Slashdot Mirror
NSA Can Spy On Data From Smart Phones, Including Blackberry
An anonymous reader writes with a report from Spiegel Online that the U.S. government "has the capability of tapping user data from the iPhone, [and] devices using Android as well as BlackBerry, a system previously believed to be highly secure.
The United States' National Security Agency intelligence-gathering operation is capable of accessing user data from smart phones from all leading manufacturers. ... The documents state that it is possible for the NSA to tap most sensitive data held on these smart phones, including contact lists, SMS traffic, notes and location information about where a user has been." As a bonus, the same reader points out a Washington Post report according to which "The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency's use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans' communications in its massive databases ... In addition, the court extended the length of time that the NSA is allowed to retain intercepted U.S. communications from five years to six years — and more under special circumstances, according to the documents, which include a recently released 2011 opinion by U.S. District Judge John D. Bates, then chief judge of the Foreign Intelligence Surveillance Court."
BES in theory can only be intercepted and cracked with a massive amount of computation time, limiting the functional use of any dragnet attempts.
Journalists never understand the difference between BIS and BES though.
Secret oversight can't be trusted, and anyone who thought it could be trusted was a moron.
Yet again, the extent of government overreaching continues. Lie about what really is really being done, and with a subtle move along, nothing to see here... "Ohh, look over there,Kim Kardashian."
Simply amazing that what is being assured is not being done, is in reality being done.
Are there any projects within the Android realm that can combat this? Given the open nature of the OS, it'd be nice if we could somehow adequately firewall such things.
No Surprises Here.
The reach of the NSA, along with many other government agencies, will continue to grow. We aren't just the leaders of the world in political bullshit, bombing other countries and killing people with drones ... we're also leading the world in spying on our citizens as well as other governments and their citizens too.
Not surprising given that the smartphone hardware and software are very much propreitary in nature, and allow for easier exploitation since third party auditing is practically impossible for the entire ecosystem.
At this point nothing except a ground-up freshly designed and built system and either written from scratch software or highly trusted ones like OpenBSD (without installing anything except base system) can be regarded as tentatively safe, and even this security is gone once such system connects to the Internet since once data is beyond the system, NSA can still intercept and crack it.
We need clean engineered hardware, and software, and that's not going to happen anytime soon, so we have to make do with open source software and best security practices and air-gapping sensitive stuff, or not storing it in digital systems in the first place
Phones are connected to networks. Government agencies by definition have the ability to issue warrants to get the network provider to turn over all data that passes through their network. Every government on the planet does this and has since the invention of the telephone. It's called a wiretap and the logic was extended for text and other data.
The network provider owns the network. Through the use of warrants the government owns the network provider. When you own the network you own all of the data going over it. With devices that perform MITM on the fly your encryption is useless unless you exchanged the key offline ahead of time. These devices have been sold for government and corporate use for many years.
The idea that anyone has ever had privacy on their mobile is a myth that has never had any basis in reality. You want a secure phone that your favorite government bad guy can't get into? Go to the store, buy your favorite phone and leave it in the package.
And now comes Act II where intercepted data can be shown in secret to a judge to obtain convictions without the defense being able to review same.
Then in Act III trials will be held in secret chambers with no defense.
This is not a signature.
Hey Obanaistas, ready to admit your guy is even worse than Bushitler?
No, we'll just accuse you of being a racist. Hope you understand.
Hail Bannack Obana!
NOPE but I'm willing to admit I'll probably never vote Democrat or Republican again.
Obviously if phone traffic is intercepted most of the crimes mentioned in conversations would not relate to terrorism. One wonders how many criminal prosecutions could take place if all crimes detected were subject to prosecution. Murder plots, cases of fraud and tax cheating, drug sales and smuggling and prostitution would all certainly be found with ease. It would quickly become obvious that our local and national government have little interest if stopping most crime.
If you don't believe this or do not want to believe it think about this one simple situation. People leaving bars in the wee hours are often drunks driving home. A smart cop would not want to stop people at closing time as he would be pulling over bar staff leaving work. But almost everyone leaving a bar 3o minutes before closing is legally drunk. So simply sitting at an advantageous spot and pulling over cars leaving the bar would yield a huge amount of good arrests. Yet town discourage cops from using this tactic as it disrupts business. Think about that a bit. Wouldn't we want to catch every drunk driver every time they drive drunk?
In fact, I don't. How about explaining it to me?
