

Via: TechCrunch

Source: The Guardian

UK surveillance agency off the hook, legally, for PRISM

It may be the US government generating the most PRISM-related headlines, but the UK authorities have found themselves in plenty of hot water as well. If you were one of her privacy-concerned citizens hoping to see someone at the Government Communications Headquarter (GCHQ) get their comeuppance, then you're going to be sorely disappointed. The Intelligence and Security Committee (ISC) of Parliament has found that the GCHQ was within its legal powers to collect data on citizens. In particular, the committee cited the Intelligence Services Act of 1994 as giving the authority to do so to the GCHQ. This is far from the end of this saga, but for Brits hoping there would be quick legal retribution for those who unceremoniously listened in on your personal communications, it's a sad day indeed.

Filed under:

Comments

Source: BBC

Report: UK security agency also gathering secrets through PRISM

The United Kingdom's main security agency, the Government Communications Headquarters (GCHQ), is apparently working with the United States' Prism intelligence program to gather data on various internet companies, The Guardian reports. Documents given to the UK news outlet indicate that GCHQ was able to retrieve "personal material such as emails, photos and videos" from internet companies operating outside the UK, and the GCHQ employed 197 intelligence reports in 2012 alone. This allows the UK government to circumvent red tape that would otherwise tie up the process of acquiring information from companies located outside of its own region.

Apparently the GCHQ's been working with the US Prism service since "at least June 2010," and it's unknown how that's impacted UK citizens in the past several years -- a GCHQ representative wouldn't comment on how long the two agencies have been working together. Though the GCHQ didn't directly confirm the collaboration, the agency issued a statement to The Guardian stating it, "takes its obligations under the law very seriously."

The PRISM system is said to enable access to records held by the nine largest internet companies, from Apple and Google to Skype and even Engadget's parent company, AOL.

Comments

Source: The Guardian