China - Rich mainland parents are paying thousands of Hong Kong dollars to private investigators to spy on their children studying in Hong Kong, including PhD students and kindergarteners...
Philic Man Hin-nam, founder and director of Global Investigation and Security Consultancy, an all-woman detective agency, said that mainland student cases accounted for about 40 per cent of the more than 100 requests made by parents last summer for information on their children...
"Many mainland students studying in Hong Kong are single children from rich families," Liu of Wan King On Investigations said, "Those parents attach great importance to their children's behavior." (more)
Wednesday, December 11, 2013
New Android threats could turn some phones into remote bugging devices...
Researchers have recently uncovered two unrelated threats that have the potential to turn some Android devices into remotely controlled bugging and spying devices.
The first risk, according to researchers at antivirus provider Bitdefender, comes in the form of a software framework dubbed Widdit, which developers for more than 1,000 Android apps have used to build revenue-generating advertising capabilities into their wares...
What's more, Widdit uses an unencrypted HTTP channel to download application updates, a design decision that allows attackers on unsecured Wi-Fi networks to replace legitimate updates with malicious files. (more)
The first risk, according to researchers at antivirus provider Bitdefender, comes in the form of a software framework dubbed Widdit, which developers for more than 1,000 Android apps have used to build revenue-generating advertising capabilities into their wares...
What's more, Widdit uses an unencrypted HTTP channel to download application updates, a design decision that allows attackers on unsecured Wi-Fi networks to replace legitimate updates with malicious files. (more)
'That thing they said they're not doing? They're totally doing" - Jon Stewart
Last week The National Reconnaissance Office launched a new satellite called NROL-39 from Vandenberg Air Force Base in California, and a lot of people noticed a picture of a massive octopus straddling the earth.
"The Daily Show With Jon Stewart" has some fun with the spy logo, the choice of which drew ridicule in light of the many leaks about mass government surveillance from ex-NSA contractor Edward Snowden.
After playing a game of 'That Thing They Said They're Not Doing? They're Totally Doing" — which involves showing clips of the U.S. government denying spying allegations only to confirm them later — Stewart went after the logo that boasts: "Nothing Is Beyond Our Reach." (more)
In 1955 an octopus taking over Earth was just science fiction.
Perhaps the logo artist remembered this.
"The Daily Show With Jon Stewart" has some fun with the spy logo, the choice of which drew ridicule in light of the many leaks about mass government surveillance from ex-NSA contractor Edward Snowden.
After playing a game of 'That Thing They Said They're Not Doing? They're Totally Doing" — which involves showing clips of the U.S. government denying spying allegations only to confirm them later — Stewart went after the logo that boasts: "Nothing Is Beyond Our Reach." (more)
In 1955 an octopus taking over Earth was just science fiction.
Perhaps the logo artist remembered this.
Tuesday, December 10, 2013
GSM A5/1 Encryption Comes to German Cell phones
Deutsche Telekom is the first network operator in Germany to deploy the A5/3 encryption standard for voice transmission in its mobile phone network. This means conversations are better protected against wiretapping, even in the GSM network... The GSM network previously implemented the A5/1 encryption standard, which experts have cracked... Telekom is not limiting rollout of the A5/3 encryption standard to Germany, either: the new technology has already been implemented in Macedonia, Montenegro, Poland and the Czech Republic. More countries will follow. (more)
$15. Girl Tech IM-ME Pager Turned Into - a Spectrum Analyzer; a Police Radio Jammer...
This isn’t something we’d encourage our readers to do, but it’s pretty fascinating that a seemingly innocuous toy has such power.
The IM-ME is a small electronic toy made by Girl Tech that’s intended to be used as a sort of imitation cell phone, allowing users to send wireless messages to each other.
Unfortunately, a hacker named Travis Goodspeed discovered that you can use the hardware to roam frequencies freely and even decode the metadata that prefixes radio communications, allowing a listener to identify both parties on the call.