Then in Act III trials will be held in secret chambers with no defense.
What do you mean no defense? In the Soviet Union you could always defend against political criminal charges with pleading insanity, this is who you are modeling your system after, right?
Yeah, the guys who jailbreak iPhones and root Android devices. How about the crackers - all those pirated programs on the internet, or DeCSS and the bluray keys that are published. The ones who hack new features into Canon cameras with third party firmware. You know these guys, right?
Great - now go pick the ones who have trained for this and have PhDs in cryptography. Give them a $80-120,000/yr salary and benefits. Tell them they are responsible for keeping the USA safe by ferreting out every plot that gets communicated over any device in the world.
Congratulations, you now know who works for the NSA. And yet, somehow, we're surprised that they've managed to crack (for surveillance) the same devices we crack for entertainment and features.
Is it just my observation, or are there way too many stupid people in the world?
Blackberry and secure? That's why they're handing out surveillance access to oppressive regimes left and right?
In fact, I don't. How about explaining it to me?
It's all we have left.
I cannot thank you enough for making all this information public, and for giving up your normal life to inform us. I hope that one time you will be recognized by the UN, EU and most hopefully for you the US, so you can return to your own country without being prosecuted.
Wake me up when we start taking those matters seriously by enforcing a default crypto clusterfuck over the interwebs at the IP protocol level and shooting down the people responsible for this mess.
Obama administration had restrictions on NSA reversed in 2011
The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency’s use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans’ communications in its massive databases, according to interviews with government officials and recently declassified material.
In addition, the court extended the length of time that the NSA is allowed to retain intercepted U.S. communications from five years to six years — and more under special circumstances, according to the documents, which include a recently released 2011 opinion by U.S. District Judge John D. Bates, then chief judge of the Foreign Intelligence Surveillance Court.
What had not been previously acknowledged is that the court in 2008 imposed an explicit ban — at the government’s request — on those kinds of searches, that officials in 2011 got the court to lift the bar and that the search authority has been used. ...
Obama's doing every damn thing that wackos claimed Hallibushitlercheney did.
They told me that if we elected John McCain we'd be subjected to increased government intrusion, powers and spying.
Thanks hard working journalists.
Thanks Obama!
Futurist Traditionalism
What is the sentence in the Soviet Union for being convicted of insanity??
Incidentally I'm pretty sure he was alluding to the Gestapo.
What is the sentence in the Soviet Union for being convicted of insanity??
Varies depending on who you pissed off.
http://en.wikipedia.org/wiki/Political_abuse_of_psychiatry_in_the_Soviet_Union
Just because they can crack a four digit password on an iPhone doesn't mean they can quickly crack a 24 character password. A four digit password can be easily brute forced. That's not true with a 24 character password (emphasis on "easily"). Of course, few people have 24 character passwords.
From a previous post, here's the collected list of suggested actions people can take to help change the situation.
Have more ideas? Please post below.
Links worthy of attention:
http://anticorruptionact.org/ [anticorruptionact.org]
http://www.ted.com/talks/lawrence_lessig_we_the_people_and_the_republic_we_must_reclaim.html [ted.com]
http://action.fairelectionsnow.org/fairelections [fairelectionsnow.org]
http://represent.us/ [represent.us]
http://www.protectourdemocracy.com/ [protectourdemocracy.com]
http://www.wolf-pac.com/ [wolf-pac.com]
https://www.unpac.org/ [unpac.org]
http://www.thirty-thousand.org/ [thirty-thousand.org]
Join the class action suit that Rand Paul is bringing against the NSA.
Suggestion #1:
(My idea): If people could band together and agree to vote out the incumbent (senator, representative, president) whenever one of these incidents crop up, there would be incentive for politicians to better serve the people in order to continue in office. This would mean giving up party loyalty and the idea of "lessor of two evils", which a lot of people won't do. Some congressional elections are quite close, so 2,000 or so petitioners might be enough to swing a future election.
Let your house and senate rep know how you feel about this issue / patriot act and encourage those you know to do the same.
If enough people let their representivies know how they feel obviously those officials who want to be reelected will tend to take notice. We have seen what happens when wikipedia and google go "dark", congressional switchboards melt and the 180's start to pile up.
Fax is considered the best way to contact a congressperson,especially if it is on corporate letterhead.
Suggestion #2:
Tor, I2dP and the likes. Let's build a new common internet over the internet. Full strong anonymity and integrity. Transform what an
eavesdropper would see in a huge cypherpunk clusterfuck.
