Friday, January 31, 2014

Can you add to the list?

In his invaluable Lobster, Robin Ramsay is compiling a guide to what we've learned about the NSA's capabilities. (The same list, more or less, can be found elsewhere.) Here's what we have right now:
It [The NSA] can track the numbers of both parties on a phone call, as well location, time and duration.

It can hack Chinese phones and text messages.

It can set up fake internet cafes.

It can spy on foreign leaders’ cell phones.

It can tap underwater fiber-optic cables.

It can track communication within media organizations like Al Jazeera.

It can hack into the UN video conferencing system.

It can track bank transactions.

It can monitor text messages.

It can access your email, chat, and web browsing history.

It can map your social networks.

It can access your smartphone app data.

It is trying to get into secret networks like Tor, diverting users to less secure channels.

It can go undercover within embassies to have closer access to foreign networks.

It can set up listening posts on the roofs of buildings to monitor communications in a city.

It can set up a fake LinkedIn.

It can track the reservations at upscale hotels.

It can intercept the talking points for Ban Ki-moon’s meeting with Obama.

It can crack cellphone encryption codes.

It can hack computers that aren’t connected to the internet using radio waves. (Update: Clarification -- the NSA can access offline computers through radio waves on which it has already installed hidden devices.)

It can intercept phone calls by setting up fake base stations.

It can remotely access a computer by setting up a fake wireless connection.

It can install fake SIM cards to then control a cell phone.

It can fake a USB thumb drive that's actually a monitoring device.

It can crack all types of sophisticated computer encryption. (Update: It is trying to build this capability.)

It can go into online games and monitor communication.

It can intercept communications between aircraft and airports.

(Update) It can physically intercept deliveries, open packages, and make changes to devices.

(Update) It can tap into the links between Google and Yahoo data centers to collect email and other data.
Can we add to this? I think so:

It can use games like Angry Birds to peek at how you use your cell phone.

It can gather the EXIF data from photos uploaded to Facebook, even though Facebook strips away that data.

It can find the location of anyone who is using Google Maps.

It collects information about the people who comment on YouTube videos. (And now you know how Jay and Silent Bob tracked down their critics at the end of this movie.)

It knows who is watching which online videos in real time.

It monitors me -- and every other user of Blogger -- every time we log onto the system.

It can install malware and spy devices on laptops ordered online.

It has infected 50,000 computer networks with malware.

It directs the DEA in ways to cover up the fact that data used against a suspect came from the NSA. 

It can lie to Congress and get away with it.

And then there's the big one: The NSA uses fiber optic splitters to capture most of the content of our emails and phone conversations, which may then be datamined for key words. The daily haul is not considered truly "intercepted" if the material is read by a machine.

5 comments:

Alessandro Machi said...

I love the very lost one you came up with. The optic fiber splitter. I posted the same concept several years ago (elsewhere) regarding secure servers.

If there is a physical splitter buried within a server, it should be able to send a separate feed of all data that is going through the server without anyone's knowledge or admission.

Dojo Rat said...

How about The Department of Pre-Crime?

From Washingtons Blog:

http://www.washingtonsblog.com/2014/01/clues-future-snowden-leaks-found-past.html

(excerpt)

Pre-Crime and the NSA
We reported in 2008:

A new article by investigative reporter Christopher Ketcham reveals, a governmental unit operating in secret and with no oversight whatsoever is gathering massive amounts of data on every American and running artificial intelligence software to predict each American’s behavior, including “what the target will do, where the target will go, who it will turn to for help”.
***
"In February, the Sydney Morning Herald reported the Massachusetts-based multinational corporation, Raytheon – the world’s fifth largest defense contractor – had developed a “Google for Spies” operation.

Herald reporter Ryan Gallagher wrote that Raytheon had “secretly developed software capable of tracking people’s movements and predicting future behavior by mining data from social networking websites” like Facebook, Twitter, and Foursquare.

The software is called RIOT, or Rapid Information Overlay Technology."
--------------

Much more at link

Stephen Morgan said...

I'm not terribly impressed. Back in the 90s "Spycatcher" revealed that all the mails coming into the country were searched, talking about a bamboo-related technique to get letters out without damaging the envelopes. Also, aeroplane to airport communication can be heard by anyone with the correct equipment, which is publicly available. Even US drone telemetry is unencrypted a lot of the time, and can be eavesdropped on.

The silly stuff about infiltrating Warcraft and MMORPGs and suchlike is hardly technically impressive, either, the only revelation is that they're stupid enough to waste their time on it. A lot of the rest is just burglary. As they say in the software community, physical access is root access.

There are impressive technical capabilities, slashdot has posted several times in the last year about wi-fi being used to track movements of the body, which even works through walls and several meters of air. I also saw a documentary on drones in which a drone operator talked about watching Afghans having sex and shitting using technologies that can see people through walls, using some sort of infra-red or microwave radar or something like that. Trojan technology also allows anyone within quite a range of your screen to read what's on it.

Propertius said...

I'm perfectly okay with the NSA monitoring foreign embassies or snooping on UN communications. I'm even okay with them tracking Angela Merkel's cellphone. God knows everyone else is doing the same to us. Gathering foreign intelligence is, after all, supposedly the reason why we have intelligence agencies. Anyone who thinks the BND, DSG, FSB, and MI6 aren't trying to do the same to us is naive.

Domestic spying and surveillance? Monitoring US citizens and their communication habits? That's entirely different.

amspirnational said...

So you're okay with the NSA snooping on friends and enemies the Empire has made unnecessarily, according to the Founders, who came here to escape another Empire and opposed imperialism broadly.
If we dismantled our bases in Europe and the Mideast, bringing all the troops home, including military "trainers," I'd go along with your opinion.