You can also use the thing as a spectrum analyzer and many other unintended purposes... such as jamming. (more) (video on P25)
The IM-ME is a small electronic toy made by Girl Tech that’s intended to be used as a sort of imitation cell phone, allowing users to send wireless messages to each other.
Unfortunately, a hacker named Travis Goodspeed discovered that you can use the hardware to roam frequencies freely and even decode the metadata that prefixes radio communications, allowing a listener to identify both parties on the call.
You can also use the thing as a spectrum analyzer and many other unintended purposes... such as jamming. (more) (video on P25)
Surveillance Cameras a Weapon in Neighborhood Feud
Scott and Terri Gale, of Kemah, Tex., are seeking a restraining order against Natalie Belk, who lives directly across the street from them, according to media reports.
The Gales say Belk’s surveillance cameras point into their master bedroom and bathroom.
The cameras were installed in September 2012, but the neighbors have been feuding since 2008 court records say. (more)
I guess taking their case to court is more civil than installing a permanently mounted laser pen aimed at the camera's lens. (snicker) (How to Zap a Camera)
The Gales say Belk’s surveillance cameras point into their master bedroom and bathroom.
The cameras were installed in September 2012, but the neighbors have been feuding since 2008 court records say. (more)
Without laser. With laser. |
Labels:
amateur,
harassment,
lawsuit,
miscellaneous,
privacy,
spycam
Industrial Espionage Gets Caddy
Michael Kassner via TechRepublic.com...
With all the recent industrial espionage, it was only a matter of time before malware developers would take a look at Computer-Aided Design (CAD) programs as a way to ex-filtrate proprietary documents and drawings from engineering firms...
The first time I read about an AutoCAD malware was last year when ESET.com reported a strange anomaly on their LiveGrid network. It was strange because the malware attacked AutoCAD, but only in Peru of all places.
After some investigation, it was determined the malware ACAD/Medre.A was a worm programmed to send AutoCAD drawings via email to an account (you guessed it) in China. The experts at ESET had this to say:
ACAD/Medre.A is a serious example of suspected industrial espionage. Every new design created by a victim is sent automatically to the authors of this malware...
Something else that ESET pointed out bothered one of my clients when I told them about ACAD/Medre.A: “The attacker may even go so far as to get patents on the product before the inventor has registered it at the patent office. The inventor may not know of the security breach until his patent claim is denied due to prior art.”
...a new trojan popped up on Trend Micro’s radar—ACM_SHENZ.A, and it was targeting AutoCAD programs. But with a twist, the malware was benign. Like most trojans, its job was to gain a foothold on the victim’s computer.
Once safely entrenched, ACM_SHENZ.A obtains administrative rights which make it simple for the malware to create network shares for all drives. The malware also opens ports: 137, 138, 139, and 445. Doing so allows access to files, printers, and serial ports.
Obtaining administrative rights also allows the attacker to plant additional malware. It’s this additional malware, experts at Trend Micro suspect will be used to steal drawings and engineering documents...
CAD drawings are now a valid attack vector. (more)
With all the recent industrial espionage, it was only a matter of time before malware developers would take a look at Computer-Aided Design (CAD) programs as a way to ex-filtrate proprietary documents and drawings from engineering firms...
The first time I read about an AutoCAD malware was last year when ESET.com reported a strange anomaly on their LiveGrid network. It was strange because the malware attacked AutoCAD, but only in Peru of all places.
After some investigation, it was determined the malware ACAD/Medre.A was a worm programmed to send AutoCAD drawings via email to an account (you guessed it) in China. The experts at ESET had this to say:
ACAD/Medre.A is a serious example of suspected industrial espionage. Every new design created by a victim is sent automatically to the authors of this malware...
Something else that ESET pointed out bothered one of my clients when I told them about ACAD/Medre.A: “The attacker may even go so far as to get patents on the product before the inventor has registered it at the patent office. The inventor may not know of the security breach until his patent claim is denied due to prior art.”
...a new trojan popped up on Trend Micro’s radar—ACM_SHENZ.A, and it was targeting AutoCAD programs. But with a twist, the malware was benign. Like most trojans, its job was to gain a foothold on the victim’s computer.