Taking back what's ours through technology and educated practices.
Let's go back to the 90' where the internet was a place for knowledgeable and cooperative people.
Someone Added: Let's go full scale by deploying small wireless routers across the globe creating a real mesh network as internet was designed to be!
Suggestion #3:
A first step might be understanding the extent towards which the government actually disagrees with the people. Are we talking about a situation where the government is enacting unpopular policies that people oppose? Or are we talking about a situation where people support the policies? Because the solutions to those two situations are very different.
In many cases involving "national security", I think the situation is closer to the second one. "Tough on X" policies are quite popular, and politicians often pander to people by enacting them. The USA Patriot Act, for example, was hugely popular when it was passed. And in general, politicians get voted out of office more often for being not "tough" on crime and terrorism and whatever else, than for being too over-the-top in pursuing those policies.
Suggestion #4:
What I feel is needed is a true 3rd party, not 3rd, 4th, 5th, and 6th parties, such as Green, Tea Party, Libertarian; we need an agreeable third party that can compete against the two majors without a lot of interference from small parties. We need a consensus third party.
Suggestion #5:
Replace the voting system. Plurality voting will always lead [wikipedia.org] to the mess we have now. The only contribution towards politics I've made in years
I'm an American. I don't care what my government does to me or what liberties it takes away as long as I can get my daily dose of banal entertainment.
Yes you will. Trust me on this, you will. That, or you won't vote at all; which is same as being apathetic.
Those of you who it doesn't are probably doing something wrong and need to hide it, right?
That is so obviously unconstitutional that the FISA court is clearly in violation of its oath to uphold the constitution.
The real "Libtards" are the Libertarians!
BlackBerry, a system previously believed to be highly secure.
By whom? That must have been very naïve people.
Anton Vickerman was criminally prosecuted for linking to infringing copyright material. During the hearing secret evidence was submitted using a procedure intended for terrorism.
https://en.wikipedia.org/wiki/Anton_Vickerman
The judge hears the evidence in private, Anton and his lawyers were not allowed to see or challenge the testimony.
Justice is a joke in the UK. I bet it was NSA/GCHQ/CIA testimony and I bet it was at best illegal domestic surveillance and at worst flat out lies. Because once you admit testimony which cannot be subject to cross examination, there's nothing to stopping them simply making up a few lies to taint a judge's view of the defendant.
That's what happened in Vickermans case, the judge was tainted.
The DEA lies (call it parallel construction does not mean it isn't lies) show they're perfectly prepared to lie in court to secure a conviction.
From the article:
The documents suggest the intelligence specialists have also had similar success in hacking into BlackBerrys. A 2009 NSA document states that it can "see and read SMS traffic."
While a blackberry does many things, it is also a GSM phone, and can send/receive SMS messages. There is no additional protection when using SMS on a blackberry, SMS are sent in the clear like any other phone. Monitoring SMS on a blackberry takes no additional effort above that of a regular GSM phone.
If the NSA can crack BES traffic (which is encrypted with AES), that would be news.
The documents state that it is possible for the NSA to tap most sensitive data held on these smart phones, including contact lists, SMS traffic, notes and location information about where a user has been.
SMS traffic is easy to tap on any (smart)phone.
Location is also easy to track. Each (smart)phone has an IMEI, and it is easy to determine which GSM towers the phone is talking to.
It seems like massive overkill to catch some terrorists?
I was on a libertarian web site, I heard my chromebook camera go off, I *do* have the camera taped with black tape when I don't need it. Be forewarned, they are going after patriots next.
"One that does not support all actions of the ruling party should be considered a traitor."
Don't trust politicians to fix things. They won't.
Don't trust government to tell the truth about what they're doing. They won't.
People who care about their privacy must assure it themselves. Use OpenBSD. Use strong crypto. Use Tor and Mixmaster. Use air gaps. Don't cut corners. Make the bastards work for every byte. If they want a police state, at least make it obvious that it is a police state, and let them consider if they can afford to make that obvious, in a country where half the households are armed. If they want our communications, make them come and pick our locks and plant bugs everywhere. Don't just let them sit in their offices and hoover it all up.
Or Gitmo?
The ones that handle the puppet are the same. There is no worse, just kept their original agendas running over 2 different president, and now people start to realize what they have been doing all this time in front of their eyes.
We already have Act II and Act II in Guantanamo.
