Technology companies need to make extra efforts to protect “innocent digital users”

Posted on July 22, 2013


How the NSA threatens America’s universities
Paul Woodward War in Context USA July 17, 2013

The sooner that flaws in computer code can be found, the sooner they can be fixed — these are the fixes required to reduce the vulnerability that all networks face from cyberattacks. The problem is that government agencies such as the NSA are now outbidding software manufacturers when such vulnerabilities get discovered, meaning that the flaws remain unfixed and the attacks continue. In order to advance their own cyberwarfare capabilities, the NSA and other intelligence agencies now have a vested interest in perpetuating network insecurity. America’s research universities are now suffering the fallout.

The New York Times reports:

America’s research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly. Campuses are being forced to tighten security, constrict their culture of openness and try to determine what has been stolen.

University officials concede that some of the hacking attempts have succeeded. But they have declined to reveal specifics, other than those involving the theft of personal data like Social Security numbers. They acknowledge that they often do not learn of break-ins until much later, if ever, and that even after discovering the breaches they may not be able to tell what was taken.

Universities and their professors are awarded thousands of patents each year, some with vast potential value, in fields as disparate as prescription drugs, computer chips, fuel cells, aircraft and medical devices.

“The attacks are increasing exponentially, and so is the sophistication, and I think it’s outpaced our ability to respond,” said Rodney J. Petersen, who heads the cybersecurity program at Educause, a nonprofit alliance of schools and technology companies. “So everyone’s investing a lot more resources in detecting this, so we learn of even more incidents we wouldn’t have known about before.”

Tracy B. Mitrano, the director of information technology policy at Cornell University, said that detection was “probably our greatest area of concern, that the hackers’ ability to detect vulnerabilities and penetrate them without being detected has increased sharply.” …

Below: Matthew M. Aid is the author of Intel Wars: The Secret History of the Fight Against Terror and The Secret Sentry: The Untold History of the National Security Agency, and is co-editor with Cees Wiebes of Secrets of Signals Intelligence During the Cold War and Beyond.

The CIA’s new black bag is digital
Matthew M. Aid Foreign Policy USA July 17, 2013

During a coffee break at an intelligence conference held in The Netherlands a few years back, a senior Scandinavian counterterrorism official regaled me with a story. One of his service’s surveillance teams was conducting routine monitoring of a senior militant leader when they suddenly noticed through their high-powered surveillance cameras two men breaking into the militant’s apartment. The target was at Friday evening prayers at the local mosque. But rather than ransack the apartment and steal the computer equipment and other valuables while he was away — as any right-minded burglar would normally have done — one of the men pulled out a disk and loaded some programs onto the resident’s laptop computer while the other man kept watch at the window. The whole operation took less than two minutes, then the two trespassers fled the way they came, leaving no trace that they had ever been there.

It did not take long for the official to determine that the two men were, in fact, Central Intelligence Agency (CIA) operatives conducting what is known in the U.S. intelligence community as either a “black bag job” or a “surreptitious entry” operation. Back in the Cold War, such a mission might have involved cracking safes, stealing code books, or photographing the settings on cipher machines. Today, this kind of break-in is known inside the CIA and National Security Agency as an “off-net operation,” a clandestine human intelligence mission whose specific purpose is to surreptitiously gain access to the computer systems and email accounts of targets of high interest to America’s spies. As we’ve learned in recent weeks, the National Security Agency’s ability to electronically eavesdrop from afar is massive. But it is not infinite. There are times when the agency cannot gain access to the computers or gadgets they’d like to listen in on. And so they call in the CIA’s black bag crew for help.

The CIA’s clandestine service is now conducting these sorts of black bag operations on behalf of the NSA, but at a tempo not seen since the height of the Cold War. Moreover, these missions, as well as a series of parallel signals intelligence (SIGINT) collection operations conducted by the CIA’s Office of Technical Collection, have proven to be instrumental in facilitating and improving the NSA’s SIGINT collection efforts in the years since the 9/11 terrorist attacks.

Over the past decade specially-trained CIA clandestine operators have mounted over one hundred extremely sensitive black bag jobs designed to penetrate foreign government and military communications and computer systems, as well as the computer systems of some of the world’s largest foreign multinational corporations. Spyware software has been secretly planted in computer servers; secure telephone lines have been bugged; fiber optic cables, data switching centers and telephone exchanges have been tapped; and computer backup tapes and disks have been stolen or surreptitiously copied in these operations.

In other words, the CIA has become instrumental in setting up the shadowy surveillance dragnet that has now been thrown into public view. Sources within the U.S. intelligence community confirm that since 9/11, CIA clandestine operations have given the NSA access to a number of new and critically important targets around the world, especially in China and elsewhere in East Asia, as well as the Middle East, the Near East, and South Asia. …

For many countries in the world, especially in the developing world, CIA operatives can now relatively easily obtain telephone metadata records, such as details of all long distance or international telephone calls, through secret liaison arrangements with local security services and police agencies.

America’s European allies are a different story. While the connections between the NSA and, for example, the British signals intelligence service GCHQ are well-documented, the CIA has a harder time obtaining personal information of British citizens. The same is true in Germany, Scandinavia and the Netherlands, which have also been most reluctant to share this sort of data with the CIA. But the French intelligence and security services have continued to share this sort of data with the CIA, particularly in counterterrorism operations.

U.S. intelligence officials are generally comfortable with the new collaboration. Those I have spoken to over the past three weeks have only one major concern. The fear is that details of these operations, including the identities of the targets covered by these operations, currently reside in the four laptops reportedly held by Edward Snowden, who has spent the past three weeks in the transit lounge at Sheremetyevo Airport outside Moscow waiting for his fate to be decided. Officials at both the CIA and NSA know that the public disclosure of these operations would cause incalculable damage to U.S. intelligence operations abroad as well as massive embarrassment to the U.S. government. If anyone wonders why the U.S. government wants to get its hands on Edward Snowden and his computers so badly, this is an important reason why.

More post on this topic -I guess none of us really have any digital end point rights and this is one huge issue for many innocent digital users  and none of these technology companies are practice CRS to protect their users or members when it comes even over the many Internet technology platforms and sites –I gather it is more about monetary costs and making huge profits with their data base and are not addressing the “human cost” catch this issue taking place on Facebook

  1. Edward Snowden News | Facebook Archives – Page 2 of 7 – Edward

    These charts show how the Edward #Snowden story is overwhelming the NSA story Washington Post (blog)Ever since the first details of the #NSA’s surveillance 
  2. Why Won’t Anyone Take Edward Snowden? – Slate Magazine  In this handout photo provided by The Guardian, Edward Snowden speaks during an 

  3. Edward Snowden Interview: ‘US Multinationals Should Not Be

    Jul 8, 2013 – Interview with Whistleblower Edward Snowden on Global Spying