Once safely entrenched, ACM_SHENZ.A obtains administrative rights which make it simple for the malware to create network shares for all drives. The malware also opens ports: 137, 138, 139, and 445. Doing so allows access to files, printers, and serial ports.
Obtaining administrative rights also allows the attacker to plant additional malware. It’s this additional malware, experts at Trend Micro suspect will be used to steal drawings and engineering documents...
CAD drawings are now a valid attack vector. (more)
Monday, December 9, 2013
On "Free" Security Apps...
I came across a new smartphone security app the other day which caught my eye. It promised...
In my mind, I could hear my father saying, "there is no free lunch, if it looks too good to be true..." The years have always proven him correct.
The app's web site had a foreign country URL. Not a big issue. Perhaps it was the only place where the site's name was available. A little more digging and I came up with a company address here in the United States; a residential address. Again, not a big issue. The company is just over a year old, they have no other products, and software development from home is common. Both the Chairman and CEO of the company have names normally associated with a foreign country. I am still not phased. The United States is the world's melting pot.
A question on their FAQ page was the first red flag. "Why do you need my cell phone number to activate the service?" The answer, "we need the number so we can send you the activation code." My question is, why does a free encryption product need an activation code? It sounds like a ploy to identify users. Apparently, enough people felt this was an invasion of their privacy. The next part of the company's answer was that the code would no longer be needed after version x.xx.
The next FAQ was, "Why do you upload my contact book to your servers?" The answer smelled like more dung. Apparently, everything the app does goes through their servers.
On to the fine print.
The product is specifically not guaranteed: not the encryption, not the self-destruction of the messages, photos or videos, nothing. They accept no liability. The are held harmless in the event transmissions are decrypted, deleted, copied, hacked, or intercepted.
Apps cost money to develop. Even allowing for ads, as these folks do, that is not enough money to justify an app this fancy (assuming it fulfills all its claims). There must be another payoff. What's worth money here?
Information.
People who use encryption are a select group; easy to target. For whatever reason, they feel their information is valuable. Hummm, a free security app could be great espionage tool. Let's see what information the company admits to collecting...
"We have the right to monitor..." Boom! What!?!?
And, they collect: IP addresses, email addresses, phone numbers, address books, mobile device ID numbers, device names, OS names and versions. They can know who you are, where you are, and information about everyone you know. Even if you never use this app, if you are in the address book of someone who does, you're now coin of their realm.
"Photos and videos are cashed on servers..." and you can't delete them. They claim they will do this for you after, "a period of time."
Throughout all of this, the user's fire-of-fear is dowsed with, don't worry, it's all encrypted, no one but you can see it, trust me. Right... how about a little trust, but verify. Other security software companies allow vetting. I saw no claims that their code was independently vetted for bugs, back doors, or spyware. And, what about that "We have the right to monitor..." clause? How is that accomplished without a back door?
They, "May collect statistics about the behavior of users and transmit it to employees, contractors and affiliated organizations outside your home country." Yikes. Who are you affiliated with anyway? Please don't tell me, "if I tell you, I will have to kill you."
Here's another kicker. If they sell the company, "user information is one of the assets which would be transferred or acquired by the third party."
This may be a perfectly legitimate app. Maybe I'm paranoid. But, money, power, politics, espionage and blackmail all come to mind. Any government intelligence service, business espionage agent, or organized crime boss could have come up with this as a ruse.
Which brings me to the moral of this story...
Before you trust any security service, vet it thoroughly.
If your OTHBD needle starts to tremble, don't rationalize, move on. ~Kevin
- Free and secure phone calls.
- Send self-destructing messages.
- Recall or remotely wipe sent messages.
- Safely share private photos and videos.
- Photo vault to hide photos and videos.
- Hide text messages, contacts, call logs.
- Private vault for documents, notes and diary.
In my mind, I could hear my father saying, "there is no free lunch, if it looks too good to be true..." The years have always proven him correct.