No, he'll have to start an unprovoked war after alienating the international community for that. It might be coming, but it's not here yet.
"First they came for the slanderers and i said nothing."
Blackberry gave up all security years ago... Nobody remembers that UAE demanded access and they rolled over nearly instantly.. They probably handed everything over to the NSA without them even asking.
Do not look at laser with remaining good eye.
for years. He doesn't own a cell phone. It's a ALWAYS a tracking device the way cellular phones are designed and the Replicant project has stated that the proprietary non-user-replaceable modem firmware on phones are often (maybe always) capable of spying on users via access to there main CPU and data.
There are things you can do to help kill this issue. The problem right now is that there aren't enough people contributing to or otherwise helping to kill the problem. Things you can do even if your not technically capable are fund projects like Replicant (produces a 100% free version of Android), the Free Software Foundation (promotes user freedom, not just "open source", which makes hiding things like CarrierIQ possible), the Electronic Frontier Foundation (have helped anonymity projects like Tor get off the ground and generally promoted user freedom/rights online), and buy free software friendly hardware (as a general rule) and/or from those who support/promote it. ThinkPenguin is one of the handful of companies which is focused on the free software aspects of hardware. The FSF also certified a number of devices http://www.fsf.org/ryf and makes it dead simple. There really isn't much of any effort besides that from ThinkPenguin, the FSF, and a handful of others going into free'ing drivers and firmware. Without that your always going to be left insecure. Aleph Objects, Inc. also has released a free software friendly device called the LulzBot 3D printer.
I'm hoping that somebody somewhere will focus on a 100% free phone where the modem can be turned on/off at will and separates the modem & mic from the rest of the device. That way there may be a way you could combine a data connection with Tor and use prepaid to limit the tracking to when your checking email, etc. You could stay connected this way and only end up being tracked easily when your emails got pulled or you made a VoIP call. If it was strictly Tor over the prepaid device it might even be quite a bit more challenging to identify the owner of the device.
I am no expert on this, but I am just wondering if someone hacks my phone and downloads a bunch of data from it, does that count towards the data limit on my data plan? In other words, am I paying for the data for someone to spy on me? (Obviously I am with taxes, but beyond that....)
Any questions?
I haven't voted for Republicans or Democrats in over 30 years; instead, I've voted for third parties. So no, I'm not going to trust you.
That was sarcasm, in case you missed it.
I am very small, utmostly microscopic.
How is that working out for you?
I am very small, utmostly microscopic.
Yep. Voting in America is a joke.
The only opportunity I ever get to vote for someone that isn't a Democrat or Republican is during the presidential elections. Unfortunately, the campaigns are so tightly rigged and manipulated against third parties that I'm really left with two options: vote third party to "send a message" knowing full well we won't even be noticed in the statistics, or vote "strategically" for someone I despise.
In any other major election, my only choices are Democrats, Republicans, and "Independents". Where the "Independents" are invariably actually Democrats or Republicans who, like spoiled children, still wanted to run after being rejected by their own party. In rare situations where I've been able to find any information at all, this has been due to petty drama or incompetence, so... not exactly inspiring.
Most local elections where I am are absolutely worthless, too. Often, the ONLY published information about a candidate is that little D or R next to their name on the ballot. Sometimes even that gets omitted and we're expected to make an informed decision about people who have no internet presence and made no effort to campaign beyond littering the roads with red and blue signs branded with their name.
Wonder what everyone thinks of _NSAKEY now?
https://en.wikipedia.org/wiki/Nsakey
One thing which hasn't really popped up, but somehow makes sense, is if Microsoft bought Skype to improve NSA's ability to tap Skype calls, then does it not also make sense that Microsoft bought (and before then Eloped) Nokia in order to force their eavesdroppable Windows Phone OS on Nokia's handsets. I can't see the NSA forcing Symbian, Maemo etc. to insert any backdoors into their OS code since most of the dev was outside the US.
Security by obscurity!
Well, for me, I can at least feel I didn't help contribute to this mess.
Not a sentence!
You can use VPN on your iPhone (and home n/w) to stop surveillance .
"I like the dreams of the future better than the history of the past." Thomas Jefferson.
How has voting for the major parties worked out for you would be a better question.
