Slashdot Mirror

← Back to Stories (view on slashdot.org)

How the NSA Is Spying On Everyone: More Revelations

Posted by timothy on from the your-own-good dept.

The Intercept has published today a story detailing documents that "reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers." The documents also describe a years-long effort, aimed at hostile and friendly regimes, from the point of view of the U.S. government, to break the security of various countries' communications networks. "Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks."

7 of 148 comments (clear)

  1. Call a spade a spade by Anonymous Coward · · Score: 5, Insightful

    Don't muddy the waters by implying that only a specific, "bad-apple" division of government is doing the stalking. It is government that is doing the stalking. The specific division of government (NSA) is utterly irrelevant to the victims. That only matters to the aggressor.

    If it was a private company doing the stalking, you wouldn't say that "Human Resources" is the aggressor and ignore the fact that Human Resources is owned by, funded by, and works for Google. You would state the obvious and say that Google is the aggressor.

    In other words, this is a failure of government, not "the NSA". Government is attacking your basic human right to free association, not "the NSA".

    1. Re:Call a spade a spade by Anonymous Coward · · Score: 5, Interesting

      And if your right hand causes you to sin, cut it off and throw it away. For it is better that you lose one of your members than that your whole body go into hell.

      I'm not even religious, and this quotation came to mind.

  2. 3GPP by TechyImmigrant · · Score: 5, Informative

    There is a group called SAGE that writes the crypto protocols for cell phones, DECT phones and other ETSI/ITU/3GPP derived standards.
    They have never knowingly published an unbroken spec. It is widely understood that this group exists to put government sponsored back doors into cordless phones and cell phones.

    I attended a 3GPP meeting since LTE was happening. In it, the guy from SAGE was presenting the new link cipher. 3GPP had asked for something based on AES (so SAGE couldn't pull their A5 shit any more). He presenting AES-CTR for the encryption and AES-CBC-MAC for the integrity field. He added in an off hand way that *the integrity field is truncated to 16 bits*.

    Since I wasn't there to help them, I didn't question this in the meeting but after the meeting I cornered him an asked why he made it 16 bits (because its obviously stupid), and he did a Gallic shrug of his shoulders and said "Zat ees what zey asked for". So at that point I knew the fix was in.

     

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    1. Re:3GPP by Charliemopps · · Score: 5, Insightful

      Yea, but at this point I think we should just give up on this. It's just not possible to protect yourself from a group with the size, clout and finances of the NSA. I think you and I both know, the easiest way for them to solve most of their problems is just have high level people in just about all of these companies on their payroll. If I were a DBA at a company like Google I'd be sitting in the lunchroom wondering which of my colleagues were the NSA guys and which were not.

      The only fix for all of this is to shut down the agency completely. Such a thing cannot exist in a free world. Yes, we'll be less safe from it. But I'll take a 1 in 250,000,000 chance of dieing in a terrorist attack over a 1 in 1 chance of having my mail read any day.

    2. Re:3GPP by HBI · · Score: 5, Informative

      No they weren't.

      Total US population in 2000 Census: 281421906. Total US-origin casualty count for 9-11: 2604. 1 death in 108072.93.
      Total US population estimate 2013: 313914000 Total motor vehicle fatalities: 33561. 1 death in 9353.5354.

      So you have 10 times the likelihood of dying in a car wreck every year than the worst year ever for terrorism. That's worth giving up all our rights for.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  3. Honest question ... by gstoddart · · Score: 5, Interesting

    Do the NSA and the American government believe in any way they should be free from other people spying on them? Or have they completely given up and decided "fuck it, everybody is spying anyway"?

    Because if the NSA or the US government are ever again going to complain about Chinese hackers, or pretty much any form of computer crime, it's the biggest pile of shit imaginable.

    Pretty much America has publicly said "we'll spy on anybody we can", which means you have no right to bitch when others do it you.

    Thanks, assholes, for undermining the rights of everyone on the planet.

    --
    Lost at C:>. Found at C.
  4. Re:Standard M.O. by Anonymous Coward · · Score: 5, Insightful

    Technically the people of the United States have the authority. It's such a shame that the government has been able to sucker the less intelligent masses into giving up liberty under the "threat" of terrorism.

    My solution was simply to move out of the USA. I've been an ex-pat going on a decade now and couldn't be happier. I plan to renounce my US citizenship this coming year.