NSA Archives

Inside Project Raven, a Team of Former NSA Analysts Who Worked for the UAE Government

Andrew Orr · September 15, 2021

Project Raven was a team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy. Reuters tells the story.

The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists. Details of the Karma hack were described in a separate Reuters article today.

An interesting story. We know that iOS 14.8 patched a vulnerability used by the Pegasus spyware, but I haven’t heard much about Karma.

Link

Court Finds NSA Collects Innocent Americans’ Data Anyway

Andrew Orr · May 7, 2021

The Foreign Intelligence Surveillance Court (FISC) found that the NSA doesn’t follow the law and collections the data of innocent Americans. This is according to a recently declassified document [PDF] from November 2020.

From where we sit, it seems clear that the FISC continues to suffer from a massive case of national security constitutional-itis. That is the affliction (not really, we made it up) where ordinarily careful judges sworn to defend the Constitution effectively ignore the flagrant Fourth Amendment violations that occur when the NSA, FBI, (and to a lesser extent, the CIA, and NCTC) misuse the justification of national security to spy on Americans en mass.

Link

NSA Wants to Spy on Americans Because Reasons

Andrew Orr · April 2, 2021

U.S. government servers have been getting hacked left and right. In response, the NSA wants us to think that approval of domestic spying will solve the problem, despite suffering an egregious hack in 2016 where its zero-day exploits were stolen.

“We truly need to look at the ability for us to see ourselves and right now it’s difficult for us to see ourselves,” Nakasone testified on Thursday to the Senate Armed Services Committee. Adversaries like China and Russia “are operating with increased sophistication, scope [and] scale, including operations that can end “before a warrant can be issued,” he warned.

Link

NSA Avoids Discussing Back Doors in Commercial Products

Andrew Orr · October 29, 2020

The U.S. National Security agency is dodging questions about back doors in commercial products and whether it’s continuing this practice. The article mentions Dual EC, a type of encryption algorithm the NSA tried to get ratified as a global standard. Why? Because they could easily crack it.

Juniper Networks got into hot water over Dual EC two years later. At the end of 2015, the maker of internet switches disclosed that it had detected malicious code in some firewall products. Researchers later determined that hackers had turned the firewalls into their own spy tool here by altering Juniper’s version of Dual EC.

And that’s the reason we oppose these kinds of back doors or “weaknesses on purpose” on Security Friday. If one group can easily crack it, so eventually will other groups.

Podcast

Security Friday News, iOS 14 Privacy – TMO Daily Observations 2020-09-04

Kelly Guimont · September 4, 2020 · Add Comment

Andrew Orr and Bryan Chaffin join host Kelly Guimont to discuss Security Friday news, and what privacy will look like in iOS 14.

VIew all episodes

Link

US Court Rules NSA Mass Surveillance Program Illegal

Andrew Orr · September 3, 2020

Seven years after NSA whistleblower Edward Snowden exposed the agency’s mass surveillance of Americans, a U.S. appeals court has deemed it illegal.

The ruling will not affect the convictions of Moalin and his fellow defendants; the court ruled the illegal surveillance did not taint the evidence introduced at their trial. Nevertheless, watchdog groups including the American Civil Liberties Union, which helped bring the case to appeal, welcomed the judges’ verdict on the NSA’s spy program.

Link

NSA Publishes Guide to Limit Location Data Exposure

Andrew Orr · August 4, 2020

The NSA recently published a guide on how to limit location data exposure on your devices. Direct link to the PDF here.

The guidelines are geared more for government officials, but the advice itself can be useful for those hoping to stop sending so much location data to tech companies, ad firms, or apps that may then expose it later.

It’s a useful guide, albeit strict.

Podcast

ARM Inside, NSA-brand Malware – TMO Daily Observations 2020-03-03

Kelly Guimont · March 3, 2020 · Add Comment

Charlotte Henry and John Martellaro join host Kelly Guimont to discuss malware bought and reused by the NSA, and the future of Mac processors.

VIew all episodes

Link

NSA Spy Program Cost Taxpayers $100 Million and Was Overall Useless

Andrew Orr · February 26, 2020

Form 2015 to 2019 the National Security Agency (NSA) collected Americans’ domestic phone calls and texts. The program cost US$100 million but only one investigation was able to make use of that data.

Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday.

“Based on one report, F.B.I. vetted an individual, but, after vetting, determined that no further action was warranted,” the report said. “The second report provided unique information about a telephone number, previously known to U.S. authorities, which led to the opening of a foreign intelligence investigation.”