What, if anything can we do to stop pervasive surveillance (with the accompanying evisceration of our Constitutional rights). 1) We can't resign ourselves that this trend is irreversible (that's what they want). 2) If your personal circumstances permit, participate in organized protests (if a miracle happens and there are mass protests -- which I doubt -- there are strength in numbers and you are less likely to be arrested, fired, etc) 3) Switch to open source as much as possible. Nothing is 100%, but proprietary is completely opaque. This goes for OS, crypto, etc. In this vein, take the Electronic Frontier Foundation's advice and particularly stay away from Microsoft products. It appears that they've been the coziest with the NSA on several levels. 4) Abandon the 'cloud' and tell Google, Microsoft, Apple, Yahoo, and assorted suspects WHY. Industry lobbyists literally write the laws and you'll see changes in a New York minute if these companies start losing significant money. 5) Don't use the major search engines -- use ixquick or GoGoDuck and continue (or start) to use TOR just to make the NSA's work a little more difficult. 6) Make a bunch of noise in the direction of your elected representatives. They're mostly douchebags but are still afraid of constituents if they get barraged with a ton angry correspondence. 7) If you have the coding skills, get involved in the open source movement or engage in creative civil disobedience (LULZ shouldn't be underestimated).
I really fucking wish the parent post was an unreal exaggeration.
and they'll die of terminal boredom.
b'dum, b'dum....
I often have to phone myself, to see where I left it, that is, if the battery still has some juice in it!
Just asking a question.
Low tech solutions usually win against governments and their hired killers, checking history.
So, will "users" abandon their smart phone to thwart NSA and White House just because doing so is ... Cool.
In a related vein SETI@Home is a failure and so NSA@Home will be too.
Champagne Wishes and Caviar Dreams to Gen. Alexander.
If the NSA is probing into an American's smartphone without a judicially authorized warrant, then the NSA is acting criminally. If this is true, there is no fucking way that Snowden should be prosecuted.
This is HUGE, because isn't metadata transmitted over the public airwaves; this is data stored inside a person's private device--where the person has a legitimate expectation of privacy.
There is no possibility of a NSA figleaf providing a half-assed justification for this kind of an intrusion. This kind of stuff is CRIMINAL and the persons doing it are CRIMINALS.
This is maximum bad.
... for NFL season has started.
Usually phone encryption happens between the cell phone itself and the receiving tower. You can listen with a radio, but 1) you need a radio that operates at that frequency 2) you have to be between the phone and the tower (or at least close) to receive the signal, and 3) you have to be able to decrypt the digital signal that is the phone call. Its not that way after the tower routes the call to a land line (and lets be honest, there are no cell phone to cell phone communications, its always cell to tower, to land line to cell tower to cell phone (or land line other phone). Once the call hits the tower, encrpytion is stripped. That's where the NSA can tap just like any other call, no decryption required. (For doubters, if decryption doesn't happen at the tower, how are you supposed to talk to someone with a land line or non-blackberry phone if the signal is still encrypted...). Actually none of this cell stuff comes over-the-air, they tap normal phone lines ...like normal. No magic 'acres of brute force cracking' yadda yadda required. Its easier and more centralized this way too.
or equivalent with cash. If two or more people buy such a phone with cash, including the minutes cards, they can communicate securely among themselves, because even if the NSA can listen in, they won't know who they are listening to.
A sufficiently advanced simulation is indistinguishable from reality.
Quality lube my friend... they don't even feel it
Joe sixpacks may not feel it, but their children sure gonna have that "groovy feeling".
Since President OBama is such a huge Blackberry fanatic, I believe it is time to submit a FIA request for all of President OBamas text messages from his blackberry.
Only criminals have to worry and complain the most about this. The normal 85 % of people out hasn't a problem with this
The news out of NSA just keeps getting worse. This is "SPIES GONE WILD" the sequel. In view of these depressing revelations, we can only do what we little we can do to protect what's left of our privacy. Encryption won't keep NSA out entirely, but it will make it harder for them to pick us out of the crowd. Decrypting still takes extra time & effort and that little bit of hassle may be enough to keep their noses out of your business. The same goes for storing stuff on Dropbox, iCloud, etc. Take it down and stash everything in a CloudLocker (www.cloudlocker.it), which works just the same but it's private and stays in your home where they still need a warrant to see inside.
The material viewed by SPIEGEL suggests that the spying on smart phones has not been a mass phenomenon. It has been targeted, in some cases in an individually tailored manner and without the knowledge of the smart phone companies.
At least for iPhones, it seems a user has to connect to his desktop before the crack can be applied...