The app's web site had a foreign country URL. Not a big issue. Perhaps it was the only place where the site's name was available. A little more digging and I came up with a company address here in the United States; a residential address. Again, not a big issue. The company is just over a year old, they have no other products, and software development from home is common. Both the Chairman and CEO of the company have names normally associated with a foreign country. I am still not phased. The United States is the world's melting pot.
A question on their FAQ page was the first red flag. "Why do you need my cell phone number to activate the service?" The answer, "we need the number so we can send you the activation code." My question is, why does a free encryption product need an activation code? It sounds like a ploy to identify users. Apparently, enough people felt this was an invasion of their privacy. The next part of the company's answer was that the code would no longer be needed after version x.xx.
The next FAQ was, "Why do you upload my contact book to your servers?" The answer smelled like more dung. Apparently, everything the app does goes through their servers.
On to the fine print.
The product is specifically not guaranteed: not the encryption, not the self-destruction of the messages, photos or videos, nothing. They accept no liability. The are held harmless in the event transmissions are decrypted, deleted, copied, hacked, or intercepted.
Apps cost money to develop. Even allowing for ads, as these folks do, that is not enough money to justify an app this fancy (assuming it fulfills all its claims). There must be another payoff. What's worth money here?
Information.
People who use encryption are a select group; easy to target. For whatever reason, they feel their information is valuable. Hummm, a free security app could be great espionage tool. Let's see what information the company admits to collecting...
"We have the right to monitor..." Boom! What!?!?
And, they collect: IP addresses, email addresses, phone numbers, address books, mobile device ID numbers, device names, OS names and versions. They can know who you are, where you are, and information about everyone you know. Even if you never use this app, if you are in the address book of someone who does, you're now coin of their realm.
"Photos and videos are cashed on servers..." and you can't delete them. They claim they will do this for you after, "a period of time."
Throughout all of this, the user's fire-of-fear is dowsed with, don't worry, it's all encrypted, no one but you can see it, trust me. Right... how about a little trust, but verify. Other security software companies allow vetting. I saw no claims that their code was independently vetted for bugs, back doors, or spyware. And, what about that "We have the right to monitor..." clause? How is that accomplished without a back door?
They, "May collect statistics about the behavior of users and transmit it to employees, contractors and affiliated organizations outside your home country." Yikes. Who are you affiliated with anyway? Please don't tell me, "if I tell you, I will have to kill you."
Here's another kicker. If they sell the company, "user information is one of the assets which would be transferred or acquired by the third party."
This may be a perfectly legitimate app. Maybe I'm paranoid. But, money, power, politics, espionage and blackmail all come to mind. Any government intelligence service, business espionage agent, or organized crime boss could have come up with this as a ruse.
Which brings me to the moral of this story...
Before you trust any security service, vet it thoroughly.
If your OTHBD needle starts to tremble, don't rationalize, move on. ~Kevin
Yet Another Step Closer to Eavesdropping on the Brain
Science fiction has long speculated what it would be like to peek inside a person's mind and find out what they are thinking.
Now scientists are one step closer to such technology after forging a new brain monitoring technique that could lead to the development of 'mind-reading' applications.
The breakthrough comes from a Stanford University School of Medicine study that was able to 'eavesdrop' on a person's brain activity as they performed normal functions by utilizing a series of electrodes attached to certain portions of the brain.
The process, called 'intracranial recording', was tested... (more)
Now scientists are one step closer to such technology after forging a new brain monitoring technique that could lead to the development of 'mind-reading' applications.
The breakthrough comes from a Stanford University School of Medicine study that was able to 'eavesdrop' on a person's brain activity as they performed normal functions by utilizing a series of electrodes attached to certain portions of the brain.
The process, called 'intracranial recording', was tested... (more)
Friday, December 6, 2013
Spy bugs found in Australia and Asia
An Australian surveillance executive whose firm was contracted by several clients to sweep for hidden mobile interceptors and other spying devices in Australia and Asia has found dozens of them.