Podcast

Apple Card 3% Club, NSA in NYT – TMO Daily Observations 2019-09-12

Kelly Guimont · September 12, 2019 · Add Comment

Andrew Orr and Bryan Chaffin join host Kelly Guimont to discuss the latest 3% back offers on Apple Card, & a letter from the NSA in the NYT.

VIew all episodes

Link

NSA Publishes Threatening Letter Calling for Encryption Backdoors

Andrew Orr · September 12, 2019

Glenn S. Gerstell, general counsel for the National Security Agency (NSA) published a letter in the New York Times, writing about how a “digital revolution threatens to upend our entire national security infrastructure.” He thinks backdoors into encryption is one answer (of course he doesn’t use the word backdoor), as well as the agency collecting even more data from citizens. Read his letter by clicking the link below, then read this take by Nefarious Laboratories.

Make no mistake, this letter is a thinly-veiled threat to every major corporation around the globe: provide the U.S. government with access to all of your data or else, “there is another path, and it is the one taken by authoritarian regimes around the world”.

News

NSA Wants Congress to Reauthorize Section 215 Permanently

Andrew Orr · August 23, 2019

Section 215 gives the NSA and FBI the power to collect the phone records of innocent Americans, and the NSA wants it to be permanent.

Link

Governments Are Terrible at Securing Data

Andrew Orr · June 12, 2019

It absolutely infuriates me when agencies like the FBI, and governments like Australia, the U.S., Germany, and more want us to break encryption or circumvent it with a back door. As Mathew Gault writes, they are completely inept at securing data. Even the NSA, which likes to think it’s the “world leader in cryptology” got hacked.

Regular phone and internet users remain vulnerable, forced to take individual protective measures, like a poor wage-worker without health insurance who’s told to secure her nest egg by cutting out morning lattes.

News

39 Groups Ask Congress To Revise Patriot Act as it Gets Renewed

Andrew Orr · April 1, 2019

The 2001 Patriot Act is up for renewal, and 39 privacy and civil rights groups are asking Congress to make changes to it.

News

Proposed Bipartisan Law Could End NSA Phone Surveillance

Andrew Orr · March 29, 2019

A new law out of Congress could put an end to NSA phone surveillance. It’s called the Ending Mass Collection of Americans’ Phone Records Act.

Link

National Security Agency Releases Ghidra

Andrew Orr · March 6, 2019

The NSA has released its tool called Ghidra at the RSA Security Conference. It’s an open-source tool that helps security researchers examine malware code.

You can’t use Ghidra to hack devices; it’s instead a reverse engineering platform used to take “compiled,” deployed software and “decompile” it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveals what the software you churn through it does.

Link

NSA Spying Program Has Allegedly Ended

Andrew Orr · March 5, 2019

The NSA spying program that analyzed the calls and texts of American citizens has allegedly been shut down.

Christopher Augustine, an N.S.A. spokesman, told The New York Times in January that agency officials were “carefully evaluating all aspects” of the Freedom Act program, and were discussing its future. Mr. Augustine made clear that the White House would make the final call about whether to ask Congress to extend the Freedom Act.

I hope this is actually true. Now we need the GCHQ to not spy on us either.

News

U.S. Cyber Command Thwarted Russia During Midterms

Andrew Orr · February 26, 2019

During the 2018 midterm elections U.S. Cyber Command blocked internet access to Russians seeking to interfere.

News

GCHQ Wants Apple to add it to iMessage, FaceTime Chats

Andrew Orr · February 1, 2019

The GCHQ wants Apple to secretly add the agency to iMessage chats and FaceTime calls, effectively creating a backdoor into encryption.

News

Homomorphic Encryption Gaining Traction

Andrew Orr · January 22, 2019

With homomorphic encryption, data could be encrypted and still worked with, greatly increasing security.

News

NSA to Release Free Reverse Engineering Tool GHIDRA

Andrew Orr · January 7, 2019

The U.S. National Security Agency is releasing a free and open source reverse engineering tool callee GHIDRA at the upcoming RSA security conference.

Podcast

New Apple Watch Workouts, NSA's Stylometry Identification System - TMO Daily Observations 2017-08-29

Jeff Gamet · August 29, 2017 · Add Comment

Dave Hamilton and Bryan Chaffin join Jeff Gamet to talk about new Apple Watch workout types hidden in iOS 11, plus they share their thoughts on the NSA using stylometry to identify people.

VIew all episodes