Les Goldsmith, chief executive of ESD Group, told Fairfax Media his company found about 20 physical bugs when conducting sweeps in Australian business and local government offices, and another 68 in Asia between 2005 and 2011...
"All governments are falling victim to surveillance and some governments are falling victim to it but not saying anything," he said...
Mr Goldsmith’s remarks come as officers from Australia’s domestic spy agency ASIO raided the office of a lawyer who claimed spies bugged the cabinet room of East Timor’s government during negotiations over oil and gas deposits. It also follows news that Ecuador found a bug in its London embassy, where Julian Assange is (sic) staying...
Michael Dever, of Dever Clark + Associates, which conducts bug sweeps for government agencies, said Mr Goldsmith’s numbers were not surprising.
"Australia’s culture is pretty naive about these matters," Mr Dever said. "There’s a prevailing attitude ... among businesses that this is Australia, that this sort of stuff only happens elsewhere. But that’s not the case at all." (can be applied to most businesses in the free world)
Despite this, Mr Dever revealed that his firm had not found any bugs in Australia "in years", but said that this was likely because areas he swept were "generally secure" government or private sector facilities.
"That doesn’t mean that we’re incompetent," Mr Dever said.
"It just means that the types of places [where] we do this work ... are already low-risk anyway because of their security." (more)
A good security recipe has bug detection inspections (TSCM) as a key ingredient. Not only is TSCM a proven deterrent, it is also checks the freshness and effectiveness the other security ingredients. Cook this up right, and like Mr Dever said, your risk will be low.
Les Goldsmith, chief executive of ESD Group, told Fairfax Media his company found about 20 physical bugs when conducting sweeps in Australian business and local government offices, and another 68 in Asia between 2005 and 2011...
"All governments are falling victim to surveillance and some governments are falling victim to it but not saying anything," he said...
Mr Goldsmith’s remarks come as officers from Australia’s domestic spy agency ASIO raided the office of a lawyer who claimed spies bugged the cabinet room of East Timor’s government during negotiations over oil and gas deposits. It also follows news that Ecuador found a bug in its London embassy, where Julian Assange is (sic) staying...
Michael Dever, of Dever Clark + Associates, which conducts bug sweeps for government agencies, said Mr Goldsmith’s numbers were not surprising.
"Australia’s culture is pretty naive about these matters," Mr Dever said. "There’s a prevailing attitude ... among businesses that this is Australia, that this sort of stuff only happens elsewhere. But that’s not the case at all." (can be applied to most businesses in the free world)
Despite this, Mr Dever revealed that his firm had not found any bugs in Australia "in years", but said that this was likely because areas he swept were "generally secure" government or private sector facilities.
"That doesn’t mean that we’re incompetent," Mr Dever said.
"It just means that the types of places [where] we do this work ... are already low-risk anyway because of their security." (more)
A good security recipe has bug detection inspections (TSCM) as a key ingredient. Not only is TSCM a proven deterrent, it is also checks the freshness and effectiveness the other security ingredients. Cook this up right, and like Mr Dever said, your risk will be low.
Labels:
advice,
business,
eavesdropping,
find,
government,
historical,
TSCM,
wiretapping
Wednesday, December 4, 2013
World's Smallest Night Vision HD DV Digital Camera for under $50.00
For the PI on your shopping list who has everything...
Features:
Specifications:
Package Contents:
Features:
- The Night Vision DC DV Smallest Camera
- Night Vision LEDs
- Take photo, Record Video and Audio under different conditions
- Record the special moment at any time
- Dimensions: 4.5 x 2.8 x 1.7 cm
Specifications:
- Pinhole 12.0M Lens
- Image Resolution: 4032 x 3024 pixel
- Color Video Resolution: 1920 x 1080 pixel
- FPS: 24 frames per second
- Image file format: JPEG
- Video file format: AVI (MJPG)
- Audio file format: WAV
- Color Video and Audio
- Built-in Rechargeable 260mAh Li-ion battery
- Recording Time: Approx. 60 minutes
- Memory Card: Support Micro SD/SDHC Card/TF Card
- Weight: 41 gram
- Dimensions: 45 x 28 x 17 mm
Package Contents:
- 1 piece The Night Vision DC DV Smallest Camera
- 1 piece USB Charging/Data Cable
- 1 piece Handy Strap (more)
Tuesday, December 3, 2013
A Corporate Espionage Story
A cautionary tale...
Years ago, a restaurant owner told me how he collected the names, addresses, and phone numbers of a local competitor's customers. He had a friend put a box for a free drawing (not related to his restaurant) on the competitor's checkout counter. The contest was completely legitimate (people did win the promised prizes) and the rival gave his permission to place the box. He just didn't know entry forms would be given to the owner of a competing restaurant. With the information from the contest entries, the original restaurant owner could send coupons to many of his competitor's customers.
The individual in this example used a low-tech attack, but the story illustrates the basic concept behind all corporate espionage — gaining a competitive advantage. (more)
Moral—Business espionage is not just IT-based. All the old tricks still work, and are still used. If you are only locking the IT door, expect them to come in through the windows, chimney and sewer pipes. We can help.
Years ago, a restaurant owner told me how he collected the names, addresses, and phone numbers of a local competitor's customers. He had a friend put a box for a free drawing (not related to his restaurant) on the competitor's checkout counter. The contest was completely legitimate (people did win the promised prizes) and the rival gave his permission to place the box. He just didn't know entry forms would be given to the owner of a competing restaurant. With the information from the contest entries, the original restaurant owner could send coupons to many of his competitor's customers.
The individual in this example used a low-tech attack, but the story illustrates the basic concept behind all corporate espionage — gaining a competitive advantage. (more)
Moral—Business espionage is not just IT-based. All the old tricks still work, and are still used. If you are only locking the IT door, expect them to come in through the windows, chimney and sewer pipes. We can help.
The Latest Spy Trick - Infecting Computers... using sound!
Abstract of the Abstract—No network, no wireless, no access, no problem. If the computer has a microphone and speaker, you can sweet talk it into letting you have your way with it.
Abstract—Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a communication system that was originally designed for robust underwater communication. We adapt the communication system to implement covert and stealthy communications by utilizing the near ultrasonic frequency range. We further demonstrate how the scenario of covert acoustical communication over the air medium can be extended to multi-hop communications and even to wireless mesh networks. A covert acoustical mesh network can be conceived as a botnet or malnet that is accessible via nearfield audio communications. Different applications of covert acoustical mesh networks are presented, including the use for remote keylogging over multiple hops. It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered. Finally, countermeasures against covert acoustical mesh networks are discussed, including the use of lowpass filtering in computing systems and a host-based intrusion detection system for analyzing audio input and output in order to detect any irregularities. (the full paper)
Abstract—Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a communication system that was originally designed for robust underwater communication. We adapt the communication system to implement covert and stealthy communications by utilizing the near ultrasonic frequency range. We further demonstrate how the scenario of covert acoustical communication over the air medium can be extended to multi-hop communications and even to wireless mesh networks. A covert acoustical mesh network can be conceived as a botnet or malnet that is accessible via nearfield audio communications. Different applications of covert acoustical mesh networks are presented, including the use for remote keylogging over multiple hops. It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered. Finally, countermeasures against covert acoustical mesh networks are discussed, including the use of lowpass filtering in computing systems and a host-based intrusion detection system for analyzing audio input and output in order to detect any irregularities. (the full paper)
Spy Speak - 21st Century Jargon Glossary
via The Guardian...
The NSA files leaked by Edward Snowden are full of intelligence services jargon.
Decode the language...
Blackfoot
Name of an operation to bug the French mission to the UN.
Blarney
See Upstream.
Boundless Informant
The National Security Agency's internal analytic tool that allows it to monitor surveillance country by country and program by program.
Bruneau (or Hemlock)
The codenames given to the Italian embassy in Washington by the NSA.
Bluf
Stands for "bottom line up front" – a request from NSA analysts to collect less data from the Muscular program (see below) because it is of no intelligence value.
Bullrun
The NSA's efforts to undermine encryption technology that protects email accounts, banking transactions and official records. The UK has a similar programme, with both codenamed after civil war battles: Bullrun for the NSA and Edgehill for GCHQ.
Cheesy Name
A GCHQ program that selects encryption keys that might be vulnerable to being cracked.
Dishfire
Database that stores text messages, for future use.
DNI (digital network information)
Data sent across computer networks, such as web page requests, emails, voice over IP. (Formally, any information sent as "packets").
DNR (dialled number records)
The metadata around phone calls, including the sending and receiving of phone numbers, call time and duration.
Dropmire
A surveillance method that involves bugging encrypted fax machines. Used to spy on the European Union embassy in New York.
Edgehill
See Bullrun.
FISA court
The foreign intelligence surveillance court, a secret US court which oversees surveillance under the FISA Act.
Fairview
See Upstream.
Five Eyes
Britain, the US, Canada, Australia and New Zealand – the club of English-speaking countries sharing intelligence.
GCHQ
Government Communications Headquarters, the UK intelligence agency focusing on signals and communications intelligence.
Genie
An NSA surveillance project to remotely implant spyware into overseas computers, including those in foreign embassies.
Humint
Short for "human intelligence", refers to information gleaned directly from sources or undercover agents. See also Sigint.
Keyhole
Code for images gathered by satellites.
Klondyke
The mission to snoop on the Greek embassy in Washington.
Mainway
The database where the NSA stores metadata of millions of phone calls for up to a year.
Marina
The database where the NSA stores metadata of millions of internet users for up to a year.
Metadata
The "envelope" of a phone call or email, which could include the time, the duration, the phone numbers or email addresses, and the location of both parties.
Muscular
Program to intercept Google and Yahoo traffic, exposed by the Washington Post.
Noforn
"Not for foreign distribution" – a classification of some of the Snowden slides.
NSA
The National Security Agency, the US agency, responsible for collecting and analysing intelligence, plus cybersecurity.
Oakstar
See Upstream.
Operation Socialist
The name of a GCHQ cyber-attack on Belgium's main telecoms provider, Belgacom.
Perdido
The codename for the bugging of EU missions in New York and Washington.
Polar Breeze
A technique for tapping into nearby computers.
Powell
The operation to snoop on the Greek UN mission.
Prism
A programme to collect data from internet companies including Google, Microsoft, Facebook and Apple.
Rampart-T
Spying efforts against leaders of China, Russia and several eastern European states.
Royal Concierge
A GCHQ surveillance project to track foreign diplomats' movements by monitoring the booking systems of high‑class hotels.
Sigint
Short for "signals intelligence", or information gathered through the interception of signals between people or computers. See also Humint.
Snacks
The NSA's Social Network Analysis Collaboration Knowledge Services, which analyses social hierarchies through text messages.
Stormbrew
See Upstream.
Tempora
A GCHQ programme to create a large-scale "internet buffer", storing internet content for three days and metadata for up to 30.
Tor
Free software allowing users to communicate anonymously.
Tracfin
Database storing information from credit card transactions
Turbulence, Turmoil and Tumult
Data analysis tools used by the NSA to sift through the enormous amount of internet traffic that it sees, looking for connections to target.
Upstream
Refers to bulk-intercept programs, codenamed Fairview, Stormbrew, Oakstar and Blarney, to intercept data in huge fibre-optic communications cables.
Verizon
One of America's largest telecoms providers, from which the NSA collects the phone records (metadata) of millions of customers.
Wabash
The codename given to the bugging of the French embassy in Washington.
XKeyscore
An NSA program that allows analysts to search vast databases of emails, online chats and browsing histories of millions of individuals, with no prior authorisation. (more)
The NSA files leaked by Edward Snowden are full of intelligence services jargon.
Decode the language...
Blackfoot
Name of an operation to bug the French mission to the UN.
Blarney
See Upstream.
Boundless Informant
The National Security Agency's internal analytic tool that allows it to monitor surveillance country by country and program by program.
Bruneau (or Hemlock)
The codenames given to the Italian embassy in Washington by the NSA.
Bluf
Stands for "bottom line up front" – a request from NSA analysts to collect less data from the Muscular program (see below) because it is of no intelligence value.
Bullrun
The NSA's efforts to undermine encryption technology that protects email accounts, banking transactions and official records. The UK has a similar programme, with both codenamed after civil war battles: Bullrun for the NSA and Edgehill for GCHQ.
Cheesy Name
A GCHQ program that selects encryption keys that might be vulnerable to being cracked.
Dishfire
Database that stores text messages, for future use.
DNI (digital network information)
Data sent across computer networks, such as web page requests, emails, voice over IP. (Formally, any information sent as "packets").
DNR (dialled number records)
The metadata around phone calls, including the sending and receiving of phone numbers, call time and duration.
Dropmire
A surveillance method that involves bugging encrypted fax machines. Used to spy on the European Union embassy in New York.
Edgehill
See Bullrun.
FISA court
The foreign intelligence surveillance court, a secret US court which oversees surveillance under the FISA Act.
Fairview
See Upstream.
Five Eyes
Britain, the US, Canada, Australia and New Zealand – the club of English-speaking countries sharing intelligence.
GCHQ
Government Communications Headquarters, the UK intelligence agency focusing on signals and communications intelligence.
Genie
An NSA surveillance project to remotely implant spyware into overseas computers, including those in foreign embassies.
Humint
Short for "human intelligence", refers to information gleaned directly from sources or undercover agents. See also Sigint.
Keyhole
Code for images gathered by satellites.
Klondyke
The mission to snoop on the Greek embassy in Washington.
Mainway
The database where the NSA stores metadata of millions of phone calls for up to a year.
Marina
The database where the NSA stores metadata of millions of internet users for up to a year.
Metadata
The "envelope" of a phone call or email, which could include the time, the duration, the phone numbers or email addresses, and the location of both parties.
Muscular
Program to intercept Google and Yahoo traffic, exposed by the Washington Post.
Noforn
"Not for foreign distribution" – a classification of some of the Snowden slides.
NSA
The National Security Agency, the US agency, responsible for collecting and analysing intelligence, plus cybersecurity.
Oakstar
See Upstream.
Operation Socialist
The name of a GCHQ cyber-attack on Belgium's main telecoms provider, Belgacom.
Perdido
The codename for the bugging of EU missions in New York and Washington.
Polar Breeze
A technique for tapping into nearby computers.
Powell
The operation to snoop on the Greek UN mission.
Prism
A programme to collect data from internet companies including Google, Microsoft, Facebook and Apple.
Rampart-T
Spying efforts against leaders of China, Russia and several eastern European states.
Royal Concierge
A GCHQ surveillance project to track foreign diplomats' movements by monitoring the booking systems of high‑class hotels.
Sigint
Short for "signals intelligence", or information gathered through the interception of signals between people or computers. See also Humint.
Snacks
The NSA's Social Network Analysis Collaboration Knowledge Services, which analyses social hierarchies through text messages.
Stormbrew
See Upstream.
Tempora
A GCHQ programme to create a large-scale "internet buffer", storing internet content for three days and metadata for up to 30.
Tor
Free software allowing users to communicate anonymously.
Tracfin
Database storing information from credit card transactions
Turbulence, Turmoil and Tumult
Data analysis tools used by the NSA to sift through the enormous amount of internet traffic that it sees, looking for connections to target.
Upstream
Refers to bulk-intercept programs, codenamed Fairview, Stormbrew, Oakstar and Blarney, to intercept data in huge fibre-optic communications cables.
Verizon
One of America's largest telecoms providers, from which the NSA collects the phone records (metadata) of millions of customers.
Wabash
The codename given to the bugging of the French embassy in Washington.
XKeyscore
An NSA program that allows analysts to search vast databases of emails, online chats and browsing histories of millions of individuals, with no prior authorisation. (more)
Subscribe to:
Posts (Atom)